WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
119718
Add leak tests for NodeIterator and TreeWalker
https://bugs.webkit.org/show_bug.cgi?id=119718
Summary
Add leak tests for NodeIterator and TreeWalker
Ryosuke Niwa
Reported
2013-08-12 20:22:30 PDT
Fix the problem
https://chromium.googlesource.com/chromium/blink/+/65db79784ecd4a7e744d10a26befe5159638a56c
fixed in WebKit if applicable. * Problem Description When NodeIterator/TreeWalker with filter JS callback is created, the following reference chain was created: NodeIterator -(RefPtr)-> NodeFilter -(RefPtr)-> V8NodeFilterCondition -(ScopedPersistent)-> JS callback object -> window This caused the whole document to be leaked when NodeIterator was referenced from window. For example, the following script created a circular reference which could not be collected. <script> window.foobar = document.createNodeIterator(document, NodeFilter.SHOW_ELEMENT, function(node) { return NodeFilter.FILTER_ACCEPT; }); </script> * Proposal This patch modifies the reference chain to avoid leak. The basic idea is to move the callback's whole reference chain to the V8 side. We change the strong reference to the JS callback object held by V8NodeFilterCondition to a weak reference. The JS callback is instead kept alive by a wrapper of NodeFilter, referenced from NodeIterator wrapper. The new reference chain is illustrated as follows: Blink world: NodeIterator -(RefPtr)-> NodeFilter -(RefPtr)-> V8NodeFilterCondition ^^^ ^^^ vvv(weakref)vvv V8 world: NodeIterator wrap -(HiddenProperty)-> NodeFilter wrap -(HiddenProperty)-> JS callback obj. -> window The new reference chain can be collected correctly, as the whole circular reference chain is visible from V8 GC.
Attachments
Add attachment
proposed patch, testcase, etc.
Ahmad Saleem
Comment 1
2022-09-16 23:57:50 PDT
rniwa - This seems to reference v8 and related bindings, I am not sure, it would be simple merge of this patch. Plus do we require this now or Webkit code is now diverged and this is already fixed? Thanks!
Alexey Proskuryakov
Comment 2
2022-09-18 16:55:43 PDT
The action here is to either analyze our code to see if it has a similar problem, or to try the test case to see if it reproduces the problem. The latter won't be trivial, as the test cannot be run in Safari, it relies on window.internals. If we are lucky, it will just work with run-webkit-tests, but it may need adjustment.
Ryosuke Niwa
Comment 3
2022-09-18 18:12:05 PDT
I've read our code, and as far as I can tell we don't have the same bug.
Ryosuke Niwa
Comment 4
2022-09-18 18:23:48 PDT
Modified tests pass in WebKit as well. Let's check in these tests.
Ryosuke Niwa
Comment 5
2022-09-18 18:42:23 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/4473
EWS
Comment 6
2022-09-20 21:39:16 PDT
Committed
254711@main
(b17ccd4f3712): <
https://commits.webkit.org/254711@main
> Reviewed commits have been landed. Closing PR #4473 and removing active labels.
Radar WebKit Bug Importer
Comment 7
2022-09-20 21:40:18 PDT
<
rdar://problem/100206367
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug