On Wed, Sep 23, 2009 at 2:21 AM, Jens Alfke <s...@google.com> wrote: > > On Sep 22, 2009, at 2:54 PM, Mikhail Naganov wrote: > >> I'm working on showing JS objects retainers. But this only works for >> objects that live inside V8's heap. > > That would still be useful — I'd love to be able to look at all the 'Window' > objects in the heap and what ref chain is keeping them alive. > > Please let me know if there's something experimental I can try out. Thanks!
If something in V8 is holding a DOMWindow then there must be something in C++ heap that in turn holds V8 objects. (Otherwise, V8 objects could be collected and wouldn't longer hold the DOMWindow; cycles that are strictly inside V8 heap are absolutely okay.) So usually such problems are caused by persistent handles to V8 objects. If a persistent handle is placed inside a ref-counted C++ object it's super easy to have a leak. In debug mode V8 bindings keep track of persistent handles by explicitly (un)registering them on creation/deletion. See WebCore/bindings/v8/V8GCController.cpp, functions (un)registerGlobalHandle and enumerateGlobalHandles. You can try to set a breakpoint there and find the handle that causes the trouble. In V8 heap profiles (for Chromium developers) it'd be extremely nice to see what persistent handles are holding V8 objects to find such leaks automatically. I'm currently working on fixing leaks that are caused by persistent handles inside V8EventListener objects (implementations of EventListener interface from WebKit on top of JS functions). Most DOM objects that have listeners can be leaked this way. See e.g. http://crbug.com/17400 and https://bugs.webkit.org/show_bug.cgi?id=29093. -- Vitaly --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
