I will upload a leaks report as an attachment.
Created attachment 21749 [details]
Here is the leaks report. I can increase the number of leaks repeatably by reloading Gmail. There are some other leaks here, but the worst one is the SegmentedVector leak.
Since SegmentedVector is only ever used as a member for CodeGenerator, and we aren't leaking CodeGenerator instances (we also never could, because CodeGenerator instances are only stack allocated in generateCode() methods), this probably means there is a bug in the segment handling code in SegmentedVector.
Created attachment 21750 [details]
Here's a log of segment creations and deletions while loading Gmail. It seems that when we make more than one new segment we always leak the first one.
I found the problem. In the loop in SegmentedVector::grow(), the index i is often zero, which overwrites the inline segment in m_segments. In the destructor for SegmentedVector, the zero'th position is skipped in the deletion loop, because it is assumed to be the inline segment.
Created attachment 21751 [details]
Comment on attachment 21751 [details]
Landed in r34617. I will file the other leaks as separate bugs.