Summary: | google maps' "edit tool" makes konqueror eat 100MB RAM per second | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | S. Burmeister <sven.burmeister> |
Component: | general | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | arno, jens |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Compiled Sources | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: |
Valgrind memcheck log
Patch |
Description
S. Burmeister
2008-12-02 18:35:30 UTC
I can reproduce this by just visiting the Google Maps main page. Konqueror starts to gobble up RAM and doesn't react to any input anymore. Using v4.1.3 on Kubuntu 8.10. I can confirm this. For me it even happens when I just click one of the results, then in the bubble on the right on "Route berechnen" ("calculate route" in English). CPU usage will go up to around 96%, memory usage increases constantly (both according to 'top'). I can't click anything in konqui and if I don't kill it after some 30 seconds my system becomes sluggish, the cursor begins to jump when I move the mouse.. forgot to mention: using svn rev 901462 on gentoo. OK, can reproduce on this try. Wrt to this, though: "If I run konqueror from gdb and abort, if it starts to consume the RAM, the backtrace is huge, so I'm not sure how to put it into a file, if that makes sense at all." Please just paste the first 100 frames or so here. X86_64 host: konqueror(15898)/khtml (jscript) KJS::HTMLElement::getValueProperty: anchor::hostname uses: "http://maps.google.de/maps?f=q&hl=de&geocode=&q=ferienhaus+carolinensiel&sll=53.636627,7.757622&sspn=0.299638,0.617981&ie=UTF8&z=12&output=html" ^C Program received signal SIGINT, Interrupt. [Switching to Thread 0x7fa779a036f0 (LWP 15898)] 0x00007fa76b125147 in KJS::Collector::markStackObjectsConservatively ( start=0x7fff819c5858, end=0x7fff81a3d000) at /home/tomtervo/src/kdelibs/kjs/collector.cpp:465 465 if ((blocks[block] == blockAddr) & (offset <= lastCellOffset)) { (gdb) bt #0 0x00007fa76b125147 in KJS::Collector::markStackObjectsConservatively ( start=0x7fff819c5858, end=0x7fff81a3d000) at /home/tomtervo/src/kdelibs/kjs/collector.cpp:465 #1 0x00007fa76b125573 in KJS::Collector::markCurrentThreadConservatively () at /home/tomtervo/src/kdelibs/kjs/collector.cpp:549 #2 0x00007fa76b12557f in KJS::Collector::markStackObjectsConservatively () at /home/tomtervo/src/kdelibs/kjs/collector.cpp:609 #3 0x00007fa76b12563f in KJS::Collector::collect () at /home/tomtervo/src/kdelibs/kjs/collector.cpp:681 #4 0x00007fa76b126191 in KJS::Collector::allocate (s=16) at /home/tomtervo/src/kdelibs/kjs/collector.cpp:326 #5 0x00007fa76b163893 in KJS::JSCell::operator new (size=16) at /home/tomtervo/src/kdelibs/kjs/value.cpp:41 #6 0x00007fa76b163b5e in KJS::jsString (s=0x7fa76baf84e0 "[object Window]") at /home/tomtervo/src/kdelibs/kjs/value.cpp:187 #7 0x00007fa76b914a16 in KJS::WindowFunc::callAsFunction ( this=0x7fa763b24bc0, exec=0x7fff819c84e0, thisObj=0x7fa779870000, args=@0x7fa76b3fc048) at /home/tomtervo/src/kdelibs/khtml/ecma/kjs_window.cpp:1792 #8 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763b24bc0, exec=0x7fff819c84e0, thisObj=0x7fa779870000, args=@0x7fa76b3fc048) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #9 0x00007fa76b165908 in tryGetAndCallProperty (exec=0x7fff819c84e0, object=0x7fa779870000, propertyName=@0x2349728) at /home/tomtervo/src/kdelibs/kjs/object.cpp:383 #10 0x00007fa76b165a0b in KJS::JSObject::defaultValue (this=0x7fa779870000, exec=0x7fff819c84e0, hint=KJS::UnspecifiedType) ---Type <return> to continue, or q <return> to quit--- at /home/tomtervo/src/kdelibs/kjs/object.cpp:415 #11 0x00007fa76b8c7c1c in KJS::JSObject::toPrimitive (this=0x7fa779870000, exec=0x7fff819c84e0, preferredType=KJS::UnspecifiedType) at /home/tomtervo/src/kdelibs/kjs/object.h:611 #12 0x00007fa76b124549 in KJS::JSValue::toPrimitive (this=0x7fa779870000, exec=0x7fff819c84e0, preferredType=KJS::UnspecifiedType) at /home/tomtervo/src/kdelibs/kjs/value.h:460 #13 0x00007fa76b1410f9 in KJS::equal (exec=0x7fff819c84e0, v1=0x7fa763a0d780, v2=0x7fa779870000) at /home/tomtervo/src/kdelibs/kjs/operations.cpp:137 #14 0x00007fa76b187bec in KJS::Machine::runBlock (exec=0x7fff819c84e0, codeBlock=@0x385e7b0, parentExec=0x7fff819ca850) at codes.def:1025 #15 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb5c00, exec=0x7fff819ca850, thisObj=0x7fa763fb5580, args=@0x7fff819ca220) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #16 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb5c00, exec=0x7fff819ca850, thisObj=0x7fa763fb5580, args=@0x7fff819ca220) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #17 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819ca850, codeBlock=@0x380b5c0, parentExec=0x7fff819ccbc0) at