RESOLVED DUPLICATE of bug 56619 56045
REGRESSION (r79781-r79968): Many leaks seen beneath JSWorkerContextBase and WorkerScriptController constructors (leaking a JSGlobalData/JSGlobalObject?)
https://bugs.webkit.org/show_bug.cgi?id=56045
Summary REGRESSION (r79781-r79968): Many leaks seen beneath JSWorkerContextBase and W...
Adam Roben (:aroben)
Reported 2011-03-09 12:26:25 PST
To see the leaks: 1. Go to http://build.webkit.org/LeaksViewer/?url=http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r80646%20(15446)/DumpRenderTree12-leaks.txt 2. Select "Tree (Top Down)" at the bottom of the page 3. Sort by "Total" 4. Start digging in Pretty much all of the leaks seem to be beneath the JSWorkerContextBase and WorkerScriptController constructors. It looks like we're leaking a JSGlobalObject and a JSGlobalData. I don't know whether this is a regression.
Attachments
Adam Roben (:aroben)
Comment 1 2011-03-09 12:26:59 PST
Adam Roben (:aroben)
Comment 6 2011-03-11 11:23:23 PST
Looks like there were a lot of JSC changes in this period and no workers changes.
David Levin
Comment 7 2011-03-11 11:27:38 PST
fwiw it seems like all leaks were related to strings allocated for Identifier. I haven't been able to figure out where the ref count goes wrong on them yet (and likely won't have much time over the next few days to get further as I'm on tap to be the Chrome WebKit gardener for the next 4 working days).
Alexey Proskuryakov
Comment 8 2011-03-11 12:11:18 PST
I briefly looked at Identifier string handling, and I don't see how strings are removed from HashSet. If we can get dangling pointers there, that would be pretty bad.
Adam Roben (:aroben)
Comment 9 2011-03-14 13:18:17 PDT
Looks like the leaks don't happen in every build: http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15500
Alexey Proskuryakov
Comment 10 2011-03-14 13:29:10 PDT
See also: bug 56304.
Alexey Proskuryakov
Comment 11 2011-03-14 14:08:41 PDT
> I don't see how strings are removed from HashSet It's it StringImpl destructor: #if USE(JSC) if (isIdentifier()) { if (!wtfThreadData().currentIdentifierTable()->remove(this)) CRASH(); } #endif
Mark Rowe (bdash)
Comment 12 2011-03-14 16:26:33 PDT
This also happens outside of the context of workers. <http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r81055%20(15563)/DumpRenderTree14-leaks.txt> shows a number of leaks originating from DRT’s JavaScriptCore thread.
Geoffrey Garen
Comment 13 2011-03-17 23:02:26 PDT
*** This bug has been marked as a duplicate of bug 56619 ***
Note You need to log in before you can comment on or make changes to this bug.