The bug here was subtle: 1. The `FreezableMapping::Freeze` method returned a tuple of a `MutableMapping` and a `ReadOnlyHandle`. 2. In `GlobalStyleSheetCache.cpp`, we were doing a destructured binding, binding only the `ReadOnlyHandle`. However, c++ bindings have different semantics than value assignment, and the returned tuple (including the `MutableMapping`) was only destructed at the end of the enclosing scope. 3. In the same scope, we tried to map the `ReadOnlyHandle` to the same fixed address to which the `MutableMapping` was mapped. Since the `MutableMapping` was not destructed yet, this mapping failed. This isn't an immediate error, but it prevents the mapping from being shared with child processes, so the child processes were all loading the stylesheets themselves rather than using the shared-memory mapping holding the loaded stylesheets from the parent process. The child processes loading the stylesheets is what caused the memory regression (and performance regressions of bug 1952917.
Bug 1951925 Comment 12 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
The bug here was subtle: 1. The `FreezableMapping::Freeze` method returned a tuple of a `MutableMapping` and a `ReadOnlyHandle`. 2. In `GlobalStyleSheetCache.cpp`, we were doing a destructured binding, binding only the `ReadOnlyHandle`. However, c++ bindings have different semantics than value assignment, and the returned tuple (including the `MutableMapping`) was only destructed at the end of the enclosing scope, even though the mapping wasn't bound to an identifier. 3. In the same scope, we tried to map the `ReadOnlyHandle` to the same fixed address to which the `MutableMapping` was mapped. Since the `MutableMapping` was not destructed yet, this mapping failed. This isn't an immediate error, but it prevents the mapping from being shared with child processes, so the child processes were all loading the stylesheets themselves rather than using the shared-memory mapping holding the loaded stylesheets from the parent process. The child processes loading the stylesheets is what caused the memory regression (and performance regressions of bug 1952917.