[Webkit-unassigned] [Bug 16289] WebKit looses data stored on "reachable" binding objects during garbage collection
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 4 13:41:57 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=16289
eric at webkit.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|WebKit loses data saved on |WebKit looses data stored on
|XML document object during |"reachable" binding objects
|garbage collection (affects |during garbage collection
|Acid3 test 26 and 27) |
------- Comment #9 from eric at webkit.org 2008-03-04 13:41 PDT -------
This example does:
- get a dom object (domObjectA)
- get a dom object reachable from that dom object, using dom methods
(domObjectB)
- set custom data on domObjectB
- store domObjectA in a local variable
- force a GC
- access domObjectB through the dom methods off of domObjectA
- notice that domObjectB is a fresh binding object, thus has no custom data
When marking, we don't follow builtin dom methods and mark the related binding
objects.
One fix would be to mark all DOM objects held in the DOM cache which have
custom data set on them. We would need some way to purge the DOM cache when
the page it torn down (but we might do that already).
I wonder how we keep custom prototypes alive... maybe we walk the prototype
chain of any object when marking.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list