codes.def:1192 #18 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb55c0, exec=0x7fff819ccbc0, thisObj=0x7fa763fb5580, args=@0x7fff819cc590) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #19 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb55c0, exec=0x7fff819ccbc0, thisObj=0x7fa763fb5580, args=@0x7fff819cc590) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #20 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819ccbc0, codeBlock=@0x380bb80, parentExec=0x7fff819cef30) at codes.def:1192 ---Type <return> to continue, or q <return> to quit--- #21 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb5640, exec=0x7fff819cef30, thisObj=0x7fa763fb5580, args=@0x7fff819ce900) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #22 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb5640, exec=0x7fff819cef30, thisObj=0x7fa763fb5580, args=@0x7fff819ce900) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #23 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819cef30, codeBlock=@0x380b5c0, parentExec=0x7fff819d12a0) at codes.def:1192 #24 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb55c0, exec=0x7fff819d12a0, thisObj=0x7fa763fb5580, args=@0x7fff819d0c70) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #25 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb55c0, exec=0x7fff819d12a0, thisObj=0x7fa763fb5580, args=@0x7fff819d0c70) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #26 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819d12a0, codeBlock=@0x380bb80, parentExec=0x7fff819d3610) at codes.def:1192 #27 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb5640, exec=0x7fff819d3610, thisObj=0x7fa763fb5580, args=@0x7fff819d2fe0) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #28 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb5640, exec=0x7fff819d3610, thisObj=0x7fa763fb5580, args=@0x7fff819d2fe0) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #29 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819d3610, codeBlock=@0x380b5c0, parentExec=0x7fff819d5980) at codes.def:1192 #30 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb55c0, exec=0x7fff819d5980, thisObj=0x7fa763fb5580, args=@0x7fff819d5350) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 ---Type <return> to continue, or q <return> to quit--- #31 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb55c0, exec=0x7fff819d5980, thisObj=0x7fa763fb5580, args=@0x7fff819d5350) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #32 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819d5980, codeBlock=@0x380bb80, parentExec=0x7fff819d7cf0) at codes.def:1192 #33 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb5640, exec=0x7fff819d7cf0, thisObj=0x7fa763fb5580, args=@0x7fff819d76c0) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #34 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb5640, exec=0x7fff819d7cf0, thisObj=0x7fa763fb5580, args=@0x7fff819d76c0) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #35 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819d7cf0, codeBlock=@0x380b5c0, parentExec=0x7fff819da060) at codes.def:1192 #36 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb55c0, exec=0x7fff819da060, thisObj=0x7fa763fb5580, args=@0x7fff819d9a30) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #37 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb55c0, exec=0x7fff819da060, thisObj=0x7fa763fb5580, args=@0x7fff819d9a30) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #38 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819da060, codeBlock=@0x380bb80, parentExec=0x7fff819dc3d0) at codes.def:1192 #39 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb5640, exec=0x7fff819dc3d0, thisObj=0x7fa763fb5580, args=@0x7fff819dbda0) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #40 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb5640, exec=0x7fff819dc3d0, thisObj=0x7fa763fb5580, args=@0x7fff819dbda0) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 ---Type <return> to continue, or q <return> to quit--- #41 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819dc3d0, codeBlock=@0x380b5c0, parentExec=0x7fff819de740) at codes.def:1192 #42 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb55c0, exec=0x7fff819de740, thisObj=0x7fa763fb5580, args=@0x7fff819de110) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #43 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb55c0, exec=0x7fff819de740, thisObj=0x7fa763fb5580, args=@0x7fff819de110) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #44 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819de740, codeBlock=@0x380bb80, parentExec=0x7fff819e0ab0) at codes.def:1192 #45 