Closed Bug 23905 Opened 25 years ago Closed 25 years ago

[MLK] leaking nsXULElement objects

Categories

(Core :: XUL, defect, P1)

Product:
Core
Component:
XUL
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: waterson, Assigned: waterson)

References

Details

(Keywords: memory-leak)

Attachments

(4 files)

test case
970 bytes, text/xul
Details
proposed fix
25.24 KB, patch
Details | Diff | Splinter Review
better diffs. cut from win32, may need to dos2unix before applying
32.03 KB, patch
Details | Diff | Splinter Review
fixes to generic and HTML DOM
2.56 KB, patch
Details | Diff | Splinter Review 
I'll attach a test case...
Attached file test case 

    
  
Blocks: 18127
Status: NEW → ASSIGNED
Priority: P3 → P2
Target Milestone: M13

    
    

    
  
Attached the test case for bug 18127. To reproduce:

1. Turn on bloat logging (e.g., set XPCOM_MEM_BLOAT_LOG=/tmp/bloat.log on Unix)
2. Run "viewer http://bugzilla.mozilla.org/showattachment.cgi?attach_id=4235"
to load test case.
3. Close viewer.
4. Note "4 nsXULElement objects leaked" in the bloat log.

Expected 0 nsXULElement objects leaked.

    
  
Depends on: 20677

    
    

    
  
need to apply patches for 20677 to fix this leak

    
    

    
  

      
      
      
      

        Attached patch
          
          
        proposed fixSplinter Review
      

    


  

    
    

    
  
brendan, shaver: please review above patch.

1. Changed |nsIScriptEventOwner|, removed the |SetCompiledEventHandler|, and
replaced it with |CompileEventHandler|. The idea here is that the script event
owner gets "first crack" at compiling the event handler; e.g., in case it wants
to compile the event handler using its own sekr3t context and scope object. The
semantics of this method are such that the event handler must be *bound* to the
specified context/target after the method returns.

2. Change |nsXULPrototypeDocument| so that it has its own secret script context
object that can be used to compile scripts and event handlers. This is necessary
to avoid compile-time linkage to the "first compiled context", which is what was
happening before.

3. Change nsXULDocument and nsXULElement to make use of these new fancy features
(and eliminate the leak).

4. Change nsEventListenerManager and nsXULKeyBindings to use the new APIs.

brendan: One thing I'm a bit unsure of is in
nsXULElement::CompileEventHandler(). In the case that it is compiling a shared
event handler, it will return the shared object out to the caller. Is that
correct?

    
  
Priority: P2 → P1
Target Milestone: M13 → M14

    
    

    
  
Moving the Gordian Knot of 18127, 23905, and 20677 to M14. Fixing this has just
introduced way too many instabilities in my tree that it'll take a couple of
days to sort out. I'll shoot to get these in when M14 opens.

    
    

    
  
Ok, I've got some better diffs that actually seem to work pretty well.

1. I've added the nsIScriptGlobalObjectData interface to
nsXULPrototypeDocument. This allows event handlers that are compiled vs. the
prototype document to be assigned the proper principal.

2. I've enabled SetDocument(nsnull) in nsXULElement::RemoveChildAt(), but left
the initial SetDocument() in nsXULElement::Create(PRInt32 aNameSpaceID,
nsIAtom* aTag, nsIContent** aResult), because there seem to be some
initialization issues over in the frame code that I haven't quite been able to
work out yet. This unroots the script object when a XUL element is removed from
the document, breaking the cycle.

3. Also, incorporated comments from brendan, most importantly, adding a
refcount from the sekr3t script scope object to the nsXULPrototypeDocument,
which gets released in the script object's (new-in-this-patch) finalizer.

I think these are ready to go in (I'll wait until M14 opens to land). Somebody
wanna review?

    
    

    
  


  

    
    

    
  
vidur: I believe that the above fixes are required to the generic and HTML
contetainer elements. Specifically, AppendChildTo, InsertChildAt, and
ReplaceChildAt were doing "shallow" SetDocument() calls, while RemoveChildAt was
doing a "deep" SetDocument(nsnull) call. This'd leave dangling or null document
pointers in DOM elements that had been moved around the tree (or created "by
hand" via document.createElement).

Does this make sense?

    
    

    
  
Documenting for posterity's sake. nsXULElement does not correctly do this, nor
does most of the code I've written. I'll be respinning diffs.

Vidur Apparao wrote:
>
>
> The decision to do a shallow set was made by Kipp when he first wrote
> some of the content code. The thought was that content tree buildup in
> the sink happens from the bottom up (subtrees are built before being
> added to their parents). To prevent O(n^2) invocation of SetDocument
> (where n is the depth of the tree) he decided that any deep calls to
> SetDocument should be done outside the nsIContent content modification
> routines - this should be documented in the header file, but probably
> isn't. You'll notice that the DOM calls do their own deep calls to
> SetDocument before (or after as the case may be) invoking the
> nsIContent equivalents.
>
> --Vidur

    
    

    
  
This seems wrong to me.  You have an API called "AppendChildTo", and yet it only
does a shallow SetDocument?  That seems really confusing.

Why not just make sure that SetDocument does a check for mDocument == aDocument
and allow it to be invoked n^2 times?  The alternative is that you have methods
that don't behave like their DOM counterparts when (intuitively, given the names
of the methods) they should.

    
    

    
  
<gripe>
Strictly speaking, I agree with Hyatt. This is poor API design. But, it's
entrenched. Oh well.

If I were designing the API, I would've made them do a recursive SetDocument(),
and then added a special sekr3t API that'd be only called to append content
from the sink. Especially since the other methods (content replaced, content
inserted) are -never- called from the sink. And RemoveElementAt() has
completely contradictory semantics (it -does- do a recursive clear doc).
</gripe>

/me goes back to fixing xul now.

    
    

    
  
Wait, are you making XUL behave this way?  We don't have to, do we?

    
    

    
  
BTW, if you make this change to XUL, I guarantee you that you will totally bust
anonymous content.  I think we should consider fixing what (IMHO) is a broken
API.

    
    

    
  
Never mind.  You won't.  I make sure to call SetDocument explicitly.

    
    

    
  
Oh yeah, I'll break shit galore. Trust me, I've tried it.

    
    

    
  
BULK MOVE: Changing component from XUL to XP Toolkit/Widgets: XUL.  XUL 
component will be deleted.
Component: XUL → XP Toolkit/Widgets: XUL

    
    

    
  
Checked in necessary (but not sufficient) changes to use the XUL prototype 
document's JSContext for compiling scripts. Now on to untangling the 
SetDocument() mess.

    
  
Keywords: mlk

    
    

    
  
Bah. I'm throwing in the towel on this one and letting kipp & entropy win. I've 
been running with changes in my tree to make XUL elements work like HTML and 
XML elements for the last two weeks with no problems.

    
    

    
  
Fix checked in. Ended up making XUL elements work like HTML elements. I suck.

    
    

    
  
fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED

    
    

    
  
marking verified
Status: RESOLVED → VERIFIED

    
  
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: paulmac → xptoolkit.widgets

    
    

    
      
  

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: