[webkit-dev] scoping Node destruction during DOM modifications

Ryosuke Niwa rniwa at webkit.org
Thu Mar 1 19:34:37 PST 2012


On Thu, Mar 1, 2012 at 7:18 PM, Ojan Vafai <ojan at chromium.org> wrote:

> I think my earlier testing was faulty. Now when I test case 2, I get
> something comparable with and without the patch. If there is a regression,
> it's below the noise. Running it through a profiler shows a negligible
> amount of time in the new code.
>
> I had tried running it through Dromaeo first, but any performance impact
> (if there is any) was well below the variance. I can take a stab at running
> Peacekeeper and Acid3 tomorrow, but I don't have high hopes of getting
> useful information out of them.
>

That sounds promising.

Here's another idea. What if we added ASSERT_NOT_REACHED right before we
add the node to m_nodesToKeepAlive. This assertion is hit whenever we
destroy a node too early. That should help us identifying code where we're
not using RefPtr properly while still preventing such code from introducing
security bugs.

- Ryosuke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20120301/02705e92/attachment.html>


More information about the webkit-dev mailing list