Bug 189455

I stumbled on these leaks because of a comment Sam made in another patch I was working on. I ended up auditing all the code paths that use the JavaScript C API to allocate a JSStringRef or JSGlobalContextRef. Most of the leaks were in test-specific code, but not all of them were. The fixes to use JSRetainPtr more consistently make many of the leaks go away in a subtle way; code that looks the same now doesn't leak. Other leaks were fixed simply by adding release function calls or adding a missing adopt call.

Oops, looks like I made a mistake that’s causing accessibility tests to fail. Checking on that.

Created attachment 349279 [details] Patch

Found it, was returning "ios" instead of "mac" for platform because of a copy and paste error.

Comment on attachment 349279 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=349279&action=review r=me with comments. I think you need to rebase though. > Source/JavaScriptCore/API/JSObjectRef.cpp:796 > + propertyNames->array.uncheckedAppend(adopt(OpaqueJSString::create(array[i].string()).leakRef())); What's the point of adopting the string then leaking it? > Source/JavaScriptCore/API/JSRetainPtr.h:69 > + // FIXME: Make this private once Apple's internal code is updated to not rely on it. nit: Could you file a bugzilla for this and link to it in the FIXME? > Source/JavaScriptCore/API/JSValue.mm:159 > + JSStringRef string = JSStringCreateWithCFString((__bridge CFStringRef)description); > + auto value = [JSValue valueWithJSValueRef:JSValueMakeSymbol([context JSGlobalContextRef], string) inContext:context]; > + JSStringRelease(string); Aww man, I'm so used to RAII lifetime management that I completely missed this! :( Good catch. Maybe we should use RetainPtr in this file so we don't make these mistakes again?

Comment on attachment 349279 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=349279&action=review >> Source/JavaScriptCore/API/JSObjectRef.cpp:796 >> + propertyNames->array.uncheckedAppend(adopt(OpaqueJSString::create(array[i].string()).leakRef())); > > What's the point of adopting the string then leaking it? This first leaks the string and then adopts it; I believe this is done to change the type from OpaqueJSString to JSStringRef, but we could also experiment with not doing it to see what kind of compiler error we get. >> Source/JavaScriptCore/API/JSRetainPtr.h:69 >> + // FIXME: Make this private once Apple's internal code is updated to not rely on it. > > nit: Could you file a bugzilla for this and link to it in the FIXME? Sure, I would be willing to if that’s definitely how you like to work, but is that really a good way to do it? I don’t think this is super-important or urgent. But I wrote the FIXME so people understand the intent is that it’s private. >> Source/JavaScriptCore/API/JSValue.mm:159 >> + JSStringRelease(string); > > Aww man, I'm so used to RAII lifetime management that I completely missed this! :( Good catch. > > Maybe we should use RetainPtr in this file so we don't make these mistakes again? Sure we could do that here. I tried to fix the bug with minimal style changes in this patch but I’d be happy to follow up and use JSRetainPtr a bit more.

Comment on attachment 349279 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=349279&action=review >>> Source/JavaScriptCore/API/JSRetainPtr.h:69 >>> + // FIXME: Make this private once Apple's internal code is updated to not rely on it. >> >> nit: Could you file a bugzilla for this and link to it in the FIXME? > > Sure, I would be willing to if that’s definitely how you like to work, but is that really a good way to do it? I don’t think this is super-important or urgent. But I wrote the FIXME so people understand the intent is that it’s private. The main reason why I like having a bugzilla is that it helps locate all the different places related to the issue. It's probably not super important for this case but I think it's good hygiene.

Comment on attachment 349279 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=349279&action=review >>> Source/JavaScriptCore/API/JSObjectRef.cpp:796 >>> + propertyNames->array.uncheckedAppend(adopt(OpaqueJSString::create(array[i].string()).leakRef())); >> >> What's the point of adopting the string then leaking it? > > This first leaks the string and then adopts it; I believe this is done to change the type from OpaqueJSString to JSStringRef, but we could also experiment with not doing it to see what kind of compiler error we get. Turns out this has to do leakRef/adopt to turn a RefPtr into a JSRetainPtr. Code inside JavaScriptCore and perhaps inside all of WebKit can just include OpaqueJSString.h and use Ref and RefPtr for JSStringRef, which should be more efficient than using JSRetainPtr. Code outside WebKit would of course need to use something more like JSRetainPtr. It’s unclear to me if we should keep JSRetainPtr around inside the WebKit project.

Comment on attachment 349279 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=349279&action=review >>>> Source/JavaScriptCore/API/JSObjectRef.cpp:796 >>>> + propertyNames->array.uncheckedAppend(adopt(OpaqueJSString::create(array[i].string()).leakRef())); >>> >>> What's the point of adopting the string then leaking it? >> >> This first leaks the string and then adopts it; I believe this is done to change the type from OpaqueJSString to JSStringRef, but we could also experiment with not doing it to see what kind of compiler error we get. > > Turns out this has to do leakRef/adopt to turn a RefPtr into a JSRetainPtr. Code inside JavaScriptCore and perhaps inside all of WebKit can just include OpaqueJSString.h and use Ref and RefPtr for JSStringRef, which should be more efficient than using JSRetainPtr. > > Code outside WebKit would of course need to use something more like JSRetainPtr. It’s unclear to me if we should keep JSRetainPtr around inside the WebKit project. I found a great solution. Turns out this is the *only* use of JSRetainPtr inside WebKit. All the other uses are either in test code (DumpRenderTree and WebKitTestRunner) or in Apple internal software. SO I changed this class to not use JSRetainPtr at all. I suppose that now we should consider how to prevent anyone from accidentally using JSRetainPtr inside WebKit, basically pointing them towards RefPtr and Ref instead.

Created attachment 349854 [details] One more try at fixing Windows, give EWS a chance

Committed r236032: <https://trac.webkit.org/changeset/236032>

<rdar://problem/44489024>

Looks like I missed the JavaScriptCore/API/glib directory when making this change. The code in that directory still uses the adopt constructor, not the adopt function.