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb5640, exec=0x7fff819e0ab0, thisObj=0x7fa763fb5580, args=@0x7fff819e0480) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #46 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb5640, exec=0x7fff819e0ab0, thisObj=0x7fa763fb5580, args=@0x7fff819e0480) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #47 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819e0ab0, codeBlock=@0x380b5c0, parentExec=0x7fff819e2e20) at codes.def:1192 #48 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb55c0, exec=0x7fff819e2e20, thisObj=0x7fa763fb5580, args=@0x7fff819e27f0) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #49 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb55c0, exec=0x7fff819e2e20, thisObj=0x7fa763fb5580, args=@0x7fff819e27f0) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #50 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819e2e20, codeBlock=@0x380bb80, parentExec=0x7fff819e5190) at codes.def:1192 #51 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( ---Type <return> to continue, or q <return> to quit--- this=0x7fa763fb5640, exec=0x7fff819e5190, thisObj=0x7fa763fb5580, args=@0x7fff819e4b60) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #52 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb5640, exec=0x7fff819e5190, thisObj=0x7fa763fb5580, args=@0x7fff819e4b60) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #53 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819e5190, codeBlock=@0x380b5c0, parentExec=0x7fff819e7500) at codes.def:1192 #54 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb55c0, exec=0x7fff819e7500, thisObj=0x7fa763fb5580, args=@0x7fff819e6ed0) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #55 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb55c0, exec=0x7fff819e7500, thisObj=0x7fa763fb5580, args=@0x7fff819e6ed0) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #56 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819e7500, codeBlock=@0x380bb80, parentExec=0x7fff819e9870) at codes.def:1192 #57 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb5640, exec=0x7fff819e9870, thisObj=0x7fa763fb5580, args=@0x7fff819e9240) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #58 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb5640, exec=0x7fff819e9870, thisObj=0x7fa763fb5580, args=@0x7fff819e9240) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #59 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819e9870, codeBlock=@0x380b5c0, parentExec=0x7fff819ebbe0) at codes.def:1192 #60 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb55c0, exec=0x7fff819ebbe0, thisObj=0x7fa763fb5580, args=@0x7fff819eb5b0) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #61 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb55c0, ---Type <return> to continue, or q <return> to quit--- exec=0x7fff819ebbe0, thisObj=0x7fa763fb5580, args=@0x7fff819eb5b0) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #62 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819ebbe0, codeBlock=@0x380bb80, parentExec=0x7fff819edf50) at codes.def:1192 #63 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb5640, exec=0x7fff819edf50, thisObj=0x7fa763fb5580, args=@0x7fff819ed920) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #64 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb5640, exec=0x7fff819edf50, thisObj=0x7fa763fb5580, args=@0x7fff819ed920) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #65 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819edf50, codeBlock=@0x380b5c0, parentExec=0x7fff819f02c0) at codes.def:1192 #66 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb55c0, exec=0x7fff819f02c0, thisObj=0x7fa763fb5580, args=@0x7fff819efc90) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #67 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb55c0, exec=0x7fff819f02c0, thisObj=0x7fa763fb5580, args=@0x7fff819efc90) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 #68 0x00007fa76b18b0f7 in KJS::Machine::runBlock (exec=0x7fff819f02c0, codeBlock=@0x380bb80, parentExec=0x7fff819f2630) at codes.def:1192 #69 0x00007fa76b160960 in KJS::FunctionImp::callAsFunction ( this=0x7fa763fb5640, exec=0x7fff819f2630, thisObj=0x7fa763fb5580, args=@0x7fff819f2000) at /home/tomtervo/src/kdelibs/kjs/function.cpp:144 #70 0x00007fa76b164f31 in KJS::JSObject::call (this=0x7fa763fb5640, exec=0x7fff819f2630, thisObj=0x7fa763fb5580, args=@0x7fff819f2000) at /home/tomtervo/src/kdelibs/kjs/object.cpp:99 Created attachment 30447 [details]
Valgrind memcheck log
I added VG log of my session. Not sure if I managed to reach the big memleak point because VG/konqueror was so unresponsive. There is also some imloader related errors which are propably unrelated.
