[Webkit-unassigned] [Bug 256404] Document leak on pages with text input forms such as google.com

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 10 16:04:58 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=256404

--- Comment #7 from Ryan Reno <rreno at apple.com> ---
I spoke with Wenson and Brady today - they helped me understand the undo stack and UI process side of things.

I think there's two issues here:

1. The UIProcess never commands the WebProcess to clear the undo command state which keeps UndoSteps (which reference the document) alive.
2. Text nodes inserted into the DOM to receive text typed by the user are not released which keep the document alive.

A possible fix for 1. (as suggested by Wenson) is to send a command to the WebProcess from the UIProcess to clear undo commands after a main frame navigation is completed.

I'm still tracking down the reason why the Text node is kept alive. This is the backtrace from when the Text incremented the Document's referencingNodeCount but didn't clear it:

RefTracker: Backtrace for node 0x116004fd0 (http://localhost:14001/)
1   0x138751cbc WTF::RefTracker::trackDocRef(void*, WTF::String const&)
2   0x2838ae730 WebCore::Document::incrementReferencingNodeCount(WebCore::Node*)
3   0x283a82358 WebCore::Node::Node(WebCore::Document&, WTF::OptionSet<WebCore::Node::NodeFlag>)
4   0x2838301cc WebCore::CharacterData::CharacterData(WebCore::Document&, WTF::String&&, WTF::OptionSet<WebCore::Node::NodeFlag>)
5   0x283830150 WebCore::Text::Text(WebCore::Document&, WTF::String&&, WTF::OptionSet<WebCore::Node::NodeFlag>)
6   0x283b51f8c WebCore::Text::Text(WebCore::Document&, WTF::String&&, WTF::OptionSet<WebCore::Node::NodeFlag>)
7   0x283b51fe8 WebCore::Text::createEditingText(WebCore::Document&, WTF::String&&)
8   0x2838b1908 WebCore::Document::createEditingTextNode(WTF::String&&)
9   0x283c602b4 WebCore::InsertTextCommand::positionInsideTextNode(WebCore::Position const&)
10  0x283c60c20 WebCore::InsertTextCommand::doApply()
11  0x283bc8310 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::CompositeEditCommand, WTF::RawPtrTraits<WebCore::CompositeEditCommand>, WTF::RefDerefTraits>&&, WebCore::VisibleSelection const&)
12  0x283ca23d0 WebCore::TypingCommand::insertTextRunWithoutNewlines(WTF::String const&, bool)
13  0x283cc447c WebCore::TypingCommandLineOperation::operator()(unsigned long, unsigned long, bool) const
14  0x283ca2288 void WebCore::forEachLineInString<WebCore::TypingCommandLineOperation>(WTF::String const&, WebCore::TypingCommandLineOperation const&)
15  0x283ca2164 WebCore::TypingCommand::insertText(WTF::String const&, bool)
16  0x283ca0d00 WebCore::TypingCommand::insertTextAndNotifyAccessibility(WTF::String const&, bool)
17  0x283ca18b0 WebCore::TypingCommand::doApply()
18  0x283bb49f8 WebCore::CompositeEditCommand::apply()
19  0x283c8eb68 WebCore::TextInsertionBaseCommand::applyTextInsertionCommand(WebCore::LocalFrame*, WebCore::TextInsertionBaseCommand&, WebCore::VisibleSelection const&, WebCore::VisibleSelection const&)
20  0x283ca0bcc WebCore::TypingCommand::insertText(WebCore::Document&, WTF::String const&, WebCore::VisibleSelection const&, unsigned int, WebCore::TypingCommand::TextCompositionType)
21  0x283c0cabc WebCore::Editor::insertTextWithoutSendingTextEvent(WTF::String const&, bool, WebCore::TextEvent*)
22  0x283c0b9d4 WebCore::Editor::handleTextEvent(WebCore::TextEvent&)
23  0x2847b2c68 WebCore::EventHandler::defaultTextInputEventHandler(WebCore::TextEvent&)
24  0x283a8e1a4 WebCore::Node::defaultEventHandler(WebCore::Event&)
25  0x283e2bf1c WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event&)
26  0x2839ecb74 WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&)
