Closed
Bug 657164
Opened 14 years ago
Closed 14 years ago
ExecutablePool::release can mask leaky references
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: bhackett1024, Assigned: n.nethercote)
References
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
1.69 KB,
patch
|
bhackett1024
:
review+
|
Details | Diff | Splinter Review |
If an executable pool is in the m_smallPools list on ExecutableAllocator destruction, then release is called with willDestroy == true. The JS_ASSERT_IF sets the refcount to one rather than testing it against one, so leaky references are not uncovered.
void release(bool willDestroy = false)
{
JS_ASSERT(m_refCount != 0);
JS_ASSERT_IF(willDestroy, m_refCount = 1);
if (--m_refCount == 0) {
js::UnwantedForeground::delete_(this);
}
}
Assignee | ||
Comment 1•14 years ago
|
||
Oh geez, =/== fail. My bad.
How did you find this -- code inspection, or something else?
Assignee | ||
Comment 2•14 years ago
|
||
This is why I prefer the "const == var" form for comparisons, BTW... but it's not standard Mozilla/SpiderMonkey practice :(
Reporter | ||
Comment 3•14 years ago
|
||
(In reply to comment #1)
> Oh geez, =/== fail. My bad.
>
> How did you find this -- code inspection, or something else?
I was working on bug 656753 (reference leak in the TI branch) and trying to figure out why a testcase I wrote exposing the bug didn't assert. Took some printfs and gdb watching before I noticed this, very sneaky assignment.
Don't know how often we have problems like these, but it would be nifty to have a pseudo-policy of no assignments at all in conditionals, then a tool could pick up violations super easy.
Assignee | ||
Comment 4•14 years ago
|
||
This fixes the =/== confusion and also disables the failing assertion, so that the tinderbox won't go orange. It can be re-enabled when bug 654820 is fixed.
Assignee: general → nnethercote
Attachment #532544 -
Flags: review?(bhackett1024)
Reporter | ||
Updated•14 years ago
|
Attachment #532544 -
Flags: review?(bhackett1024) → review+
Assignee | ||
Comment 5•14 years ago
|
||
Whiteboard: fixed-in-tracemonkey
Assignee | ||
Comment 6•14 years ago
|
||
Follow up patch that disables the assertion because it's triggering in xpcshell tests:
http://hg.mozilla.org/tracemonkey/rev/0cf1acdb20b1
I've added the details of the failure to bug 654820 which is almost certainly related.
Comment 7•14 years ago
|
||
cdleary-bot mozilla-central merge info:
http://hg.mozilla.org/mozilla-central/rev/cc65c061a9b5
http://hg.mozilla.org/mozilla-central/rev/0cf1acdb20b1
Updated•14 years ago
|
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•