Closed
Bug 371374
Opened 18 years ago
Closed 18 years ago
Memory leaks (potentially severe) when Event Queues are pushed and popped
Categories
(Core :: XPCOM, defect)
Core
XPCOM
Tracking
()
RESOLVED
FIXED
People
(Reporter: bas.schouten, Assigned: bas.schouten)
References
Details
(Keywords: memory-leak)
Attachments
(2 files)
(deleted),
patch
|
benjamin
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
darin.moz
:
review+
darin.moz
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 Build Identifier: When two threads communicate through an asynchronous proxy call they push additional event queues on the thread, and use those. Once they are done with these they are popped but the actual nsEventQueue object is not deleted, the lock and pages belonging to the event therefore linger in memory. Furthermore event pages are not properly freed. In my case I'm seeing this leak cause memory usage increase by 5 MB/s, going up until the program crashes. Reproducible: Always
Assignee | ||
Updated•18 years ago
|
Blocks: nsIThreadManager
Assignee | ||
Comment 1•18 years ago
|
||
Updated•18 years ago
|
Assignee: nobody → bas.schouten
![]() |
||
Comment 2•18 years ago
|
||
Oh, good catch! Deleting the page shouldn't really be needed because the caller should have gotten all the events from the queue first, which would delete the page, no?. But it seems like the safe thing to do. We should also perhaps consider releasing whatever events are left in the queue, if any.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.9?
Assignee | ||
Comment 3•18 years ago
|
||
if (mOffsetHead == EVENTS_PER_PAGE) { Page *dead = mHead; mHead = mHead->mNext; FreePage(dead); mOffsetHead = 0; } Take a note of this particular part of code, see how the logic is flawed? The page only gets deleted if the pointer reaches the end of it... you could alter this by adding logic here like: if (mOffsetHead == EVENTS_PER_PAGE || (mHead == mTail && mOffsetHead = mOffsetTail)) But this would mean you're deallocating every time the queue is processed and re-allocating every time it gets an event, it's far more efficient to delete the page upon destruction.. as far as I can see that is :)
![]() |
||
Comment 4•18 years ago
|
||
Comment on attachment 256164 [details] [diff] [review] Patch Bas, you want to request module owner review on patches. ;) And good point on the page thing!
Attachment #256164 -
Flags: review?(darin.moz)
Updated•18 years ago
|
Attachment #256164 -
Flags: review?(darin.moz) → review+
![]() |
||
Comment 5•18 years ago
|
||
Comment on attachment 256164 [details] [diff] [review] Patch sr=bzbarsky
Attachment #256164 -
Flags: superreview+
![]() |
||
Comment 6•18 years ago
|
||
Checked in. Bas, thank you very much for the patch!
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 7•18 years ago
|
||
My pleasure, thanks for the quick reviews.
Comment 8•18 years ago
|
||
Is it really necessary to enter the monitor in the nsEventQueue's destructor? That implies that more than one consumer might have a reference to the nsEventQueue while the nsEventQueue is being destroyed. How can that be? If that is possible, then it surely indicates a problem, no?
Assignee | ||
Comment 9•18 years ago
|
||
I don't think it is necessary, no. But it seemed like the safest choice when I contributed the patch, considering the monitor is entered on PutEvent and GetEvent as well. I thought someone who knew the code better might be more able to make the 'right' decision on the usage of the monitor.
![]() |
||
Comment 10•18 years ago
|
||
Attachment #256503 -
Flags: superreview?
Attachment #256503 -
Flags: review?
![]() |
||
Updated•18 years ago
|
Attachment #256503 -
Flags: superreview?(darin.moz)
Attachment #256503 -
Flags: superreview?
Attachment #256503 -
Flags: review?(darin.moz)
Attachment #256503 -
Flags: review?
Updated•18 years ago
|
Attachment #256503 -
Flags: superreview?(darin.moz)
Attachment #256503 -
Flags: superreview+
Attachment #256503 -
Flags: review?(darin.moz)
Attachment #256503 -
Flags: review+
![]() |
||
Comment 11•18 years ago
|
||
Checked in that followup patch.
![]() |
||
Updated•17 years ago
|
Flags: blocking1.9? → in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•