On 4/10/14, 4:26 PM, Baldeva, Arpit wrote:
I spent more time on it and now have concrete info. The reason for the
leak is ExecutableBase class in runtime/Executable.h has conditional
compilation for the destroy call (only enabled if JIT is enabled). So
when a ProgramExecutable is created, it adds a ref to the
JSC::SourceCode::m_provider member I mentioned below. However, if you
turn off JIT, the allocateCell ends up putting it in
heap.allocateWithoutDestructor. Since the destructor/destroy is not
called anymore, the ref leaks when JIT is not enabled.
It seems to me that safeguarding the destructor using ENABLE(JIT) is a
mistake. The memory leak is also quite severe as I outlined below. A
quick local test I am running at the moment by allowing the destructor
for the non JIT path seems to be working well without leaks.
Thoughts?
This is likely a bug. I don't think anyone compile JavaScriptCore
without enabling JIT anymore, that code is pretty much untested.
Please file a bug on bugs.webkit.org and give the number on this mailing
list. I'll add the JavaScriptCore experts on in CC.
If you have a fix, you can also attach it to the bug.
Cheers,
Benjamin
_______________________________________________
webkit-help mailing list
webkit-help@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-help
