Hi guys,

I'm currently investigating a memory leak inside our application (running Wicket 8.14.0). Sorry for the large amount of images in this (HTML) mail but the issue is rather complicated and as the saying goes, "A picture is worth a thousand words".

Inspecting the CachingResourceStreamLocator's internal ConcurrentHashMap reveals that around 500.000 of the cache entries are all related to a set of only 5 *static* resources:

Further digging into the cache map's content reveals that the reason for this duplication is that the org.apache.wicket.core.util.resource.locator.caching.CachingResourceStreamLocator$CacheKey instances used as keys in the map for these 5 static resources only deviate by their "style" attribute:

Note that this output was generated by parsing the heap dump using some custom tooling I wrote (as Eclipse MAT is not powerful enough to do this via OQL/Calcite) where I parsed all the CacheKey field values and then concatenated them as a string like so:

to generate CSV output in "map key;map value" format. Also note the somewhat mangled looking style values with the trailing '.' (I double-checked my program output against Eclipse MAT and both agree that the strings are indeed ending with a trailing dot).

Since we're never calling WebSession#setStyle(), this looks weird to me. One of the URLs being parsed is an AJAX callback URL generated by an onclick AjaxEventBehaviour attached to a button:

I stepped through the Wicket code and this URL gets parsed by org.apache.wicket.resource.ResourceUtil

I checked how the AJAX callback URL is generated and noticed that what is mistaken as "style" by ResourceUtil is "<render count>.<behaviour id>":


The weird thing about all of this is that the issue seems to only affect 5 static application-level resources (though we obviously use a lot more static application-level resources everywhere) and 4 out of those 5 resources are used by a single WebPage of our application only (the login page).

Since our application is rather old (>10 years) and - for various reasons - quite deeply integrated with Wicket internals, I wouldn't rule out that we're doing something wrong (I checked our custom CSRFMapper since it shows up in the stack trace but couldn't see any obvious relationship to the observed behaviour).

Any ideas ?

Cheers,
Tobias

Reply via email to