[Webkit-unassigned] [Bug 21260] Unbounded memory growth when churning elements with anonymous event handler functions
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 1 23:28:41 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=21260
oliver at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |oliver at apple.com
------- Comment #3 from oliver at apple.com 2008-10-01 23:28 PDT -------
Okay, so this isn't a permanent leak -- the functions get collected when the
Page goes away. The underlying problem appears to be that the JSEventListener
uses a ProtectedPtr to hold the event handler. However because the event
handler is defined along the lines of:
var a = someElement;
a.addEventListener("..", function(){})
The function's Activation picks up 'a'. Then when ever we do a gc sweep that
will mark the protected event handler (the function we defined) which will mark
its activation, which in turn marks the element. This is a ref cycle which
means we should just leak forever, however the Page somehow tracks this and
manually breaks the cycle when it gets torn down.
To fix this we probably just need to ensure we do correct gc rather than
relying on protectedptr on JSEventListener, although i'm honestly not sure how
we should do this :-(
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list