This seems to be a reference cycle between SVGAnimatedListPropertyTearOff and SVGListPropertyTearOff. In SVGAnimatedListPropertyTearOff::animVal(), m_animVal is assigned to a new Ref<SVGListPropertyTearOff> but this new Ref increments the refcount of this. This looks similar to https://bugs.webkit.org/show_bug.cgi?id=151810.
> On Jan 5, 2016, at 2:19 PM, Vienneau, Christopher <cvienn...@ea.com> wrote: > > Thanks for suggesting that Simon, I’ve now opened the bug: > https://bugs.webkit.org/show_bug.cgi?id=152759 > <https://bugs.webkit.org/show_bug.cgi?id=152759> > > Chris > > From: simon.fra...@apple.com [mailto:simon.fra...@apple.com] > Sent: Tuesday, January 05, 2016 12:09 PM > To: Vienneau, Christopher <cvienn...@ea.com> > Cc: WebKit Development <webkit-dev@lists.webkit.org> > Subject: Re: [webkit-dev] Memory leak tracking in WebKit > > This sounds like a bug that would affect all WebKit ports. Can you file a > bugs.webkit.org <http://bugs.webkit.org/> bug, and continue investigation > there? > > Simon > > On Jan 5, 2016, at 12:03 PM, Vienneau, Christopher <cvienn...@ea.com > <mailto:cvienn...@ea.com>> wrote: > > Hi, > > I’ve resumed the memory leak tracking I was doing last year, I have some more > details to share, hopefully you’ll be able to suggest how I might fix it. > The source of the leak appears to come from the below callstack. A cache of > animation points is being created in SVGAnimatedProperty(SVGElement* > contextElement, const QualifiedName& attributeName, AnimatedPropertyType > animatedPropertyType), however the destructor for SVGAnimatedProperty is > never called. The passed in contextElement gains a ref when the > SVGAnimatedProperty is created, however I’m not seeing a code path where the > animation points should be destroyed. This effects both svg polyline and > polygon, and results in leaking the whole page. > > Thanks for any help you can provide, > > Chris Vienneau > > > \WebCore\svg\properties\SVGAnimatedProperty.cpp > SVGAnimatedProperty::SVGAnimatedProperty(SVGElement* contextElement, const > QualifiedName& attributeName, AnimatedPropertyType animatedPropertyType) > : m_contextElement(contextElement) > , m_attributeName(attributeName) > , m_animatedPropertyType(animatedPropertyType) > , m_isAnimating(false) > , m_isReadOnly(false) > { > } > > > > > EAWebKitd.dll!WebCore::SVGAnimatedProperty::SVGAnimatedProperty(WebCore::SVGElement > > * contextElement, const WebCore::QualifiedName & attributeName, > > WebCore::AnimatedPropertyType animatedPropertyType) Line 29 > > C++ > > EAWebKitd.dll!WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>(WebCore::SVGElement > * contextElement, const WebCore::QualifiedName & attributeName, > WebCore::AnimatedPropertyType animatedPropertyType, WebCore::SVGPointList & > values) Line 166 C++ > > EAWebKitd.dll!WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>::create(WebCore::SVGElement > * contextElement, const WebCore::QualifiedName & attributeName, > WebCore::AnimatedPropertyType animatedPropertyType, WebCore::SVGPointList & > values) Line 159 C++ > > EAWebKitd.dll!WebCore::SVGAnimatedProperty::lookupOrCreateWrapper<WebCore::SVGPolyElement,WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>,WebCore::SVGPointList>(WebCore::SVGPolyElement > * element, const WebCore::SVGPropertyInfo * info, WebCore::SVGPointList & > property) Line 57 C++ > > EAWebKitd.dll!WebCore::SVGPolyElement::lookupOrCreatePointsWrapper(WebCore::SVGElement > * contextElement) Line 117 C++ > EAWebKitd.dll!WebCore::SVGPolyElement::animatedPoints() Line > 130 C++ > > EAWebKitd.dll!WebCore::updatePathFromPolylineElement(WebCore::SVGElement * > element, WebCore::Path & path) Line 106 C++ > > EAWebKitd.dll!WebCore::updatePathFromGraphicsElement(WebCore::SVGElement * > element, WebCore::Path & path) Line 172 C++ > > EAWebKitd.dll!WebCore::RenderSVGShape::updateShapeFromElement() Line 84 > C++ > EAWebKitd.dll!WebCore::RenderSVGPath::updateShapeFromElement() > Line 48 C++ > EAWebKitd.dll!WebCore::RenderSVGShape::layout() Line 164 C++ > > EAWebKitd.dll!WebCore::SVGRenderSupport::layoutChildren(WebCore::RenderElement > & start, bool selfNeedsLayout) Line 281 C++ > EAWebKitd.dll!WebCore::RenderSVGRoot::layout() Line 181 > C++ > EAWebKitd.dll!WebCore::RenderElement::layoutIfNeeded() Line > 135 C++ > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutLineBoxes(bool > relayoutChildren, WebCore::LayoutUnit & repaintLogicalTop, > WebCore::LayoutUnit & repaintLogicalBottom) Line 1621 C++ > > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutInlineChildren(bool > relayoutChildren, WebCore::LayoutUnit & repaintLogicalTop, > WebCore::LayoutUnit & repaintLogicalBottom) Line 652 C++ > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool > relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 