[webkit-help] cached scripts leak in C Loop Interpreter mode

Benjamin Poulain benjamin at webkit.org
Thu Apr 10 16:32:55 PDT 2014

On 4/10/14, 4:26 PM, Baldeva, Arpit wrote:
> I spent more time on it and now have concrete info. The reason for the
> leak is ExecutableBase class in runtime/Executable.h has conditional
> compilation for the destroy call (only enabled if JIT is enabled). So
> when a ProgramExecutable is created, it adds a ref to the
> JSC::SourceCode::m_provider member I mentioned below. However, if you
> turn off JIT, the allocateCell ends up putting it in
> heap.allocateWithoutDestructor. Since the destructor/destroy is not
> called anymore, the ref leaks when JIT is not enabled.
> It seems to me that safeguarding the destructor using ENABLE(JIT) is a
> mistake. The memory leak is also quite severe as I outlined below. A
> quick local test I am running at the moment by allowing the destructor
> for the non JIT path seems to be working well without leaks.
> Thoughts?

This is likely a bug. I don't think anyone compile JavaScriptCore 
without enabling JIT anymore, that code is pretty much untested.

Please file a bug on bugs.webkit.org and give the number on this mailing 
list. I'll add the JavaScriptCore experts on in CC.

If you have a fix, you can also attach it to the bug.


More information about the webkit-help mailing list