Changeset 258908 in webkit

Timestamp:

Mar 23, 2020 10:05:50 PM (4 years ago)

Author:

Simon Fraser

Message:

Safari jetsams with repeated drawImage/getImageData
​https://bugs.webkit.org/show_bug.cgi?id=207957

Reviewed by Tim Horton.

SubimageCacheWithTimer used a DeferrableOneShotTimer to clear itself, but if content
adds an entry to the cache on every frame (as might content drawing video frames into a canvas)
then the cache was never cleared. Nor was it cleared via a memory warning.

Fix by tracking cache entries by age, and using a repeating timer to prune old images
from the cache. Also hook up the cache to the memory pressure handler, which clears it.

Reduce the timer frequency from 1s to 500ms, since that was observed to reduce the memory use
on the provided testcase from ~600M to ~350M, making jetsam less likely.

Rename m_images to m_imageCounts to make its role clearer.

• page/cocoa/MemoryReleaseCocoa.mm:

(WebCore::platformReleaseMemory):

• platform/graphics/cg/SubimageCacheWithTimer.cpp:

(WebCore::SubimageCacheWithTimer::clear):
(WebCore::SubimageCacheAdder::translate):
(WebCore::SubimageCacheWithTimer::SubimageCacheWithTimer):
(WebCore::SubimageCacheWithTimer::pruneCacheTimerFired):
(WebCore::SubimageCacheWithTimer::prune):
(WebCore::SubimageCacheWithTimer::subimage):
(WebCore::SubimageCacheWithTimer::clearImageAndSubimages):
(WebCore::SubimageCacheWithTimer::clearAll):
(WebCore::SubimageCacheWithTimer::invalidateCacheTimerFired): Deleted.

• platform/graphics/cg/SubimageCacheWithTimer.h:

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• page/cocoa/MemoryReleaseCocoa.mm (modified) (2 diffs)
• platform/graphics/cg/SubimageCacheWithTimer.cpp (modified) (6 diffs)
• platform/graphics/cg/SubimageCacheWithTimer.h (modified) (5 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-03-23  Simon Fraser  <simon.fraser@apple.com>
+
+        Safari jetsams with repeated drawImage/getImageData
+        https://bugs.webkit.org/show_bug.cgi?id=207957
+
+        Reviewed by Tim Horton.
+
+        SubimageCacheWithTimer used a DeferrableOneShotTimer to clear itself, but if content
+        adds an entry to the cache on every frame (as might content drawing video frames into a canvas)
+        then the cache was never cleared. Nor was it cleared via a memory warning.
+
+        Fix by tracking cache entries by age, and using a repeating timer to prune old images
+        from the cache. Also hook up the cache to the memory pressure handler, which clears it.
+
+        Reduce the timer frequency from 1s to 500ms, since that was observed to reduce the memory use
+        on the provided testcase from ~600M to ~350M, making jetsam less likely.
+
+        Rename m_images to m_imageCounts to make its role clearer.
+
+        * page/cocoa/MemoryReleaseCocoa.mm:
+        (WebCore::platformReleaseMemory):
+        * platform/graphics/cg/SubimageCacheWithTimer.cpp:
+        (WebCore::SubimageCacheWithTimer::clear):
+        (WebCore::SubimageCacheAdder::translate):
+        (WebCore::SubimageCacheWithTimer::SubimageCacheWithTimer):
+        (WebCore::SubimageCacheWithTimer::pruneCacheTimerFired):
+        (WebCore::SubimageCacheWithTimer::prune):
+        (WebCore::SubimageCacheWithTimer::subimage):
+        (WebCore::SubimageCacheWithTimer::clearImageAndSubimages):
+        (WebCore::SubimageCacheWithTimer::clearAll):
+        (WebCore::SubimageCacheWithTimer::invalidateCacheTimerFired): Deleted.
+        * platform/graphics/cg/SubimageCacheWithTimer.h:
+
 2020-03-23  Stephan Szabo  <stephan.szabo@sony.com>
 

trunk/Source/WebCore/page/cocoa/MemoryReleaseCocoa.mm

@@ -32 +32 @@
 #import "LayerPool.h"
 #import "LocaleCocoa.h"
+#import "SubimageCacheWithTimer.h"
 #import "SystemFontDatabaseCoreText.h"
 #import <notify.h>
@@ -69 +70 @@
 #if HAVE(IOSURFACE)
     IOSurfacePool::sharedPool().discardAllSurfaces();
+#endif
+
+#if CACHE_SUBIMAGES
+    SubimageCacheWithTimer::clear();
 #endif
 }

trunk/Source/WebCore/platform/graphics/cg/SubimageCacheWithTimer.cpp

@@ -37 +37 @@
 SubimageCacheWithTimer* SubimageCacheWithTimer::s_cache;
 
-static const Seconds subimageCacheClearDelay { 1_s };
+static const Seconds subimageCachePruneDelay { 500_ms };
+static const Seconds subimageCacheEntryLifetime { 500_ms };
 static const int maxSubimageCacheSize = 300;
 
