Bug 75451

Summary: REGRESSION(r100517): Finalizers are not run for many, many DOM objects!
Product: WebKit Reporter: Sam Weinig <sam>
Component: WebCore JavaScriptAssignee: Sam Weinig <sam>
Status: NEW ---    
Severity: Normal CC: abarth, ap, ggaren, japhet, mhahnenberg, mrowe, webkit.review.bot
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Temporary workaround patch none

Description Sam Weinig 2012-01-02 15:19:57 PST 
After r100517 we appear to be leaking many DOM objects. It appears that their wrappers are not being finalized which is leading to the wrapped object not being deref'd before the wrapper is destroyed.

* STEPS TO REPRODUCE
1. Load <http://www.google.com/>.
2. Run "leaks WebProcess".

* RESULTS
You'll see 50 - 100 reported leaks of objects like CSSComputedStyleDeclaration and so on.
Comment 1 Sam Weinig 2012-01-02 15:21:01 PST 
It seems the assumption that a finalizer will run for each DOM object wrapper (based on the assumption that each DOM object wrapper has a handle which can get finalized) is not holding true.
Comment 2 Sam Weinig 2012-01-02 15:23:46 PST 
Created attachment 120896 [details]
Temporary workaround patch
Comment 3 Sam Weinig 2012-01-02 15:32:08 PST 
Committed r103913: <http://trac.webkit.org/changeset/103913>
Comment 4 Sam Weinig 2012-01-02 15:41:25 PST 
<rdar://problem/10611063>
Comment 5 Sam Weinig 2012-01-02 15:56:12 PST 
Fixed the build due to bad patch landing in r103915.
Comment 6 Alexey Proskuryakov 2012-04-03 15:35:49 PDT 
Re-titling to track a proper fix, now that the symptom is under the carpet.