Created attachment 542444 [details] [diff] [review]
This is wrong. Mapped attributes are shared across elements, so adding them to the size of mAttrsAndChildren is wrong. You want to add them to the size of the document itself, by going through the HTML stylesheet.
Created attachment 542636 [details] [diff] [review]
This patch tries to take into account Boris comment.
Comment on attachment 542636 [details] [diff] [review]
So this sets the size to:
sizeof(nsMappedAttributes) + mAttrCount * (sizeof(void*) + sizeof(InternalAttr))
This looks wrong. The correct size of an nsMappedAttributes, from |nsMappedAttributes::operator new| is:
sizeof(nsMappedAttributes) - sizeof(void*) + mBufferSize*sizeof(InternalAttr)
In particular, nsMappedAttributes allocates all its storage for InternalAttr structs inline. Now your first problem is that mBufferSize is debug-only....
I wonder whether using mAttrCount in practice is ok because we never have long-lived nsMappedAttributes for mAttrCount != mBufferSize.
Created attachment 543969 [details] [diff] [review]
Comment on attachment 543969 [details] [diff] [review]
Can you add an assert that mAttrCount == mBufferSize in SizeOf? If that ever fails to be true, we want to know.
r=me with that.
this has been backed out by ehsan due to bustage with all the other changesets in the same push