| Issue 21079: | Occasional memory leak in WebCore::V8EventListenerList::findOrCreateWrapper<>() | |
| 1 person starred this issue and may be notified of changes. | Back to list |
Sign in to add a comment
|
cc'ing vitaly and feng because they were involved in fixing related? bug 17400. http://build.chromium.org/buildbot/waterfall/builders/Webkit%20Linux%20(valgrind%20layout)/builds/1663/steps/valgrind%20test:%20layout/logs/stdio contains two related warnings from LayoutTests/svg: 76 (12 direct, 64 indirect) bytes in 1 blocks are definitely lost in loss record 8,286 of 9,124 malloc (vg_replace_malloc.c:194) WTF::fastMalloc(unsigned int) (third_party/WebKit/JavaScriptCore/wtf/FastMalloc.cpp:233) WebCore::V8EventListenerList::add(WebCore::V8EventListener*) (third_party/WebKit/JavaScriptCore/wtf/FastAllocBase.h:96) WTF::PassRefPtr<WebCore::V8EventListener> WebCore::V8EventListenerList::findOrCreateWrapper<WebCore::V8ObjectEventListener>(WebCore::Frame*, v8::Local<v8::Value>, bool) (third_party/WebKit/WebCore/bindings/v8/V8EventListenerList.h:117) WebCore::V8DOMWrapper::getEventListener(WebCore::Node*, v8::Local<v8::Value>, bool, bool) (third_party/WebKit/WebCore/bindings/v8/V8DOMWrapper.cpp:1351) WebCore::V8Custom::v8NodeAddEventListenerCallback(v8::Arguments const&) (third_party/WebKit/WebCore/bindings/v8/custom/V8NodeCustom.cpp:61) v8::internal::Builtin_HandleApiCall(v8::internal::Arguments) (v8/src/builtins.cc:379) and 76 (12 direct, 64 indirect) bytes in 1 blocks are definitely lost in loss record 8,242 of 9,059 malloc (vg_replace_malloc.c:194) WTF::fastMalloc(unsigned int) (third_party/WebKit/JavaScriptCore/wtf/FastMalloc.cpp:233) WebCore::V8EventListenerList::add(WebCore::V8EventListener*) (third_party/WebKit/JavaScriptCore/wtf/FastAllocBase.h:96) WTF::PassRefPtr<WebCore::V8EventListener> WebCore::V8EventListenerList::findOrCreateWrapper<WebCore::V8EventListener>(WebCore::Frame*, v8::Local<v8::Value>, bool) (third_party/WebKit/WebCore/bindings/v8/V8EventListenerList.h:117) WebCore::V8Custom::v8SVGElementInstanceAddEventListenerCallback(v8::Arguments const&) (third_party/WebKit/WebCore/bindings/v8/custom/V8SVGElementInstanceCustom.cpp:56) v8::internal::Builtin_HandleApiCall(v8::internal::Arguments) (v8/src/builtins.cc:379) |
||||||||||||||||||||
,
Sep 07, 2009
Valgrind failed to catch this in my tests. Yet I think there is a leak indeed. What happens is this: 1. When creating a new EventListener instance V8DOMWrapper::getEventListener calls V8EventListenerList::findOrCreateWrapper on proxy->objectListeners(). 2. objectListeners adds the newly created instance to its HashMap<int/*v8 JS function hash code*/, Vector<V8EventListener*>*>, growing existing or creating a new Vector. (Vector is required here because v8 hash codes are not unique.) 3. When proxy is disconnected from the frame, it clears proxy->objectListeners() that in turn clears the map, but the map does not delete the Vector objects. There is needsDestruction = true specified in its traits but it has no effect on pointers to Vector. We have two options here: 1. Fix this by cleaning up the maps properly. 2. Rework this part by storing listeners in hidden properties on JS functions. This should make the code considerably simpler and less fragile. Dimitri, what do you think?
Owner: vita...@chromium.org
Cc: dglaz...@chromium.org Labels: -Area-Misc Area-WebKit |
|||||||||||||||||||||
,
Sep 07, 2009
I really like #2. |
|||||||||||||||||||||
,
Oct 02, 2009
Fixed in https://bugs.webkit.org/show_bug.cgi?id=29825.
Status: Fixed
|
|||||||||||||||||||||
| ► Sign in to add a comment | |||||||||||||||||||||