The default bug view has changed. See this FAQ.

IonMonkey: Invalidation leaks IonScripts

RESOLVED FIXED

Status

()

Core
JavaScript Engine
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: dvander, Assigned: dvander)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Assignee)

Description

5 years ago
IonScripts are not gcthings, so when we invalidate, and detach them from JSScripts, they don't get freed later. Simple solution is to just refcount them.
Is this instead of the HandleException walk-and-free approach? I'm just curious because performing decref operations appropriately doesn't seem inherently easier than performing a free operation appropriately.
(Assignee)

Comment 2

5 years ago
Nah they're orthogonal. We'd incref the IonScript when we create an InvalidationRecord for it, and decref the IonScript when we destroy the record. The HandleException approach is fine we just have to destroy the IonScripts too.
Oh right. At least that's nice and limited in scope -- don't need to worry about keeping a refcount until it actually becomes invalidated.
(Assignee)

Comment 4

5 years ago
Created attachment 583982 [details] [diff] [review]
fix
Attachment #583982 - Flags: review?(christopher.leary)
Comment on attachment 583982 [details] [diff] [review]
fix

Review of attachment 583982 [details] [diff] [review]:
-----------------------------------------------------------------

::: js/src/ion/IonFrames.h
@@ +166,5 @@
>      void *calleeToken;
>      uint8 *returnAddress;
>      IonScript *ionScript;
>  
>      InvalidationRecord(void *calleeToken, uint8 *returnAddress);

Should we privatize this stuff now?
Attachment #583982 - Flags: review?(christopher.leary) → review+
(Assignee)

Comment 6

5 years ago
I tried :( unfortunately new_ requires public visibility.

http://hg.mozilla.org/projects/ionmonkey/rev/83f981a4e266
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.