[webkit-dev] ScopeChainNode leak?

Andrew Webster apwebster at gmail.com
Wed Jun 10 11:26:32 PDT 2009 

I've been tracking down a memory leak I've noticed on pages using
JQuery (and others).  Valgrind pointed out that it is ScopeChainNodes
that are leaking.  I have tracked this down to functions that are not
dereffing their ScopeChainNode when they are deleted.  I notice that
the JSFunction dtor contains code that is supposed to do this, but it
is ifdef'd out for non-JIT platforms (of which I am one of):

#if ENABLE(JIT)
    // JIT code for other functions may have had calls linked directly
to the code for this function; these links
    // are based on a check for the this pointer value for this
JSFunction - which will no longer be valid once
    // this memory is freed and may be reused (potentially for
another, different JSFunction).
    if (!isHostFunction()) {
        if (m_body && m_body->isGenerated())
            m_body->generatedBytecode().unlinkCallers();
        scopeChain().~ScopeChain();
    }

#endif

If I switch this code to:

    if (!isHostFunction()) {
#if ENABLE(JIT)
        // JIT code for other functions may have had calls linked
directly to the code for this function; these links
        // are based on a check for the this pointer value for this
JSFunction - which will no longer be valid once
        // this memory is freed and may be reused (potentially for
another, different JSFunction).
        if (m_body && m_body->isGenerated())
            m_body->generatedBytecode().unlinkCallers();
#endif
        scopeChain().~ScopeChain();
    }

it seems to solve the memory leak.  However, the release build doesn't
work properly unless I remove the #ifndef NDEBUG from ScopeChain.h so
that the pointers and such are cleared on delete.  I also thought that
it might be a good idea to call scopeChain().~ScopeChain() when the
scope is re-assigned in setScopeChain or clearScopeChain, however this
seems to introduce problems.

Can anyone comment on why scopeChain().~ScopeChain() is wrapped in #if
ENABLE(JIT)?  Is there a better solution then what I've done?  Will I
face another leak by not dereffing in setScopeChain/cleanScopeChain?

Thanks,
Andrew

More information about the webkit-dev mailing list