[webkit-dev] Memory leak tracking in WebKit

Simon Fraser simon.fraser at apple.com
Tue Jan 5 12:09:11 PST 2016 

This sounds like a bug that would affect all WebKit ports. Can you file a bugs.webkit.org bug, and continue investigation there?

Simon

> On Jan 5, 2016, at 12:03 PM, Vienneau, Christopher <cvienneau at ea.com> wrote:
> 
> Hi,
>  
> I’ve resumed the memory leak tracking I was doing last year, I have some more details to share, hopefully you’ll be able to suggest how I might fix it.  The source of the leak appears to come from the below callstack.  A cache of animation points is being created in SVGAnimatedProperty(SVGElement* contextElement, const QualifiedName& attributeName, AnimatedPropertyType animatedPropertyType), however the destructor for SVGAnimatedProperty is never called.  The passed in contextElement gains a ref when the SVGAnimatedProperty is created, however I’m not seeing a code path where the animation points should be destroyed.  This effects both svg polyline and polygon, and results in leaking the whole page.
>  
> Thanks for any help you can provide,
>  
> Chris Vienneau
>  
>  
> \WebCore\svg\properties\SVGAnimatedProperty.cpp
> SVGAnimatedProperty::SVGAnimatedProperty(SVGElement* contextElement, const QualifiedName& attributeName, AnimatedPropertyType animatedPropertyType)
>     : m_contextElement(contextElement)
>     , m_attributeName(attributeName)
>     , m_animatedPropertyType(animatedPropertyType)
>     , m_isAnimating(false)
>     , m_isReadOnly(false)
> {
> }
>  
> >             EAWebKitd.dll!WebCore::SVGAnimatedProperty::SVGAnimatedProperty(WebCore::SVGElement * contextElement, const WebCore::QualifiedName & attributeName, WebCore::AnimatedPropertyType animatedPropertyType) Line 29                C++
>                 EAWebKitd.dll!WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>(WebCore::SVGElement * contextElement, const WebCore::QualifiedName & attributeName, WebCore::AnimatedPropertyType animatedPropertyType, WebCore::SVGPointList & values) Line 166         C++
>                 EAWebKitd.dll!WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>::create(WebCore::SVGElement * contextElement, const WebCore::QualifiedName & attributeName, WebCore::AnimatedPropertyType animatedPropertyType, WebCore::SVGPointList & values) Line 159         C++
>                 EAWebKitd.dll!WebCore::SVGAnimatedProperty::lookupOrCreateWrapper<WebCore::SVGPolyElement,WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>,WebCore::SVGPointList>(WebCore::SVGPolyElement * element, const WebCore::SVGPropertyInfo * info, WebCore::SVGPointList & property) Line 57             C++
>                EAWebKitd.dll!WebCore::SVGPolyElement::lookupOrCreatePointsWrapper(WebCore::SVGElement * contextElement) Line 117            C++
>                EAWebKitd.dll!WebCore::SVGPolyElement::animatedPoints() Line 130  C++
>                EAWebKitd.dll!WebCore::updatePathFromPolylineElement(WebCore::SVGElement * element, WebCore::Path & path) Line 106               C++
>                EAWebKitd.dll!WebCore::updatePathFromGraphicsElement(WebCore::SVGElement * element, WebCore::Path & path) Line 172               C++
>                EAWebKitd.dll!WebCore::RenderSVGShape::updateShapeFromElement() Line 84           C++
>                EAWebKitd.dll!WebCore::RenderSVGPath::updateShapeFromElement() Line 48              C++
>                EAWebKitd.dll!WebCore::RenderSVGShape::layout() Line 164   C++
>                EAWebKitd.dll!WebCore::SVGRenderSupport::layoutChildren(WebCore::RenderElement & start, bool selfNeedsLayout) Line 281           C++
>                EAWebKitd.dll!WebCore::RenderSVGRoot::layout() Line 181      C++
>                EAWebKitd.dll!WebCore::RenderElement::layoutIfNeeded() Line 135    C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutLineBoxes(bool relayoutChildren, WebCore::LayoutUnit & repaintLogicalTop, WebCore::LayoutUnit & repaintLogicalBottom) Line 1621   C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutInlineChildren(bool relayoutChildren, WebCore::LayoutUnit & repaintLogicalTop, WebCore::LayoutUnit & repaintLogicalBottom) Line 652        C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 484        C++
