55899 2011-03-07 13:14:35 -0800 [Chromium] Detached DOM trees leak because of CSSStyleDeclaration wrapper sharing 2011-03-11 05:32:27 -0800 1 1 1 Unclassified WebKit WebKit Misc. 528+ (Nightly build) PC All RESOLVED FIXED P2 Normal --- 55399 1 mnaganov webkit-unassigned antonm gregsimon koivisto vitalyr oldest_to_newest 363532 0 mnaganov 2011-03-07 13:14:35 -0800 A common pattern of detached DOM trees leak is observed. The common repro scenario is like this: an application sets a style value on some node, then a whole DOM subtree to which this node belongs stays uncollected, even after being detached from the document. This happens because V8 object group for the node includes CSSStyleDeclaration wrapper, which participates in two object groups -- the node group, and the group containing all style declarations. The latter group is thus held by any DOM subtree, including the document object group, and it effectively prevents all other object groups from being collected. Graphically the situation looks like this: Document DOM tree <--> CSSStyleDeclaration <--> Group with style decls. <--> CSSStyleDeclaration <--> Detached DOM subtree Thanks to Rick Byers for providing the example. 363533 1 84974 mnaganov 2011-03-07 13:15:15 -0800 Created attachment 84974 repro page 365943 2 antonm 2011-03-11 05:32:27 -0800 Should be fixed now. See https://bugs.webkit.org/show_bug.cgi?id=56117 for more details. 84974 2011-03-07 13:15:15 -0800 2011-03-07 13:15:15 -0800 repro page cssstylesleak.html text/html 707 mnaganov PGh0bWw+CiAgICA8Ym9keT4KICAgICAgICA8ZGl2IGlkPSd0ZW1wbGF0ZSc+CiAgICAgICAgPC9k aXY+CiAgICAgICAgPHNjcmlwdCB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnPgogICAgICAgICAgdmFy IHRlbXBsYXRlID0gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ3RlbXBsYXRlJyk7CgogICAgICAg ICAgdmFyIG5ld05vZGUgPSAodGVtcGxhdGUuY2xvbmVOb2RlKGZhbHNlKSk7CiAgICAgICAgICBu ZXdOb2RlLnN0eWxlLndpZHRoID0gJzUwcHgnOyAgLy8gZXNzZW50aWFsCiAgICAgICAgICBkb2N1 bWVudC5ib2R5LmFwcGVuZENoaWxkKG5ld05vZGUpOyAgLy8gZXNzZW50aWFsCiAgICAgICAgCiAg ICAgICAgICBmb3IodmFyIGkgPSAwOyBpIDwgNTAwMDAwOyBpKyspIHsKICAgICAgICAgICAgdmFy IG5ld05vZGUgPSAodGVtcGxhdGUuY2xvbmVOb2RlKGZhbHNlKSk7CiAgICAgICAgICAgIG5ld05v ZGUuc3R5bGUud2lkdGggPSAnNTBweCc7ICAgICAgLy8gZXNzZW50aWFsCiAgICAgICAgICAgIGRv Y3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQobmV3Tm9kZSk7CiAgICAgICAgICAgIG5ld05vZGUuc3R5 bGUud2lkdGggPSAnJzsgICAgICAgICAvLyBkb2Vzbid0IGhlbHAKICAgICAgICAgICAgZG9jdW1l bnQuYm9keS5yZW1vdmVDaGlsZChuZXdOb2RlKTsKICAgICAgICAgIH0KICAgICAgICA8L3Njcmlw dD4KICAgIDwvYm9keT4KPC9odG1sPgo=