To see the leaks: 1. Go to http://build.webkit.org/LeaksViewer/?url=http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r80646%20(15446)/DumpRenderTree12-leaks.txt 2. Select "Tree (Top Down)" at the bottom of the page 3. Sort by "Total" 4. Start digging in Pretty much all of the leaks seem to be beneath the JSWorkerContextBase and WorkerScriptController constructors. It looks like we're leaking a JSGlobalObject and a JSGlobalData. I don't know whether this is a regression.
<rdar://problem/9109988>
Looks like the leaks started happening in this range: http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15150 http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15280
Narrowed it down a little further: http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15164 (good) http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15255 (bad)
http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15235 (bad)
http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15220 (bad)
Looks like there were a lot of JSC changes in this period and no workers changes.
fwiw it seems like all leaks were related to strings allocated for Identifier. I haven't been able to figure out where the ref count goes wrong on them yet (and likely won't have much time over the next few days to get further as I'm on tap to be the Chrome WebKit gardener for the next 4 working days).
I briefly looked at Identifier string handling, and I don't see how strings are removed from HashSet. If we can get dangling pointers there, that would be pretty bad.
Looks like the leaks don't happen in every build: http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15500
See also: bug 56304.
> I don't see how strings are removed from HashSet It's it StringImpl destructor: #if USE(JSC) if (isIdentifier()) { if (!wtfThreadData().currentIdentifierTable()->remove(this)) CRASH(); } #endif
This also happens outside of the context of workers. <http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r81055%20(15563)/DumpRenderTree14-leaks.txt> shows a number of leaks originating from DRT’s JavaScriptCore thread.
*** This bug has been marked as a duplicate of bug 56619 ***