[Webkit-unassigned] [Bug 21260] New: Unbounded memory growth when churning elements with anonymous event handler functions

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=21260

           Summary: Unbounded memory growth when churning elements with
                    anonymous event handler functions
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: simon.fraser at apple.com


The to-be-attached testcase creates, attaches, then removes hundreds of divs,
each of which has an event handler registered on it.

If the event handler uses an anonymous function, like:
    a.addEventListener("click", function () {}, true);

then memory grows over time, and is not fully reclaimed by GC. Debugging shows
that none of the HTMLElements are destroyed, even after they  have been removed
from the DOM.  'leaks' does not report any leaks, but the Caches window shows
an increasing number of Function Protected Objects.

If the event handler uses a named function:

function clicked(e) {}
a.addEventListener("click", clicked, true);

then the problem does not occur.

Seen on WebKit TOT r37078.

Note that if the elements that are entrained are costly (like <canvas>) then
this rapidly becomes a problem.


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.