@@ -49 +50 @@
     if (subimageCacheExists())
         subimageCache().clearImageAndSubimages(image);
+}
+
+void SubimageCacheWithTimer::clear()
+{
+    if (subimageCacheExists())
+        subimageCache().clearAll();
 }
 
@@ -71 +78 @@
     {
         entry.image = request.image;
+        entry.subimage = adoptCF(CGImageCreateWithImageInRect(request.image, request.rect));
         entry.rect = request.rect;
-        entry.subimage = adoptCF(CGImageCreateWithImageInRect(request.image, request.rect));
     }
 };
 
 SubimageCacheWithTimer::SubimageCacheWithTimer()
-    : m_timer(*this, &SubimageCacheWithTimer::invalidateCacheTimerFired, subimageCacheClearDelay)
+    : m_timer(*this, &SubimageCacheWithTimer::pruneCacheTimerFired)
 {
 }
 
-void SubimageCacheWithTimer::invalidateCacheTimerFired()
+void SubimageCacheWithTimer::pruneCacheTimerFired()
 {
-    m_images.clear();
-    m_cache.clear();
+    prune();
+    if (m_cache.isEmpty()) {
+        ASSERT(m_imageCounts.isEmpty());
+        m_timer.stop();
+    }
+}
+
+void SubimageCacheWithTimer::prune()
+{
+    auto now = MonotonicTime::now();
+
+    Vector<SubimageCacheEntry> toBeRemoved;
+
+    for (const auto& entry : m_cache) {
+        if ((now - entry.lastAccessTime) > subimageCacheEntryLifetime)
+            toBeRemoved.append(entry);
+    }
+
+    for (auto& entry : toBeRemoved) {
+        m_imageCounts.remove(entry.image.get());
+        m_cache.remove(entry);
+    }
 }
 
 RetainPtr<CGImageRef> SubimageCacheWithTimer::subimage(CGImageRef image, const FloatRect& rect)
 {
-    m_timer.restart();
+    if (!m_timer.isActive())
+        m_timer.startRepeating(subimageCachePruneDelay);
+
     if (m_cache.size() == maxSubimageCacheSize) {
         SubimageCacheEntry entry = *m_cache.begin();
-        m_images.remove(entry.image.get());
+        m_imageCounts.remove(entry.image.get());
         m_cache.remove(entry);
     }
@@ -99 +128 @@
     auto result = m_cache.add<SubimageCacheAdder>(SubimageRequest(image, rect));
     if (result.isNewEntry)
-        m_images.add(image);
+        m_imageCounts.add(image);
 
+    result.iterator->lastAccessTime = MonotonicTime::now();
     return result.iterator->subimage;
 }
@@ -106 +136 @@
 void SubimageCacheWithTimer::clearImageAndSubimages(CGImageRef image)
 {
-    if (m_images.contains(image)) {
+    if (m_imageCounts.contains(image)) {
         Vector<SubimageCacheEntry> toBeRemoved;
         for (const auto& entry : m_cache) {
@@ -116 +146 @@
             m_cache.remove(entry);
 
-        m_images.removeAll(image);
+        m_imageCounts.removeAll(image);
     }
+}
+
+void SubimageCacheWithTimer::clearAll()
+{
+    m_imageCounts.clear();
+    m_cache.clear();
 }
 

trunk/Source/WebCore/platform/graphics/cg/SubimageCacheWithTimer.h

@@ -24 +24 @@
  */
 
-#ifndef SubimageCacheWithTimer_h
-#define SubimageCacheWithTimer_h
+#pragma once
 
 #include "FloatRect.h"
@@ -48 +47 @@
     struct SubimageCacheEntry {
         RetainPtr<CGImageRef> image;
+        RetainPtr<CGImageRef> subimage;
         FloatRect rect;
-        RetainPtr<CGImageRef> subimage;
+        MonotonicTime lastAccessTime;
     };
 
@@ -83 +83 @@
     static RetainPtr<CGImageRef> getSubimage(CGImageRef, const FloatRect&);
     static void clearImage(CGImageRef);
+    static void clear();
 
 private:
@@ -88 +89 @@
 
     SubimageCacheWithTimer();
-    void invalidateCacheTimerFired();
+    void pruneCacheTimerFired();
 
     RetainPtr<CGImageRef> subimage(CGImageRef, const FloatRect&);
     void clearImageAndSubimages(CGImageRef);
+    void prune();
+    void clearAll();
 
-    HashCountedSet<CGImageRef> m_images;
+    HashCountedSet<CGImageRef> m_imageCounts;
     SubimageCacheHashSet m_cache;
-    DeferrableOneShotTimer m_timer;
+    Timer m_timer;
 
     static SubimageCacheWithTimer& subimageCache();
@@ -105 +108 @@
 
 }
-
-#endif // SubimageCacheWithTimer_h