Bug 56045 - REGRESSION (r79781-r79968): Many leaks seen beneath JSWorkerContextBase and WorkerScriptController constructors (leaking a JSGlobalData/JSGlobalObject?)
Summary: REGRESSION (r79781-r79968): Many leaks seen beneath JSWorkerContextBase and W...
Status: RESOLVED DUPLICATE of bug 56619
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL: http://build.webkit.org/LeaksViewer/?...
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2011-03-09 12:26 PST by Adam Roben (:aroben)
Modified: 2011-03-17 23:02 PDT (History)
6 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2011-03-09 12:26:25 PST
To see the leaks:

1. Go to http://build.webkit.org/LeaksViewer/?url=http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r80646%20(15446)/DumpRenderTree12-leaks.txt
2. Select "Tree (Top Down)" at the bottom of the page
3. Sort by "Total"
4. Start digging in

Pretty much all of the leaks seem to be beneath the JSWorkerContextBase and WorkerScriptController constructors. It looks like we're leaking a JSGlobalObject and a JSGlobalData.

I don't know whether this is a regression.
Comment 1 Adam Roben (:aroben) 2011-03-09 12:26:59 PST
<rdar://problem/9109988>
Comment 6 Adam Roben (:aroben) 2011-03-11 11:23:23 PST
Looks like there were a lot of JSC changes in this period and no workers changes.
Comment 7 David Levin 2011-03-11 11:27:38 PST
fwiw it seems like all leaks were related to strings allocated for Identifier. I haven't been able to figure out where the ref count goes wrong on them yet (and likely won't have much time over the next few days to get further as I'm on tap to be the Chrome WebKit gardener for the next 4 working days).
Comment 8 Alexey Proskuryakov 2011-03-11 12:11:18 PST
I briefly looked at Identifier string handling, and I don't see how strings are removed from HashSet. If we can get dangling pointers there, that would be pretty bad.
Comment 9 Adam Roben (:aroben) 2011-03-14 13:18:17 PDT
Looks like the leaks don't happen in every build: http://build.webkit.org/builders/SnowLeopard%20Intel%20Leaks/builds/15500
Comment 10 Alexey Proskuryakov 2011-03-14 13:29:10 PDT
See also: bug 56304.
Comment 11 Alexey Proskuryakov 2011-03-14 14:08:41 PDT
> I don't see how strings are removed from HashSet

It's it StringImpl destructor: 

#if USE(JSC)
    if (isIdentifier()) {
        if (!wtfThreadData().currentIdentifierTable()->remove(this))
            CRASH();
    }
#endif
Comment 12 Mark Rowe (bdash) 2011-03-14 16:26:33 PDT
This also happens outside of the context of workers.  <http://build.webkit.org/results/SnowLeopard%20Intel%20Leaks/r81055%20(15563)/DumpRenderTree14-leaks.txt> shows a number of leaks originating from DRT’s JavaScriptCore thread.
Comment 13 Geoffrey Garen 2011-03-17 23:02:26 PDT

*** This bug has been marked as a duplicate of bug 56619 ***