[Webkit-unassigned] [Bug 64726] OpaqueJSClass could always lock the first page that uses the class
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 19 11:23:40 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=64726
--- Comment #3 from Yong Li <yong.li.webkit at gmail.com> 2011-07-19 11:23:40 PST ---
(In reply to comment #2)
> (In reply to comment #1)
> > > the first page's global objects could always be locked by "cachedPrototype"
> >
> > How? When does this happen?
>
> Assume I define a class A, and create object a1 for page1. Then OpaqueJSClass::prototype create a "cachedPrototype" in page1's context.
>
> Then I create object a2 for page2 using the same JSClassDef for class A. WebKit will use the same OpaqueJSClass, and then the same "cachedPrototype".
>
> Now I close page1, which triggers a GC. However the "cachedPrototype" is still locked by object a2. I'm not very clear about how GC marks the global objects, but I'm seeing the JSDOMWindow of page1 is marked due to this. So it is not GC'ed. (This is based on an old checkout, but I still see the relevant OpaqueJSClass code in ToT.)
>
> Then I close page2, a2 releases the lock on "cachedPrototype", then "cachedPrototype" is also collected, and everything in page1's context is cleaned up finally.
Actually a1/a2 is added to "window", and that is probably the reason why it holds JSDOMWindow
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list