Bug 138915

Summary: Throttled DOMTimers can prevent their document from being garbage collected
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, benjamin, cmarcelo, commit-queue, esprehn+autocc, ggaren, kangil.han, kling, koivisto
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 138292    
Bug Blocks:    
Attachments:
Description Flags
Patch
none
Patch none

Description Chris Dumez 2014-11-20 00:31:45 PST 
It seems throttled DOMTimers can prevent their document from being garbage collected. This is likely caused by DOMTimer::m_elementsCausingThrottling keeping a reference to the Elements that caused its throttling. It looks like we may need to use weak references to those Elements in DOMTimer.

I realized this when trying to write a layout test for:
https://bugs.webkit.org/show_bug.cgi?id=138914
Comment 1 Chris Dumez 2014-11-20 11:59:19 PST 
Created attachment 241969 [details]
Patch
Comment 2 Chris Dumez 2014-11-21 18:07:34 PST 
Created attachment 242098 [details]
Patch
Comment 3 Chris Dumez 2014-11-21 18:08:16 PST 
Stop using a unique_ptr in ElementRareData as per Andreas' comments offline.
Comment 4 WebKit Commit Bot 2014-11-21 19:29:46 PST 
Comment on attachment 242098 [details]
Patch

Clearing flags on attachment: 242098

Committed r176496: <http://trac.webkit.org/changeset/176496>
Comment 5 WebKit Commit Bot 2014-11-21 19:29:52 PST 
All reviewed patches have been landed.  Closing bug.