API::Navigation objects are leaked on history navigation to HistoryItems in PageCache. When WebPageProxy::goBack() is called: 1. We create a back/forward navigation item by calling m_navigationState->createBackForwardNavigation() 2. We send WebPage::GoBack IPC to the WebContent process with the navigationID that was just created 3. WebPage::goBack() does NOT update m_pendingNavigationID because item->isInPageCache() return true. As a result, the navigationID is ignored. 4. In FrameLoader::loadDifferentDocumentItem(), we get a CachedPage from the PageCache and we reuse the cached DocumentLoader (instead of creating a new one) 5. WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction() is called later on. It sends WebPageProxy::DecidePolicyForNavigationAction IPC to the UIProcess with a navigationID that is 0 (instead of the actual navigationID of the BackForward Navigation object) 6. WebPageProxy::decidePolicyForNavigationAction() is called and since navigationID is 0, it constructors a new Navigation object by calling m_navigationState->createLoadRequestNavigation(). Later on, when navigating away, the LoadRequestNavigation object will be destroyed. However, the BackForwardNavigation object will be leaked. -- Related to <rdar://problem/21305706> but likely a different reason for leaking.
Created attachment 254833 [details] WIP Patch Upload WIP patch in case Sam / Anders have early feedback. It does fix the leak but I do not know much about those Navigation objects.
Created attachment 254849 [details] Patch
Comment on attachment 254849 [details] Patch Clearing flags on attachment: 254849 Committed r185542: <http://trac.webkit.org/changeset/185542>
All reviewed patches have been landed. Closing bug.