New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 810194 link

Starred by 1 user
Status: WontFix
Owner:
u...@chromium.org
Closed: Feb 2018
Cc:
mlippautz@chromium.org
hpayer@chromium.org
nattestad@chromium.org
hablich@chromium.org
haraken@chromium.org
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Huge strings leaking after JSON parse

Project Member Reported by u...@chromium.org, Feb 7 2018 
Heap snapshot of large spreadsheet in Google Sheets shows 110MB JSON strings retained by global handles.

These string should have been garbage collected after JSON.parse. 

Looks like the string are retained by the StringCache:
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/platform/bindings/V8ValueCache.h?rcl=2f97ce593ed53edd553ba6f438896d1e3b218688&l=82

Comment 1 by u...@chromium.org, Feb 8 2018

Status: WontFix (was: Assigned)
This is working as intended. The strings are retained by XMLHttpRequest while loading is in progress.

The strings are garbage collected when XMLHttpRequest is freed.

0   Chromium Framework                  0x000000011322b17c base::debug::StackTrace::StackTrace(unsigned long) + 28
1   Chromium Framework                  0x00000001128016bb v8::internal::GlobalHandles::Create(v8::internal::Object*) + 699
2   Chromium Framework                  0x00000001124a6da8 v8::V8::GlobalizeReference(v8::internal::Isolate*, v8::internal::Object**) + 88
3   Chromium Framework                  0x0000000115c9d18f blink::SharedPersistent<v8::String>::Create(v8::Local<v8::String>, v8::Isolate*) + 159
4   Chromium Framework                  0x0000000115c9d3a2 blink::ScriptString::ConcatenateWith(WTF::String const&) + 226
5   Chromium Framework                  0x0000000116b9f393 blink::XMLHttpRequest::DidReceiveData(char const*, unsigned int) + 643
6   Chromium Framework                  0x0000000112cdc7a3 blink::Resource::AppendData(char const*, unsigned long) + 323
7   Chromium Framework                  0x0000000112cf8898 blink::ResourceLoader::DidReceiveData(char const*, int) + 168
8   Chromium Framework                  0x00000001172703d8 content::WebURLLoaderImpl::Context::OnReceivedData(std::__1::unique_ptr<content::RequestPeer::ReceivedData, std::__1::default_delete<content::RequestPeer::ReceivedData> >) + 184
9   Chromium Framework                  0x0000000117270a43 content::WebURLLoaderImpl::RequestPeerImpl::OnReceivedData(std::__1::unique_ptr<content::RequestPeer::ReceivedData, std::__1::default_delete<content::RequestPeer::ReceivedData> >) + 35
10  Chromium Framework                  0x000000011726ad3c content::URLResponseBodyConsumer::OnReadable(unsigned int) + 348
11  Chromium Framework                  0x000000011399b058 mojo::SimpleWatcher::OnHandleReady(int, unsigned int, mojo::HandleSignalsState const&) + 248
12  Chromium Framework                  0x000000011322b96c base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 188
13  Chromium Framework                  0x0000000112d18e8e blink::scheduler::TaskQueueManager::ProcessTaskFromWorkQueue(blink::scheduler::internal::WorkQueue*, blink::scheduler::LazyNow, base::TimeTicks*) + 1022
14  Chromium Framework                  0x0000000112d1866f blink::scheduler::TaskQueueManager::DoWork(blink::scheduler::internal::Sequence::WorkType) + 463
15  Chromium Framework                  0x000000011322b96c base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 188
16  Chromium Framework                  0x0000000112d1d425 blink::scheduler::internal::ThreadControllerImpl::DoWork(blink::scheduler::internal::Sequence::WorkType) + 117
17  Chromium Framework                  0x000000011322b96c base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask*) + 188
18  Chromium Framework                  0x0000000113251954 base::MessageLoop::RunTask(base::PendingTask*) + 484
19  Chromium Framework                  0x0000000113251e59 base::MessageLoop::DoWork() + 441
20  Chromium Framework                  0x0000000113253cba base::MessagePumpCFRunLoopBase::RunWork() + 42
21  Chromium Framework                  0x000000011324561a base::mac::CallWithEHFrame(void () block_pointer) + 10
22  Chromium Framework                  0x00000001132535df base::MessagePumpCFRunLoopBase::RunWorkSource(void*) + 63

