[Webkit-unassigned] [Bug 66878] HTMLAudioElement can be garbage collected while it playing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 21 09:19:06 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=66878
--- Comment #4 from Eugene Nalimov <enal at google.com> 2011-09-21 09:19:05 PST ---
Unfortunately, just deriving from ActiveDomObject is not enough, at least in V8. You have to modify source/WebCore/bindings/scripts/CodeGeneratorV8.pm as well, adding type to the list of active types.
After that I had to change private inheritance to public, because otherwise some method used in the generated becomes inaccessible.
That is not enough, either -- when playing audio there are no pending events, so HTMLMediaElement::hasPendingActivity() returns false, and garbage collector happily deletes playing object. I had to implement hasPendingActivity() in HTMLAudioElement.
When testing that change I hit another bug in V8 bindings -- listener object can be deleted while object that generates events is still alive, resulting in loss of JS events. Prolonging life of audio object exposed that bug, but it was in V8 forever. I was fortunate enough, my main repro case actively uses events. Fix is to change code generated for V8Node, and to do it in a way that would not cause every V8Node to have extra slot, usable only in small minority of objects. Anton Muhin helped me in investigation and suggested what fix might be.
I believe now I have all necessary changes, and will finally submit a patch shortly...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list