[webkit-dev] ScopeChainNode leak?

Oliver Hunt oliver at apple.com
Fri Jun 19 10:50:01 PDT 2009


Whoops, you're absolutely right, in a non jit environment it won't  
destroy the ScopeChainNode. My bad.  Will fix this shortly.

--Oliver

On Jun 19, 2009, at 4:31 AM, Kelemen Balázs wrote:

> Hi Andrew,
>
> I have tried your changes, and it worked for me fine - even without
> removing the #ifndef NDEBUG from ScopeChainNode.h.
> I ran sunspider, jsc-regression tests, and I browsed with QtLauncher  
> (I
> use Qt port on Linux), and I have not found any regression or crash.
> (I forced the build environment to build JavaScriptCore in interpreter
> mode.)
> Valgrind sad the leak had been eliminated. Do you plan to file a bug?
> Are you still working on the problem?
>
> Balazs
>
> Andrew Webster wrote:
>> I've been tracking down a memory leak I've noticed on pages using
>> JQuery (and others).  Valgrind pointed out that it is ScopeChainNodes
>> that are leaking.  I have tracked this down to functions that are not
>> dereffing their ScopeChainNode when they are deleted.  I notice that
>> the JSFunction dtor contains code that is supposed to do this, but it
>> is ifdef'd out for non-JIT platforms (of which I am one of):
>>
>> #if ENABLE(JIT)
>>    // JIT code for other functions may have had calls linked directly
>> to the code for this function; these links
>>    // are based on a check for the this pointer value for this
>> JSFunction - which will no longer be valid once
>>    // this memory is freed and may be reused (potentially for
>> another, different JSFunction).
>>    if (!isHostFunction()) {
>>        if (m_body && m_body->isGenerated())
>>            m_body->generatedBytecode().unlinkCallers();
>>        scopeChain().~ScopeChain();
>>    }
>>
>> #endif
>>
>> If I switch this code to:
>>
>>    if (!isHostFunction()) {
>> #if ENABLE(JIT)
>>        // JIT code for other functions may have had calls linked
>> directly to the code for this function; these links
>>        // are based on a check for the this pointer value for this
>> JSFunction - which will no longer be valid once
>>        // this memory is freed and may be reused (potentially for
>> another, different JSFunction).
>>        if (m_body && m_body->isGenerated())
>>            m_body->generatedBytecode().unlinkCallers();
>> #endif
>>        scopeChain().~ScopeChain();
>>    }
>>
>> it seems to solve the memory leak.  However, the release build  
>> doesn't
>> work properly unless I remove the #ifndef NDEBUG from ScopeChain.h so
>> that the pointers and such are cleared on delete.  I also thought  
>> that
>> it might be a good idea to call scopeChain().~ScopeChain() when the
>> scope is re-assigned in setScopeChain or clearScopeChain, however  
>> this
>> seems to introduce problems.
>>
>> Can anyone comment on why scopeChain().~ScopeChain() is wrapped in  
>> #if
>> ENABLE(JIT)?  Is there a better solution then what I've done?  Will I
>> face another leak by not dereffing in setScopeChain/cleanScopeChain?
>>
>> Thanks,
>> Andrew
>> _______________________________________________
>> webkit-dev mailing list
>> webkit-dev at lists.webkit.org
>> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev



More information about the webkit-dev mailing list