Closed Bug 556241 Opened 14 years ago Closed 14 years ago

HTMLContentSink needs to participate in cycle collection

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
blocking1.9.2 --- .3+
status1.9.2 --- .3-fixed
blocking1.9.1 --- .10+
status1.9.1 --- .10-fixed

People

(Reporter: peterv, Assigned: peterv)

References

Details

Attachments

(2 files, 1 obsolete file)

v1
7.45 KB, patch
peterv
: review+
dveditz
: approval1.9.2.3+
christian
: approval1.9.1.10+
Details | Diff | Splinter Review
Testcase
489 bytes, text/html
Details
Attached patch v1Splinter Review 
It holds a document and it can end up in a cycle with the parser and that document.

Patch has r=jst. I'll try to write a testcase for this.
Attachment #436160 - Flags: review+
I thought we always broke this cycle as needed.... when do we fail to do it?
Still working on the testcase, but note that the nsContentSink already unlinks its document.
http://hg.mozilla.org/mozilla-central/rev/86fd7df36a31
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Attached file Testcase (obsolete) — 
This is the simplest testcase that leaks for me. I'm also seeing two assertions:

###!!! ASSERTION: Non-global object has the wrong flags: '!(jsclazz->flags & JSCLASS_IS_GLOBAL)', file js/src/xpconnect/src/xpcwrappednative.cpp, line 1118

###!!! ASSERTION: Overwriting an existing document channel!: '(loadFlags & nsIChannel::LOAD_REPLACE) || !(mDocumentRequest.get())', file uriloader/base/nsDocLoader.cpp, line 532

Need to figure out a way to stop the reloads after a while too.

Who is supposed to break the cycle without CC? We should be able to check that in this testcase.
Attached file Testcase 
This one reloads the main page twice. When shutting down I get in the leaked urls:

  file:///Users/peterv/test_bug556241.html
  file:///Users/peterv/test_bug556241.html
  file:///Users/peterv/test_bug556241.html?1
Attachment #436192 - Attachment is obsolete: true
> Who is supposed to break the cycle without CC?

Used to be that DidBuildModel on the sink would drop refs as needed....  But maybe we changed that.
Ah, but that drops the reference from sink to parser iirc. I think the issue here is that the testcase just calls document.open, so the document holds a reference to the parser, the parser holds a reference to the sink and the sink holds two references to the document (one in nsContentSink and one in HTMLContentSink). CC knows about all of these, except for HTMLContentSink->document.
Ah, I see. OK, thanks!
Attachment #436160 - Flags: approval1.9.2.3?
Comment on attachment 436160 [details] [diff] [review]
v1

I think we wanted to take this as well...
blocking1.9.1: --- → .10+
blocking1.9.2: --- → .3+
status1.9.1: --- → wanted
status1.9.2: --- → wanted
Comment on attachment 436160 [details] [diff] [review]
v1

Approved for 1.9.2.3, a=dveditz for release-drivers
Attachment #436160 - Flags: approval1.9.2.3? → approval1.9.2.3+
blocking1.9.2: .4+ → .3+
status1.9.2: .4-fixed.3-fixed
Attachment #436160 - Flags: approval1.9.2.4+ → approval1.9.2.3+
Can we get this fixed on the 1.9.1 branch, by tomorrow if possible?
Comment on attachment 436160 [details] [diff] [review]
v1

The patch works as-is on 1.9.1 too.
Attachment #436160 - Flags: approval1.9.1.10?
Comment on attachment 436160 [details] [diff] [review]
v1

a=LegNeato for 1.9.1.10
Attachment #436160 - Flags: approval1.9.1.10? → approval1.9.1.10+
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: