Issue metadata
Sign in to add a comment
|
Memory leak with accessibility [AX] |
||||||||||||||||||||||||
Issue description
I ran a long-running test that was navigating to a restricted set of web pages for a whole day. The browser process was kept alive the whole time. Memory dumps using memory-infra are taken at the beginning and at the end of the experiment.
The following stackframe are remaining objects allocated between start/end.
They are potential leak or cache or data-structure growing.
6622 objects
"malloc",
"operator new",
"std::_Allocate",
"std::_Tree_comp_alloc<std::_Tmap_traits<int,std::pair<int,int>,std::less<int>,std::allocator<std::pair<int const ,std::pair<int,int> > >,0> >::_Buynode<std::piecewise_construct_t const & __ptr64,std::tuple<int const & __ptr64>,std::tuple<> >",
"std::map<int,std::pair<int,int>,std::less<int>,std::allocator<std::pair<int const ,std::pair<int,int> > > >::_Try_emplace<int const & __ptr64>",
"ui::AXTreeIDRegistry::GetOrCreateAXTreeID",
"content::WebContentsImpl::RenderViewReady",
"base::internal::Invoker<base::internal::BindState<void (__cdecl media::MojoAudioOutputStream::*)(void) __ptr64,base::WeakPtr<media::MojoAudioOutputStream> >,void __cdecl(void)>::Run",
"content::`anonymous namespace'::RenderProcessHostIsReadyObserver::CallTask",
"base::internal::Invoker<base::internal::BindState<void (__cdecl ProfileDestroyer::*)(void) __ptr64,base::WeakPtr<ProfileDestroyer> >,void __cdecl(void)>::RunOnce",
"base::debug::TaskAnnotator::RunTask",
"base::MessageLoop::RunTask",
"base::MessageLoop::DoWork",
"base::MessagePumpForUI::DoRunLoop",
"base::MessagePumpWin::Run",
"base::RunLoop::Run",
"ChromeBrowserMainParts::MainMessageLoopRun",
"content::BrowserMainLoop::RunMainMessageLoopParts",
"content::BrowserMainRunnerImpl::Run",
"content::BrowserMain",
"content::RunNamedProcessTypeMain",
"content::ContentMainRunnerImpl::Run",
"service_manager::Main",
"content::ContentMain",
"ChromeMain",
"MainDllLoader::Launch",
"wWinMain",
"__scrt_common_main_seh",
"BaseThreadInitThunk",
"RtlUserThreadStart",
"[Thread: CrBrowserMain]"
"operator new",
"std::_Allocate",
"std::_Tree_comp_alloc<std::_Tmap_traits<guest_view::GuestViewManager::ElementInstanceKey,int,std::less<guest_view::GuestViewManager::ElementInstanceKey>,std::allocator<std::pair<guest_view::GuestViewManager::ElementInstanceKey const ,int> >,0> >::_Buynode<std::piecewise_construct_t const & __ptr64,std::tuple<guest_view::GuestViewManager::ElementInstanceKey const & __ptr64>,std::tuple<> >",
"std::map<std::pair<int,int>,int,std::less<std::pair<int,int> >,std::allocator<std::pair<std::pair<int,int> const ,int> > >::_Try_emplace<std::pair<int,int> const & __ptr64>",
"ui::AXTreeIDRegistry::GetOrCreateAXTreeID",
"content::WebContentsImpl::RenderViewReady",
"base::internal::Invoker<base::internal::BindState<void (__cdecl media::MojoAudioOutputStream::*)(void) __ptr64,base::WeakPtr<media::MojoAudioOutputStream> >,void __cdecl(void)>::Run",
"content::`anonymous namespace'::RenderProcessHostIsReadyObserver::CallTask",
"base::internal::Invoker<base::internal::BindState<void (__cdecl ProfileDestroyer::*)(void) __ptr64,base::WeakPtr<ProfileDestroyer> >,void __cdecl(void)>::RunOnce",
"base::debug::TaskAnnotator::RunTask",
"base::MessageLoop::RunTask",
"base::MessageLoop::DoWork",
"base::MessagePumpForUI::DoRunLoop",
"base::MessagePumpWin::Run",
"base::RunLoop::Run",
"ChromeBrowserMainParts::MainMessageLoopRun",
"content::BrowserMainLoop::RunMainMessageLoopParts",
"content::BrowserMainRunnerImpl::Run",
"content::BrowserMain",
"content::RunNamedProcessTypeMain",
"content::ContentMainRunnerImpl::Run",
"service_manager::Main",
"content::ContentMain",
"ChromeMain",
"MainDllLoader::Launch",
"wWinMain",
"__scrt_common_main_seh",
"BaseThreadInitThunk",
"RtlUserThreadStart",
"[Thread: CrBrowserMain]"
,
Aug 8 2017
The code for the AX-Tree registry is keeping track of two maps for ids conversion: AXTreeID new_id = ++ax_tree_id_counter_; frame_to_ax_tree_id_map_[frame_id] = new_id; ax_tree_to_frame_id_map_[new_id] = frame_id; see: https://cs.chromium.org/chromium/src/ui/accessibility/ax_tree_id_registry.cc?l=17 A call to unregister is needed to remove the ids from these indexes. see: https://cs.chromium.org/chromium/src/ui/accessibility/ax_tree_id_registry.h?l=49 Web content is creating an identifier here: https://cs.chromium.org/chromium/src/content/browser/web_contents/web_contents_impl.cc?l=4810 The aura implementation is keeping track of the identifier: https://cs.chromium.org/chromium/src/content/browser/renderer_host/render_widget_host_view_aura.cc?l=1173 But, there is no call to unregister. Which bring to a memory leak.
,
Aug 8 2017
Dominic, can you check/fix or re-assign this bug.
,
Aug 8 2017
Yes, I can do this, thanks.
,
Aug 24 2017
Any progress on this bug?
,
Sep 28 2017
Ping. Given that the source of the leak has been identified, I'm going to up the priority.
,
Oct 6 2017
,
Oct 24 2017
Is that bug fixed with the previous CL landed?
,
Oct 30 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by etienneb@chromium.org
, Aug 2 2017