484 C++ > EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930 > C++ > > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & > child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit > & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) > Line 712 C++ > > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool > relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 633 > C++ > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool > relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 488 C++ > EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930 > C++ > > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & > child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit > & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) > Line 712 C++ > > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool > relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 633 > C++ > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool > relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 488 C++ > EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930 > C++ > > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & > child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit > & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) > Line 712 C++ > > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool > relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 633 > C++ > EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool > relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 488 C++ > EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930 > C++ > EAWebKitd.dll!WebCore::RenderView::layoutContent(const > WebCore::LayoutState & state) Line 256 C++ > EAWebKitd.dll!WebCore::RenderView::layout() Line 382 > C++ > EAWebKitd.dll!WebCore::FrameView::layout(bool allowSubtree) > Line 1426 C++ > > EAWebKitd.dll!WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() > Line 4153 C++ > EAWebKitd.dll!EA::WebKit::View::Paint() Line 278 C++ > EAWebKitDemoUTFWin.exe!EA::Browser::BrowserWinView::OnTick() > Line 1039 C++ > > EAWebKitDemoUTFWin.exe!EA::UTFWin::CustomWindow::DoMessage(const > EA::UTFWin::Message & msg) Line 46 C++ > > EAWebKitDemoUTFWin.exe!EA::Browser::BrowserWinView::DoMessage(const > EA::UTFWin::Message & msg) Line 649 C++ > > EAWebKitDemoUTFWin.exe!EA::UTFWin::WindowMgr::DispatchMsgToWindow(EA::UTFWin::Window > * target, const EA::UTFWin::Message & msg, bool outbound) Line 2120 C++ > > EAWebKitDemoUTFWin.exe!EA::UTFWin::WindowMgr::SendMsg(EA::UTFWin::IWindow * > src, EA::UTFWin::IWindow * dst0, const EA::UTFWin::Message & msg, bool > inheritable, bool reversePriority) Line 249 C++ > > EAWebKitDemoUTFWin.exe!EA::UTFWin::WindowMgr::ProcessMessages() Line 451 > C++ > > EAWebKitDemoUTFWin.exe!EA::Browser::BrowserApp::TickEAWebKitThread() Line 781 > C++ > > EAWebKitDemoUTFWin.exe!EA::Browser::BrowserApp::RunEAWebKit(void * instance) > Line 838 C++ > > EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandler::ExecuteUserFunction(EA::Debug::ExceptionHandler::UserFunctionUnion > userFunctionUnion, EA::Debug::ExceptionHandler::UserFunctionType > userFunctionType, void * pContext) Line 900 C++ > > EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandlerWin32::RunTrapped(EA::Debug::ExceptionHandler::UserFunctionUnion > userFunctionUnion, EA::Debug::ExceptionHandler::UserFunctionType > userFunctionType, void * pContext, bool & exceptionCaught) Line 529 > C++ > > EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandler::RunTrappedInternal(EA::Debug::ExceptionHandler::UserFunctionUnion > userFunctionUnion, EA::Debug::ExceptionHandler::UserFunctionType > userFunctionType, void * pContext, bool & exceptionCaught) Line 881 > C++ > > EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandler::RunTrapped(void (void *) > * userFunction, void * pContext) Line 925 C++ > EAWebKitDemoUTFWin.exe!EA::Browser::BrowserApp::Run(void * > __formal) Line 855 C++ > EAWebKitDemoUTFWin.exe!RunnableObjectInternal(void * pContext) > Line 608 C++ > EAWebKitDemoUTFWin.exe!invoke_thread_procedure(unsigned int > (void *) * const procedure, void * const context) Line 92 C++ > EAWebKitDemoUTFWin.exe!thread_start<unsigned int > (__cdecl*)(void * __ptr64)>(void * const parameter) Line 115 C++ > [External Code] > _______________________________________________ > webkit-dev mailing list > webkit-dev@lists.webkit.org <mailto:webkit-dev@lists.webkit.org> > https://lists.webkit.org/mailman/listinfo/webkit-dev > <https://lists.webkit.org/mailman/listinfo/webkit-dev> > > _______________________________________________ > webkit-dev mailing list > webkit-dev@lists.webkit.org > https://lists.webkit.org/mailman/listinfo/webkit-dev
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
