Bug 125888 - Reloading a page with SVG should not cause leaks
Summary: Reloading a page with SVG should not cause leaks
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: SVG (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: BlinkMergeCandidate
Depends on:
Blocks:
 
Reported: 2013-12-17 16:47 PST by Ryosuke Niwa
Modified: 2016-01-08 17:16 PST (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2013-12-17 16:47:44 PST 
https://code.google.com/p/chromium/issues/detail?id=270000

Fixed in Blink: https://chromium.googlesource.com/chromium/blink/+/8b4d1c4dee0fbe311d3541623f1c48df3582a867

This patch introduces the new reference graph for SVG*TearOffs to resolve Node leaks. The graph is illustrated below:
https://docs.google.com/presentation/d/1cKqC9wc_Ca5UTSCNE0DHQeXRxEtkerIxnp1MIIK5Jqk/edit?usp=sharing
In the new reference graph, references from parent to child are made strong ref, and references from child to parent are made weak ref. For V8 references against TearOffs, a hidden reference to the context V8SVGElement is added to its wrappers to ensure contextElement() is alive while TearOffs are alive.

This patch also contains fixes for bugs exposed from the reference graph change. SVGAnimateElement will ensure stopAnimValAnimation call even if it is destructed while animation is active. SMILElement/SVGAnimateElement is modified to observe lifetime shadow tree instances in addition to the lifetime of original element.

[Reland] The animatedProperties are now detached by SVGElement::cleanupAnimatedProperties, called just after the most-derived-classes-dtor, while their animatedProperties are alive. This detach was previously done inside ~SVGElement in previous patches and caused various problems by referencing dead members of derived classes.