WebKit GIT trees - WebKit-https.git/commit

Throttled DOMTimers can prevent their document from being garbage collected
https://bugs.webkit.org/show_bug.cgi?id=138915

Reviewed by Andreas Kling.

Source/WebCore:

Throttled DOMTimers whose interval depend on viewport changes would
keep a Vector of elements outside viewport causing them to be throttled
so that we could check later on (upon scroll or layout) if those
elements are still outside viewport. The issue is that these elements
could potentially be removed from the document (and destroyed) after
the timer has fired. To handle this, DOMTimer was ref'ing the
elements. Unfortunately, this was causing us to leak the document
as the elements in the Vector would keep the document alive.

To handle this issue, this patch updates the DOMTimer Vector to use
weak pointers. The WeakPtrFactory is stored in ElementRareData to
avoid wasting memory for all kinds of Elements (it is a fair assumption
that the number of elements whose style is animated via timers is low).

Test: fast/dom/throttled-timer-running-on-document-destruction.html

* dom/Element.cpp:
(WebCore::Element::createWeakPtr):
* dom/Element.h:
* dom/ElementRareData.cpp:
* dom/ElementRareData.h:
(WebCore::ElementRareData::weakPtrFactory):
* page/DOMTimer.cpp:
(WebCore::DOMTimerFireState::elementsChangedOutsideViewport):
(WebCore::DOMTimer::updateThrottlingStateAfterViewportChange):
* page/DOMTimer.h:

LayoutTests:

Improve fast/dom/throttled-timer-running-on-document-destruction.html
layout test to cover the case where the throttled timer is changing the
style of an element on the *same* document when the document is
destroyed.

* fast/dom/resources/frame-with-throttled-timer-animating-element-other-document.html: Renamed from LayoutTests/fast/dom/resources/frame-with-throttled-timer.html.
* fast/dom/resources/frame-with-throttled-timer-animating-element-same-document.html: Added.
* fast/dom/throttled-timer-running-on-document-destruction.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@176496 268f45cc-cd09-0410-ab3c-d52691b4dbfc

author	cdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Sat, 22 Nov 2014 03:29:58 +0000 (03:29 +0000)
committer	cdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Sat, 22 Nov 2014 03:29:58 +0000 (03:29 +0000)
commit	407d778fc9cdc42d7d6b128c88bb04c4a157e35f
tree	cecbc8cddc8a131ef656b182be0bbce949045ddc	tree \| snapshot
parent	51788c22231bedd69a44907be4954f65f9a44324	commit \| diff

LayoutTests/ChangeLog		diff \| blob \| history
LayoutTests/fast/dom/resources/frame-with-throttled-timer-animating-element-other-document.html	[moved from LayoutTests/fast/dom/resources/frame-with-throttled-timer.html with 98% similarity]	diff \| blob \| history
LayoutTests/fast/dom/resources/frame-with-throttled-timer-animating-element-same-document.html	[new file with mode: 0644]	blob
LayoutTests/fast/dom/throttled-timer-running-on-document-destruction.html		diff \| blob \| history
Source/WebCore/ChangeLog		diff \| blob \| history
Source/WebCore/dom/Element.cpp		diff \| blob \| history
Source/WebCore/dom/Element.h		diff \| blob \| history
Source/WebCore/dom/ElementRareData.cpp		diff \| blob \| history
Source/WebCore/dom/ElementRareData.h		diff \| blob \| history
Source/WebCore/dom/Node.cpp		diff \| blob \| history
Source/WebCore/page/DOMTimer.cpp		diff \| blob \| history
Source/WebCore/page/DOMTimer.h		diff \| blob \| history