141612 2015-02-14 18:25:38 -0800 RenderMultiColumnSpannerPlaceholder leaks seen on leaks bot 2015-03-03 10:30:49 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified NEW https://bugs.webkit.org/show_bug.cgi?id=140899 https://bugs.webkit.org/show_bug.cgi?id=137273 P2 Normal --- 1 joepeck webkit-unassigned ap darin ddkilzer hyatt joepeck kling zalan oldest_to_newest 1069248 0 joepeck 2015-02-14 18:25:38 -0800 * SUMMARY RenderMultiColumnSpannerPlaceholder leaks seen on leaks bot: https://build.webkit.org/builders/Apple%20Yosemite%20%28Leaks%29/builds/325 Not sure exactly which tests, but it looks like these are only created in one way. Leak: 0x7fcf42c972b0 size=96 zone: DefaultMallocZone_0x100528000 0x00000001 0xf0000000 0x42d27cd0 0x00007fcf .........|.B.... 0x42d27d20 0x00007fcf 0x42d27d50 0x00007fcf }.B....P}.B.... 0x42d27db0 0x00007fcf 0x42d27f00 0x00007fcf .}.B.......B.... 0x4c7ee3c0 0x00007fcf 0x48f80720 0x00007fcf ..~L.... ..H.... 0x00000000 0x00000000 0x42d286c0 0x00007fcf ...........B.... 0x4006e000 0x00000080 0x000001c0 0x00000000 ...@............ Call stack: [thread 0x7fff7d157300]: | 0x2 | start | main DumpRenderTreeMain.mm:30 | DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1301 | dumpRenderTree(int, char const**) DumpRenderTree.mm:1179 | runTestingServerLoop() DumpRenderTree.mm:1070 | runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:1886 | CFRunLoopRunSpecific | __CFRunLoopRun | __CFRunLoopDoSources0 | __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ | MultiplexerSource::_perform(void*) | MultiplexerSource::perform() | RunloopBlockContext::perform() | CFArrayApplyFunction | RunloopBlockContext::_invoke_block(void const*, void*) | ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 | ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke | -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] | -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] | __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke | -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] WebCoreResourceHandleAsDelegate.mm:261 | WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) ResourceLoader.cpp:543 | WebCore::SubresourceLoader::didFinishLoading(double) SubresourceLoader.cpp:366 | WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) CachedRawResource.cpp:105 | WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) CachedResource.cpp:310 | WebCore::CachedResource::checkNotify() CachedResource.cpp:293 | WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) DocumentLoader.cpp:376 | WebCore::DocumentLoader::finishedLoading(double) DocumentLoader.cpp:442 | WebCore::DocumentWriter::end() DocumentWriter.cpp:248 | WebCore::HTMLDocumentParser::finish() HTMLDocumentParser.cpp:452 | WebCore::HTMLDocumentParser::attemptToEnd() HTMLDocumentParser.cpp:424 | WebCore::HTMLDocumentParser::prepareToStopParsing() HTMLDocumentParser.cpp:133 | WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() HTMLDocumentParser.cpp:412 | WebCore::HTMLDocumentParser::end() HTMLDocumentParser.cpp:403 | WebCore::HTMLTreeBuilder::finished() HTMLTreeBuilder.cpp:2942 | WebCore::HTMLConstructionSite::finishedParsing() HTMLConstructionSite.cpp:405 | WebCore::Document::finishedParsing() Document.cpp:4629 | WebCore::FrameLoader::finishedParsing() FrameLoader.cpp:763 | WebCore::FrameLoader::checkCompleted() FrameLoader.cpp:843 | WebCore::FrameLoader::checkCallImplicitClose() FrameLoader.cpp:896 | WebCore::Document::implicitClose() Document.cpp:2457 | WebCore::Document::dispatchWindowLoadEvent() Document.cpp:3814 | WebCore::DOMWindow::dispatchLoadEvent() DOMWindow.cpp:1855 | WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) DOMWindow.cpp:1897 | WebCore::EventTarget::fireEventListeners(WebCore::Event*) EventTarget.cpp:207 | WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) EventTarget.cpp:256 | WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) JSEventListener.cpp:127 | WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) JSMainThreadExecState.h:56 | JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) CallData.cpp:44 | JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) CallData.cpp:39 | JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) Interpreter.cpp:912 | JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:77 | vmEntryToJavaScript | llint_entry | llint_entry | llint_slow_path_get_by_id LLIntSlowPaths.cpp:581 | JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const JSCJSValueInlines.h:703 | JSC::PropertySlot::getValue(JSC::ExecState*, JSC::PropertyName) const PropertySlot.h:256 | WebCore::jsElementOffsetTop(JSC::ExecState*, JSC::JSObject*, long long, JSC::PropertyName) JSElement.cpp:640 | WebCore::Element::offsetTop() Element.cpp:706 | WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) Document.cpp:1871 | WebCore::Document::updateLayout() Document.cpp:1837 | WebCore::FrameView::layout(bool) FrameView.cpp:1333 | WebCore::RenderView::layout() RenderView.cpp:359 | WebCore::RenderView::layoutContent(WebCore::LayoutState const&) RenderView.cpp:233 | WebCore::RenderBlock::layout() RenderBlock.cpp:930 | WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) RenderBlockFlow.cpp:484 | WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) RenderBlockFlow.cpp:629 | WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) RenderBlockFlow.cpp:708 | WebCore::RenderBlock::layout() RenderBlock.cpp:930 | WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) RenderBlockFlow.cpp:484 | WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) RenderBlockFlow.cpp:629 | WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) RenderBlockFlow.cpp:708 | WebCore::RenderBlock::layout() RenderBlock.cpp:930 | WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) RenderBlockFlow.cpp:484 | WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) RenderBlockFlow.cpp:622 | WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox&) RenderBlockFlow.cpp:2231 | WebCore::RenderElement::layoutIfNeeded() RenderElement.h:119 | WebCore::RenderBlock::layout() RenderBlock.cpp:930 | WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) RenderBlockFlow.cpp:484 | WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) RenderBlockFlow.cpp:629 | WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) RenderBlockFlow.cpp:708 | WebCore::RenderBlock::layout() RenderBlock.cpp:930 | WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) RenderBlockFlow.cpp:434 | WebCore::RenderBlockFlow::recomputeLogicalWidthAndColumnWidth() RenderBlockFlow.cpp:384 | WebCore::RenderBlockFlow::computeColumnCountAndWidth() RenderBlockFlow.cpp:423 | WebCore::RenderBlockFlow::setComputedColumnCountAndWidth(int, WebCore::LayoutUnit) RenderBlockFlow.cpp:3791 | WebCore::RenderBlockFlow::createMultiColumnFlowThread() RenderBlockFlow.cpp:128 | WebCore::RenderMultiColumnFlowThread::populate() RenderMultiColumnFlowThread.cpp:159 | WebCore::RenderBoxModelObject::moveChildrenTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) RenderBoxModelObject.h:306 | WebCore::RenderBoxModelObject::moveChildrenTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) RenderBoxModelObject.cpp:2740 | WebCore::RenderBoxModelObject::moveChildTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) RenderBoxModelObject.cpp:2701 | WebCore::RenderBlockFlow::addChild(WebCore::RenderObject*, WebCore::RenderObject*) RenderBlockFlow.cpp:3728 | WebCore::RenderBlock::addChild(WebCore::RenderObject*, WebCore::RenderObject*) RenderBlock.cpp:406 | WebCore::RenderBlock::addChildIgnoringContinuation(WebCore::RenderObject*, WebCore::RenderObject*) RenderBlock.cpp:492 | WebCore::RenderElement::addChild(WebCore::RenderObject*, WebCore::RenderObject*) RenderElement.cpp:511 | WebCore::RenderElement::insertChildInternal(WebCore::RenderObject*, WebCore::RenderObject*, WebCore::RenderElement::NotifyChildrenType) RenderElement.cpp:586 | WebCore::RenderBlockFlow::insertedIntoTree() RenderBlockFlow.cpp:140 | WebCore::RenderElement::insertedIntoTree() RenderElement.cpp:1034 | WebCore::RenderObject::insertedIntoTree() RenderObject.cpp:1917 | WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted(WebCore::RenderObject*) RenderMultiColumnFlowThread.cpp:400 | WebCore::RenderMultiColumnFlowThread::processPossibleSpannerDescendant(WebCore::RenderObject*&, WebCore::RenderObject*) RenderMultiColumnFlowThread.cpp:307 | WebCore::RenderMultiColumnSpannerPlaceholder::createAnonymous(WebCore::RenderMultiColumnFlowThread*, WebCore::RenderBox*, WebCore::RenderStyle*) RenderMultiColumnSpannerPlaceholder.cpp:39 | WebCore::RenderStyle::createAnonymousStyleWithDisplay(WebCore::RenderStyle const*, WebCore::EDisplay) RenderStyle.cpp:102 | WebCore::RenderStyle::create() RenderStyle.cpp:91 | WTF::RefCounted<WebCore::RenderStyle>::operator new(unsigned long) RefCounted.h:141 | WTF::fastMalloc(unsigned long) FastMalloc.cpp:275 | bmalloc::api::malloc(unsigned long) bmalloc.h:36 | bmalloc::Cache::allocate(unsigned long) Cache.h:68 | bmalloc::Allocator::allocate(unsigned long) Allocator.h:85 | bmalloc::Allocator::allocateSlowCase(unsigned long) Allocator.cpp:195 | malloc | malloc_zone_malloc 1069249 1 joepeck 2015-02-14 18:27:13 -0800 I'm unfamiliar with the render tree code. It doesn't appear to use any of our common smart pointers. What should the lifetime be / Who should delete this object? 1069476 2 ap 2015-02-16 10:07:04 -0800 This is an intentional (for now) leak, see <http://trac.webkit.org/changeset/175641>. That said, it certainly needs to be fixed eventually. 1071134 3 ap 2015-02-22 22:35:45 -0800 In the meanwhile, we should add the leak to Tools/Scripts/webkitpy/port/leakdetector.py 1073049 4 ddkilzer 2015-02-28 11:21:04 -0800 Are you sure this is intentional? The ChangeLog talks about leaking the placeholder, not the RenderStyle it uses. Am I missing something? diff --git a/Source/WebCore/rendering/RenderMultiColumnSpannerPlaceholder.cpp b/Source/WebCore/rendering/RenderMultiColumnSpannerPlaceholder.cpp index 6d7e9f1..f871aa2 100644 --- a/Source/WebCore/rendering/RenderMultiColumnSpannerPlaceholder.cpp +++ b/Source/WebCore/rendering/RenderMultiColumnSpannerPlaceholder.cpp @@ -36,9 +36,9 @@ namespace WebCore { RenderMultiColumnSpannerPlaceholder* RenderMultiColumnSpannerPlaceholder::createAnonymous(RenderMultiColumnFlowThread* flowThread, RenderBox* spanner, RenderStyle* parentStyle) { - RefPtr<RenderStyle> newStyle(RenderStyle::createAnonymousStyleWithDisplay(parentStyle, BLOCK)); + auto newStyle = RenderStyle::createAnonymousStyleWithDisplay(parentStyle, BLOCK); newStyle->setClear(CBOTH); // We don't want floats in the row preceding the spanner to continue on the other side. - auto placeholder = new RenderMultiColumnSpannerPlaceholder(flowThread, spanner, *newStyle); + auto placeholder = new RenderMultiColumnSpannerPlaceholder(flowThread, spanner, WTF::move(newStyle)); placeholder->initializeStyle(); return placeholder; } 1073705 5 ddkilzer 2015-03-03 10:30:49 -0800 (In reply to comment #4) > Are you sure this is intentional? The ChangeLog talks about leaking the > placeholder, not the RenderStyle it uses. > > Am I missing something? I am missing something! Both the RenderMultiColumnSpannerPlaceholder and the RenderStyle are leaked, which is expected based on the comment.