>                EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930              C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 712            C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 633            C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 488        C++
>                EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930              C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 712            C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 633            C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 488        C++
>                EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930              C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 712            C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 633            C++
>                EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 488        C++
>                EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930              C++
>                EAWebKitd.dll!WebCore::RenderView::layoutContent(const WebCore::LayoutState & state) Line 256   C++
>                EAWebKitd.dll!WebCore::RenderView::layout() Line 382              C++
>                EAWebKitd.dll!WebCore::FrameView::layout(bool allowSubtree) Line 1426         C++
>                EAWebKitd.dll!WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() Line 4153    C++
>                EAWebKitd.dll!EA::WebKit::View::Paint() Line 278            C++
>                EAWebKitDemoUTFWin.exe!EA::Browser::BrowserWinView::OnTick() Line 1039              C++
>                EAWebKitDemoUTFWin.exe!EA::UTFWin::CustomWindow::DoMessage(const EA::UTFWin::Message & msg) Line 46  C++
>                EAWebKitDemoUTFWin.exe!EA::Browser::BrowserWinView::DoMessage(const EA::UTFWin::Message & msg) Line 649     C++
>                EAWebKitDemoUTFWin.exe!EA::UTFWin::WindowMgr::DispatchMsgToWindow(EA::UTFWin::Window * target, const EA::UTFWin::Message & msg, bool outbound) Line 2120     C++
>                EAWebKitDemoUTFWin.exe!EA::UTFWin::WindowMgr::SendMsg(EA::UTFWin::IWindow * src, EA::UTFWin::IWindow * dst0, const EA::UTFWin::Message & msg, bool inheritable, bool reversePriority) Line 249                C++
>                EAWebKitDemoUTFWin.exe!EA::UTFWin::WindowMgr::ProcessMessages() Line 451     C++
>                EAWebKitDemoUTFWin.exe!EA::Browser::BrowserApp::TickEAWebKitThread() Line 781              C++
>                EAWebKitDemoUTFWin.exe!EA::Browser::BrowserApp::RunEAWebKit(void * instance) Line 838              C++
>                 EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandler::ExecuteUserFunction(EA::Debug::ExceptionHandler::UserFunctionUnion userFunctionUnion, EA::Debug::ExceptionHandler::UserFunctionType userFunctionType, void * pContext) Line 900                C++
>                 EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandlerWin32::RunTrapped(EA::Debug::ExceptionHandler::UserFunctionUnion userFunctionUnion, EA::Debug::ExceptionHandler::UserFunctionType userFunctionType, void * pContext, bool & exceptionCaught) Line 529          C++
>                 EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandler::RunTrappedInternal(EA::Debug::ExceptionHandler::UserFunctionUnion userFunctionUnion, EA::Debug::ExceptionHandler::UserFunctionType userFunctionType, void * pContext, bool & exceptionCaught) Line 881          C++
>                EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandler::RunTrapped(void (void *) * userFunction, void * pContext) Line 925          C++
>                EAWebKitDemoUTFWin.exe!EA::Browser::BrowserApp::Run(void * __formal) Line 855 C++
>                EAWebKitDemoUTFWin.exe!RunnableObjectInternal(void * pContext) Line 608               C++
>                EAWebKitDemoUTFWin.exe!invoke_thread_procedure(unsigned int (void *) * const procedure, void * const context) Line 92    C++
>                EAWebKitDemoUTFWin.exe!thread_start<unsigned int (__cdecl*)(void * __ptr64)>(void * const parameter) Line 115       C++
>                [External Code]
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org <mailto:webkit-dev at lists.webkit.org>
> https://lists.webkit.org/mailman/listinfo/webkit-dev <https://lists.webkit.org/mailman/listinfo/webkit-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20160105/0aa8b31a/attachment.html>

More information about the webkit-dev mailing list