Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 256822 - JS window objects leaked when opening / closing windows
: JS window objects leaked when opening / closing windows
: fixed-aviary1.0, mlk, regression
Product: Toolkit
Classification: Components
Component: Find Toolbar (show other bugs)
: unspecified
: All All
: P1 critical (vote)
: mozilla1.7.4
Assigned To: David Baron :dbaron: ⌚️UTC-7
: Mike de Boer [:mikedeboer]
Depends on:
  Show dependency treegraph
Reported: 2004-08-25 01:34 PDT by David Baron :dbaron: ⌚️UTC-7
Modified: 2008-07-31 01:50 PDT (History)
9 users (show)
brendan: blocking‑aviary1.0PR+
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch (1.38 KB, patch)
2004-08-25 01:35 PDT, David Baron :dbaron: ⌚️UTC-7
jst: review+
brendan: superreview+
chofmann: approval‑aviary+
Details | Diff | Splinter Review

Description David Baron :dbaron: ⌚️UTC-7 2004-08-25 01:34:33 PDT
Jesse, who was apparently running a Firefox branch debug build, pointed out to
me that the DOMWINDOW numbers printed out in debug builds were increasing by two
when opening new windows (as normal) but only decreasing by one when closing
them.  This is a regression and indicates a leak of the sort that will slow down
the browser, since it's a leak that involves entraining lots more stuff in the
JS garbage collector and thus slowing down each GC cycle.

The fix is a trivial one liner.
Comment 1 David Baron :dbaron: ⌚️UTC-7 2004-08-25 01:35:26 PDT
Created attachment 156960 [details] [diff] [review]
Comment 2 David Baron :dbaron: ⌚️UTC-7 2004-08-25 01:46:00 PDT
For the record, I found this by defining GC_MARK_DEBUG in jsgc.h, setting
js_DumpGCHeap to stdout in jsgc.c, rebuilding in js/src/ and js/src/xpconnect/,
and then starting FF and opening and closing a large number of windows.  Then I
could look at the traces from the GCs before the last bunch of DOMWINDOW printfs
(and be able to distinguish the relevant leak trace by its repeated appearance
-- once per window).  The trace that showed up many times was:

0a0c7ed0 object 0x9efe980 ChromeWindow via

Following the 0a0d3610 pointer (which comes from the special string passed to
JS_AddNamedRoot in nsXPCWrappedJS::AddRef) and finding the first occurrence in
the log yielded:

0a0d3610 object 0xa0e399c Object via

which showed the name of the variable in which the object causing the
entrainment lived.  The entrainment was simply pref service -> observer
implemented in JS -> observer's JS global object.
Comment 3 David Baron :dbaron: ⌚️UTC-7 2004-08-25 01:47:51 PDT
(In reply to comment #2)
> (and be able to distinguish the relevant leak trace by its repeated appearance
> -- once per window).  The trace that showed up many times was:

That should read:

(and was able to distinguish the relevant leak trace by its repeated appearance
-- once per window).  The trace that showed up many times (with different
addresses for each window) was:

Comment 4 Brendan Eich [:brendan] 2004-08-25 07:04:28 PDT
Comment on attachment 156960 [details] [diff] [review]
patch, in advance of r=.

Comment 5 Brendan Eich [:brendan] 2004-08-25 07:07:51 PDT
Marking blocking-aviary1.0PR.

Comment 6 chris hofmann 2004-08-25 07:30:52 PDT
Comment on attachment 156960 [details] [diff] [review]

a=chofmann for aviary branch
Comment 7 Johnny Stenback (:jst, 2004-08-25 08:16:43 PDT
Comment on attachment 156960 [details] [diff] [review]

Comment 8 David Baron :dbaron: ⌚️UTC-7 2004-08-25 10:03:06 PDT
Fix checked in to AVIARY_1_0_20040515_BRANCH, 2004-08-25 10:01 -0700.

Leaving open pending trunk checkin of find toolbar.
Comment 9 David Baron :dbaron: ⌚️UTC-7 2004-08-25 10:07:18 PDT
And actually, before I did the stuff in comment 2, I set:
and ran a similar window opening test to verify (in GlobalWindowImpl.alloc) that
the references held too long were actually coming from JS (which was my initial
Comment 10 Worcester12345 2004-11-12 07:03:17 PST
Please change the Target Milestone from "Firefox1.0beta" to "Firefox1.1".
Comment 11 David Baron :dbaron: ⌚️UTC-7 2004-12-17 13:27:59 PST
Presumably fixed when aviary branch landed on trunk, although the code moved in:

date: 2004/10/16 06:24:33;  author:;  state: Exp;  lines:
+4 -507
Fix find toolbar bugs 250414, 251891, 250279. r=bryner a=me

Note You need to log in before you can comment on or make changes to this bug.