If you load LayoutTests/fast/css/invalid-import-rule-insertion.html, then load another page and clear the page cache, the Document for LayoutTests/fast/css/invalid-import-rule-insertion.html is never released. It seems to be trapped in a retain cycle.
<rdar://problem/40743441>
This is triggered by the throw and a catch that references the exception. Minimal test case: <script> try { throw('The document is abandoned'); } catch(e) { } </script>
My heap inspector tool shows a reference chain thus: Exception (GC root—VM exceptions) -> Internal -> ProgramCodeBlock -> Internal -> Window -> Variable document -> HTMLDocument “file:///Volumes/Data/Development/apple/webkit/OpenSource/LayoutTests/fast/css/invalid-import-rule-insertion.html” m_vm->lastException() is a GC root (see slotVisitor.appendUnbarriered(m_vm->lastException()) in Heap.cpp). Seems like we should clear this at some point.
I guess we clear lastException() next time we run script (in the VMEntryScope constructor).
Maybe GCController should call clearLastException() in some code paths.
Two promising places to clear lastException: (1) ~JSLock() (2) A zero-delay timer The purpose of lastException is to provide an out-of-band accessor to the exception thrown by the current task / micro task. So, it's OK to throw it away after the task / micro task ends.
*** This bug has been marked as a duplicate of bug 186277 ***