Closed Bug 713068 Opened 11 years ago Closed 11 years ago

IonMonkey: Invalidation leaks IonScripts

Categories

(Core :: JavaScript Engine, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: dvander, Assigned: dvander)

References

Details

Attachments

(1 file)

IonScripts are not gcthings, so when we invalidate, and detach them from JSScripts, they don't get freed later. Simple solution is to just refcount them.
Is this instead of the HandleException walk-and-free approach? I'm just curious because performing decref operations appropriately doesn't seem inherently easier than performing a free operation appropriately.
Nah they're orthogonal. We'd incref the IonScript when we create an InvalidationRecord for it, and decref the IonScript when we destroy the record. The HandleException approach is fine we just have to destroy the IonScripts too.
Oh right. At least that's nice and limited in scope -- don't need to worry about keeping a refcount until it actually becomes invalidated.
Attached patch fixSplinter Review
Attachment #583982 - Flags: review?(christopher.leary)
Comment on attachment 583982 [details] [diff] [review]
fix

Review of attachment 583982 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/ion/IonFrames.h
@@ +166,5 @@
>      void *calleeToken;
>      uint8 *returnAddress;
>      IonScript *ionScript;
>  
>      InvalidationRecord(void *calleeToken, uint8 *returnAddress);

Should we privatize this stuff now?
Attachment #583982 - Flags: review?(christopher.leary) → review+
I tried :( unfortunately new_ requires public visibility.

http://hg.mozilla.org/projects/ionmonkey/rev/83f981a4e266
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.