22753 2008-12-09 00:39:25 -0800 Reproducible global object leak caused by setInterval 2008-12-11 01:05:28 -0800 1 1 1 Unclassified WebKit WebCore JavaScript 528+ (Nightly build) All All RESOLVED FIXED http://ejohn.org/apps/processing.js/examples/basic/noisewave.html HasReduction, InRadar P2 Normal --- 1 oliver webkit-unassigned ap darin dimich ggaren mjs sam zwarich oldest_to_newest 101948 0 oliver 2008-12-09 00:39:25 -0800 I have discovered a reproducible global object leak (a valuable property of our GC: when you leak a global object, it takes very little time for maths to become ludicrously expensive and my browsing patterns show tihs really quickly. Because all i look at are js raytracers :D ) Steps to reproduce: 1. Start webkit 2. Open caches window 3. Navigate to http://ejohn.org/apps/processing.js/examples/basic/noisewave.html 4. Navigate to another page (say google.com) 5. Close browser window 6. Force GC a few times Results: We end up with 2 global objects leaked, probably due to the one protected function that hangs around indefinitely. The global object contained by that function, then history probably holds onto all the other global objects, and subsequently everything else. 101949 1 oliver 2008-12-09 00:44:43 -0800 <rdar://problem/6429894> 101950 2 ap 2008-12-09 00:46:35 -0800 What version of WebKit are you seeing this with? 101951 3 oliver 2008-12-09 00:51:07 -0800 r39131, but i was seeing this from a revision earlier today and updated to verify it still existed in tot 101954 4 ap 2008-12-09 02:08:48 -0800 The leaking protected object is a setInterval() callback in processing.js. There is no leak in r38860, so this is likely to be a regression from DOMTimer refactoring. 101956 5 25879 ap 2008-12-09 02:31:11 -0800 Created attachment 25879 reduction 101969 6 dimich 2008-12-09 05:21:10 -0800 Not enough calls to stopActiveDOMObjects(). In this case, the suspended CachedPages are cleared when window is closed. This code path never calls stopActiveDOMObjects() and it caused live JS wrappers to stay alive. After window close, the cached pages are cleared and it seems Document::detach() is a good place to stop active objects. I hope documents can not 'attach' back. 101970 7 25883 dimich 2008-12-09 05:42:00 -0800 Created attachment 25883 Proposed patch 102121 8 dimich 2008-12-10 10:50:40 -0800 Working on a test. Will add as a separate patch. 102135 9 dimich 2008-12-10 13:08:52 -0800 Can't create a test because DumpRenderTree has the page cache disabled. The known way to repro the leak is when CachedPages are destroyed. 102145 10 25883 darin 2008-12-10 14:23:41 -0800 Comment on attachment 25883 Proposed patch Is it correct behavior to stop XMLHttpRequest in this case? I'll assume the answer is yes and say r=me 102191 11 oliver 2008-12-10 18:14:21 -0800 Committing to http://svn.webkit.org/repository/webkit/trunk ... M WebCore/ChangeLog M WebCore/dom/Document.cpp Committed r39193 102217 12 dimich 2008-12-11 01:05:28 -0800 added a regression test - bug 22806 25879 2008-12-09 02:31:11 -0800 2008-12-09 02:31:11 -0800 reduction interval2.html text/html 280 ap PGJvZHk+CjxkaXY+PC9kaXY+CjxzY3JpcHQ+CnZhciBwID0ge307CnAuZm9vID0gZnVuY3Rpb24o KSB7CiAgICBzZXRJbnRlcnZhbChmdW5jdGlvbigpIHt9LCAxMDAwKTsKfQpwLmQgPSBkb2N1bWVu dC5nZXRFbGVtZW50c0J5VGFnTmFtZSgiZCIpOwpwLmZvbygpOwpsb2NhdGlvbi5ocmVmID0gImRh dGE6dGV4dC9wbGFpbixQbGVhc2UgY2xvc2UgdGhpcyB3aW5kb3cgYW5kIGNoZWNrIGZvciBwcm90 ZWN0ZWQgb2JqZWN0cyBpbiBDYWNoZXMgd2luZG93LiI7Cjwvc2NyaXB0Pgo8L2JvZHk+Cg== 25883 2008-12-09 05:42:00 -0800 2008-12-10 14:23:41 -0800 Proposed patch patch.txt text/plain 1003 dimich SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiAzOTEzMikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTQgQEAKKzIwMDgtMTItMDkgIERtaXRyeSBUaXRvdiAgPGRpbWljaEBjaHJvbWl1 bS5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAg Rml4IG1lbW9yeSBsZWFrIC0gbmVlZCB0byBjYWxsIHN0b3BBY3RpdmVET01PYmplY3RzCisgICAg ICAgIHdoZW4gY2FjaGVkIHBhZ2VzIGdldCBkZXN0cm95ZWQuCisgICAgICAgIGh0dHBzOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMjc1MworCisgICAgICAgICogZG9tL0RvY3Vt ZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkRvY3VtZW50OjpkZXRhY2gpOiBhZGQgYSBjYWxs IHRvIHN0b3BBY3RpdmVET01PYmplY3RzKCkKKwogMjAwOC0xMS0yNiAgUGV0ZXIgS2FzdGluZyAg PHBrYXN0aW5nQGdvb2dsZS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgQW5kZXJzIENhcmxz c29uLgpJbmRleDogV2ViQ29yZS9kb20vRG9jdW1lbnQuY3BwCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNv cmUvZG9tL0RvY3VtZW50LmNwcAkocmV2aXNpb24gMzkwOTkpCisrKyBXZWJDb3JlL2RvbS9Eb2N1 bWVudC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTEyNzcsNiArMTI3Nyw3IEBAIHZvaWQgRG9jdW1l bnQ6OmRldGFjaCgpCiAgICAgQVNTRVJUKCFtX2luUGFnZUNhY2hlKTsKIAogICAgIGNsZWFyQVhP YmplY3RDYWNoZSgpOworICAgIHN0b3BBY3RpdmVET01PYmplY3RzKCk7CiAgICAgCiAgICAgUmVu ZGVyT2JqZWN0KiByZW5kZXIgPSByZW5kZXJlcigpOwogCg==