201804 – [JSC] REGRESSION (r248938): Leak of uint32_t arrays in testFastForwardCopy32()

RESOLVED FIXED 201804

[JSC] REGRESSION (r248938): Leak of uint32_t arrays in testFastForwardCopy32()

https://bugs.webkit.org/show_bug.cgi?id=201804

Summary [JSC] REGRESSION (r248938): Leak of uint32_t arrays in testFastForwardCopy32()

David Kilzer (:ddkilzer)

Reported 2019-09-15 07:01:56 PDT

Leak of uint32_t arrays in testFastForwardCopy32() due to `continue` statements not releasing memory allocated by `new`. void testFastForwardCopy32() { #if CPU(X86_64) for (const bool aligned : { true, false }) { for (const bool overlap : { false, true }) { for (size_t arrsize : { 1, 4, 5, 6, 8, 10, 12, 16, 20, 40, 100, 1000}) { size_t overlapAmount = 5; uint32_t* arr1, *arr2; if (overlap) { arr1 = new uint32_t[arrsize * 2]; arr2 = arr1 + (arrsize - overlapAmount); } else { arr1 = new uint32_t[arrsize]; arr2 = new uint32_t[arrsize]; } if (!aligned && arrsize < 3) continue; // LEAKS! if (overlap && arrsize <= overlapAmount + 3) continue; // LEAKS! [...] if (!overlap) { delete[] arr1; delete[] arr2; } else delete[] arr1; } } } #endif } <https://trac.webkit.org/browser/webkit/trunk/Source/JavaScriptCore/b3/testb3_8.cpp>

Attachments
Patch v1 (2.33 KB, patch) 2019-09-15 07:12 PDT, David Kilzer (:ddkilzer)	no flags	Details Formatted Diff Diff
Patch v2 (2.33 KB, patch) 2019-09-15 07:24 PDT, David Kilzer (:ddkilzer)	no flags	Details Formatted Diff Diff
Patch v3 (2.46 KB, patch) 2019-09-16 05:31 PDT, David Kilzer (:ddkilzer)	no flags	Details Formatted Diff Diff
Patch v4 (2.45 KB, patch) 2019-09-16 06:42 PDT, David Kilzer (:ddkilzer)	no flags	Details Formatted Diff Diff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.

David Kilzer (:ddkilzer)

Comment 1 2019-09-15 07:04:51 PDT

Leak introduced by: Bug 200181: Identify memcpy loops in b3 <https://bugs.webkit.org/show_bug.cgi?id=200181> <https://trac.webkit.org/changeset/248938>

David Kilzer (:ddkilzer)

Comment 2 2019-09-15 07:12:35 PDT

Created attachment 378811 [details] Patch v1

David Kilzer (:ddkilzer)

Comment 3 2019-09-15 07:24:24 PDT

Created attachment 378812 [details] Patch v2

David Kilzer (:ddkilzer)

Comment 4 2019-09-15 07:27:31 PDT

(In reply to David Kilzer (:ddkilzer) from comment #3) > Created attachment 378812 [details] > Patch v2 ERROR: Source/JavaScriptCore/b3/testb3_8.cpp:881: Use 'WTF::makeUnique<>' instead of 'std::make_unique<>'. [runtime/wtf_make_unique] [4] ERROR: Source/JavaScriptCore/b3/testb3_8.cpp:885: Use 'WTF::makeUnique<>' instead of 'std::make_unique<>'. [runtime/wtf_make_unique] [4] ERROR: Source/JavaScriptCore/b3/testb3_8.cpp:886: Use 'WTF::makeUnique<>' instead of 'std::make_unique<>'. [runtime/wtf_make_unique] [4] Total errors found: 3 in 2 files This is a false positive. WTF::makeUnique<> doesn't handle POD types, so std::make_unique<> must still be used. (See build failures of "Patch v1".)

Radar WebKit Bug Importer

Comment 5 2019-09-15 10:57:59 PDT

<rdar://problem/55380614>

Saam Barati

Comment 6 2019-09-15 22:02:28 PDT

Comment on attachment 378812 [details] Patch v2 View in context: https://bugs.webkit.org/attachment.cgi?id=378812&action=review > Source/JavaScriptCore/b3/testb3_8.cpp:885 > + array1 = std::make_unique<uint32_t[]>(arrsize); Should we be using WTF::makeUnique?

