If you ever instantive Vector<foo>, you'll be unable to unload the SWF containing foo, even if no instance remain, as there's a hard reference to foo via this table, which keeps all of the SWF in memory. We should use WeakKeyHashtable here instead. Also, arguably, this table should live in DomainEnv rather than Domain in the first place, since it's storing ClassClosures.

Storing in DomainEnv is a tricky problem, as we don't clearly have the correct one readily available at the point of creation; however, the essential part (a weak table) is simple (and an urgent fix for Spicy).

What stops a ClassClosure from Toplevel 1 leaking over to Toplevel2? seems like a big containment breach? The change is obviously pretty mechanical though, nothing obviously wrong.

(In reply to comment #3) > What stops a ClassClosure from Toplevel 1 leaking over to Toplevel2? seems > like a big containment breach? Yep, possibly is, I'm still pondering a followup fix for that issue. But the leak is priority #1.

Actually, this is fascinating, and a little surprising: given a ClassClosure, there doesn't seem to be an obvious way to find the AbcEnv (and thus DomainEnv) that defined it.

The current design was put in place in https://bugzilla.mozilla.org/show_bug.cgi?id=545973 -- we previously stashed thins in VectorClass, which was even leakier, apparently. I wonder if an (even) better approach would be to move the lookup table into Toplevel, using Weak keys *and* weak values?

There may be more than meets the eye here, too: looking at the testcase that's producing the leak, it would appear that the fact that this patch "fixes" the issue means that the Domain itself is somehow leaking. Investigating...

Upon further investigation, this is almost certainly a bug in Flash's glue code, not this. Withdrawing.

Reopening: although there is definitely a bug here on Flash's part, this fix appears to be part of the necessary solution. (ie, fixing the Flash internals solves some but not all of the leak.)

(In reply to comment #5) > Actually, this is fascinating, and a little surprising: given a ClassClosure, > there doesn't seem to be an obvious way to find the AbcEnv (and thus DomainEnv) > that defined it. not pretty, but possible: ClassClosure->vtable->init->abcEnv() If needed we could add abcEnv to VTable.

pushed initial fix to TR 5796:25f4b2b17eca leaving open for now to ponder if we should/can also move this table to DomainEnv.

Tamarin is a dead project now. Mass WONTFIX.

Tamarin isn't maintained anymore. WONTFIX remaining bugs.