Bug 186221

Summary: throw/catch(e) abandons a Document
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: ap, ggaren, keith_miller, koivisto, mark.lam, rniwa, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Simon Fraser (smfr)
Reported 2018-06-01 20:22:16 PDT
If you load LayoutTests/fast/css/invalid-import-rule-insertion.html, then load another page and clear the page cache, the Document for LayoutTests/fast/css/invalid-import-rule-insertion.html is never released. It seems to be trapped in a retain cycle.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-06-01 20:22:33 PDT
<rdar://problem/40743441>
Simon Fraser (smfr)
Comment 2 2018-06-01 20:36:47 PDT
This is triggered by the throw and a catch that references the exception. Minimal test case: <script> try { throw('The document is abandoned'); } catch(e) { } </script>
Simon Fraser (smfr)
Comment 3 2018-06-01 20:55:59 PDT
My heap inspector tool shows a reference chain thus: Exception (GC root—VM exceptions) -> Internal -> ProgramCodeBlock -> Internal -> Window -> Variable document -> HTMLDocument “file:///Volumes/Data/Development/apple/webkit/OpenSource/LayoutTests/fast/css/invalid-import-rule-insertion.html” m_vm->lastException() is a GC root (see slotVisitor.appendUnbarriered(m_vm->lastException()) in Heap.cpp). Seems like we should clear this at some point.
Simon Fraser (smfr)
Comment 4 2018-06-01 20:58:29 PDT
I guess we clear lastException() next time we run script (in the VMEntryScope constructor).
Simon Fraser (smfr)
Comment 5 2018-06-01 21:26:44 PDT
Maybe GCController should call clearLastException() in some code paths.
Geoffrey Garen
Comment 6 2018-06-02 09:49:42 PDT
Two promising places to clear lastException: (1) ~JSLock() (2) A zero-delay timer The purpose of lastException is to provide an out-of-band accessor to the exception thrown by the current task / micro task. So, it's OK to throw it away after the task / micro task ends.
Keith Miller
Comment 7 2018-06-04 14:45:54 PDT
*** This bug has been marked as a duplicate of bug 186277 ***
Note You need to log in before you can comment on or make changes to this bug.