New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 712830 link

Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Closed: Apr 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug-Regression



Sign in to add a comment

Expando properties are randomly deleted

Reported by teo8...@gmail.com, Apr 18 2017

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Steps to reproduce the problem:
I don't have a reproducible example that I can share; on a private website I am experiencing this all the time, starting from recently: expando properties (i.e. arbitrary properties added to DOM objects) randomly disappear.

I have observed this ONCE in the following minimal example; however I am unable to reproduce it again on the very same example (which I haven't modified). This is similar to the real-life test case: a string is assigned to an arbitrary  property of a DOM node object, and then read from an event handler. At random times, it happens that whenever the property is read from the event handler, it is undefined. 

1. load http://output.jsbin.com/cobedak
2. click on a checkbox

What is the expected behavior?
the alert should say "foo"

What went wrong?
the alert says "undefined".

NOTE AGAIN: I have observed this with this particular example only once (meaning: that one time it would happen systematically with every click on every checkbox, but then, I reloaded the page and I never observed it again)

I haven't been able to trigger the issue by calling the gc() (I googled and found some references to similar issues usually triggered by the garbage collector)

Did this work before? Yes a few days ago

Chrome version: 57.0.2987.133  Channel: stable
OS Version: 
Flash Version: Shockwave Flash 25.0 r0
 

Comment 1 by jazb...@gmail.com, Apr 18 2017

I am seeing the same behavior consistently in Windows too.

Chrome version: 57.0.2987.133  Channel: stable

Comment 2 by woxxom@gmail.com, Apr 19 2017

I've encountered this too a couple of times in 57.0.2987.133

Comment 3 by teo8...@gmail.com, Apr 19 2017

This is HUGE. This breaks virtually every website using javascript, and there's no possible workaround whatsoever.

Comment 4 by hdodda@chromium.org, Apr 19 2017

Cc: hdodda@chromium.org
Labels: Needs-Feedback
Tried to reproduce on ubuntu 14.04 using M57 #57.0.2987.133 with the url provided in  comment #0 and couldn't reproduce the issue.

Could you please provide us a sample test case , where issue is reproduced consistently.

Thanks!

Comment 5 by teo8...@gmail.com, Apr 19 2017

As I already said, I can't.

This happens randomly, there's no way I know of to trigger it consistently. The page where I observe it all the time where I'm able to reproduce it almost at will (with high probability, but never consistently) is a private one.
Project Member

Comment 6 by sheriffbot@chromium.org, Apr 19 2017

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "hdodda@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by jazb...@gmail.com, Apr 19 2017

@hdodda@chromium.org
We are able to reproduce this issue in a private app very easily. We are willing to do a screen-share with you to demo the problem.

Please email me if you would like to set something up.

Comment 8 by woxxom@gmail.com, Apr 19 2017

#7, the point of having a reproducible test is to find where the regression occurred which is otherwise pretty impossible. You can try bisecting yourself though: https://www.chromium.org/developers/bisect-builds-py

Comment 9 by teo8...@gmail.com, Apr 19 2017

*** FOR THOSE INTERESTED IN A WORKAROUND ***

this seems to work, at least in the most simple scenarios:

replace
  // set:
  somenode.foo='bar';
  // get:
  var foo=somenode.foo;

with
  // set:
  somenode.setAttribute('data-foo', 'var'); 
  // get:
  var foo=somenode.getAttribute('data-foo');


I have verified that even when the expando properties are cleared, custom attributes set this way are not.

Of course this is a shitty workaround that is impossible to apply to one's entire code base in most cases, but if you are lucky enough that uses of expando properties are limited and easy to spot in your code, this might be a way to prevent your business from burning down while you wait for Google to fix this.
I have been experiencing this issue as well on Windows, Chrome 57.0.2987.133. It appears randomly and it's almost as if the DOM is being reset after I've set my expando properties. I just updated to 58.0.3029.81 - I'll report back if I still have the problem.

Comment 11 by bokan@chromium.org, Apr 19 2017

Cc: bokan@chromium.org
Components: -Blink Blink>DOM
For folks that can repro this regularly, can you try this on Beta or Canary channels to see if it still reproduces there?
Cc: mmanchala@chromium.org
Labels: Needs-Feedback
Tested this issue on Ubuntu 14.04 using chrome reported version stable # 57.0.2987.133 & Chrome latest stable # 58.0.3029.81 and couldn't reproduce the issue. Followed the below steps:

1.Opened chrome and navigated to http://output.jsbin.com/cobedak
2.Clicked on checkbox and observed the alert "foo" 

teo8976@ Could you please try to upgrade to latest stable 58.0.3029.81 and update the thread if issue still exists.

Comment 13 by jazb...@gmail.com, Apr 20 2017

We are not able to reproduce the problem in our private app with the latest stable version 58.0.3029.81. 

Comment 14 by tkent@chromium.org, Apr 21 2017

Components: -Blink>DOM Blink>Bindings
teo8976@, can you test with the latest version?

Cc: mlippautz@chromium.org amineer@chromium.org
This is almost certainly Issue 701601,  Issue 702490 , etc.
The reason the workaround in Comment 9 works is because attributes are stored in a separate heap to JavaScript objects, so when the original JavaScript object is collected the expandos disappear but the attributes survive.

You might also be able to keep the JavaScript wrapper alive by storing a reference to it in a global array. This will cause you to leak memory, though, so it is not a great solution either.

This should be fixed in Chrome 58. If you see it reproduce there please let us know ASAP.
Cc: dominicc@chromium.org
Cc: -mlippautz@chromium.org
Components: Blink>JavaScript>GC
Owner: mlippautz@chromium.org
Status: Fixed (was: Unconfirmed)
This very much looks like the issues in #15. These are 'Fixed' and 'WontFix' at the same time, sorry.

The bugfix for this issue is long merged into the M57 branch, but M57 won't roll anymore as M58 is soon stable.

If you see this happen starting from M58, please reopen or open a new issue.
Labels: -Needs-Feedback
As issue is in fixed state , removing needs-feedback label for now. 

Thanks!

Sign in to add a comment