27  0x2839ec2d0 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&)
28  0x283a8da3c WebCore::Node::dispatchEvent(WebCore::Event&)
29  0x2847b29a0 WebCore::EventHandler::handleTextInputEvent(WTF::String const&, WebCore::Event*, WebCore::TextEventInputType)
30  0x283c14570 WebCore::Editor::insertText(WTF::String const&, WebCore::Event*, WebCore::TextEventInputType)
31  0x11bc25970 WebKit::WebPage::executeKeypressCommandsInternal(WTF::Vector<WebCore::KeypressCommand, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::KeyboardEvent*)
32  0x11bc26af4 WebKit::WebPage::handleEditingKeyboardEvent(WebCore::KeyboardEvent&)
33  0x11bb392b0 WebKit::WebEditorClient::handleKeyboardEvent(WebCore::KeyboardEvent&)
34  0x283c0b600 WebCore::Editor::handleKeyboardEvent(WebCore::KeyboardEvent&)
35  0x2847b12ec WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent&)
36  0x283a8e078 WebCore::Node::defaultEventHandler(WebCore::Event&)
37  0x283e2bae0 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event&)
38  0x2839ecb74 WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&)
39  0x2839ec2d0 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&)
40  0x283a8da3c WebCore::Node::dispatchEvent(WebCore::Event&)
41  0x2847b0238 WebCore::EventHandler::internalKeyEvent(WebCore::PlatformKeyboardEvent const&)
42  0x2847af580 WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&)
43  0x285725cec WebCore::UserInputBridge::handleKeyEvent(WebCore::PlatformKeyboardEvent const&, WebCore::InputSource)
44  0x11ca98fa8 WebKit::handleKeyEvent(WebKit::WebKeyboardEvent const&, WebCore::Page*)
45  0x11ca98da0 WebKit::WebPage::keyEvent(WebKit::WebKeyboardEvent const&)
46  0x11cb55e10 auto void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...)::operator()<WebKit::WebKeyboardEvent>(auto&&...) const
47  0x11cb55d28 decltype(std::declval<WebKit::WebPage>()(std::declval<WebKit::WebKeyboardEvent>())) std::__1::__invoke[abi:v160002]<void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...), WebKit::WebKeyboardEvent>(WebKit::WebPage&&, WebKit::WebKeyboardEvent&&)
48  0x11cb55cf8 decltype(auto) std::__1::__apply_tuple_impl[abi:v160002]<void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...), std::__1::tuple<WebKit::WebKeyboardEvent>, 0ul>(WebKit::WebPage&&, WebKit::WebPage&&, std::__1::__tuple_indices<0ul>)
49  0x11cb55cb8 decltype(auto) std::__1::apply[abi:v160002]<void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage&&, WebKit::WebPage&&)
50  0x11cb554f8 void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)
51  0x11cb18350 void IPC::handleMessage<Messages::WebPage::KeyEvent, WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&))
52  0x11cb10a8c WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&)
53  0x11caa39fc WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
54  0x11d07d42c IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
55  0x11c1aeb08 WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
56  0x11d051400 IPC::Connection::dispatchMessage(IPC::Decoder&)
57  0x11d051894 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>)
58  0x11d051bd0 IPC::Connection::dispatchOneIncomingMessage()
59  0x11d070008 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>)::$_17::operator()() const
60  0x11d06ff48 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>)::$_17, void>::call()
61  0x1386b5390 WTF::Function<void ()>::operator()() const
62  0x13875f9d0 WTF::RunLoop::performWork()
63  0x13876438c WTF::RunLoop::performWork(void*)
[snip]

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230510/170f6c56/attachment-0001.htm>

More information about the webkit-unassigned mailing list