Closed
Bug 1002527
Opened 11 years ago
Closed 11 years ago
Unbalanced refcount of remote browser's ContentParent
Categories
(Core :: IPC, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| b2g-v1.3T | --- | fixed |
People
(Reporter: ting, Assigned: ting)
References
Details
Attachments
(2 files, 1 obsolete file)
|
4.37 KB,
text/plain
|
Details | |
|
1.26 KB,
patch
|
Details | Diff | Splinter Review |
ContentParent::GetNewOrUsed() calls Init() always, even when PreallocatedProcessManager::Take() returns a non-null instance which has been initialized. This creates problems:
- The ContentParent instance is registered for the same event twice from Init(),
which will handle the same event twice.
- Even after ContentParent::ActoryDestroy() is called, there still remain one
observer registration for each event.
* The ContentParent will still receive the events in future.
* The ContentParent will always be referenced by observer list.
- The observer list will keep growing.
I have tried to enlarge /sys/module/lowmemorykiller/parameters/notify_trigger to monitor memory-pressure event on ContentParent, and confirmed the symptoms above.
|
Assignee | |
Comment 1•11 years ago
|
||
The ContentParent instance PreallocatedProcessManager::Take() returns could be from:
- ContentParent::PreallocateAppProcess()
- ContentParent::RunNuwaProcess()
- ContentParent::RecvAddNewProcess()
which all have been initialized already.
|
|
Assignee | |
Comment 2•11 years ago
|
||
|
|
Assignee | |
Comment 3•11 years ago
|
||
(In reply to Ting-Yu Chou [:ting] from comment #2)
> Created attachment 8414285 [details] [diff] [review]
> WIP - Fix not to initialize ContentParent twice
Browser shows "Server not found" page when this patch is included, am checking now.
|
|
Assignee | |
Comment 4•11 years ago
|
||
(In reply to Ting-Yu Chou [:ting] from comment #3)
> Browser shows "Server not found" page when this patch is included, am
> checking now.
Never mind, false alarm.
|
|
Assignee | |
Updated•11 years ago
|
Component: General → IPC
Product: Firefox OS → Core
|
|
Assignee | |
Updated•11 years ago
|
status-b2g-v1.3T:
--- → affected
|
|
Assignee | |
Updated•11 years ago
|
Attachment #8414285 -
Flags: review?(bent.mozilla)
|
|
Assignee | |
Comment 5•11 years ago
|
||
Discussed this with Cervantes, it'd be better to make sure there's no other unbalanced reference count for the remote browser's ContentParent. I will check it.
Summary: ContentParent::GetNewOrUsed() initializes ContentParent twice → Unbalanced refcount of remote browser's ContentParent
Considering that LMK happens often, I think we should consider this for 1.3t
Fabrice, what do you think? Would it be too risky now?
blocking-b2g: --- → 1.3T?
Flags: needinfo?(fabrice)
Comment on attachment 8414285 [details] [diff] [review]
WIP - Fix not to initialize ContentParent twice
Review of attachment 8414285 [details] [diff] [review]:
-----------------------------------------------------------------
Thanks!
Attachment #8414285 -
Flags: review?(bent.mozilla) → review+
|
|
Assignee | |
Comment 9•11 years ago
|
||
With the patch, ContentParent will be destroyed minutes after DelayedDeleteContentParentTask::Run(), note the reference count is bigger than 1 in the function.
Tried to capture a backtrace of ~ContentParent(), it is destroyed by cycle collector.
|
|
Assignee | |
Comment 10•11 years ago
|
||
(In reply to Ting-Yu Chou [:ting] from comment #9)
> DelayedDeleteContentParentTask::Run(), note the reference count is bigger
> than 1 in the function.
Most of time it is 2, should be the mContentParent from nsFrameLoader. Sometimes it is 3, not sure yet where's the extra reference. But in both cases, CC will destroy it.
|
|
Assignee | |
Comment 11•11 years ago
|
||
(In reply to Ting-Yu Chou [:ting] from comment #9)
> With the patch, ContentParent will be destroyed minutes after DelayedDeleteContentParentTask::Run()
From what I experienced, it can be 1min ~ 10mins after DelayedDeleteContentParentTask::Run().
|
|
Assignee | |
Comment 12•11 years ago
|
||
Commit message updated.
Attachment #8414285 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•11 years ago
|
Attachment #8415092 -
Attachment description: Fix not to initialize remote browser's ContentParent twice → Fix not to initialize remote browser's ContentParent twice. r=bent
|
|
Assignee | |
Comment 13•11 years ago
|
||
Try results: https://tbpl.mozilla.org/?tree=Try&rev=afa7ce3c5469
|
|
Assignee | |
Updated•11 years ago
|
Keywords: checkin-needed
|
||
Comment 16•11 years ago
|
||
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
|
||
Comment 18•11 years ago
|
||
You need to log in
before you can comment on or make changes to this bug.
Description
•