Note: There are a few cases of duplicates in user autocompletion which are being worked on.

Valgrind detects leak at Malloc, js::SaveScriptFilename (8 bytes in 1 blocks are definitely lost)

RESOLVED FIXED in mozilla14

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: gkw, Assigned: billm)

Tracking

(Blocks: 1 bug, {testcase, valgrind})

Trunk
mozilla14
x86_64
Linux
testcase, valgrind
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: js-triage-done)

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
function a(b) {
  f = Function("\
    c = ArrayBuffer();\
    Object.seal(this);\
    c.toSource = (function(){ gc() });\
    <x/> ? '' : \"\"\
")
  try {
    evalcx(b, newGlobal("new-compartment"))
  } catch (e) {};
  f()
}
a();

throws up a Valgrind error in js debug shell on m-c changeset c22568c8cf0e with -m.

==23137== 8 bytes in 1 blocks are definitely lost in loss record 1 of 3
==23137==    at 0x4C29313: malloc (vg_replace_malloc.c:263)
==23137==    by 0x506A0E: js::SaveScriptFilename(JSContext*, char const*) (Utility.h:173)
==23137==    by 0x50827F: JSScript::NewScriptFromEmitter(JSContext*, js::BytecodeEmitter*) (jsscript.cpp:1196)
==23137==    by 0x586B0B: js::frontend::CompileScript(JSContext*, JSObject*, js::StackFrame*, JSPrincipals*, JSPrincipals*, unsigned int, unsigned short const*, unsigned long, char const*, unsigned int, JSVersion, JSString*, unsigned int) (BytecodeCompiler.cpp:327)
==23137==    by 0x419D09: JS_EvaluateUCScriptForPrincipals (jsapi.cpp:5260)
==23137==    by 0x419F64: JS_EvaluateUCScript (jsapi.cpp:5311)
==23137==    by 0x4055BD: EvalInContext(JSContext*, unsigned int, JS::Value*) (js.cpp:2683)
==23137==    by 0x49FB20: js::InvokeKernel(JSContext*, js::CallArgs, js::MaybeConstruct) (jscntxtinlines.h:314)
==23137==    by 0x4999C4: js::Interpret(JSContext*, js::StackFrame*, js::InterpMode) (jsinterp.cpp:2685)
==23137==    by 0x4A0680: js::Execute(JSContext*, JSScript*, JSObject&, JS::Value*) (jsinterp.cpp:667)
==23137==    by 0x41A67A: JS_ExecuteScript (jsapi.cpp:5232)
==23137==    by 0x409015: Process(JSContext*, JSObject*, char const*, bool) (js.cpp:581)
(Reporter)

Comment 1

5 years ago
I used:

valgrind --leak-check=full --smc-check=all-non-file ./js -m testcase.js

Tested in 64-bit shell in Ubuntu.
(Assignee)

Comment 2

5 years ago
This looks like a bug reported earlier for script filenames that I couldn't reproduce. This one does reproduce for me.
Assignee: general → wmccloskey
(Reporter)

Comment 3

5 years ago
Not sure if it's related to bug 668095 (which merely added the -m flag, possibly):

autoBisect shows this is probably related to the following changeset:

The first bad revision is:
changeset:   73054:b1923b866d6a
user:        Chris Leary
date:        Tue Jul 19 16:37:09 2011 -0700
summary:     Bug 668095 - Write a proper option parser for SpiderMonkey CLI. (r=dvander)
(Assignee)

Comment 4

5 years ago
Created attachment 607752 [details] [diff] [review]
fix

Here's what happened:
- gcKeepAtoms was set
- We did a GC and swept all the objects in a compartment
- We deleted the compartment

Since js_SweepScriptFilenames saves filenames when gcKeepAtoms is true, we leaked the script filename in this case.
Attachment #607752 - Flags: review?(igor)
(Reporter)

Updated

5 years ago
Whiteboard: js-triage-needed → js-triage-done

Updated

5 years ago
Attachment #607752 - Flags: review?(igor) → review+
(Assignee)

Comment 5

5 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/f9f96c36c741
Target Milestone: --- → mozilla14

Comment 6

5 years ago
https://hg.mozilla.org/mozilla-central/rev/f9f96c36c741
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.