Closed Bug 716115 Opened 14 years ago Closed 14 years ago

56 bytes in 1 blocks are definitely lost at js::Vector with testcase as detected by Valgrind

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: gkw, Assigned: Waldo)

Details

(Keywords: testcase, valgrind, Whiteboard: [js-triage-done][MemShrink:P2])

Attachments

(1 file)

stack
3.29 KB, text/plain
Details
Attached file stack
f = function () { var a = ([] for each (x in #1=[#1#])); } f.toString() quit() Using js 64-bit opt shell on Ubuntu 11.10 64-bit, m-c changeset c7e27452a143, Valgrind (changeset 12325) detects that 56 (40 direct, 16 indirect) bytes in 1 blocks are definitely lost. The quit() function is not needed if the testcase is passed in as a CLI argument. (see the attached log) I used: valgrind --leak-check=full ./js
Whiteboard: js-triage-needed → [js-triage-needed][MemShrink]
Assignee: general → jwalden+bmo
Whiteboard: [js-triage-needed][MemShrink] → [js-triage-needed][MemShrink:P2]
Using a similar command: +(function () { (#3= { a: #3# } for (x in [])) }) quit() causes a similar leak: ==12434== 56 (40 direct, 16 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 4 ==12434== at 0x4C29313: malloc (vg_replace_malloc.c:263) ==12434== by 0x4DAF20: Decompile(SprintStack*, unsigned char*, int) (Utility.h:135) ==12434== by 0x4DE44C: DecompileCode(JSPrinter*, JSScript*, unsigned char*, unsigned int, unsigned int) (jsopcode.cpp:5410) ==12434== by 0x4E06AC: js_DecompileFunction (jsopcode.cpp:5448) ==12434== by 0x4D1A7F: js_DecompileToString (jsopcode.cpp:5468) ==12434== by 0x41A27B: JS_DecompileFunction (jsapi.cpp:5286) ==12434== by 0x45F448: fun_toStringHelper(JSContext*, JSObject*, unsigned int) [clone .part.203] (jsfun.cpp:1510) ==12434== by 0x45FC4F: fun_toString(JSContext*, unsigned int, JS::Value*) (jsfun.cpp:1496) ==12434== by 0x49C47F: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jscntxtinlines.h:311) ==12434== by 0x49CB0B: js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::Value*) (jsinterp.h:157) ==12434== by 0x4B81D7: js::MaybeCallMethod(JSContext*, JSObject*, long, JS::Value*) (jsobj.cpp:6032) ==12434== by 0x4B9C3C: js::DefaultValue(JSContext*, JSObject*, JSType, JS::Value*) (jsobj.cpp:6081)
This was probably resolved by bug 566700, although bug 688891 could also plausibly have fixed it.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Whiteboard: [js-triage-needed][MemShrink:P2] → [js-triage-done][MemShrink:P2]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: