Changeset 246057 in webkit

Timestamp:

Jun 4, 2019 12:38:17 AM (5 years ago)

Author:

commit-queue@webkit.org

Message:

JS wrapper of target in ResizeObserverEntry/ResizeObserver shouldn't get collected ahead
​https://bugs.webkit.org/show_bug.cgi?id=197457

Patch by Cathie Chen <cathiechen> on 2019-06-04
Reviewed by Ryosuke Niwa.

Source/WebCore:

Add JSCustomMarkFunction to make sure JS wrappers wouldn't be collected when JSResizeObserverEntry live.

For ResizeObserver, if targets are removed, it will get fired for the last time. We also need to keep these JS
wrappers live. So add these targets to a GCReachableRef list once they're observed.

Add element-leak.html to test the targets with entry.target.myEntry = entry could be released properly.

Tests: resize-observer/element-leak.html

resize-observer/resize-observer-entry-keeps-js-wrapper-of-target-alive.html
resize-observer/resize-observer-keeps-js-wrapper-of-target-alive.html

• Sources.txt:
• WebCore.xcodeproj/project.pbxproj:
• bindings/js/JSResizeObserverEntryCustom.cpp: Added.

(WebCore::JSResizeObserverEntry::visitAdditionalChildren):

• page/ResizeObserver.cpp:

(WebCore::ResizeObserver::observe):
(WebCore::ResizeObserver::removeAllTargets):
(WebCore::ResizeObserver::removeObservation):
(WebCore::ResizeObserver::stop):

• page/ResizeObserver.h:
• page/ResizeObserverEntry.idl:

LayoutTests:

• platform/win/TestExpectations:
• resize-observer/element-leak-expected.txt: Added.
• resize-observer/element-leak.html: Added.
• resize-observer/resize-observer-entry-keeps-js-wrapper-of-target-alive-expected.txt: Added.
• resize-observer/resize-observer-entry-keeps-js-wrapper-of-target-alive.html: Added.
• resize-observer/resize-observer-keeps-js-wrapper-of-target-alive-expected.txt: Added.
• resize-observer/resize-observer-keeps-js-wrapper-of-target-alive.html: Added.
• resize-observer/resources/element-leak-frame.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/platform/win/TestExpectations (modified) (1 diff)
• LayoutTests/resize-observer/element-leak-expected.txt (added)
• LayoutTests/resize-observer/element-leak.html (added)
• LayoutTests/resize-observer/resize-observer-entry-keeps-js-wrapper-of-target-alive-expected.txt (added)
• LayoutTests/resize-observer/resize-observer-entry-keeps-js-wrapper-of-target-alive.html (added)
• LayoutTests/resize-observer/resize-observer-keeps-js-wrapper-of-target-alive-expected.txt (added)
• LayoutTests/resize-observer/resize-observer-keeps-js-wrapper-of-target-alive.html (added)
• LayoutTests/resize-observer/resources/element-leak-frame.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Sources.txt (modified) (1 diff)
• Source/WebCore/WebCore.xcodeproj/project.pbxproj (modified) (2 diffs)
• Source/WebCore/bindings/js/JSResizeObserverEntryCustom.cpp (copied) (copied from trunk/Source/WebCore/page/ResizeObserverEntry.idl) (1 diff)
• Source/WebCore/page/ResizeObserver.cpp (modified) (4 diffs)
• Source/WebCore/page/ResizeObserver.h (modified) (2 diffs)
• Source/WebCore/page/ResizeObserverEntry.idl (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-06-04  Cathie Chen  <cathiechen@igalia.com>
+
+        JS wrapper of target in ResizeObserverEntry/ResizeObserver shouldn't get collected ahead
+        https://bugs.webkit.org/show_bug.cgi?id=197457
+
+        Reviewed by Ryosuke Niwa.
+
+        * platform/win/TestExpectations:
+        * resize-observer/element-leak-expected.txt: Added.
+        * resize-observer/element-leak.html: Added.
+        * resize-observer/resize-observer-entry-keeps-js-wrapper-of-target-alive-expected.txt: Added.
+        * resize-observer/resize-observer-entry-keeps-js-wrapper-of-target-alive.html: Added.
+        * resize-observer/resize-observer-keeps-js-wrapper-of-target-alive-expected.txt: Added.
+        * resize-observer/resize-observer-keeps-js-wrapper-of-target-alive.html: Added.
+        * resize-observer/resources/element-leak-frame.html: Added.
+
 2019-06-03  Youenn Fablet  <youenn@apple.com>
 

trunk/LayoutTests/platform/win/TestExpectations

@@ -4402 +4402 @@
 
 webkit.org/b/198112 http/tests/security/showModalDialog-sync-cross-origin-page-load2.html [ Skip ]
+
+# The removed elements couldn't be released properly in Win.
+# The relevant bug is https://bugs.webkit.org/show_bug.cgi?id=197908
+resize-observer/element-leak.html [ Skip ]

