| Summary: | ContainerNode::removeChildren should first detach the children then remove them | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Andrei Bucur <abucur> | ||||||||||||||
| Component: | DOM | Assignee: | Andrei Bucur <abucur> | ||||||||||||||
| Status: | RESOLVED FIXED | ||||||||||||||||
| Severity: | Normal | CC: | commit-queue, esprehn+autocc, esprehn, ojan.autocc, rniwa, WebkitBugTracker, webkit.review.bot | ||||||||||||||
| Priority: | P2 | ||||||||||||||||
| Version: | 528+ (Nightly build) | ||||||||||||||||
| Hardware: | Unspecified | ||||||||||||||||
| OS: | Unspecified | ||||||||||||||||
| Bug Depends on: | |||||||||||||||||
| Bug Blocks: | 110352 | ||||||||||||||||
| Attachments: |
|
||||||||||||||||
|
Description
Andrei Bucur
2013-03-27 12:17:19 PDT
Created attachment 195951 [details]
Patch
Comment on attachment 195951 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=195951&action=review > Source/WebCore/dom/ContainerNode.cpp:459 > +static void willRemoveChildren(ContainerNode* container, NodeVector& children) This function has unclear purpose (doing both pre-removal tasks and building up the child vector). I think it would be better to pass in an initialized child vector and possibly rename the function to something more descriptive (though I don't have great suggestions, fireEventsBeforeRemovingAllChildren or something). This will be fixed in https://bugs.webkit.org/show_bug.cgi?id=113517 . *** This bug has been marked as a duplicate of bug 113517 *** https://bugs.webkit.org/show_bug.cgi?id=113517 is a lot harder than initially estimated. Just refactor the code a bit and first detach then remove the nodes. Created attachment 198113 [details]
Patch
Created attachment 198121 [details]
Patch
*** This bug has been marked as a duplicate of bug 114677 *** Use this bug to track the simple change of first detaching a child before it is removed. Created attachment 198725 [details]
Simple version of the patch
Created attachment 198738 [details]
Perf results for the very simple patch
innserHTML-setter.html and html5-full-render.html
There doesn't seem to be any performance regression. This is aligned with the small performance boost found in the more complex patch.
I think the Simple version is the way to go. Make tiny changes and watch the perf and security issues as you go. Calling shrink(0) on the vector is also really weird, I don't think that's what you want to do since it frees the vector buffer and you end up mallocing again. btw I don't think html5-full-render.html is the right benchmark for this. It's doing document.write() which goes directly at the parser/tree builder. It doesn't go through innerHTML which would benchmark this code. Great, thanks for the review! (In reply to comment #11) > I think the Simple version is the way to go. Make tiny changes and watch the perf and security issues as you go. Calling shrink(0) on the vector is also really weird, I don't think that's what you want to do since it frees the vector buffer and you end up mallocing again. shrink() doesn't modify the capacity. It will just remove the nodes, keeping the buffer intact. This is why I said reserveInitialCapacity() is not required any more. shrinkCapacity() does what you describe. The advanced patch saves a free() and possibly a malloc(). The free() that happens when exiting willRemoveChildren() and the possible malloc() when calling reserveInitialCapacity, if the inline size of the vector is smaller than the number of nodes. I'm not counting the loop through the children required when calling reserveInitialCapacity. > > btw I don't think html5-full-render.html is the right benchmark for this. It's doing document.write() which goes directly at the parser/tree builder. It doesn't go through innerHTML which would benchmark this code. Comment on attachment 198725 [details] Simple version of the patch View in context: https://bugs.webkit.org/attachment.cgi?id=198725&action=review > Source/WebCore/dom/ContainerNode.cpp:633 > - for (size_t i = 0; i < removedChildren.size(); ++i) { > - Node* removedChild = removedChildren[i].get(); > - if (removedChild->attached()) > - removedChild->detach(); > + removedChildren.append(n.release()); Why aren't we moving this loop before the other loop? Is the comment you removed no longer applicable? Comment on attachment 198725 [details] Simple version of the patch View in context: https://bugs.webkit.org/attachment.cgi?id=198725&action=review >> Source/WebCore/dom/ContainerNode.cpp:633 >> + removedChildren.append(n.release()); > > Why aren't we moving this loop before the other loop? > Is the comment you removed no longer applicable? No, it's not applicable. The pointers are fixed after each node is removed and I didn't find any evidence of detachment being faster for removed nodes that a new iteration through them is worth the effort. Comment on attachment 198725 [details] Simple version of the patch View in context: https://bugs.webkit.org/attachment.cgi?id=198725&action=review >>> Source/WebCore/dom/ContainerNode.cpp:633 >>> + removedChildren.append(n.release()); >> >> Why aren't we moving this loop before the other loop? >> Is the comment you removed no longer applicable? > > No, it's not applicable. The pointers are fixed after each node is removed and I didn't find any evidence of detachment being faster for removed nodes that a new iteration through them is worth the effort. Please clarify that in the change log. Created attachment 198893 [details]
Patch for landing
Comment on attachment 198893 [details] Patch for landing Clearing flags on attachment: 198893 Committed r148754: <http://trac.webkit.org/changeset/148754> All reviewed patches have been landed. Closing bug. |