[Webkit-unassigned] [Bug 251835] The Document object is leaked on some pages using media (like YouTube.com)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 1 12:59:15 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=251835
--- Comment #8 from Ryan Reno <rreno at apple.com> ---
I added ref tracking to Strong which went surprisingly well. I guess the code paths YouTube exercised did not depend on the sizeof(Strong<T>) being the sizeof a JSCell.
See below the stack trace which shows that strong refs to MediaSession action handler callbacks are being created by addActionHandler. If I naively remove all action handlers when the MediaSession is stopped then the document is no longer leaked after the navigation + lowMemory warning.
The right thing to do here might be to convert the callbacks to being held as weak references and then visiting them so long as the MediaSession is not stopped. There might be some more nuance here w.r.t. the domain (like do we need to also destroy the media session? can it be recreated with the callbacks later?) but that GC strategy is probably generally the right approach.
RefTracker: Backtrace for token 88501 ()
1 0x138861a1c WTF::RefTracker::trackRef(WTF::String const&)
2 0x2806d0820 JSC::Strong<JSC::JSObject, (JSC::ShouldStrongDestructorGrabLock)0>::Strong(JSC::VM&, JSC::JSObject*)
3 0x2806d0460 JSC::Strong<JSC::JSObject, (JSC::ShouldStrongDestructorGrabLock)0>::Strong(JSC::VM&, JSC::JSObject*)
4 0x2806d041c WebCore::JSCallbackDataStrong::JSCallbackDataStrong(JSC::JSObject*, WebCore::JSDOMGlobalObject*, void*)
5 0x280670948 WebCore::JSCallbackDataStrong::JSCallbackDataStrong(JSC::JSObject*, WebCore::JSDOMGlobalObject*, void*)
6 0x28142112c WebCore::JSMediaSessionActionHandler::JSMediaSessionActionHandler(JSC::JSObject*, WebCore::JSDOMGlobalObject*)
7 0x2814211d8 WebCore::JSMediaSessionActionHandler::JSMediaSessionActionHandler(JSC::JSObject*, WebCore::JSDOMGlobalObject*)
8 0x28149e4dc WebCore::JSMediaSessionActionHandler::create(JSC::JSObject*, WebCore::JSDOMGlobalObject*)
9 0x28149e3fc WTF::RefPtr<WebCore::JSMediaSessionActionHandler, WTF::RawPtrTraits<WebCore::JSMediaSessionActionHandler>, WTF::RefDerefTraits> WebCore::Converter<WebCore::IDLCallbackFunction<WebCore::JSMediaSessionActionHandler>>::convert<WebCore::jsMediaSessionPrototypeFunction_setActionHandlerBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSMediaSession*)::'lambda0'(JSC::JSGlobalObject&, JSC::ThrowScope&)>(JSC::JSGlobalObject&, JSC::JSValue, WebCore::JSDOMGlobalObject&, WebCore::jsMediaSessionPrototypeFunction_setActionHandlerBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSMediaSession*)::'lambda0'(JSC::JSGlobalObject&, JSC::ThrowScope&)&&)
10 0x28149e2dc WTF::RefPtr<WebCore::JSMediaSessionActionHandler, WTF::RawPtrTraits<WebCore::JSMediaSessionActionHandler>, WTF::RefDerefTraits> WebCore::Converter<WebCore::IDLNullable<WebCore::IDLCallbackFunction<WebCore::JSMediaSessionActionHandler>>>::convert<WebCore::jsMediaSessionPrototypeFunction_setActionHandlerBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSMediaSession*)::'lambda0'(JSC::JSGlobalObject&, JSC::ThrowScope&)>(JSC::JSGlobalObject&, JSC::JSValue, WebCore::JSDOMGlobalObject&, WebCore::jsMediaSessionPrototypeFunction_setActionHandlerBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSMediaSession*)::'lambda0'(JSC::JSGlobalObject&, JSC::ThrowScope&)&&)
11 0x28149df18 WebCore::Converter<WebCore::IDLNullable<WebCore::IDLCallbackFunction<WebCore::JSMediaSessionActionHandler>>>::ReturnType WebCore::convert<WebCore::IDLNullable<WebCore::IDLCallbackFunction<WebCore::JSMediaSessionActionHandler>>, WebCore::jsMediaSessionPrototypeFunction_setActionHandlerBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSMediaSession*)::'lambda0'(JSC::JSGlobalObject&, JSC::ThrowScope&)>(JSC::JSGlobalObject&, JSC::JSValue, WebCore::JSDOMGlobalObject&, WebCore::jsMediaSessionPrototypeFunction_setActionHandlerBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSMediaSession*)::'lambda0'(JSC::JSGlobalObject&, JSC::ThrowScope&)&&)
12 0x28149dcd4 WebCore::jsMediaSessionPrototypeFunction_setActionHandlerBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSMediaSession*)
13 0x28149da58 long long WebCore::IDLOperation<WebCore::JSMediaSession>::call<&WebCore::jsMediaSessionPrototypeFunction_setActionHandlerBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSMediaSession*), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*)
