Bug 19596

Summary: LEAK: Gmail leaks SegmentedVector<RegisterID>
Product: WebKit Reporter: Cameron Zwarich (cpst) <zwarich>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, mjs, oliver
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Leaks report
none
Log
none
Proposed patch mjs: review+

Cameron Zwarich (cpst)
Reported 2008-06-16 20:39:03 PDT
I will upload a leaks report as an attachment.
Attachments
Leaks report (35.02 KB, text/plain)
2008-06-16 20:42 PDT, Cameron Zwarich (cpst) 		no flags
Details
Log (20.25 KB, text/plain)
2008-06-16 21:59 PDT, Cameron Zwarich (cpst) 		no flags
Details
Proposed patch (1.72 KB, patch)
2008-06-16 22:32 PDT, Cameron Zwarich (cpst) 		mjs: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Cameron Zwarich (cpst)
Comment 1 2008-06-16 20:42:09 PDT
Created attachment 21749 [details] Leaks report Here is the leaks report. I can increase the number of leaks repeatably by reloading Gmail. There are some other leaks here, but the worst one is the SegmentedVector leak.
Cameron Zwarich (cpst)
Comment 2 2008-06-16 20:56:28 PDT
Since SegmentedVector is only ever used as a member for CodeGenerator, and we aren't leaking CodeGenerator instances (we also never could, because CodeGenerator instances are only stack allocated in generateCode() methods), this probably means there is a bug in the segment handling code in SegmentedVector.
Cameron Zwarich (cpst)
Comment 3 2008-06-16 21:59:04 PDT
Created attachment 21750 [details] Log Here's a log of segment creations and deletions while loading Gmail. It seems that when we make more than one new segment we always leak the first one.
Cameron Zwarich (cpst)
Comment 4 2008-06-16 22:13:47 PDT
I found the problem. In the loop in SegmentedVector::grow(), the index i is often zero, which overwrites the inline segment in m_segments. In the destructor for SegmentedVector, the zero'th position is skipped in the deletion loop, because it is assumed to be the inline segment.
Cameron Zwarich (cpst)
Comment 5 2008-06-16 22:32:08 PDT
Created attachment 21751 [details] Proposed patch
Maciej Stachowiak
Comment 6 2008-06-16 23:00:30 PDT
Comment on attachment 21751 [details] Proposed patch r=me
Cameron Zwarich (cpst)
Comment 7 2008-06-16 23:33:52 PDT
Landed in r34617. I will file the other leaks as separate bugs.
Note You need to log in before you can comment on or make changes to this bug.