Title: [291661] branches/safari-613-branch/Source/WebCore
- Revision
- 291661
- Author
- alanc...@apple.com
- Date
- 2022-03-22 10:56:23 -0700 (Tue, 22 Mar 2022)
Log Message
Cherry-pick r291127. rdar://problem/90050632
Document is leaking on haaretz.co.il due to an async script
https://bugs.webkit.org/show_bug.cgi?id=237672
<rdar://problem/90050632>
Reviewed by Geoffrey Garen.
I haven't been able to reproduce this in the context of a layout test, however,
I see the https://acdn.adnxs.com/dmp/async_usersync.html document flakily leaking
on haaretz.co.il due to an async script (sometimes the top document too).
From a memgraph, I can see that the cycle is:
HTMLDocument -> ScriptRunner -> PendingScript (via m_scriptsToExecuteSoon) -> HTMLScriptElement -> HTMLDocument (again)
To address the issue, I updated Document::commonTeardown() to clear all its ScriptRunner's pending scripts, right after
we stop all ActiveDOMObjects. At this point, we no longer want to run script and clearing any pending scripts is critical
since they hold a strong reference to the Document.
I have validated the fix on haaretz.co.il since I wasn't able to write an automated
test for this.
* dom/Document.cpp:
(WebCore::Document::commonTeardown):
* dom/ScriptRunner.cpp:
(WebCore::ScriptRunner::clearPendingScripts):
* dom/ScriptRunner.h:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@291127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-613-branch/Source/WebCore/ChangeLog (291660 => 291661)
--- branches/safari-613-branch/Source/WebCore/ChangeLog 2022-03-22 17:56:19 UTC (rev 291660)
+++ branches/safari-613-branch/Source/WebCore/ChangeLog 2022-03-22 17:56:23 UTC (rev 291661)
@@ -1,5 +1,66 @@
2022-03-21 Alan Coon <alanc...@apple.com>
+ Cherry-pick r291127. rdar://problem/90050632
+
+ Document is leaking on haaretz.co.il due to an async script
+ https://bugs.webkit.org/show_bug.cgi?id=237672
+ <rdar://problem/90050632>
+
+ Reviewed by Geoffrey Garen.
+
+ I haven't been able to reproduce this in the context of a layout test, however,
+ I see the https://acdn.adnxs.com/dmp/async_usersync.html document flakily leaking
+ on haaretz.co.il due to an async script (sometimes the top document too).
+
+ From a memgraph, I can see that the cycle is:
+ HTMLDocument -> ScriptRunner -> PendingScript (via m_scriptsToExecuteSoon) -> HTMLScriptElement -> HTMLDocument (again)
+
+ To address the issue, I updated Document::commonTeardown() to clear all its ScriptRunner's pending scripts, right after
+ we stop all ActiveDOMObjects. At this point, we no longer want to run script and clearing any pending scripts is critical
+ since they hold a strong reference to the Document.
+
+ I have validated the fix on haaretz.co.il since I wasn't able to write an automated
+ test for this.
+
+ * dom/Document.cpp:
+ (WebCore::Document::commonTeardown):
+ * dom/ScriptRunner.cpp:
+ (WebCore::ScriptRunner::clearPendingScripts):
+ * dom/ScriptRunner.h:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@291127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2022-03-10 Chris Dumez <cdu...@apple.com>
+
+ Document is leaking on haaretz.co.il due to an async script
+ https://bugs.webkit.org/show_bug.cgi?id=237672
+ <rdar://problem/90050632>
+
+ Reviewed by Geoffrey Garen.
+
+ I haven't been able to reproduce this in the context of a layout test, however,
+ I see the https://acdn.adnxs.com/dmp/async_usersync.html document flakily leaking
+ on haaretz.co.il due to an async script (sometimes the top document too).
+
+ From a memgraph, I can see that the cycle is:
+ HTMLDocument -> ScriptRunner -> PendingScript (via m_scriptsToExecuteSoon) -> HTMLScriptElement -> HTMLDocument (again)
+
+ To address the issue, I updated Document::commonTeardown() to clear all its ScriptRunner's pending scripts, right after
+ we stop all ActiveDOMObjects. At this point, we no longer want to run script and clearing any pending scripts is critical
+ since they hold a strong reference to the Document.
+
+ I have validated the fix on haaretz.co.il since I wasn't able to write an automated
+ test for this.
+
+ * dom/Document.cpp:
+ (WebCore::Document::commonTeardown):
+ * dom/ScriptRunner.cpp:
+ (WebCore::ScriptRunner::clearPendingScripts):
+ * dom/ScriptRunner.h:
+
+2022-03-21 Alan Coon <alanc...@apple.com>
+
Cherry-pick r291030. rdar://problem/89989815
IntersectionObserver is causing massive document leaks on haaretz.co.il
Modified: branches/safari-613-branch/Source/WebCore/dom/Document.cpp (291660 => 291661)
--- branches/safari-613-branch/Source/WebCore/dom/Document.cpp 2022-03-22 17:56:19 UTC (rev 291660)
+++ branches/safari-613-branch/Source/WebCore/dom/Document.cpp 2022-03-22 17:56:23 UTC (rev 291661)
@@ -824,6 +824,8 @@
resizeObserver->disconnect();
}
+ scriptRunner().clearPendingScripts();
+
if (m_highlightRegister)
m_highlightRegister->clear();
#if ENABLE(APP_HIGHLIGHTS)
Modified: branches/safari-613-branch/Source/WebCore/dom/ScriptRunner.cpp (291660 => 291661)
--- branches/safari-613-branch/Source/WebCore/dom/ScriptRunner.cpp 2022-03-22 17:56:19 UTC (rev 291660)
+++ branches/safari-613-branch/Source/WebCore/dom/ScriptRunner.cpp 2022-03-22 17:56:23 UTC (rev 291661)
@@ -141,4 +141,11 @@
}
}
+void ScriptRunner::clearPendingScripts()
+{
+ m_scriptsToExecuteInOrder.clear();
+ m_scriptsToExecuteSoon.clear();
+ m_pendingAsyncScripts.clear();
}
+
+} // namespace WebCore
Modified: branches/safari-613-branch/Source/WebCore/dom/ScriptRunner.h (291660 => 291661)
--- branches/safari-613-branch/Source/WebCore/dom/ScriptRunner.h 2022-03-22 17:56:19 UTC (rev 291660)
+++ branches/safari-613-branch/Source/WebCore/dom/ScriptRunner.h 2022-03-22 17:56:23 UTC (rev 291661)
@@ -55,6 +55,8 @@
void documentFinishedParsing();
+ void clearPendingScripts();
+
private:
void timerFired();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
