Bug 313353

Summary: IDBTransaction/IDBRequest/IDBObjectStore retain cycle when IDBTransaction::stop() is called on a finishing transaction
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: Website StorageAssignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: sihui_liu, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

David Kilzer (:ddkilzer)
Reported 2026-04-26 10:31:21 PDT
When `IDBTransaction::stop()` is called on a transaction that is already finishing (Committing or Aborting state), multiple retain cycles prevent `IDBTransaction`, `IDBRequest`, `IDBObjectStore`, and `TransactionOperationImpl` objects from being destroyed. The retain cycles are: 1. `IDBTransaction::m_transactionOperationMap` holds `Ref<TransactionOperationImpl>`, and each `TransactionOperationImpl` holds `Ref<IDBTransaction>` via its `m_transaction` member and through captured lambdas in `m_performFunction` and `m_completeFunction`. 2. `IDBTransaction::m_openRequests` holds `Ref<IDBRequest>`, and each `IDBRequest` holds `RefPtr<IDBTransaction>` via its `m_transaction` member. 3. `IDBDatabase::m_activeTransactions` (and `m_committingTransactions`, `m_abortingTransactions`) hold `Ref<IDBTransaction>` that are never cleared in `IDBDatabase::stop()`. Steps to reproduce: 1. Build WebKit Debug from main branch. 2. Run layout tests with --leaks: `Tools/Scripts/run-webkit-tests --leaks --debug imported/w3c/web-platform-tests/IndexedDB/` 3. Examine the WebContent memgraph with `leaks --groupByType`. Expected results: No `IDBTransaction`, `IDBRequest`, `IDBObjectStore`, or `TransactionOperationImpl` objects appear as ROOT CYCLE in the leaks output. Actual results: The `leaks` tool reports ROOT CYCLE entries for `IDBTransaction`, `IDBRequest`, `IDBObjectStore`, and `TransactionOperationImpl` objects. Example from `leaks --groupByType`: ``` 508 (71.4K) ROOT CYCLE: CallableWrapper<TransactionOperationImpl...> 492 (69.6K) ROOT CYCLE: CallableWrapper<IDBTransaction::requestGetRecord...> 420 (61.9K) ROOT CYCLE: WebCore::IDBTransaction 344 (53.9K) ROOT CYCLE: non-object 170 (26.6K) ROOT CYCLE: WebCore::IDBClient::TransactionOperationImpl 68 (18.1K) ROOT CYCLE: WebCore::IDBRequest ```
Attachments
Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2026-04-26 10:31:23 PDT
<rdar://problem/175627928>
David Kilzer (:ddkilzer)
Comment 2 2026-04-26 12:15:02 PDT
Pull request: https://github.com/WebKit/WebKit/pull/63634
EWS
Comment 3 2026-04-30 11:22:37 PDT
Committed 312379@main (a460a664aa29): <https://commits.webkit.org/312379@main> Reviewed commits have been landed. Closing PR #63634 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.