Bug 141612

Summary: RenderMultiColumnSpannerPlaceholder leaks seen on leaks bot
Product: WebKit Reporter: Joseph Pecoraro <joepeck>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: ap, darin, ddkilzer, hyatt, joepeck, kling, zalan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=140899
https://bugs.webkit.org/show_bug.cgi?id=137273

Joseph Pecoraro
Reported 2015-02-14 18:25:38 PST
* SUMMARY RenderMultiColumnSpannerPlaceholder leaks seen on leaks bot: https://build.webkit.org/builders/Apple%20Yosemite%20%28Leaks%29/builds/325 Not sure exactly which tests, but it looks like these are only created in one way. Leak: 0x7fcf42c972b0 size=96 zone: DefaultMallocZone_0x100528000 0x00000001 0xf0000000 0x42d27cd0 0x00007fcf .........|.B.... 0x42d27d20 0x00007fcf 0x42d27d50 0x00007fcf }.B....P}.B.... 0x42d27db0 0x00007fcf 0x42d27f00 0x00007fcf .}.B.......B.... 0x4c7ee3c0 0x00007fcf 0x48f80720 0x00007fcf ..~L.... ..H.... 0x00000000 0x00000000 0x42d286c0 0x00007fcf ...........B.... 0x4006e000 0x00000080 0x000001c0 0x00000000 ...@............ Call stack: [thread 0x7fff7d157300]: | 0x2 | start | main DumpRenderTreeMain.mm:30 | DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1301 | dumpRenderTree(int, char const**) DumpRenderTree.mm:1179 | runTestingServerLoop() DumpRenderTree.mm:1070 | runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:1886 | CFRunLoopRunSpecific | __CFRunLoopRun | __CFRunLoopDoSources0 | __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ | MultiplexerSource::_perform(void*) | MultiplexerSource::perform() | RunloopBlockContext::perform() | CFArrayApplyFunction | RunloopBlockContext::_invoke_block(void const*, void*) | ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 | ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke | -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] | -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] | __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke | -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] WebCoreResourceHandleAsDelegate.mm:261 | WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) ResourceLoader.cpp:543 | WebCore::SubresourceLoader::didFinishLoading(double) SubresourceLoader.cpp:366 | WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) CachedRawResource.cpp:105 | WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) CachedResource.cpp:310 | WebCore::CachedResource::checkNotify() CachedResource.cpp:293 | WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) DocumentLoader.cpp:376 | WebCore::DocumentLoader::finishedLoading(double) DocumentLoader.cpp:442 | WebCore::DocumentWriter::end() DocumentWriter.cpp:248 | WebCore::HTMLDocumentParser::finish() HTMLDocumentParser.cpp:452 | WebCore::HTMLDocumentParser::attemptToEnd() HTMLDocumentParser.cpp:424 | WebCore::HTMLDocumentParser::prepareToStopParsing() HTMLDocumentParser.cpp:133 | WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() HTMLDocumentParser.cpp:412 | WebCore::HTMLDocumentParser::end() HTMLDocumentParser.cpp:403 | WebCore::HTMLTreeBuilder::finished() HTMLTreeBuilder.cpp:2942 | WebCore::HTMLConstructionSite::finishedParsing() HTMLConstructionSite.cpp:405 | WebCore::Document::finishedParsing() Document.cpp:4629 | WebCore::FrameLoader::finishedParsing() FrameLoader.cpp:763 | WebCore::FrameLoader::checkCompleted() FrameLoader.cpp:843 | WebCore::FrameLoader::checkCallImplicitClose() FrameLoader.cpp:896 | WebCore::Document::implicitClose() Document.cpp:2457 | WebCore::Document::dispatchWindowLoadEvent() Document.cpp:3814 | WebCore::DOMWindow::dispatchLoadEvent() DOMWindow.cpp:1855 | WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) DOMWindow.cpp:1897 | WebCore::EventTarget::fireEventListeners(WebCore::Event*) EventTarget.cpp:207 | WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) EventTarget.cpp:256 | WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) JSEventListener.cpp:127 | WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) JSMainThreadExecState.h:56 | JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) CallData.cpp:44 | JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) CallData.cpp:39 | JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) Interpreter.cpp:912 | JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:77 | vmEntryToJavaScript | llint_entry | llint_entry | llint_slow_path_get_by_id LLIntSlowPaths.cpp:581 | JSC::JSValue::get(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) const JSCJSValueInlines.h:703 | JSC::PropertySlot::getValue(JSC::ExecState*, JSC::PropertyName) const PropertySlot.h:256 | WebCore::jsElementOffsetTop(JSC::ExecState*, JSC::JSObject*, long long, JSC::PropertyName) JSElement.cpp:640 | WebCore::Element::offsetTop() Element.cpp:706 | WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks) Document.cpp:1871 | WebCore::Document::updateLayout() Document.cpp:1837 | WebCore::FrameView::layout(bool) FrameView.cpp:1333 | WebCore::RenderView::layout() RenderView.cpp:359 | WebCore::RenderView::layoutContent(WebCore::LayoutState const&) RenderView.cpp:233 | WebCore::RenderBlock::layout() RenderBlock.cpp:930 | WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) RenderBlockFlow.cpp:484 | WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) RenderBlockFlow.cpp:629 | WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) RenderBlockFlow.cpp:708 | WebCore::RenderBlock::layout() RenderBlock.cpp:930 | WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) RenderBlockFlow.cpp:484 | WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) RenderBlockFlow.cpp:629 | WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) RenderBlockFlow.cpp:708 | WebCore::RenderBlock::layout() RenderBlock.cpp:930 | WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) RenderBlockFlow.cpp:484 | WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) RenderBlockFlow.cpp:622 | WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox&) RenderBlockFlow.cpp:2231 | WebCore::RenderElement::layoutIfNeeded() RenderElement.h:119 | WebCore::RenderBlock::layout() RenderBlock.cpp:930 | WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) RenderBlockFlow.cpp:484 | WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) RenderBlockFlow.cpp:629 | WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) RenderBlockFlow.cpp:708 | WebCore::RenderBlock::layout() RenderBlock.cpp:930 | WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) RenderBlockFlow.cpp:434 | WebCore::RenderBlockFlow::recomputeLogicalWidthAndColumnWidth() RenderBlockFlow.cpp:384 | WebCore::RenderBlockFlow::computeColumnCountAndWidth() RenderBlockFlow.cpp:423 | WebCore::RenderBlockFlow::setComputedColumnCountAndWidth(int, WebCore::LayoutUnit) RenderBlockFlow.cpp:3791 | WebCore::RenderBlockFlow::createMultiColumnFlowThread() RenderBlockFlow.cpp:128 | WebCore::RenderMultiColumnFlowThread::populate() RenderMultiColumnFlowThread.cpp:159 | WebCore::RenderBoxModelObject::moveChildrenTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) RenderBoxModelObject.h:306 | WebCore::RenderBoxModelObject::moveChildrenTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) RenderBoxModelObject.cpp:2740 | WebCore::RenderBoxModelObject::moveChildTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) RenderBoxModelObject.cpp:2701 | WebCore::RenderBlockFlow::addChild(WebCore::RenderObject*, WebCore::RenderObject*) RenderBlockFlow.cpp:3728 | WebCore::RenderBlock::addChild(WebCore::RenderObject*, WebCore::RenderObject*) RenderBlock.cpp:406 | WebCore::RenderBlock::addChildIgnoringContinuation(WebCore::RenderObject*, WebCore::RenderObject*) RenderBlock.cpp:492 | WebCore::RenderElement::addChild(WebCore::RenderObject*, WebCore::RenderObject*) RenderElement.cpp:511 | WebCore::RenderElement::insertChildInternal(WebCore::RenderObject*, WebCore::RenderObject*, WebCore::RenderElement::NotifyChildrenType) RenderElement.cpp:586 | WebCore::RenderBlockFlow::insertedIntoTree() RenderBlockFlow.cpp:140 | WebCore::RenderElement::insertedIntoTree() RenderElement.cpp:1034 | WebCore::RenderObject::insertedIntoTree() RenderObject.cpp:1917 | WebCore::RenderMultiColumnFlowThread::flowThreadDescendantInserted(WebCore::RenderObject*) RenderMultiColumnFlowThread.cpp:400 | WebCore::RenderMultiColumnFlowThread::processPossibleSpannerDescendant(WebCore::RenderObject*&, WebCore::RenderObject*) RenderMultiColumnFlowThread.cpp:307 | WebCore::RenderMultiColumnSpannerPlaceholder::createAnonymous(WebCore::RenderMultiColumnFlowThread*, WebCore::RenderBox*, WebCore::RenderStyle*) RenderMultiColumnSpannerPlaceholder.cpp:39 | WebCore::RenderStyle::createAnonymousStyleWithDisplay(WebCore::RenderStyle const*, WebCore::EDisplay) RenderStyle.cpp:102 | WebCore::RenderStyle::create() RenderStyle.cpp:91 | WTF::RefCounted<WebCore::RenderStyle>::operator new(unsigned long) RefCounted.h:141 | WTF::fastMalloc(unsigned long) FastMalloc.cpp:275 | bmalloc::api::malloc(unsigned long) bmalloc.h:36 | bmalloc::Cache::allocate(unsigned long) Cache.h:68 | bmalloc::Allocator::allocate(unsigned long) Allocator.h:85 | bmalloc::Allocator::allocateSlowCase(unsigned long) Allocator.cpp:195 | malloc | malloc_zone_malloc
Attachments
Add attachment proposed patch, testcase, etc.
Joseph Pecoraro
Comment 1 2015-02-14 18:27:13 PST
I'm unfamiliar with the render tree code. It doesn't appear to use any of our common smart pointers. What should the lifetime be / Who should delete this object?
Alexey Proskuryakov
Comment 2 2015-02-16 10:07:04 PST
This is an intentional (for now) leak, see <http://trac.webkit.org/changeset/175641>. That said, it certainly needs to be fixed eventually.
Alexey Proskuryakov
Comment 3 2015-02-22 22:35:45 PST
In the meanwhile, we should add the leak to Tools/Scripts/webkitpy/port/leakdetector.py
David Kilzer (:ddkilzer)
Comment 4 2015-02-28 11:21:04 PST
Are you sure this is intentional? The ChangeLog talks about leaking the placeholder, not the RenderStyle it uses. Am I missing something? diff --git a/Source/WebCore/rendering/RenderMultiColumnSpannerPlaceholder.cpp b/Source/WebCore/rendering/RenderMultiColumnSpannerPlaceholder.cpp index 6d7e9f1..f871aa2 100644 --- a/Source/WebCore/rendering/RenderMultiColumnSpannerPlaceholder.cpp +++ b/Source/WebCore/rendering/RenderMultiColumnSpannerPlaceholder.cpp @@ -36,9 +36,9 @@ namespace WebCore { RenderMultiColumnSpannerPlaceholder* RenderMultiColumnSpannerPlaceholder::createAnonymous(RenderMultiColumnFlowThread* flowThread, RenderBox* spanner, RenderStyle* parentStyle) { - RefPtr<RenderStyle> newStyle(RenderStyle::createAnonymousStyleWithDisplay(parentStyle, BLOCK)); + auto newStyle = RenderStyle::createAnonymousStyleWithDisplay(parentStyle, BLOCK); newStyle->setClear(CBOTH); // We don't want floats in the row preceding the spanner to continue on the other side. - auto placeholder = new RenderMultiColumnSpannerPlaceholder(flowThread, spanner, *newStyle); + auto placeholder = new RenderMultiColumnSpannerPlaceholder(flowThread, spanner, WTF::move(newStyle)); placeholder->initializeStyle(); return placeholder; }
David Kilzer (:ddkilzer)
Comment 5 2015-03-03 10:30:49 PST
(In reply to comment #4) > Are you sure this is intentional? The ChangeLog talks about leaking the > placeholder, not the RenderStyle it uses. > > Am I missing something? I am missing something! Both the RenderMultiColumnSpannerPlaceholder and the RenderStyle are leaked, which is expected based on the comment.
Note You need to log in before you can comment on or make changes to this bug.