Bug 56045
Summary: | REGRESSION (r79781-r79968): Many leaks seen beneath JSWorkerContextBase and WorkerScriptController constructors (leaking a JSGlobalData/JSGlobalObject?) | ||
---|---|---|---|
Product: | WebKit | Reporter: | Adam Roben (:aroben) <aroben> |
Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED DUPLICATE | ||
Severity: | Normal | CC: | ap, barraclough, dimich, ggaren, levin, oliver |
Priority: | P2 | Keywords: | InRadar |
Version: | 528+ (Nightly build) | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://build.webkit.org/LeaksViewer/?url=http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r80646%20(15446)/DumpRenderTree12-leaks.txt |
Adam Roben (:aroben)
To see the leaks:
1. Go to http://build.webkit.org/LeaksViewer/?url=http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r80646%20(15446)/DumpRenderTree12-leaks.txt
2. Select "Tree (Top Down)" at the bottom of the page
3. Sort by "Total"
4. Start digging in
Pretty much all of the leaks seem to be beneath the JSWorkerContextBase and WorkerScriptController constructors. It looks like we're leaking a JSGlobalObject and a JSGlobalData.
I don't know whether this is a regression.
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |
Adam Roben (:aroben)
<rdar://problem/9109988>
Adam Roben (:aroben)
Looks like the leaks started happening in this range:
http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15150
http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15280
Adam Roben (:aroben)
Narrowed it down a little further:
http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15164 (good)
http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15255 (bad)
Adam Roben (:aroben)
http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15235 (bad)
Adam Roben (:aroben)
http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15220 (bad)
Adam Roben (:aroben)
Looks like there were a lot of JSC changes in this period and no workers changes.
David Levin
fwiw it seems like all leaks were related to strings allocated for Identifier. I haven't been able to figure out where the ref count goes wrong on them yet (and likely won't have much time over the next few days to get further as I'm on tap to be the Chrome WebKit gardener for the next 4 working days).
Alexey Proskuryakov
I briefly looked at Identifier string handling, and I don't see how strings are removed from HashSet. If we can get dangling pointers there, that would be pretty bad.
Adam Roben (:aroben)
Looks like the leaks don't happen in every build: http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15500
Alexey Proskuryakov
See also: bug 56304.
Alexey Proskuryakov
> I don't see how strings are removed from HashSet
It's it StringImpl destructor:
#if USE(JSC)
if (isIdentifier()) {
if (!wtfThreadData().currentIdentifierTable()->remove(this))
CRASH();
}
#endif
Mark Rowe (bdash)
This also happens outside of the context of workers. <http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r81055%20(15563)/DumpRenderTree14-leaks.txt> shows a number of leaks originating from DRT’s JavaScriptCore thread.
Geoffrey Garen
*** This bug has been marked as a duplicate of bug 56619 ***