Closed
Bug 735900
Opened 12 years ago
Closed 12 years ago
Leak in Decompile with genexp (detected by Valgrind)
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: gkw, Unassigned)
References
Details
(Keywords: regression, testcase, valgrind, Whiteboard: js-triage-needed)
Attachments
(1 file)
1.88 KB,
text/plain
|
Details |
f = function() { var s = ""; ([] for each(r in s)) } if ("" == f) {} when run with Valgrind using: valgrind --leak-check=full ./js testcase.js shows a leak of 48 bytes in 1 block. autoBisect shows this is probably related to the following changeset: The first bad revision is: changeset: 72349:b79cf02287c6 user: Jeff Walden date: Fri Jun 24 18:03:04 2011 -0700 summary: Bug 646574 - dis() is broken when the function being disassembled has upvars. r=mrbkap
Reporter | ||
Comment 1•12 years ago
|
||
Not sure if autoBisect is entirely correct or not, though.
Reporter | ||
Comment 2•12 years ago
|
||
Definitely reproduces on Mac OS X 10.7 as well: ==17994== 48 (40 direct, 8 indirect) bytes in 1 blocks are definitely lost in loss record 313 of 695 ==17994== at 0xC743: malloc (vg_replace_malloc.c:266) ==17994== by 0x1000B0CD9: Decompile(SprintStack*, unsigned char*, int) (Utility.h:173) ==17994== by 0x1000A6776: DecompileCode(JSPrinter*, JSScript*, unsigned char*, unsigned int, unsigned int) (jsopcode.cpp:5459) ==17994== by 0x1000A510F: js_DecompileFunction (jsopcode.cpp:5497) ==17994== by 0x1000A4B78: js_DecompileToString (jsopcode.cpp:5517) ==17994== by 0x1000189E7: JS_DecompileFunction (jsapi.cpp:5266) ==17994== by 0x100049082: fun_toStringHelper(JSContext*, JSObject*, unsigned int) (jsfun.cpp:1175) ==17994== by 0x10004991B: fun_toString(JSContext*, unsigned int, JS::Value*) (jsfun.cpp:1208) ==17994== by 0x10007A772: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jscntxtinlines.h:314) ==17994== by 0x10007AA36: js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value*, JS::Value*) (Stack.h:300) ==17994== by 0x10009AE55: js::DefaultValue(JSContext*, JSObject*, JSType, JS::Value*) (jsobj.cpp:5783) ==17994== by 0x10007B32D: js::LooselyEqual(JSContext*, JS::Value const&, JS::Value const&, bool*) (jsobjinlines.h:148)
OS: Linux → All
Hardware: x86_64 → All
Updated•12 years ago
|
Summary: 48 bytes in 1 blocks are definitely lost as detected by Valgrind → Leak in Decompile with genexp (detected by Valgrind)
Reporter | ||
Comment 3•12 years ago
|
||
Fixed by bug 730497. autoBisect shows this is probably related to the following changeset: The first good revision is: changeset: 89503:b882ebfeb90b user: Luke Wagner date: Mon Feb 27 23:49:02 2012 -0800 summary: Bug 730497 - rm flat closures (r=bhackett,waldo)
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 4•12 years ago
|
||
> Fixed by bug 730497.
>
> autoBisect shows this is probably related to the following changeset:
I take that back, autoBisect lied this time, but WFM nonetheless.
Resolution: FIXED → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•