14 0x28149d788 WebCore::jsMediaSessionPrototypeFunction_setActionHandler(JSC::JSGlobalObject*, JSC::CallFrame*)
[snip]
20 0x13a057f98 JSC::Interpreter::executeCallImpl(JSC::VM&, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
21 0x13a05808c JSC::Interpreter::executeCall(JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
22 0x13a35ae70 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
23 0x13a4e4b38 JSC::boundThisNoArgsFunctionCall(JSC::JSGlobalObject*, JSC::CallFrame*)
[snip]
43 0x13a057f98 JSC::Interpreter::executeCallImpl(JSC::VM&, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
44 0x13a05808c JSC::Interpreter::executeCall(JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
45 0x13a35ae70 JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
46 0x13a35af2c JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
47 0x13a35b254 JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
48 0x282ff7624 WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
49 0x283015b2c WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&)
50 0x2839fa348 WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::RefDerefTraits>, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase)
51 0x2839ee828 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase)
52 0x2839ee5fc WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const
53 0x2839ef7cc WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&)
54 0x2839eef40 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&)
55 0x283a90cdc WebCore::Node::dispatchEvent(WebCore::Event&)
56 0x283e686ec WebCore::HTMLMediaElement::dispatchEvent(WebCore::Event&)
57 0x2838287d8 WebCore::ActiveDOMObject::queueCancellableTaskToDispatchEventInternal(WebCore::EventTarget&, WebCore::TaskSource, WTF::TaskCancellationGroup&, WTF::Ref<WebCore::Event, WTF::RawPtrTraits<WebCore::Event>, WTF::RefDerefTraits>&&)::$_5::operator()() const
58 0x2838286c4 WTF::Detail::CallableWrapper<WebCore::ActiveDOMObject::queueCancellableTaskToDispatchEventInternal(WebCore::EventTarget&, WebCore::TaskSource, WTF::TaskCancellationGroup&, WTF::Ref<WebCore::Event, WTF::RawPtrTraits<WebCore::Event>, WTF::RefDerefTraits>&&)::$_5, void>::call()
59 0x283046bfc WTF::Function<void ()>::operator()() const
60 0x282f95194 WTF::CancellableTask::operator()()
61 0x282f94fb0 WTF::Detail::CallableWrapper<WTF::CancellableTask, void>::call()
62 0x283046bfc WTF::Function<void ()>::operator()() const
63 0x2838241dc WebCore::ActiveDOMObjectEventDispatchTask::execute()
64 0x2839f2184 WebCore::EventLoop::run()
65 0x283b7b718 WebCore::WindowEventLoop::didReachTimeToRun()
66 0x283b7f650 decltype(*std::declval<WebCore::WindowEventLoop*&>().*std::declval<void (WebCore::WindowEventLoop::*&)()>()()) std::__1::__invoke[abi:v160000]<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*&, void>(void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*&)
67 0x283b7f598 std::__1::__bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<>>::value>::type std::__1::__apply_functor[abi:v160000]<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, 0ul, std::__1::tuple<>>(void (WebCore::WindowEventLoop::*&)(), std::__1::tuple<WebCore::WindowEventLoop*>&, std::__1::__tuple_indices<0ul>, std::__1::tuple<>&&)
68 0x283b7f54c std::__1::__bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<>, __is_valid_bind_return<void (WebCore::WindowEventLoop::*)(), std::__1::tuple<WebCore::WindowEventLoop*>, std::__1::tuple<>>::value>::type std::__1::__bind<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*>::operator()[abi:v160000]<>()
69 0x283b7f4e8 WTF::Detail::CallableWrapper<std::__1::__bind<void (WebCore::WindowEventLoop::*&)(), WebCore::WindowEventLoop*>, void>::call()
70 0x283046bfc WTF::Function<void ()>::operator()() const
71 0x280190d04 WebCore::Timer::fired()
72 0x284b09b60 WebCore::ThreadTimers::sharedTimerFiredInternal()
73 0x284b128bc WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0::operator()() const
74 0x284b12860 WTF::Detail::CallableWrapper<WebCore::ThreadTimers::setSharedTimer(WebCore::SharedTimer*)::$_0, void>::call()
75 0x283046bfc WTF::Function<void ()>::operator()() const
76 0x284aaabb4 WebCore::MainThreadSharedTimer::fired()
77 0x284ba7520 WebCore::timerFired(__CFRunLoopTimer*, void*)
[snip]
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230501/1a8385c9/attachment-0001.htm>
More information about the webkit-unassigned
mailing list