mattfischer84 at gmail.com
Thu Dec 4 17:58:33 PST 2008
On Thu, Dec 4, 2008 at 3:06 PM, Maciej Stachowiak <mjs at apple.com> wrote:
> On Dec 4, 2008, at 12:55 PM, Matt Fischer wrote:
> I'm working on an embedded product which uses a WebKit-based browser, and
> I've been tracking down some memory leaks we're seeing. After a long while
> of digging through the codebase, I've been able to determine that we're
> occasionally leaking the WebCore::Document object when leaving certain
> websites. A bit more tracing reveals that the Document object is being
> retained because an HTMLImageElement holds a DocPtr reference on it, and the
> element isn't going away when the normal refcount on the Document drops to
> 0. This pins the Document object in memory.
> The specific site I've been testing with is www.yahoo.com. Examining the
> source code to that page reveals the following in the page's beforeUnload
> var img=new Image;
> now=new Date;
> It appears that this Image object is never being removed--I can repeatedly
> navigate to and from this site and watch HTMLImageElements (and their
> associated Document objects) pile up.
> I'm still not convinced this is a WebKit problem specifically (there's a
> fair amount of code surrounding it in our product that could potentially
> have bugs in it), but to continue tracing the problem, I need to know what
> the mechanism is that *ought* to be freeing this object. I presume this is
> occasionally after this object is created, and it never goes away. Is there
> some immediately apparent reason why this wouldn't be happening? I.e., is
> there something else that would be holding a reference to an object created
> by this type of script code, or is something other than the GC responsible
> for freeing it, etc?
> My apologies if this turns out to be a stupid question--I'm just trying to
> get some context for where I ought to focus next.
> Have you tried it on WebKit trunk? I think this this is fixed by r37922.
> - Maciej
Sadly, I'm stuck on a rather ancient version of WebKit (circa October 2007),
with little hope of pulling up substantially, due to all the API breaks
combined with our project's timeframe. :(
Is there, by chance, any simple change I could make which would emulate this
fix on a snapshot that old? It's from before the days of
WebCore::ScriptController and WebCore::JSDOMWindowShell, which appear to be
the pertinent classes to this patch.
I tried a couple naive attempts to backport it, such as calling clear() on
the Window object that was getting its disconnectFrame() called in the
Frame::pageDestroyed() function. This didn't seem to have any effect, but I
admittedly had close to zero understanding of what I was doing there.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-dev