David Kilzer (:ddkilzer)

Comment 7 2019-09-15 22:41:20 PDT

(In reply to Saam Barati from comment #6) > Comment on attachment 378812 [details] > Patch v2 > > View in context: > https://bugs.webkit.org/attachment.cgi?id=378812&action=review > > > Source/JavaScriptCore/b3/testb3_8.cpp:885 > > + array1 = std::make_unique<uint32_t[]>(arrsize); > > Should we be using WTF::makeUnique? No. It doesn't support POD types. See Comment #4.

David Kilzer (:ddkilzer)

Comment 8 2019-09-15 22:44:20 PDT

Comment on attachment 378812 [details] Patch v2 View in context: https://bugs.webkit.org/attachment.cgi?id=378812&action=review >>> Source/JavaScriptCore/b3/testb3_8.cpp:885 >>> + array1 = std::make_unique<uint32_t[]>(arrsize); >> >> Should we be using WTF::makeUnique? > > No. It doesn't support POD types. See Comment #4. Or is the patch missing a #include of <wtf/UniqueArray.h>?

Yusuke Suzuki

Comment 9 2019-09-16 00:56:56 PDT

Comment on attachment 378812 [details] Patch v2 View in context: https://bugs.webkit.org/attachment.cgi?id=378812&action=review >>>> Source/JavaScriptCore/b3/testb3_8.cpp:885 >>>> + array1 = std::make_unique<uint32_t[]>(arrsize); >>> >>> Should we be using WTF::makeUnique? >> >> No. It doesn't support POD types. See Comment #4. > > Or is the patch missing a #include of <wtf/UniqueArray.h>? Use `makeUniqueArray<uint32_t>(arrsize)` instead.

David Kilzer (:ddkilzer)

Comment 10 2019-09-16 05:30:51 PDT

(In reply to Yusuke Suzuki from comment #9) > Comment on attachment 378812 [details] > Patch v2 > > View in context: > https://bugs.webkit.org/attachment.cgi?id=378812&action=review > > >>>> Source/JavaScriptCore/b3/testb3_8.cpp:885 > >>>> + array1 = std::make_unique<uint32_t[]>(arrsize); > >>> > >>> Should we be using WTF::makeUnique? > >> > >> No. It doesn't support POD types. See Comment #4. > > > > Or is the patch missing a #include of <wtf/UniqueArray.h>? > > Use `makeUniqueArray<uint32_t>(arrsize)` instead. Thanks! Just noticed that.

David Kilzer (:ddkilzer)

Comment 11 2019-09-16 05:31:26 PDT

Created attachment 378856 [details] Patch v3

David Kilzer (:ddkilzer)

Comment 12 2019-09-16 06:42:18 PDT

Created attachment 378858 [details] Patch v4

David Kilzer (:ddkilzer)

Comment 13 2019-09-16 09:36:10 PDT

(In reply to David Kilzer (:ddkilzer) from comment #4) > (In reply to David Kilzer (:ddkilzer) from comment #3) > > Created attachment 378812 [details] > > Patch v2 > > ERROR: Source/JavaScriptCore/b3/testb3_8.cpp:881: Use 'WTF::makeUnique<>' > instead of 'std::make_unique<>'. [runtime/wtf_make_unique] [4] > ERROR: Source/JavaScriptCore/b3/testb3_8.cpp:885: Use 'WTF::makeUnique<>' > instead of 'std::make_unique<>'. [runtime/wtf_make_unique] [4] > ERROR: Source/JavaScriptCore/b3/testb3_8.cpp:886: Use 'WTF::makeUnique<>' > instead of 'std::make_unique<>'. [runtime/wtf_make_unique] [4] > Total errors found: 3 in 2 files > > This is a false positive. WTF::makeUnique<> doesn't handle POD types, so > std::make_unique<> must still be used. (See build failures of "Patch v1".) Filed Bug 201818 to fix this error message when using arrays: Bug 201818: check-webkit-style: Fix warning message for std::make_unique<typename[]> <https://bugs.webkit.org/show_bug.cgi?id=201818>

WebKit Commit Bot

Comment 14 2019-09-16 13:29:49 PDT

Comment on attachment 378858 [details] Patch v4 Clearing flags on attachment: 378858 Committed r249914: <https://trac.webkit.org/changeset/249914>

WebKit Commit Bot

Comment 15 2019-09-16 13:29:51 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

David Kilzer (:ddkilzer)

Reported

2019-09-15 07:01 PDT

Modified

2019-09-16 13:29 PDT History

CC List

10 users Show

URL

Keywords InRadar

Depends on

Blocks