Title: [137415] trunk/Source/WebCore
- Revision
- 137415
- Author
- [email protected]
- Date
- 2012-12-11 21:58:45 -0800 (Tue, 11 Dec 2012)
Log Message
[V8] Reachable event listeners on image elements can be collected in a minor DOM GC
https://bugs.webkit.org/show_bug.cgi?id=104734
Reviewed by Kenneth Russell.
A major DOM GC treats image elements specially. In
V8GCController::opaqueRootForGC(), a major DOM GC puts image elements
that have pending activities into the same object group of their document.
This guarantees that image elements that have pending activities
are not garbage collected in the major DOM GC.
This patch adds the same special handling to a minor DOM GC to guarantee
the same thing in the minor DOM GC too.
In long-term, we might want to remove the special handling by making
image elements active DOM nodes.
Test: Manually confirmed that all characters in
http://alteredqualia.com/three/examples/webgl_animation_skinning_tf2.html
are rendered correctly.
* bindings/v8/V8GCController.cpp:
(WebCore::V8GCController::opaqueRootForGC):
(WebCore::gcTree):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (137414 => 137415)
--- trunk/Source/WebCore/ChangeLog 2012-12-12 05:52:08 UTC (rev 137414)
+++ trunk/Source/WebCore/ChangeLog 2012-12-12 05:58:45 UTC (rev 137415)
@@ -1,3 +1,30 @@
+2012-12-11 Kentaro Hara <[email protected]>
+
+ [V8] Reachable event listeners on image elements can be collected in a minor DOM GC
+ https://bugs.webkit.org/show_bug.cgi?id=104734
+
+ Reviewed by Kenneth Russell.
+
+ A major DOM GC treats image elements specially. In
+ V8GCController::opaqueRootForGC(), a major DOM GC puts image elements
+ that have pending activities into the same object group of their document.
+ This guarantees that image elements that have pending activities
+ are not garbage collected in the major DOM GC.
+
+ This patch adds the same special handling to a minor DOM GC to guarantee
+ the same thing in the minor DOM GC too.
+
+ In long-term, we might want to remove the special handling by making
+ image elements active DOM nodes.
+
+ Test: Manually confirmed that all characters in
+ http://alteredqualia.com/three/examples/webgl_animation_skinning_tf2.html
+ are rendered correctly.
+
+ * bindings/v8/V8GCController.cpp:
+ (WebCore::V8GCController::opaqueRootForGC):
+ (WebCore::gcTree):
+
2012-12-11 Dominic Mazzoni <[email protected]>
AX: Make isActionSupported cross-platform.
Modified: trunk/Source/WebCore/bindings/v8/V8GCController.cpp (137414 => 137415)
--- trunk/Source/WebCore/bindings/v8/V8GCController.cpp 2012-12-12 05:52:08 UTC (rev 137414)
+++ trunk/Source/WebCore/bindings/v8/V8GCController.cpp 2012-12-12 05:58:45 UTC (rev 137415)
@@ -113,6 +113,10 @@
void* V8GCController::opaqueRootForGC(Node* node)
{
+ // FIXME: Remove the special handling for image elements.
+ // The same special handling is in V8GCController::gcTree().
+ // Maybe should image elements be active DOM nodes?
+ // See https://code.google.com/p/chromium/issues/detail?id=164882
if (node->inDocument() || (node->hasTagName(HTMLNames::imgTag) && static_cast<HTMLImageElement*>(node)->hasPendingActivity()))
return node->document();
@@ -223,7 +227,11 @@
do {
ASSERT(node);
if (!node->wrapper().IsEmpty()) {
- if (!node->isV8CollectableDuringMinorGC()) {
+ // FIXME: Remove the special handling for image elements.
+ // The same special handling is in V8GCController::opaqueRootForGC().
+ // Maybe should image elements be active DOM nodes?
+ // See https://code.google.com/p/chromium/issues/detail?id=164882
+ if (!node->isV8CollectableDuringMinorGC() || (node->hasTagName(HTMLNames::imgTag) && static_cast<HTMLImageElement*>(node)->hasPendingActivity())) {
// The fact that we encounter a node that is not in the Eden space
// implies that its wrapper might be in the old space of V8.
// This indicates that the minor GC cannot anyway judge reachability
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