Comment 2 by mlippautz@chromium.org, Feb 8 2018

Cc: haraken@chromium.org
Kentaro: The string is retained by a ScriptString (-> SharedPersistent). Afaik, we could migrate this to a wrapper traced string without too much troubles, right? (There are already a few traced members there.)

Lifetime wise that should be close to what we already have. The main improvement would be that it would not show up as strong root when looking at snapshots.

Comment 3 by haraken@chromium.org, Feb 9 2018 

Using wrapper-tracing is nice in general (although it won't help shorten the lifetime of ScriptString) :)
Project Member

Comment 4 by bugdroid1@chromium.org, Feb 15 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/deb63686cb8fa9f7b50ecb53eac74e2a0077d831

commit deb63686cb8fa9f7b50ecb53eac74e2a0077d831
Author: Michael Lippautz <mlippautz@chromium.org>
Date: Thu Feb 15 11:47:39 2018

XMLHttpRequest: Retain response text using wrapper tracing

Remove ScriptString which is a scoped object keeping a strong handle.
Using wrapper tracing implies that the retaining path for DevTools
shows up properly.

Bug:  chromium:810194 
Change-Id: Ia5126fdca8d270a9f5700af335735210e4062d61
Reviewed-on: https://chromium-review.googlesource.com/911969
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#536993}
[modify] https://crrev.com/deb63686cb8fa9f7b50ecb53eac74e2a0077d831/third_party/WebKit/Source/bindings/bindings.gni
[delete] https://crrev.com/5797c991e872591f4c99cc86f32fc2ad0e01481a/third_party/WebKit/Source/bindings/core/v8/ScriptString.cpp
[delete] https://crrev.com/5797c991e872591f4c99cc86f32fc2ad0e01481a/third_party/WebKit/Source/bindings/core/v8/ScriptString.h
[modify] https://crrev.com/deb63686cb8fa9f7b50ecb53eac74e2a0077d831/third_party/WebKit/Source/bindings/core/v8/custom/V8XMLHttpRequestCustom.cpp
[modify] https://crrev.com/deb63686cb8fa9f7b50ecb53eac74e2a0077d831/third_party/WebKit/Source/core/inspector/InspectorNetworkAgent.h
[modify] https://crrev.com/deb63686cb8fa9f7b50ecb53eac74e2a0077d831/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.cpp
[modify] https://crrev.com/deb63686cb8fa9f7b50ecb53eac74e2a0077d831/third_party/WebKit/Source/core/xmlhttprequest/XMLHttpRequest.h
[modify] https://crrev.com/deb63686cb8fa9f7b50ecb53eac74e2a0077d831/third_party/WebKit/Source/platform/BUILD.gn
[modify] https://crrev.com/deb63686cb8fa9f7b50ecb53eac74e2a0077d831/third_party/WebKit/Source/platform/bindings/TraceWrapperBase.h
[add] https://crrev.com/deb63686cb8fa9f7b50ecb53eac74e2a0077d831/third_party/WebKit/Source/platform/bindings/TraceWrapperV8String.cpp
[add] https://crrev.com/deb63686cb8fa9f7b50ecb53eac74e2a0077d831/third_party/WebKit/Source/platform/bindings/TraceWrapperV8String.h

Comment 5 by mlippautz@chromium.org, Feb 19 2018 

fyi: this is how it looks like (dedupe still missing) after the patch.
Screen Shot 2018-02-19 at 4.31.03 PM.png
622 KB View Download

Sign in to add a comment