Devtools heap traversals should treat top window as root, but not contained iframe windows




Developer Tools: Memory
2 years ago
2 years ago


(Reporter: jimb, Unassigned)


(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)




2 years ago
A DevTools heap traversal of a content page's memory should not treat every debuggee global as a root, but rather only treat the top window's global as a root. It should only use the debuggee globals to bound the traversal and identify incoming wrappers.

The Debugger API represents its debuggee as a weakly held set of JavaScript global objects. When we traverse the debuggee's memory, we limit the traversal to the debuggee globals' compartments, to avoid involving other pages and chrome in the traversal.

However, we also treat each debuggee global as a root in the traversal. This is not well-motivated: other than the top-level window, these globals are not necessarily rooted at all: Debugger itself holds them weakly, and if an iframe is removed from the DOM and all references to its global's compartment's objects are gone, the iframe's global will be GC'd like anything else.

This divergence between the devtools' traversal's sense of rooting and the browsers' is a problem, because often iframe globals are exactly what's being leaked; treating them as rooted in the analysis obscures their reason for being retained.
Blocks: 961331
Priority: -- → P2
You need to log in before you can comment on or make changes to this bug.