It has something to do with this serialization routine: FP._translateValue = function (a, b, c) { switch (FP.n2(c)) { case FP.Type.NATIVE: return c; case FP.Type.FUNCTION: return FP.xWa(a, b, c); case FP.Type.PROTO: return FP.yWa(a, c); case FP.Type.ARRAY: case FP.Type.OBJECT: return FP.wWa(a, b, c); default: return c; } }; ... I think I need to run with the JS debugger and trap into it from gdb and then step through. Most likely cause --- HTMLDocument prototype's constructor property being Object; seems like we need to set constructor properties of the various prototype objects to the pseudo-constructors. Grr. Created attachment 30578 [details]
Patch
This implements a different .constructor just for Node, which is enough to fix this bug, but we'll probably need more; I'll likely save that until autogen, though, since even this was ultra labor-intensive.
SVN commit 922888 by orlovich: Google maps seems to wants the DOM objects' prototypes' constructor properties to point to something other than the default Object constructor. Make them point to the Node pseudoctor for now. Probably want to give it more distinct values later on, but that's better done w/autogen. BUG:176730 BUG:183251 M +1 -1 kdecore/localization/ktranscript.cpp M +1 -1 khtml/ecma/domparser.cpp M +1 -1 khtml/ecma/kjs_audio.cpp M +3 -0 khtml/ecma/kjs_binding.h M +3 -3 khtml/ecma/kjs_context2d.cpp M +4 -4 khtml/ecma/kjs_css.cpp M +19 -10 khtml/ecma/kjs_dom.cpp M +4 -4 khtml/ecma/kjs_dom.h M +11 -11 khtml/ecma/kjs_events.cpp M +31 -31 khtml/ecma/kjs_html.cpp M +1 -1 khtml/ecma/kjs_range.cpp M +2 -2 khtml/ecma/kjs_traversal.cpp M +1 -1 khtml/ecma/kjs_views.cpp M +1 -1 khtml/ecma/xmlhttprequest.cpp M +1 -1 khtml/ecma/xmlserializer.cpp M +7 -23 kjs/lookup.h M +4 -0 kjs/object_object.cpp M +6 -1 kjs/object_object.h WebSVN link: http://websvn.kde.org/?view=rev&revision=922888 SVN commit 922890 by orlovich: Merged revision 922888: Google maps seems to wants the DOM objects' prototypes' constructor properties to point to something other than the default Object constructor. Make them point to the Node pseudoctor for now. Probably want to give it more distinct values later on, but that's better done w/autogen. BUG:176730 BUG:183251 M +1 -1 kdecore/localization/ktranscript.cpp M +1 -1 khtml/ecma/domparser.cpp M +1 -1 khtml/ecma/kjs_audio.cpp M +3 -0 khtml/ecma/kjs_binding.h M +3 -3 khtml/ecma/kjs_context2d.cpp M +4 -4 khtml/ecma/kjs_css.cpp M +19 -10 khtml/ecma/kjs_dom.cpp M +4 -4 khtml/ecma/kjs_dom.h M +11 -11 khtml/ecma/kjs_events.cpp M +31 -31 khtml/ecma/kjs_html.cpp M +1 -1 khtml/ecma/kjs_range.cpp M +2 -2 khtml/ecma/kjs_traversal.cpp M +1 -1 khtml/ecma/kjs_views.cpp M +1 -1 khtml/ecma/xmlhttprequest.cpp M +1 -1 khtml/ecma/xmlserializer.cpp M +7 -23 kjs/lookup.h M +4 -0 kjs/object_object.cpp M +6 -1 kjs/object_object.h WebSVN link: http://websvn.kde.org/?view=rev&revision=922890 |