[webkit-dev] Stability problems involving Javascript GC

Chris Backas chb at infoplusonline.com
Mon Dec 6 10:59:03 PST 2010

Hello all,

I'm trying to write a Cocoa application with embedded WebViews that  
navigates through a web application, eventually arriving at a page  
with a Java applet. I query some values from the Java applet via  
Javascript, and then at some point I close up and free the WebView.

The problem is that my program is quite unstable, and crashes at  
random points during the navigation process anywhere from the 2nd to  
7th time I use it. I create an entirely new WebView for each attempt.   
I'll attach a typical backtrace below.

Anyway, using basic troubleshooting techniques I believe I've narrowed  
the instability down to querying the Java applet through LiveConnect -  
testing the process with 100 iterations up to but NOT including the  
page with the applet was perfectly stable. 50 tests going to the page  
WITH the applet, but NOT querying it was also perfectly stable. As  
soon as I make even a basic query through LiveConnect though, I  
introduce instability.

The crashes always seems to be cause in a Javascript Core Garbage  
Collection pass (see stack trace below), which leads me to thing that  
I'm doing something best avoided in my interactions - like, perhaps  
there's a dangling Javascript->Java proxy object where the Java peer  
was destroyed. But, basically, I'm looking for any insight anyone  
might have as to pitfalls that might not be obvious in this area.

Problem occurs on 10.5.8 + All latest updates, and 10.6.5 + All latest  
updates. Java 6 on both platforms (required by the Applet) - using the  
Out-of-Process plugin on 10.5 and the in-process 32bit Java 6 on 10.6

Here is an example of my JS code, executed by [[webView  
windowScriptObject] evaluateWebScript:someJavaScript] on the main  
thread. The element in 'app' is a Java applet, getListenPort() is a  
Java method called via LiveConnect. I have two other scripts that are  
very similar, varying only in the method called.

(function () {
		var app = document.getElementById(\"RemoteApplication\");
		var ReturnMe = Number(app.getListenPort());
		app = null;
		return ReturnMe;

And here is a common sort of stack trace I'm getting (this one from  
Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x9489f766 WTF::fastFree(void*) + 134
1   com.apple.WebCore             	0x929be825  
WebCore::CSSSelectorList::deleteSelectors() + 389
2   com.apple.WebCore             	0x92a38269  
WebCore::CSSStyleRule::~CSSStyleRule() + 57
3   com.apple.WebCore             	0x929c3a04  
WTF::Vector<WTF::RefPtr<WebCore::StyleBase>, 0ul>::shrink(unsigned  
long) + 84
4   com.apple.WebCore             	0x92a38193  
WebCore::StyleSheet::~StyleSheet() + 179
5   com.apple.WebCore             	0x92a38066  
WebCore::CSSStyleSheet::~CSSStyleSheet() + 102
6   com.apple.WebCore             	0x92a91074  
WTF::Vector<WTF::RefPtr<WebCore::StyleSheet>, 0ul>::shrink(unsigned  
long) + 84
7   com.apple.WebCore             	0x92a29243  
WebCore::StyleSheetList::~StyleSheetList() + 67
8   com.apple.WebCore             	0x92a28cd9  
WebCore::Document::~Document() + 3529
9   com.apple.WebCore             	0x92a27f01  
WebCore::HTMLDocument::~HTMLDocument() + 129
10  com.apple.WebCore             	0x92a27def WebCore::Node::~Node() +  
11  com.apple.WebCore             	0x92c05a21  
WebCore::HTMLIFrameElement::~HTMLIFrameElement() + 129
12  com.apple.WebCore             	0x92b356fe  
WebCore::JSNode::~JSNode() + 382
13  com.apple.JavaScriptCore      	0x9495a0d2 JSC::Heap::sweep() + 274

I find it odd that main isn't seen in the stack, but it never is. The  
crash nearly ALWAYS occurs in WTF::fastFree(), very occasionally  
occurring instead in some other memory management function.

Any insight on where to look to further track this down would be  
greatly appreciated.

-Chris Backas

CONFIDENTIALITY NOTICE: This email (and any related attachments) contains information from InfoPlus (a service of Bristol Capital, Inc.).  It is intended only for the addressee and may contain information that is confidential and/or otherwise exempt from disclosure under applicable law. If you are not the intended recipient or are acting as agent for the intended recipient, any use or disclosure of this communication is prohibited. If you have received this communication in error, please notify me immediately to arrange for the appropriate method of returning or disposing of the communication. If our respective Companies have confidentiality provisions in effect, this email and the materials contained herein are deemed CONFIDENTIAL and should be treated accordingly unless expressly provided otherwise.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20101206/099eb84f/attachment.html>

More information about the webkit-dev mailing list