[webkit-dev] ScopeChainNode leak?
Oliver Hunt
oliver at apple.com
Fri Jun 19 10:50:01 PDT 2009
Whoops, you're absolutely right, in a non jit environment it won't
destroy the ScopeChainNode. My bad. Will fix this shortly.
--Oliver
On Jun 19, 2009, at 4:31 AM, Kelemen Balázs wrote:
> Hi Andrew,
>
> I have tried your changes, and it worked for me fine - even without
> removing the #ifndef NDEBUG from ScopeChainNode.h.
> I ran sunspider, jsc-regression tests, and I browsed with QtLauncher
> (I
> use Qt port on Linux), and I have not found any regression or crash.
> (I forced the build environment to build JavaScriptCore in interpreter
> mode.)
> Valgrind sad the leak had been eliminated. Do you plan to file a bug?
> Are you still working on the problem?
>
> Balazs
>
> Andrew Webster wrote:
>> I've been tracking down a memory leak I've noticed on pages using
>> JQuery (and others). Valgrind pointed out that it is ScopeChainNodes
>> that are leaking. I have tracked this down to functions that are not
>> dereffing their ScopeChainNode when they are deleted. I notice that
>> the JSFunction dtor contains code that is supposed to do this, but it
>> is ifdef'd out for non-JIT platforms (of which I am one of):
>>
>> #if ENABLE(JIT)
>> // JIT code for other functions may have had calls linked directly
>> to the code for this function; these links
>> // are based on a check for the this pointer value for this
>> JSFunction - which will no longer be valid once
>> // this memory is freed and may be reused (potentially for
>> another, different JSFunction).
>> if (!isHostFunction()) {
>> if (m_body && m_body->isGenerated())
>> m_body->generatedBytecode().unlinkCallers();
>> scopeChain().~ScopeChain();
>> }
>>
>> #endif
>>
>> If I switch this code to:
>>
>> if (!isHostFunction()) {
>> #if ENABLE(JIT)
>> // JIT code for other functions may have had calls linked
>> directly to the code for this function; these links
>> // are based on a check for the this pointer value for this
>> JSFunction - which will no longer be valid once
>> // this memory is freed and may be reused (potentially for
>> another, different JSFunction).
>> if (m_body && m_body->isGenerated())
>> m_body->generatedBytecode().unlinkCallers();
>> #endif
>> scopeChain().~ScopeChain();
>> }
>>
>> it seems to solve the memory leak. However, the release build
>> doesn't
>> work properly unless I remove the #ifndef NDEBUG from ScopeChain.h so
>> that the pointers and such are cleared on delete. I also thought
>> that
>> it might be a good idea to call scopeChain().~ScopeChain() when the
>> scope is re-assigned in setScopeChain or clearScopeChain, however
>> this
>> seems to introduce problems.
>>
>> Can anyone comment on why scopeChain().~ScopeChain() is wrapped in
>> #if
>> ENABLE(JIT)? Is there a better solution then what I've done? Will I
>> face another leak by not dereffing in setScopeChain/cleanScopeChain?
>>
>> Thanks,
>> Andrew
>> _______________________________________________
>> webkit-dev mailing list
>> webkit-dev at lists.webkit.org
>> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
More information about the webkit-dev
mailing list