Closed
Bug 837033
Opened 11 years ago
Closed 11 years ago
Leak with expando on ValidityState
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla21
People
(Reporter: jruderman, Assigned: mccr8)
References
Details
(Keywords: memory-leak, testcase, Whiteboard: [MemShrink])
Attachments
(2 files)
91 bytes,
text/html
|
Details | |
2.04 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
trace-refcnt reports a large leak, including nsGlobalWindow and nsDocument.
Comment 1•11 years ago
|
||
Is this a regression? And if so, from Bug 827158?
Assignee | ||
Updated•11 years ago
|
Whiteboard: [MemShrink]
Assignee | ||
Comment 2•11 years ago
|
||
I don't know how this could be related, but HTMLObjectElement inherits from nsIConstraintValidation without traversing/unlinking mValidity. Button element itself looks okay.
Comment 3•11 years ago
|
||
> Is this a regression? And if so, from Bug 827158?
Quite likely, since we didn't use to do wrapper preservation for ValidityState before that.
So the likely cycle here is preserved wrapper for validity state to JS object's parent (which is the JS object for the mConstraintValidation) to C++ HTMLButtonElement object to mValidity.
But it looks to me like we should traverse that cycle, and unlink it both by unpreserving the wrapper and by dropping mValidity.
So what gives?
This is eerily similar to the issue Ms2ger was running into with StyleSheetList...
Blocks: 827158
tracking-firefox21:
--- → ?
Comment 4•11 years ago
|
||
(In reply to Andrew McCreight [:mccr8] from comment #2) > I don't know how this could be related, but HTMLObjectElement inherits from > nsIConstraintValidation without traversing/unlinking mValidity. Button > element itself looks okay. You're right, I actually handled that in my patches there, but then left those hunks in the unlanded WIP patch over in that bug... But that is not related to this bug.
Assignee | ||
Comment 5•11 years ago
|
||
> So what gives?
I can look at the CC graph to see what is missing later today.
Assignee | ||
Comment 6•11 years ago
|
||
> This is eerily similar to the issue Ms2ger was running into with StyleSheetList
What's the bug number for that?
Assignee: nobody → continuation
Comment 7•11 years ago
|
||
It was just an IRC discussion.
Assignee | ||
Comment 8•11 years ago
|
||
As expected, the leak is rooted on a ValidityState object with two references, one unknown. The known reference is from the Validity state's reflector. 0x123b064c0 [ValidityState] --[Preserved wrapper]-> 0x1199cc1c0 [JS Object (ValidityState)] --[parent]-> 0x1199c83d0 [JS Object (HTMLButtonElement)] --[parent]-> 0x1199c81f0 [JS Object (HTMLDocument)] ... Root 0x123b064c0 is a ref counted object with 1 unknown edge(s). known edges: 0x1199cc1c0 [JS Object (ValidityState)] --[UnwrapDOMObject(obj)]-> 0x123b064c0
Comment 9•11 years ago
|
||
Per irc debugging just now, definitely fallout from the ValidityState change in bug 827158. We're not actually traversing/unlinking anything in button because its QI impl doesn't mention CC stuff.
Assignee | ||
Comment 10•11 years ago
|
||
https://tbpl.mozilla.org/?tree=Try&rev=9f20b5e6446b
Attachment #709126 -
Flags: review?(bzbarsky)
Comment 11•11 years ago
|
||
Comment on attachment 709126 [details] [diff] [review] QI to participant r=me
Attachment #709126 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 12•11 years ago
|
||
I looked at all of the other classes modified in that patch, and they all look like they QI to ValidityState (they were CCed beforehand). It would be nice if we could dynamically check that classes with participants QI to their participant, but I'm not sure how to do that. Filed bug 837182 for that.
Assignee | ||
Comment 13•11 years ago
|
||
Rather, "they all look like they QI to their participant".
Too bad jst never reviewed bug 614238!
Assignee | ||
Comment 15•11 years ago
|
||
Ah right, that. Want me to review that patch or unbitrot it, Kyle? Just assign/flag me as appropriate and I'll deal with it eventually.
Assignee | ||
Comment 16•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/3b52eded5b89
Updated•11 years ago
|
status-firefox21:
--- → affected
Comment 17•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/3b52eded5b89
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla21
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•