Bug 62800

Summary:

HTMLTable should cache its 'rows' collection results

Product:

WebKit

Reporter:

Julien Chaffraix <jchaffraix>

Component:

DOM

Assignee:

Julien Chaffraix <jchaffraix>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

darin, webkit.review.bot

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

URL:

http://code.google.com/p/chromium/issues/attachmentText?id=73106&aid=541403547953126335&name=chromium-bugreport.txt

Attachments:

Description	Flags
Patch	none

Description Julien Chaffraix 2011-06-16 09:24:25 PDT

This stems from http://code.google.com/p/chromium/issues/detail?id=73120

The test page is a 22k table. Some JS code is calling table.rows for each element at least twice. Currently, we create a new HTMLTableRowsCollection every time table.rows is called. This means that the length is potentially recalculated every time table.rows is used.

In the example, the DOM is not mutated so we could potentially reuse the CollectionCache to avoid the bad behavior.

Patch forthcoming.

Comment 1 Julien Chaffraix 2011-06-16 09:34:40 PDT

Created attachment 97451 [details]
Patch

Comment 2 Darin Adler 2011-06-16 09:37:45 PDT

Comment on attachment 97451 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=97451&action=review

> Source/WebCore/html/HTMLTableElement.cpp:630
> +        m_collectionCache = adoptPtr(new CollectionCache());

I usually don’t put in the parentheses in cases like this.

Comment 3 WebKit Review Bot 2011-06-16 09:50:31 PDT

Comment on attachment 97451 [details]
Patch

Clearing flags on attachment: 97451

Committed r89035: <http://trac.webkit.org/changeset/89035>

Comment 4 WebKit Review Bot 2011-06-16 09:50:35 PDT

All reviewed patches have been landed.  Closing bug.

Comment 5 Darin Adler 2011-06-16 18:04:18 PDT

I am seeing crashes when running dom/html/level2/html/HTMLCollection01.html and other tests now.

Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000098
0   com.apple.WebCore             	0x000000010fe13478 WTF::OwnPtr<WebCore::CollectionCache>::operator!() const + 8 (OwnPtr.h:65)
1   com.apple.WebCore             	0x000000010fe8b0e9 WebCore::HTMLTableElement::collectionCache() const + 41 (HTMLTableElement.cpp:629)
2   com.apple.WebCore             	0x000000010fe8ed18 WebCore::HTMLTableRowsCollection::HTMLTableRowsCollection(WTF::PassRefPtr<WebCore::HTMLTableElement>) + 72 (HTMLTableRowsCollection.cpp:153)

Caused by this patch?

Comment 6 Darin Adler 2011-06-16 18:08:53 PDT

Yup, this patch makes incorrect use of PassRefPtr.