|Summary:||LEAK: Gmail leaks SegmentedVector<RegisterID>|
|Product:||WebKit||Reporter:||Cameron Zwarich (cpst) <zwarich>|
|Severity:||Normal||CC:||ggaren, mjs, oliver|
|Version:||528+ (Nightly build)|
Description Cameron Zwarich (cpst) 2008-06-16 20:39:03 PDT
I will upload a leaks report as an attachment.
Comment 1 Cameron Zwarich (cpst) 2008-06-16 20:42:09 PDT
Created attachment 21749 [details] Leaks report Here is the leaks report. I can increase the number of leaks repeatably by reloading Gmail. There are some other leaks here, but the worst one is the SegmentedVector leak.
Comment 2 Cameron Zwarich (cpst) 2008-06-16 20:56:28 PDT
Since SegmentedVector is only ever used as a member for CodeGenerator, and we aren't leaking CodeGenerator instances (we also never could, because CodeGenerator instances are only stack allocated in generateCode() methods), this probably means there is a bug in the segment handling code in SegmentedVector.
Comment 3 Cameron Zwarich (cpst) 2008-06-16 21:59:04 PDT
Created attachment 21750 [details] Log Here's a log of segment creations and deletions while loading Gmail. It seems that when we make more than one new segment we always leak the first one.
Comment 4 Cameron Zwarich (cpst) 2008-06-16 22:13:47 PDT
I found the problem. In the loop in SegmentedVector::grow(), the index i is often zero, which overwrites the inline segment in m_segments. In the destructor for SegmentedVector, the zero'th position is skipped in the deletion loop, because it is assumed to be the inline segment.
Comment 5 Cameron Zwarich (cpst) 2008-06-16 22:32:08 PDT
Created attachment 21751 [details] Proposed patch
Comment 6 Maciej Stachowiak 2008-06-16 23:00:30 PDT
Comment on attachment 21751 [details] Proposed patch r=me