Closed Bug 718375 Opened 13 years ago Closed 13 years ago

Ghostery 2.6.2 and 2.7beta2 cause zombie compartments

Categories

(Firefox :: Extension Compatibility, defect)

11 Branch
All
macOS
defect
Not set
normal

Tracking

()

VERIFIED FIXED

People

(Reporter: whimboo, Unassigned)

References

()

Details

(Whiteboard: [MemShrink:P2])

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0a2) Gecko/20120113 Firefox/11.0a2 ID:20120113042010

With Ghostery 2.6.2 you will see a zombie compartment after closing mediamarkt.de:

1. Install Ghostery: https://addons.mozilla.org/firefox/addon/ghostery/
2. Click through the wizard by using default options, but select the last to checkboxes to always block content and cookies
3. Open about:memory
4. Open http://www.mediamarkt.de in a new tab
5. Close that tab
6. Click several times on minimize memory usage

After step 6 the mediamarkt compartment never gets removed.

│  ├───3,638,160 B (03.94%) -- compartment(http://www.mediamarkt.de/)
│  │   ├──2,433,024 B (02.64%) -- gc-heap
│  │   │  ├──1,278,120 B (01.38%) -- arena
│  │   │  │  ├──1,241,336 B (01.34%) -- unused
│  │   │  │  ├─────19,008 B (00.02%) -- headers
│  │   │  │  └─────17,776 B (00.02%) -- padding
│  │   │  ├────437,664 B (00.47%) -- objects
│  │   │  │    ├──291,392 B (00.32%) -- function
│  │   │  │    └──146,272 B (00.16%) -- non-function
│  │   │  ├────331,848 B (00.36%) -- shapes
│  │   │  │    ├──163,000 B (00.18%) -- tree
│  │   │  │    ├──132,000 B (00.14%) -- dict
│  │   │  │    └───36,848 B (00.04%) -- base
│  │   │  ├────299,488 B (00.32%) -- scripts
│  │   │  ├─────81,072 B (00.09%) -- type-objects
│  │   │  └──────4,832 B (00.01%) -- strings
│  │   ├────347,136 B (00.38%) -- script-data
│  │   ├────327,680 B (00.35%) -- mjit-code
│  │   ├────293,216 B (00.32%) -- shapes-extra
│  │   │    ├──150,720 B (00.16%) -- tree-tables
│  │   │    ├───69,568 B (00.08%) -- dict-tables
│  │   │    ├───40,096 B (00.04%) -- tree-shape-kids
│  │   │    └───32,832 B (00.04%) -- compartment-tables
│  │   ├─────96,944 B (00.10%) -- type-inference
│  │   │     ├──73,568 B (00.08%) -- object-main
│  │   │     └──23,376 B (00.03%) -- tables
│  │   ├─────76,912 B (00.08%) -- object-slots
│  │   ├─────57,504 B (00.06%) -- analysis-temporary
│  │   └──────5,744 B (00.01%) -- string-chars


Also there is another entry under window objects:

│        └────1,392 B (00.00%) -- other
│             ├────696 B (00.00%) -- outer-windows
│             └────696 B (00.00%) -- top=none
│                  └──696 B (00.00%) -- inner-window(id=24, uri=http://www.mediamarkt.de/)
Whiteboard: [MemShrink]
Hm, as given by the following URL they are doing that by purpose:

http://getsatisfaction.com/ghostery/topics/is_ghostery_creating_a_zombie_compartment
(In reply to Henrik Skupin (:whimboo) from comment #2)
> Hm, as given by the following URL they are doing that by purpose:
> 
> http://getsatisfaction.com/ghostery/topics/
> is_ghostery_creating_a_zombie_compartment

In that post I was asking about permanent workers() under dom instead of the usual zombie compartments that appear under js. That may be a different issue.
However I cannot reproduce a zombie compartment in Nightly with Ghostery 2.7beta2.
I can reproduce easily with Ghostery 2.6.2 and 2.7beta2.

I got zombie compartments for the following sites:

Site                       compartment(s)
----                       --------------
http://www.mediamarkt.de   http://www.mediamarkt.de
http://www.bbc.co.uk/      http://www.bbc.co.uk/
http://www.nytimes.com/    http://www.nytimes.com/
http://techcrunch.com/     http://techcrunch.com/ and 
                           http://platform.twitter.com/widgets/hub.1326407570.html.

Sometimes one site's zombie(s) was replaced by a subsequent site's zombie(s), but sometimes I'd have zombies from two sites concurrently.  I couldn't determine a pattern underlying this.  I bet a window object or DOM node is being held onto after the page has closed.

Ghostery is the #46 most popular add-on on AMO, with 440,000 users, many of whom I'd expect to be security-conscious, technically-capable and thus more influential than average.
Summary: Zombie compartment on mediamarkt.de with Ghostery 2.6.2 installed → Zombie compartments for websites with Ghostery 2.6.2 installed
Summary: Zombie compartments for websites with Ghostery 2.6.2 installed → Ghostery 2.6.2 and 2.7beta2 cause zombie compartments
I can now reproduce it by enabling "Show Alert Bubble" in the advanced option.
There is another website for testing: http://www.rdio.com/devices/sonos/
Whiteboard: [MemShrink] → [MemShrink:P2]
I just emailed the authors (listed on the AMO page) and pointed them at this bug.
Good news!  Adam DeMartino just responded to my email:

"Thanks for alerting us and for linking back the the thread. I've let our engineers know and it's a priority for us. Please let me know if you all make any more progress or notice something else!"
Hi gents, I am the dev for Ghostery.

Is there a way to actually trace what the about:memory is bound to in terms of actual code?  The testing steps are useful to reproduce the effect, but it gives me no clues as to where in the code this is occurring or which resource is not being released...
> Is there a way to actually trace what the about:memory is bound to in terms
> of actual code?  The testing steps are useful to reproduce the effect, but
> it gives me no clues as to where in the code this is occurring or which
> resource is not being released...

https://bugzilla.mozilla.org/show_bug.cgi?id=zombiehunter is a start on such a tool, but it's not very far advanced.

Other than that, the advice in https://developer.mozilla.org/en/Zombie_Compartments#Avoiding_zombie_compartments_in_add-ons is the best we can give you... sorry :/
Hi all, there is a fix in the next release of Ghostery for this issue. Its scheduled for this or next week.  Thanks!
Great!  Is that new version available for testing?  Are you able to explain what was the cause of the leak and how you fixed it?  I've been working on https://developer.mozilla.org/en/Extensions/Common_causes_of_memory_leaks_in_extensions so it'd be nice to know if it covers your case.  Thanks.
Hi Nicholas, I haven't released the new version yet, its going to be out for testing in a few days.  The issue here was that I assigned a function that lived in chrome to an element id that would get injected into DOM. Heres a sample of what happened:

chrome:
ghostery.bubble.id = function() {return "ghostery-bubble-" + Math.random(); }

then an injection into dom:
				anchor  = doc.createElement('div');

				// Style Definition of message bubble
				anchor.id = ghostery.bubble.id;
				anchor.style.display = "block";
				anchor.style.opacity = "0.9";
				anchor.style.filter = "alpha(opacity=90)";
				anchor.style.position = "fixed";
				anchor.style.zIndex = "2147483647";

Once I replaced the id with a regular string, everything was working correctly, and the zombie went away...
Felix, thanks for the info.  I'm still getting my head around add-on leaks, but that example surprises me, because you added a reference from content to chrome, and I don't understand how that would cause a content compartment to leak.  Normally it is references from chrome to content that cause problems.  I'll ask some more knowledgeable people about this.
Nicholas, we believe that bug 727413 had a similar problem (references from content to chrome).
Anything left to do here or can we close the bug given that the leak has been fixed in Ghostery?
(In reply to Henrik Skupin (:whimboo) from comment #16)
> Anything left to do here or can we close the bug given that the leak has
> been fixed in Ghostery?

It'd be good to confirm the fix.
Well, I can't reproduce it anymore. So let it called fixed.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
What version of Ghostery is this fixed in?
According to our latest code review, version 2.7.1 still leaks, which is the latest public version available on AMO.

STR:
- Open, wait for load and close test.de
- about:memory shows leaked compartment and window
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
This issue is addressed in Ghostery 2.7.2 which is currently being tested and will be submitted to AMO once internal QA releases it. Ghostery dev channel has the beta uploaded, please use that for verification.
2.7.2 has been approved on AMO; the zombie compartments are fixed.
Status: REOPENED → RESOLVED
Closed: 13 years ago13 years ago
Resolution: --- → FIXED
Thanks Andrew. I have updated Ghostery to 2.7.2 now and went through all the sites mentioned in this bug report. None of those leave zombie compartments behind anymore. Thanks for fixing it! Marking as verified fixed.
Status: RESOLVED → VERIFIED
(In reply to Henrik Skupin (:whimboo) from comment #24)
> Thanks Andrew. I have updated Ghostery to 2.7.2 now and went through all the
> sites mentioned in this bug report. None of those leave zombie compartments
> behind anymore. Thanks for fixing it! Marking as verified fixed.

BTW, I didn't fix it - I just reviewed in on AMO :)  The credit would be to the Ghostery devs really.
You need to log in before you can comment on or make changes to this bug.