313353 – IDBTransaction/IDBRequest/IDBObjectStore retain cycle when IDBTransaction::stop() is called on a finishing transaction

RESOLVED FIXED313353

IDBTransaction/IDBRequest/IDBObjectStore retain cycle when IDBTransaction::stop() is called on a finishing transaction

https://bugs.webkit.org/show_bug.cgi?id=313353

Summary IDBTransaction/IDBRequest/IDBObjectStore retain cycle when IDBTransaction::st...

David Kilzer (:ddkilzer)

Reported 2026-04-26 10:31:21 PDT

When `IDBTransaction::stop()` is called on a transaction that is already finishing (Committing or Aborting state), multiple retain cycles prevent `IDBTransaction`, `IDBRequest`, `IDBObjectStore`, and `TransactionOperationImpl` objects from being destroyed. The retain cycles are: 1. `IDBTransaction::m_transactionOperationMap` holds `Ref<TransactionOperationImpl>`, and each `TransactionOperationImpl` holds `Ref<IDBTransaction>` via its `m_transaction` member and through captured lambdas in `m_performFunction` and `m_completeFunction`. 2. `IDBTransaction::m_openRequests` holds `Ref<IDBRequest>`, and each `IDBRequest` holds `RefPtr<IDBTransaction>` via its `m_transaction` member. 3. `IDBDatabase::m_activeTransactions` (and `m_committingTransactions`, `m_abortingTransactions`) hold `Ref<IDBTransaction>` that are never cleared in `IDBDatabase::stop()`. Steps to reproduce: 1. Build WebKit Debug from main branch. 2. Run layout tests with --leaks: `Tools/Scripts/run-webkit-tests --leaks --debug imported/w3c/web-platform-tests/IndexedDB/` 3. Examine the WebContent memgraph with `leaks --groupByType`. Expected results: No `IDBTransaction`, `IDBRequest`, `IDBObjectStore`, or `TransactionOperationImpl` objects appear as ROOT CYCLE in the leaks output. Actual results: The `leaks` tool reports ROOT CYCLE entries for `IDBTransaction`, `IDBRequest`, `IDBObjectStore`, and `TransactionOperationImpl` objects. Example from `leaks --groupByType`: ``` 508 (71.4K) ROOT CYCLE: CallableWrapper<TransactionOperationImpl...> 492 (69.6K) ROOT CYCLE: CallableWrapper<IDBTransaction::requestGetRecord...> 420 (61.9K) ROOT CYCLE: WebCore::IDBTransaction 344 (53.9K) ROOT CYCLE: non-object 170 (26.6K) ROOT CYCLE: WebCore::IDBClient::TransactionOperationImpl 68 (18.1K) ROOT CYCLE: WebCore::IDBRequest ```

Attachments
Add attachment proposed patch, testcase, etc.

David Kilzer (:ddkilzer)

Comment 1 2026-04-26 10:31:23 PDT

<rdar://problem/175627928>

David Kilzer (:ddkilzer)

Comment 2 2026-04-26 12:15:02 PDT

Pull request: https://github.com/WebKit/WebKit/pull/63634

EWS

Comment 3 2026-04-30 11:22:37 PDT

Committed 312379@main (a460a664aa29): <https://commits.webkit.org/312379@main> Reviewed commits have been landed. Closing PR #63634 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Website Storage

Assignee

David Kilzer (:ddkilzer)

Reported

2026-04-26 10:31 PDT

Modified

2026-04-30 11:22 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks