256822 - JS window objects leaked when opening / closing windows

Status: RESOLVED FIXED

(Toolkit :: Find Toolbar, defect, P1)

Description

[David Baron :dbaron: (⌚️UTC-5, no longer working on Mozilla)]

Jesse, who was apparently running a Firefox branch debug build, pointed out to
me that the DOMWINDOW numbers printed out in debug builds were increasing by two
when opening new windows (as normal) but only decreasing by one when closing
them.  This is a regression and indicates a leak of the sort that will slow down
the browser, since it's a leak that involves entraining lots more stuff in the
JS garbage collector and thus slowing down each GC cycle.

The fix is a trivial one liner.

Comment 1

[David Baron :dbaron: (⌚️UTC-5, no longer working on Mozilla)]

Attachment: patch

Comment 2

[David Baron :dbaron: (⌚️UTC-5, no longer working on Mozilla)]

For the record, I found this by defining GC_MARK_DEBUG in jsgc.h, setting
js_DumpGCHeap to stdout in jsgc.c, rebuilding in js/src/ and js/src/xpconnect/,
and then starting FF and opening and closing a large number of windows.  Then I
could look at the traces from the GCs before the last bunch of DOMWINDOW printfs
(and be able to distinguish the relevant leak trace by its repeated appearance
-- once per window).  The trace that showed up many times was:

0a0c7ed0 object 0x9efe980 ChromeWindow via
nsXPCWrappedJS::mJSObj[nsIObserver,0xa6a17a8,0xa0d3610](Object).__proto__(Object).__parent__(ChromeWindow).

Following the 0a0d3610 pointer (which comes from the special string passed to
JS_AddNamedRoot in nsXPCWrappedJS::AddRef) and finding the first occurrence in
the log yielded:

0a0d3610 object 0xa0e399c Object via
nsXPCWrappedJS::mJSObj[nsIDOMEventListener,0xa6ab478,0xa0e7690](Function).__parent__(ChromeWindow).gTypeAheadFind(Object).

which showed the name of the variable in which the object causing the
entrainment lived.  The entrainment was simply pref service -> observer
implemented in JS -> observer's JS global object.

Comment 3

[David Baron :dbaron: (⌚️UTC-5, no longer working on Mozilla)]

(In reply to comment #2)
> (and be able to distinguish the relevant leak trace by its repeated appearance
> -- once per window).  The trace that showed up many times was:

That should read:

(and was able to distinguish the relevant leak trace by its repeated appearance
-- once per window).  The trace that showed up many times (with different
addresses for each window) was:

Comment 4

[Brendan Eich [:brendan]]

Comment on attachment 156960 [details] [diff] [review]
patch

sr=brendan@mozilla.org, in advance of r=.

/be

Comment 5

[Brendan Eich [:brendan]]

Marking blocking-aviary1.0PR.

/be

Comment 6

[chris hofmann]

Comment on attachment 156960 [details] [diff] [review]
patch

a=chofmann for aviary branch

Comment 7

[Johnny Stenback (:jst)]

Comment on attachment 156960 [details] [diff] [review]
patch

r=jst

Comment 8

[David Baron :dbaron: (⌚️UTC-5, no longer working on Mozilla)]

Fix checked in to AVIARY_1_0_20040515_BRANCH, 2004-08-25 10:01 -0700.

Leaving open pending trunk checkin of find toolbar.

Comment 9

[David Baron :dbaron: (⌚️UTC-5, no longer working on Mozilla)]

And actually, before I did the stuff in comment 2, I set:
  XPCOM_MEM_BLOAT_LOG=bloat.log
  XPCOM_MEM_ALLOC_LOG=GlobalWindowImpl.alloc
  XPCOM_MEM_LOG_CLASSES=GlobalWindowImpl
and ran a similar window opening test to verify (in GlobalWindowImpl.alloc) that
the references held too long were actually coming from JS (which was my initial
expectation).

Comment 10

[Worcester12345]

Please change the Target Milestone from "Firefox1.0beta" to "Firefox1.1".

Comment 11

[David Baron :dbaron: (⌚️UTC-5, no longer working on Mozilla)]

Presumably fixed when aviary branch landed on trunk, although the code moved in:

----------------------------
revision 1.296.2.3.2.123
date: 2004/10/16 06:24:33;  author: blakeross%telocity.com;  state: Exp;  lines:
+4 -507
Fix find toolbar bugs 250414, 251891, 250279. r=bryner a=me