| Summary: | throw/catch(e) abandons a Document | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Simon Fraser (smfr) <simon.fraser> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | ap, ggaren, keith_miller, koivisto, mark.lam, rniwa, simon.fraser, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
|
Description
Simon Fraser (smfr)
2018-06-01 20:22:16 PDT
This is triggered by the throw and a catch that references the exception. Minimal test case:
<script>
try
{
throw('The document is abandoned');
}
catch(e)
{
}
</script>
My heap inspector tool shows a reference chain thus: Exception (GC root—VM exceptions) -> Internal -> ProgramCodeBlock -> Internal -> Window -> Variable document -> HTMLDocument “file:///Volumes/Data/Development/apple/webkit/OpenSource/LayoutTests/fast/css/invalid-import-rule-insertion.html” m_vm->lastException() is a GC root (see slotVisitor.appendUnbarriered(m_vm->lastException()) in Heap.cpp). Seems like we should clear this at some point. I guess we clear lastException() next time we run script (in the VMEntryScope constructor). Maybe GCController should call clearLastException() in some code paths. Two promising places to clear lastException: (1) ~JSLock() (2) A zero-delay timer The purpose of lastException is to provide an out-of-band accessor to the exception thrown by the current task / micro task. So, it's OK to throw it away after the task / micro task ends. *** This bug has been marked as a duplicate of bug 186277 *** |