Re: [webkit-dev] ScopeChainNode leak?

Wed, 10 Jun 2009 13:28:03 -0700 

Hi Andrew,
It certainly sounds likely this is a bug, and the best person to comment on it is probably Oliver, who is not on this list. 

Could you please file a bug at bugs.webkit.org?

Many thanks,
G.

On Jun 10, 2009, at 11:26 AM, Andrew Webster wrote:


I've been tracking down a memory leak I've noticed on pages using
JQuery (and others).  Valgrind pointed out that it is ScopeChainNodes
that are leaking.  I have tracked this down to functions that are not
dereffing their ScopeChainNode when they are deleted.  I notice that
the JSFunction dtor contains code that is supposed to do this, but it
is ifdef'd out for non-JIT platforms (of which I am one of):

#if ENABLE(JIT)
   // JIT code for other functions may have had calls linked directly
to the code for this function; these links
   // are based on a check for the this pointer value for this
JSFunction - which will no longer be valid once
   // this memory is freed and may be reused (potentially for
another, different JSFunction).
   if (!isHostFunction()) {
       if (m_body && m_body->isGenerated())
           m_body->generatedBytecode().unlinkCallers();
       scopeChain().~ScopeChain();
   }

#endif

If I switch this code to:

   if (!isHostFunction()) {
#if ENABLE(JIT)
       // JIT code for other functions may have had calls linked
directly to the code for this function; these links
       // are based on a check for the this pointer value for this
JSFunction - which will no longer be valid once
       // this memory is freed and may be reused (potentially for
another, different JSFunction).
       if (m_body && m_body->isGenerated())
           m_body->generatedBytecode().unlinkCallers();
#endif
       scopeChain().~ScopeChain();
   }

it seems to solve the memory leak.  However, the release build doesn't
work properly unless I remove the #ifndef NDEBUG from ScopeChain.h so
that the pointers and such are cleared on delete.  I also thought that
it might be a good idea to call scopeChain().~ScopeChain() when the
scope is re-assigned in setScopeChain or clearScopeChain, however this
seems to introduce problems.

Can anyone comment on why scopeChain().~ScopeChain() is wrapped in #if
ENABLE(JIT)?  Is there a better solution then what I've done?  Will I
face another leak by not dereffing in setScopeChain/cleanScopeChain?

Thanks,
Andrew
_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev


_______________________________________________
webkit-dev mailing list
webkit-dev@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev






















					Reply via email to