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-06-04  Cathie Chen  <cathiechen@igalia.com>
+
+        JS wrapper of target in ResizeObserverEntry/ResizeObserver shouldn't get collected ahead
+        https://bugs.webkit.org/show_bug.cgi?id=197457
+
+        Reviewed by Ryosuke Niwa.
+
+        Add JSCustomMarkFunction to make sure JS wrappers wouldn't be collected when JSResizeObserverEntry live.
+
+        For ResizeObserver, if targets are removed, it will get fired for the last time. We also need to keep these JS
+        wrappers live. So add these targets to a GCReachableRef list once they're observed.
+
+        Add element-leak.html to test the targets with `entry.target.myEntry = entry` could be released properly.
+
+        Tests: resize-observer/element-leak.html
+               resize-observer/resize-observer-entry-keeps-js-wrapper-of-target-alive.html
+               resize-observer/resize-observer-keeps-js-wrapper-of-target-alive.html
+
+        * Sources.txt:
+        * WebCore.xcodeproj/project.pbxproj:
+        * bindings/js/JSResizeObserverEntryCustom.cpp: Added.
+        (WebCore::JSResizeObserverEntry::visitAdditionalChildren):
+        * page/ResizeObserver.cpp:
+        (WebCore::ResizeObserver::observe):
+        (WebCore::ResizeObserver::removeAllTargets):
+        (WebCore::ResizeObserver::removeObservation):
+        (WebCore::ResizeObserver::stop):
+        * page/ResizeObserver.h:
+        * page/ResizeObserverEntry.idl:
+
 2019-06-03  Andy Estes  <aestes@apple.com>
 

trunk/Source/WebCore/Sources.txt

@@ -534 +534 @@
 bindings/js/JSRemoteDOMWindowBase.cpp
 bindings/js/JSRemoteDOMWindowCustom.cpp
+bindings/js/JSResizeObserverEntryCustom.cpp
 bindings/js/JSSVGPathSegCustom.cpp
 bindings/js/JSSVGViewSpecCustom.cpp

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -8794 +8794 @@
                 585D6E011A1A792E00FA4F12 /* SimpleLineLayoutFlowContents.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SimpleLineLayoutFlowContents.cpp; sourceTree = "<group>"; };
                 585D6E021A1A792E00FA4F12 /* SimpleLineLayoutFlowContents.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SimpleLineLayoutFlowContents.h; sourceTree = "<group>"; };
+                5884FE5622813E2D0040AFF6 /* JSResizeObserverEntryCustom.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSResizeObserverEntryCustom.cpp; sourceTree = "<group>"; };
                 589556EC18D4A44000764B03 /* BorderEdge.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = BorderEdge.h; sourceTree = "<group>"; };
                 58AEE2F318D4BCCF0022E7FE /* BorderEdge.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BorderEdge.cpp; sourceTree = "<group>"; };
@@ -20691 +20692 @@
                                 833CF70F20DB3F5F00141BCC /* JSPerformanceObserverCustom.cpp */,
                                 A4A69B8BB91B49D0A804C31D /* JSPromiseRejectionEventCustom.cpp */,
+                                5884FE5622813E2D0040AFF6 /* JSResizeObserverEntryCustom.cpp */,
                                 83F572941FA1066F003837BE /* JSServiceWorkerClientCustom.cpp */,
                                 460D19441FCE21DD00C3DB85 /* JSServiceWorkerGlobalScopeCustom.cpp */,

trunk/Source/WebCore/bindings/js/JSResizeObserverEntryCustom.cpp

@@ -24 +24 @@
  */
 
-// https://wicg.github.io/ResizeObserver/
+#include "config.h"
+#include "JSResizeObserverEntry.h"
 
-[
-    Conditional=RESIZE_OBSERVER,
-    ImplementationLacksVTable,
-    EnabledBySetting=ResizeObserver
-] interface ResizeObserverEntry {
-    readonly attribute Element target;
-    readonly attribute DOMRectReadOnly contentRect;
-};
+#include "JSNodeCustom.h"
+
+namespace WebCore {
+
+void JSResizeObserverEntry::visitAdditionalChildren(JSC::SlotVisitor& visitor)
+{
+    visitor.addOpaqueRoot(root(wrapped().target()));
+    visitor.addOpaqueRoot(wrapped().contentRect());
+}
+
+}

trunk/Source/WebCore/page/ResizeObserver.cpp

@@ -70 +70 @@
 
     m_observations.append(ResizeObservation::create(&target));
+    m_pendingTargets.append(target);
 
     if (m_document) {
@@ -141 +142 @@
         ASSERT_UNUSED(removed, removed);
     }
+    m_pendingTargets.clear();
+    m_activeObservations.clear();
     m_observations.clear();
 }
@@ -146 +149 @@
 bool ResizeObserver::removeObservation(const Element& target)
 {
+    m_pendingTargets.removeFirstMatching([&target](auto& pendingTarget) {
+        return pendingTarget.ptr() == ⌖
+    });
+
     m_activeObservations.removeFirstMatching([&target](auto& observation) {
         return observation->target() == ⌖
@@ -174 +181 @@
     disconnect();
     m_callback = nullptr;
-    m_observations.clear();
-    m_activeObservations.clear();
 }
 

trunk/Source/WebCore/page/ResizeObserver.h

@@ -29 +29 @@
 
 #include "ActiveDOMObject.h"
+#include "GCReachableRef.h"
 #include "ResizeObservation.h"
 #include "ResizeObserverCallback.h"
@@ -81 +82 @@
 
     Vector<Ref<ResizeObservation>> m_activeObservations;
+    Vector<GCReachableRef<Element>> m_pendingTargets;
     bool m_hasSkippedObservations { false };
 };

trunk/Source/WebCore/page/ResizeObserverEntry.idl

@@ -29 +29 @@
     Conditional=RESIZE_OBSERVER,
     ImplementationLacksVTable,
-    EnabledBySetting=ResizeObserver
+    EnabledBySetting=ResizeObserver,
+    JSCustomMarkFunction
 ] interface ResizeObserverEntry {
     readonly attribute Element target;