Changes between Version 5 and Version 6 of Abandoned documents


Ignore:
Timestamp:
Aug 20, 2018 9:28:05 PM (4 years ago)
Author:
Simon Fraser
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • Abandoned documents

    v5 v6  
    124124
    125125    The second stack there is normal document wrapper creation. The first one is more interesting, and points to the bug, which is that Document::removeFocusNavigationNodeOfSubtree() store the Document in a RefPtr data member of the same document, creating a ref cycle.
     126
     127Here's another example [https://bugs.webkit.org/show_bug.cgi?id=188776]:
     128
     129In this case, {{{notifyutil -p "com.apple.WebKit.showAllDocuments"}}} dumps:
     130
     131{{{
     132SVGDocument 0x1262e8400 5 (refCount 0, referencingNodeCount 1) file:///Volumes/Data/Development/apple/webkit/OpenSource/LayoutTests/svg/wicd/resources/test-svg-child-object-rightsizing.svg
     133Document 0x1262e8400 5 reference stacks:
     134
     135}}}
     136
     137So there were no unmatched ref()/deref(). But what's this referencingNodeCount? That means that there are Nodes alive that belong to this document. To investigate that, in Node.h change the {{{#define DUMP_NODE_STATISTICS 0}}} to {{{#define DUMP_NODE_STATISTICS 1}}} and add a call to {{{Node::dumpStatistics();}}} in the dumping code in Page::platformInitialize(). Now you can do the MiniBrowser steps above, but do it in a WebKit1 window, and close the window when done, followed by the lowMemory notification, and the showAllDocuments notification. Dumped node statistics say:
     138
     139{{{
     140Number of Nodes: 16
     141
     142Number of Nodes with RareData: 0
     143
     144NodeType distribution:
     145  Number of Element nodes: 6
     146  Number of Attribute nodes: 0
     147  Number of Text nodes: 7
     148  Number of CDATASection nodes: 0
     149  Number of Comment nodes: 0
     150  Number of ProcessingInstruction nodes: 0
     151  Number of Document nodes: 2
     152  Number of DocumentType nodes: 1
     153  Number of DocumentFragment nodes: 0
     154  Number of ShadowRoot nodes: 0
     155Element tag name distibution:
     156  Number of <DIV> tags: 1
     157  Number of <BODY> tags: 1
     158  Number of <HTML> tags: 1
     159  Number of <HEAD> tags: 1
     160  Number of <font-face> tags: 1
     161  Number of <STYLE> tags: 1
     162Attributes:
     163  Number of Attributes (non-Node and Node): 6 [32]
     164  Number of Attributes with an Attr: 6
     165  Number of Elements with attribute storage: 1 [64]
     166  Number of Elements with RareData: 0
     167  Number of Elements with NamedNodeMap: 0 [16]
     168}}}
     169
     170Hmm, those <font-face> tags look suspicious. Breakpoints in Node::dumpStatistics() would let you confirm that they are still referencing the leaked document. So the bug fix would involve ensuring those font-face elements get released.