[Webkit-unassigned] [Bug 185712] New: NavigationAction entrains entire Documents

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed May 16 21:39:49 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=185712

            Bug ID: 185712
           Summary: NavigationAction entrains entire Documents
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Page Loading
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: simon.fraser at apple.com
                CC: beidson at apple.com

NavigationAction is holding references to Documents, which keeps them alive longer than they would normally be. To reproduce:

1. Load simple HMTL file A.html in WK2 MiniBrowser.
2. Load simple HTML file B.html (I dragged the file into the window).
3. Click the Back button.
4. In terminal, run "notifyutil -p org.WebKit.lowMemory" to clear the page cache.

At this point, you'd expect to see the Document for B.html be destroyed. But it isn't. The entire DOM for A sticks around.

5. Reload A.html

Here B.html's document is finally destroyed:

  * frame #0: 0x0000000639dec66e WebCore`WebCore::Document::~Document(this=0x0000000651201f40) at Document.cpp:582
    frame #1: 0x000000063a188c25 WebCore`WebCore::HTMLDocument::~HTMLDocument(this=0x0000000651201f40) at HTMLDocument.cpp:95
    frame #2: 0x000000063a188c45 WebCore`WebCore::HTMLDocument::~HTMLDocument(this=0x0000000651201f40) at HTMLDocument.cpp:95
    frame #3: 0x000000063a188ce9 WebCore`WebCore::HTMLDocument::~HTMLDocument(this=0x0000000651201f40) at HTMLDocument.cpp:95
    frame #4: 0x0000000639defec0 WebCore`WebCore::Document::decrementReferencingNodeCount(this=0x0000000651201f40) at Document.h:359
    frame #5: 0x0000000639defc10 WebCore`WebCore::Document::removedLastRef(this=0x0000000651201f40) at Document.cpp:709
    frame #6: 0x0000000639f29cf7 WebCore`WebCore::Node::removedLastRef(this=0x0000000651201f40) at Node.cpp:2480
    frame #7: 0x0000000638020bd3 WebCore`WebCore::Node::deref(this=0x0000000651201f40) at Node.h:714
    frame #8: 0x00000006392b0701 WebCore`void WTF::derefIfNotNull<WebCore::Document>(ptr=0x0000000651201f40) at RefPtr.h:45
    frame #9: 0x00000006392b06c9 WebCore`WTF::RefPtr<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >::~RefPtr(this=0x000000064e4f2e68) at RefPtr.h:70
    frame #10: 0x00000006392adfe5 WebCore`WTF::RefPtr<WebCore::Document, WTF::DumbPtrTraits<WebCore::Document> >::~RefPtr(this=0x000000064e4f2e68) at RefPtr.h:70
    frame #11: 0x000000063a61ec8b WebCore`WebCore::NavigationAction::~NavigationAction(this=0x000000064e4f2e68) at NavigationAction.cpp:42
    frame #12: 0x000000063a61ecf5 WebCore`WebCore::NavigationAction::~NavigationAction(this=0x000000064e4f2e68) at NavigationAction.cpp:40
    frame #13: 0x000000063a58d1c9 WebCore`WebCore::DocumentLoader::~DocumentLoader(this=0x000000064e4f2400) at DocumentLoader.cpp:181
    frame #14: 0x0000000109a6e555 WebKit`WebKit::WebDocumentLoader::~WebDocumentLoader(this=0x000000064e4f2400) at WebDocumentLoader.h:33
    frame #15: 0x0000000109a6e3b5 WebKit`WebKit::WebDocumentLoader::~WebDocumentLoader(this=0x000000064e4f2400) at WebDocumentLoader.h:33
    frame #16: 0x0000000109a6e3d9 WebKit`WebKit::WebDocumentLoader::~WebDocumentLoader(this=0x000000064e4f2400) at WebDocumentLoader.h:33
    frame #17: 0x000000063999c34f WebCore`WTF::RefCounted<WebCore::DocumentLoader>::deref(this=0x000000064e4f2410) const at RefCounted.h:145
    frame #18: 0x000000063999c2a5 WebCore`void WTF::derefIfNotNull<WebCore::DocumentLoader>(ptr=0x000000064e4f2400) at RefPtr.h:45
    frame #19: 0x000000063999c269 WebCore`WTF::RefPtr<WebCore::DocumentLoader, WTF::DumbPtrTraits<WebCore::DocumentLoader> >::~RefPtr(this=0x00007ffee6b1e3e8) at RefPtr.h:70
    frame #20: 0x000000063998d445 WebCore`WTF::RefPtr<WebCore::DocumentLoader, WTF::DumbPtrTraits<WebCore::DocumentLoader> >::~RefPtr(this=0x00007ffee6b1e3e8) at RefPtr.h:70
    frame #21: 0x000000063a5e4b29 WebCore`WTF::RefPtr<WebCore::DocumentLoader, WTF::DumbPtrTraits<WebCore::DocumentLoader> >::operator=(this=0x00007fcdd4a11480, optr=0x000000064e4f0000) at RefPtr.h:151
    frame #22: 0x000000063a5d9f03 WebCore`WebCore::FrameLoader::setDocumentLoader(this=0x00007fcdd4a11430, loader=0x000000064e4f0000) at FrameLoader.cpp:1819
    frame #23: 0x000000063a5e6356 WebCore`WebCore::FrameLoader::transitionToCommitted(this=0x00007fcdd4a11430, cachedPage=0x0000000000000000) at FrameLoader.cpp:2027

This is a problem. NavigationAction needs to not hold strong references to Documents.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180517/4c6bb70f/attachment-0001.html>

More information about the webkit-unassigned mailing list