[webkit-dev] ScopeChainNode leak?

Kelemen Balázs Kelemen.Balazs.3 at stud.u-szeged.hu
Fri Jun 19 04:31:54 PDT 2009


Hi Andrew,

I have tried your changes, and it worked for me fine - even without
removing the #ifndef NDEBUG from ScopeChainNode.h.
I ran sunspider, jsc-regression tests, and I browsed with QtLauncher (I
use Qt port on Linux), and I have not found any regression or crash.
(I forced the build environment to build JavaScriptCore in interpreter
mode.)
Valgrind sad the leak had been eliminated. Do you plan to file a bug?
Are you still working on the problem?

Balazs

Andrew Webster wrote:
> I've been tracking down a memory leak I've noticed on pages using
> JQuery (and others).  Valgrind pointed out that it is ScopeChainNodes
> that are leaking.  I have tracked this down to functions that are not
> dereffing their ScopeChainNode when they are deleted.  I notice that
> the JSFunction dtor contains code that is supposed to do this, but it
> is ifdef'd out for non-JIT platforms (of which I am one of):
>
> #if ENABLE(JIT)
>     // JIT code for other functions may have had calls linked directly
> to the code for this function; these links
>     // are based on a check for the this pointer value for this
> JSFunction - which will no longer be valid once
>     // this memory is freed and may be reused (potentially for
> another, different JSFunction).
>     if (!isHostFunction()) {
>         if (m_body && m_body->isGenerated())
>             m_body->generatedBytecode().unlinkCallers();
>         scopeChain().~ScopeChain();
>     }
>
> #endif
>
> If I switch this code to:
>
>     if (!isHostFunction()) {
> #if ENABLE(JIT)
>         // JIT code for other functions may have had calls linked
> directly to the code for this function; these links
>         // are based on a check for the this pointer value for this
> JSFunction - which will no longer be valid once
>         // this memory is freed and may be reused (potentially for
> another, different JSFunction).
>         if (m_body && m_body->isGenerated())
>             m_body->generatedBytecode().unlinkCallers();
> #endif
>         scopeChain().~ScopeChain();
>     }
>
> it seems to solve the memory leak.  However, the release build doesn't
> work properly unless I remove the #ifndef NDEBUG from ScopeChain.h so
> that the pointers and such are cleared on delete.  I also thought that
> it might be a good idea to call scopeChain().~ScopeChain() when the
> scope is re-assigned in setScopeChain or clearScopeChain, however this
> seems to introduce problems.
>
> Can anyone comment on why scopeChain().~ScopeChain() is wrapped in #if
> ENABLE(JIT)?  Is there a better solution then what I've done?  Will I
> face another leak by not dereffing in setScopeChain/cleanScopeChain?
>
> Thanks,
> Andrew
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.



More information about the webkit-dev mailing list