Closed
Bug 419655
Opened 17 years ago
Closed 17 years ago
Refreshing a page leaks an nsGlobalWindow until shutdown
Categories
(Core :: DOM: Core & HTML, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla1.9beta4
People
(Reporter: bent.mozilla, Assigned: bent.mozilla)
Details
(Keywords: memory-leak)
Attachments
(2 files)
|
14.84 KB,
patch
|
peterv
:
review+
|
Details | Diff | Splinter Review |
|
13.99 KB,
patch
|
bent.mozilla
:
review+
jst
:
superreview+
mtschrep
:
approval1.9b4+
|
Details | Diff | Splinter Review |
There are at least 3 different causes:
1) nsSecureBrowserUIImpl is involved in an ownership cycle but is not cycle collected.
2) nsFocusController is improperly traversed.
3) There's something else that I haven't found yet...
|
Assignee | |
Updated•17 years ago
|
Flags: blocking1.9?
Target Milestone: --- → mozilla1.9beta4
|
|
Assignee | |
Updated•17 years ago
|
Assignee: nobody → bent.mozilla
|
||
Comment 1•17 years ago
|
||
Moving bugs that aren't beta 4 blockers to target final release.
Target Milestone: mozilla1.9beta4 → mozilla1.9
|
|
Assignee | |
Comment 2•17 years ago
|
||
So #3 was the navigator object's prototype keeping a reference to the window in which it was created.
This patch fixes issues 1-3 and allows us to reclaim the windows destroyed during a refresh.
Attachment #306147 -
Flags: review?(peterv)
|
||
Updated•17 years ago
|
Flags: tracking1.9? → blocking1.9?
Comment on attachment 306147 [details] [diff] [review]
Patch, v1
>+ cb.NoteXPCOMChild(tmp->mOwnerContent->GetOwnerDoc()->GetWindow());
This seems rather unusual. Does it really hold a reference directly to that window rather than to one of the intermediate objects? If so, you should probably have a comment explaining how.
|
|
Assignee | |
Comment 4•17 years ago
|
||
(In reply to comment #3)
> Does it really hold a reference
Yeah, mDocShell holds an nsIScriptGlobalObject which is an nsGlobalWindow... Sadly nsDocShell is not cycle-collected so the previous Traverse code was basically a no-op, even though the docshell directly owns the window. This way we at least get the cycle collector happy by accounting for its last remaining unknown reference.
|
||
Comment 5•17 years ago
|
||
Comment on attachment 306147 [details] [diff] [review]
Patch, v1
>+NS_IMPL_CYCLE_COLLECTION_TRAVERSE_BEGIN(nsFrameLoader)
>+ cb.NoteXPCOMChild(tmp->mOwnerContent->GetOwnerDoc()->GetWindow());
This won't work. You're recording one edge from nsFrameLoader to mOwnerContent->GetOwnerDoc()->GetWindow(), but you're ignoring other edges to mDocShell. Imagine that something else holds a strong reference to that docshell. So two objects hold the docshell and the docshell holds the window. The window has a reference count of 1 and you just recorded 1 edge to it here. So we'll unlink the window, even though the window might be held alive by something not in a cycle.
Attachment #306147 -
Flags: review?(peterv) → review-
|
|
||
Comment 6•17 years ago
|
||
Comment on attachment 306147 [details] [diff] [review]
Patch, v1
>diff -NprU8 mozilla.faca22b69aa0/security/manager/boot/src/nsSecureBrowserUIImpl.cpp mozilla/security/manager/boot/src/nsSecureBrowserUIImpl.cpp
> nsSecureBrowserUIImpl::Init(nsIDOMWindow *window)
> {
>+ nsCOMPtr<nsIDOMWindow> strongWindow = do_QueryReferent(mWindow);
ifdef PR_LOGGING.
>+ mWindow = do_GetWeakReference(window);
>+ NS_ENSURE_TRUE(mWindow, NS_ERROR_FAILURE);
Maybe do_GetWeakReference(window, &rv) and NS_ENSURE_SUCCESS.
>+ strongWindow = window;
No need for this, just use window instead below.
>@@ -611,17 +618,18 @@ nsSecureBrowserUIImpl::OnStateChange(nsI
>- const PRBool isToplevelProgress = (windowForProgress.get() == mWindow.get());
>+ nsCOMPtr<nsIDOMWindow> strongWindow = do_QueryReferent(mWindow);
>+ const PRBool isToplevelProgress = (windowForProgress == strongWindow);
Should this check for non-null strongWindow?
r=peterv, except on the nsFrameLoader changes.
Attachment #306147 -
Flags: review- → review+
|
|
Assignee | |
Comment 7•17 years ago
|
||
Fixed peterv's comments... Turns out that the window dies properly even without traversing the docshell held by the frame loader (although I don't really understand why) as long as these other two references get caught. I'm also ASSERTing that the window doesn't go away as I think it really should never happen as the window owns the secure impl.
Attachment #306375 -
Flags: superreview?(jst)
Attachment #306375 -
Flags: review+
|
||
Comment 8•17 years ago
|
||
Comment on attachment 306375 [details] [diff] [review]
Patch, v2
sr=jst
I'd do a s/strongWindow/window/g on the secure browser UI changes, but I can deal either way.
Attachment #306375 -
Flags: superreview?(jst) → superreview+
|
|
||
Comment 9•17 years ago
|
||
Plussing, we should get this in for beta4, even!
Flags: blocking1.9? → blocking1.9+
Priority: -- → P1
Target Milestone: mozilla1.9 → mozilla1.9beta4
|
|
||
Updated•17 years ago
|
Attachment #306375 -
Flags: approval1.9b4?
|
||
Comment 10•17 years ago
|
||
Comment on attachment 306375 [details] [diff] [review]
Patch, v2
Let's get this in tonight for nightly baking
Attachment #306375 -
Flags: approval1.9b4? → approval1.9b4+
|
|
Assignee | |
Comment 11•17 years ago
|
||
Fixed for beta 4.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
||
Updated•17 years ago
|
Flags: in-testsuite?
|
|
Assignee | |
Comment 12•17 years ago
|
||
Removing dependency on bug 372107 because the leak was fixed without it.
No longer depends on: 372107
|
||
Comment 13•17 years ago
|
||
verified fixed using Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9b5pre) Gecko/2008032615 Firefox/3.0b5pre ID:2008032615
Status: RESOLVED → VERIFIED
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•