Closed Bug 657164 Opened 14 years ago Closed 14 years ago

ExecutablePool::release can mask leaky references

Categories

(Core :: JavaScript Engine, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: bhackett1024, Assigned: n.nethercote)

References

Details

(Whiteboard: fixed-in-tracemonkey)

Attachments

(1 file)

If an executable pool is in the m_smallPools list on ExecutableAllocator destruction, then release is called with willDestroy == true. The JS_ASSERT_IF sets the refcount to one rather than testing it against one, so leaky references are not uncovered. void release(bool willDestroy = false) { JS_ASSERT(m_refCount != 0); JS_ASSERT_IF(willDestroy, m_refCount = 1); if (--m_refCount == 0) { js::UnwantedForeground::delete_(this); } }
Oh geez, =/== fail. My bad. How did you find this -- code inspection, or something else?
This is why I prefer the "const == var" form for comparisons, BTW... but it's not standard Mozilla/SpiderMonkey practice :(
(In reply to comment #1) > Oh geez, =/== fail. My bad. > > How did you find this -- code inspection, or something else? I was working on bug 656753 (reference leak in the TI branch) and trying to figure out why a testcase I wrote exposing the bug didn't assert. Took some printfs and gdb watching before I noticed this, very sneaky assignment. Don't know how often we have problems like these, but it would be nifty to have a pseudo-policy of no assignments at all in conditionals, then a tool could pick up violations super easy.
Depends on: 654820
Attached patch patchSplinter Review
This fixes the =/== confusion and also disables the failing assertion, so that the tinderbox won't go orange. It can be re-enabled when bug 654820 is fixed.
Assignee: general → nnethercote
Attachment #532544 - Flags: review?(bhackett1024)
Attachment #532544 - Flags: review?(bhackett1024) → review+
Whiteboard: fixed-in-tracemonkey
Follow up patch that disables the assertion because it's triggering in xpcshell tests: http://hg.mozilla.org/tracemonkey/rev/0cf1acdb20b1 I've added the details of the failure to bug 654820 which is almost certainly related.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: