[webkit-changes] [WebKit/WebKit] 41dc31: Add strong root logging and $vm helpers for memory...

Justin Michaud noreply at github.com
Mon Oct 7 15:38:07 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 41dc316f40f48a3a1394f1ef811839390d06e75c
      https://github.com/WebKit/WebKit/commit/41dc316f40f48a3a1394f1ef811839390d06e75c
  Author: Justin Michaud <jmichaud at igalia.com>
  Date:   2024-10-07 (Mon, 07 Oct 2024)

  Changed paths:
    M Source/JavaScriptCore/heap/Handle.h
    M Source/JavaScriptCore/heap/Heap.cpp
    M Source/JavaScriptCore/heap/MarkedSpace.h
    M Source/JavaScriptCore/heap/MarkedSpaceInlines.h
    M Source/JavaScriptCore/heap/Strong.h
    M Source/JavaScriptCore/heap/Weak.h
    M Source/JavaScriptCore/heap/WeakInlines.h
    M Source/JavaScriptCore/runtime/OptionsList.h
    M Source/JavaScriptCore/tools/JSDollarVM.cpp
    M Source/WTF/WTF.xcodeproj/project.pbxproj
    M Source/WTF/wtf/CMakeLists.txt
    M Source/WTF/wtf/MemoryPressureHandler.cpp
    M Source/WTF/wtf/PlatformEnable.h
    A Source/WTF/wtf/RefTrackerMixin.cpp
    A Source/WTF/wtf/RefTrackerMixin.h
    M Source/WebCore/bindings/js/GCController.h
    M Source/WebInspectorUI/UserInterface/Workers/HeapSnapshot/HeapSnapshot.js
    M Source/WebKit/WebProcess/WebProcess.cpp
    M Source/cmake/OptionsGTK.cmake
    M Source/cmake/OptionsWPE.cmake
    M Source/cmake/WebKitFeatures.cmake
    A Tools/Scripts/heap-snapshot-to-graphviz.js

  Log Message:
  -----------
  Add strong root logging and $vm helpers for memory leak debugging
https://bugs.webkit.org/show_bug.cgi?id=277835

Reviewed by David Degazio.

This patch adds some new options for debugging memory leaks. It also
allows $vm to be enabled again on GTK developer builds.

For example, we can debug a memory leak in the JSC heap by:

1) Run:
```
JSC_validateOptions=1 JSC_useDollarVM=1 JSC_enableStrongRefTracker=1 JSC_dumpHeapOnLowMemory=1 JSC_useSourceProviderCache=0 JSC_useCodeCache=0 WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1 Tools/Scripts/run-minibrowser --gtk --debug https://webkit.org
```

Alternatively, to track C allocations, disable system malloc in CMakeLists.txt (I recommend adding a #if !USE_SYSTEM_MALLOC #error #endif to confirmn), run:

```
JSC_useSourceProviderCache=0 JSC_useCodeCache=0 WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1 MALLOC=0 WEB_PROCESS_CMD_PREFIX="/usr/bin/valgrind --tool=massif " Tools/Scripts/run-minibrowser --gtk --debug https://webkit.org
```

Then, to release memory, dump the JSC heap, and log all remaining Strong<> references, run:

```
javascript:$vm.gc()
javascript:$vm.triggerMemoryPressure()
```

You should get a gc snapshot file. To graph it (or just do dump it to a human-readable format), run:
```
Tools/Scripts/heap-snapshot-to-graphviz.js /tmp/GCHeapM8FVBp  ~/
dot -Tsvg ~/GCDebugging.gv.txt -O
```

You can edit `heap-snapshot-to-graphviz.js` to print root paths, and there are many other graph-related things you can do in js.

You can also open this file in WebInspector by adding a JavaScript allocations track, and clicking the second import button (not the main import button).

If you see that your heap objects are kept alive by StrongReferences, then the strong logging may point to which C++ object is keeping them alive, and you can continue your investigation from there.

As a general tip, you should ensure instrumentingAgents.inspectorEnvironment().developerExtrasEnabled() is false on your platform when diagnosing these bugs, since WebInspector can keep things alive unnecesarily.

It may also be helpful to disable Process Swap on Naviagation.

* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::addCoreConstraints):
(JSC::StrongLoggingDisabledScope::StrongLoggingDisabledScope):
(JSC::StrongLoggingDisabledScope::~StrongLoggingDisabledScope):
(JSC::debugReportLiveStrong):
(JSC::debugReportDeadStrong):
(JSC::debugLogAllLiveStrongs):
* Source/JavaScriptCore/heap/Heap.h:
* Source/JavaScriptCore/heap/MarkedSpace.h:
* Source/JavaScriptCore/heap/MarkedSpaceInlines.h:
(JSC::MarkedSpace::forEachWeakInParallel):
* Source/JavaScriptCore/heap/Strong.h:
(JSC::Strong::Strong):
(JSC::Strong::~Strong):
* Source/JavaScriptCore/heap/StrongInlines.h:
(JSC::shouldStrongDestructorGrabLock>::Strong):
(JSC::shouldStrongDestructorGrabLock>::set):
* Source/JavaScriptCore/runtime/OptionsList.h:
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::VM::VM):
* Source/JavaScriptCore/tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSDollarVM::finishCreation):
* Source/WTF/wtf/MemoryPressureHandler.cpp:
(WTF::MemoryPressureHandler::setShouldUsePeriodicMemoryMonitor):
* Source/WebCore/bindings/js/GCController.h:
* Source/WebInspectorUI/UserInterface/Workers/HeapSnapshot/HeapSnapshot.js:
(HeapSnapshot):
(HeapSnapshot.prototype.shortestGCRootPath):
(HeapSnapshot.prototype.serializeEdge):
(HeapSnapshot.prototype._determineGCRootPaths):
* Source/WebKit/NetworkProcess/soup/NetworkProcessSoup.cpp:
(WebKit::NetworkProcess::platformInitializeNetworkProcess):
* Source/WebKit/WebProcess/WebProcess.cpp:
(WebKit::WebProcess::initializeWebProcess):
* Source/cmake/OptionsGTK.cmake:
* Tools/Scripts/heap-snapshot-to-graphviz.js: Added.
(true.console.log.string_appeared_here.escapeOutput):
(return.unsafe.replace):

Canonical link: https://commits.webkit.org/284791@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list