Re: [webkit-dev] Stability problems involving Javascript GC

Mon, 06 Dec 2010 11:26:15 -0800 

Hi Chris.

> (function () { 
>               var app = document.getElementById(\"RemoteApplication\");
>               var ReturnMe = Number(app.getListenPort());
>               app = null;
>               return ReturnMe;
>               })()

FYI, from a GC perspective, there's no need to set "app" to null in the snippet 
above.

> And here is a common sort of stack trace I'm getting (this one from 10.6)
> Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
> 0   com.apple.JavaScriptCore          0x9489f766 WTF::fastFree(void*) + 134
> 1   com.apple.WebCore                 0x929be825 
> WebCore::CSSSelectorList::deleteSelectors() + 389
> 2   com.apple.WebCore                 0x92a38269 
> WebCore::CSSStyleRule::~CSSStyleRule() + 57
> 3   com.apple.WebCore                 0x929c3a04 
> WTF::Vector<WTF::RefPtr<WebCore::StyleBase>, 0ul>::shrink(unsigned long) + 84
> 4   com.apple.WebCore                 0x92a38193 
> WebCore::StyleSheet::~StyleSheet() + 179
> 5   com.apple.WebCore                 0x92a38066 
> WebCore::CSSStyleSheet::~CSSStyleSheet() + 102
> 6   com.apple.WebCore                 0x92a91074 
> WTF::Vector<WTF::RefPtr<WebCore::StyleSheet>, 0ul>::shrink(unsigned long) + 84
> 7   com.apple.WebCore                 0x92a29243 
> WebCore::StyleSheetList::~StyleSheetList() + 67
> 8   com.apple.WebCore                 0x92a28cd9 
> WebCore::Document::~Document() + 3529
> 9   com.apple.WebCore                 0x92a27f01 
> WebCore::HTMLDocument::~HTMLDocument() + 129
> 10  com.apple.WebCore                 0x92a27def WebCore::Node::~Node() + 431
> 11  com.apple.WebCore                 0x92c05a21 
> WebCore::HTMLIFrameElement::~HTMLIFrameElement() + 129
> 12  com.apple.WebCore                 0x92b356fe WebCore::JSNode::~JSNode() + 
> 382
> 13  com.apple.JavaScriptCore          0x9495a0d2 JSC::Heap::sweep() + 274
> 
> I find it odd that main isn't seen in the stack, but it never is.

> The crash nearly ALWAYS occurs in WTF::fastFree(), very occasionally 
> occurring instead in some other memory management function.

In the backtrace you've pasted, there's no direct link to JavaScript GC. GC 
only appears in the backtrace because a JavaScript object held the last 
reference to the DOM document object. 

There's a small chance that you've run into this bug, or one of its relations: 
https://bugs.webkit.org/show_bug.cgi?id=50165.

The best way to diagnose this is to provide a sample application that 
demonstrates the crash in Bugzilla.

Thanks,
Geoff
_______________________________________________
webkit-dev mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev

Reply via email to