Title: [255965] branches/safari-610.1.1-branch/Source/WebCore
- Revision
- 255965
- Author
- [email protected]
- Date
- 2020-02-06 10:57:49 -0800 (Thu, 06 Feb 2020)
Log Message
Cherry-pick r255953. rdar://problem/59228071
[Web Animations] Ensure all timelines are detached from their document
https://bugs.webkit.org/show_bug.cgi?id=207331
<rdar://problem/59210306>
Patch by Antoine Quint <[email protected]> on 2020-02-06
Reviewed by Dean Jackson.
We recently added a WeakHashSet<DocumentTimeline> m_timelines member to Document and added code to ~DocumentTimeline
to remove themselves from their Document's m_timelines. However, Document::prepareForDestruction() would call
DocumentTimeline::detachFromDocument() only for the main timeline and neglect to do the same for any additional
timelines that may have been created with the DocumentTimeline constructor.
We now cleanly call DocumentTimeline::detachFromDocument() for all items in a Document's m_timelines, which has the
effect of clearing the Document <> DocumentTimeline relationship since DocumentTimeline::detachFromDocument() now
calls Document::removeTimeline().
Finally, we now call DocumentTimeline::detachFromDocument() from the DocumentTimeline destructor to ensure that timelines
that were created purely in JS but got garbage-collected are no longer referenced from the Document still.
* animation/DocumentTimeline.cpp:
(WebCore::DocumentTimeline::~DocumentTimeline):
(WebCore::DocumentTimeline::detachFromDocument):
(WebCore::DocumentTimeline::cacheCurrentTime):
* dom/Document.cpp:
(WebCore::Document::prepareForDestruction):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255953 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-610.1.1-branch/Source/WebCore/ChangeLog (255964 => 255965)
--- branches/safari-610.1.1-branch/Source/WebCore/ChangeLog 2020-02-06 18:45:07 UTC (rev 255964)
+++ branches/safari-610.1.1-branch/Source/WebCore/ChangeLog 2020-02-06 18:57:49 UTC (rev 255965)
@@ -1,3 +1,62 @@
+2020-02-06 Russell Epstein <[email protected]>
+
+ Cherry-pick r255953. rdar://problem/59228071
+
+ [Web Animations] Ensure all timelines are detached from their document
+ https://bugs.webkit.org/show_bug.cgi?id=207331
+ <rdar://problem/59210306>
+
+ Patch by Antoine Quint <[email protected]> on 2020-02-06
+ Reviewed by Dean Jackson.
+
+ We recently added a WeakHashSet<DocumentTimeline> m_timelines member to Document and added code to ~DocumentTimeline
+ to remove themselves from their Document's m_timelines. However, Document::prepareForDestruction() would call
+ DocumentTimeline::detachFromDocument() only for the main timeline and neglect to do the same for any additional
+ timelines that may have been created with the DocumentTimeline constructor.
+
+ We now cleanly call DocumentTimeline::detachFromDocument() for all items in a Document's m_timelines, which has the
+ effect of clearing the Document <> DocumentTimeline relationship since DocumentTimeline::detachFromDocument() now
+ calls Document::removeTimeline().
+
+ Finally, we now call DocumentTimeline::detachFromDocument() from the DocumentTimeline destructor to ensure that timelines
+ that were created purely in JS but got garbage-collected are no longer referenced from the Document still.
+
+ * animation/DocumentTimeline.cpp:
+ (WebCore::DocumentTimeline::~DocumentTimeline):
+ (WebCore::DocumentTimeline::detachFromDocument):
+ (WebCore::DocumentTimeline::cacheCurrentTime):
+ * dom/Document.cpp:
+ (WebCore::Document::prepareForDestruction):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@255953 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-02-06 Antoine Quint <[email protected]>
+
+ [Web Animations] Ensure all timelines are detached from their document
+ https://bugs.webkit.org/show_bug.cgi?id=207331
+ <rdar://problem/59210306>
+
+ Reviewed by Dean Jackson.
+
+ We recently added a WeakHashSet<DocumentTimeline> m_timelines member to Document and added code to ~DocumentTimeline
+ to remove themselves from their Document's m_timelines. However, Document::prepareForDestruction() would call
+ DocumentTimeline::detachFromDocument() only for the main timeline and neglect to do the same for any additional
+ timelines that may have been created with the DocumentTimeline constructor.
+
+ We now cleanly call DocumentTimeline::detachFromDocument() for all items in a Document's m_timelines, which has the
+ effect of clearing the Document <> DocumentTimeline relationship since DocumentTimeline::detachFromDocument() now
+ calls Document::removeTimeline().
+
+ Finally, we now call DocumentTimeline::detachFromDocument() from the DocumentTimeline destructor to ensure that timelines
+ that were created purely in JS but got garbage-collected are no longer referenced from the Document still.
+
+ * animation/DocumentTimeline.cpp:
+ (WebCore::DocumentTimeline::~DocumentTimeline):
+ (WebCore::DocumentTimeline::detachFromDocument):
+ (WebCore::DocumentTimeline::cacheCurrentTime):
+ * dom/Document.cpp:
+ (WebCore::Document::prepareForDestruction):
+
2020-02-04 Alan Coon <[email protected]>
Cherry-pick r254887. rdar://problem/58858225
Modified: branches/safari-610.1.1-branch/Source/WebCore/animation/DocumentTimeline.cpp (255964 => 255965)
--- branches/safari-610.1.1-branch/Source/WebCore/animation/DocumentTimeline.cpp 2020-02-06 18:45:07 UTC (rev 255964)
+++ branches/safari-610.1.1-branch/Source/WebCore/animation/DocumentTimeline.cpp 2020-02-06 18:57:49 UTC (rev 255965)
@@ -77,12 +77,14 @@
DocumentTimeline::~DocumentTimeline()
{
- if (m_document)
- m_document->removeTimeline(*this);
+ detachFromDocument();
}
void DocumentTimeline::detachFromDocument()
{
+ if (m_document)
+ m_document->removeTimeline(*this);
+
m_currentTimeClearingTaskQueue.close();
m_elementsWithRunningAcceleratedAnimations.clear();
@@ -287,6 +289,8 @@
void DocumentTimeline::cacheCurrentTime(DOMHighResTimeStamp newCurrentTime)
{
+ ASSERT(m_document);
+
m_cachedCurrentTime = Seconds(newCurrentTime);
// We want to be sure to keep this time cached until we've both finished running JS and finished updating
// animations, so we schedule the invalidation task and register a whenIdle callback on the VM, which will
Modified: branches/safari-610.1.1-branch/Source/WebCore/dom/Document.cpp (255964 => 255965)
--- branches/safari-610.1.1-branch/Source/WebCore/dom/Document.cpp 2020-02-06 18:45:07 UTC (rev 255964)
+++ branches/safari-610.1.1-branch/Source/WebCore/dom/Document.cpp 2020-02-06 18:57:49 UTC (rev 255965)
@@ -2578,10 +2578,9 @@
detachFromFrame();
- if (m_timeline) {
- m_timeline->detachFromDocument();
- m_timeline = nullptr;
- }
+ while (!m_timelines.computesEmpty())
+ m_timelines.begin()->detachFromDocument();
+ m_timeline = nullptr;
#if ENABLE(CSS_PAINTING_API)
for (auto& scope : m_paintWorkletGlobalScopes.values())
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
