Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b1f2174caabb523dc409920affacad770d003514
https://github.com/WebKit/WebKit/commit/b1f2174caabb523dc409920affacad770d003514
Author: Ben Nham <[email protected]>
Date: 2026-06-12 (Fri, 12 Jun 2026)
Changed paths:
M Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
M Source/WebCore/bindings/js/JSDOMGlobalObject.h
M Source/WebCore/page/WebKitJSHandle.cpp
M Source/WebCore/page/WebKitJSHandle.h
M Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm
M Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h
M Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm
M Source/WebKit/UIProcess/WebPageProxyTesting.cpp
M Source/WebKit/UIProcess/WebPageProxyTesting.h
M Source/WebKit/WebProcess/WebPage/WebFrame.cpp
M Source/WebKit/WebProcess/WebPage/WebPageTesting.cpp
M Source/WebKit/WebProcess/WebPage/WebPageTesting.h
M Source/WebKit/WebProcess/WebPage/WebPageTesting.messages.in
M Tools/TestWebKitAPI/Tests/WebKit/WKWebView/JSHandle.mm
Log Message:
-----------
WKJSHandle keeps documents alive after navigation
https://bugs.webkit.org/show_bug.cgi?id=316933
rdar://170087117
Reviewed by Ryosuke Niwa.
WKJSHandle extends the lifetime of the document it is associated with. This is
not intended and can
lead to unwanted memory accumulation. For instance:
1. WKJSHandle wraps a DOM node, which keeps the DOM node alive forever (due to
the strong handle map)
2. JSNode holds a strong reference to the underlying C++ Node
3. Node keeps Document alive (through incrementReferencingNodeCount)
4. Document never dies for the lifetime of WKJSHandle in the UIProcess
Instead, the handle should only live for as long as its associated document. To
do this, each
JSDOMGlobalObject now keeps track of associated handles and adds it to the GC
set in its
visitChildren.
Tests: Tools/TestWebKitAPI/Tests/WebKit/WKWebView/JSHandle.mm
* Source/WebCore/bindings/js/JSDOMGlobalObject.cpp:
(WebCore::JSDOMGlobalObject::visitChildrenImpl):
(WebCore::JSDOMGlobalObject::addJSHandle):
(WebCore::JSDOMGlobalObject::refJSHandle):
(WebCore::JSDOMGlobalObject::derefJSHandle):
* Source/WebCore/bindings/js/JSDOMGlobalObject.h:
* Source/WebCore/page/WebKitJSHandle.cpp:
(WebCore::handleToGlobalMap):
(WebCore::globalObjectForIdentifier):
(WebCore::WebKitJSHandle::jsHandleSentToAnotherProcess):
(WebCore::WebKitJSHandle::jsHandleDestroyed):
(WebCore::WebKitJSHandle::objectForIdentifier):
(WebCore::WebKitJSHandle::WebKitJSHandle):
(WebCore::handleMap): Deleted.
* Source/WebCore/page/WebKitJSHandle.h:
* Source/WebKit/UIProcess/API/Cocoa/WKPreferences.mm:
(-[WKPreferences _setUsesPageCache:]):
(-[WKPreferences _usesPageCache]):
* Source/WebKit/UIProcess/API/Cocoa/WKPreferencesPrivate.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivateForTesting.h:
* Source/WebKit/UIProcess/API/Cocoa/WKWebViewTesting.mm:
(-[WKWebView _numberOfLiveDocumentsForTesting:]):
* Source/WebKit/UIProcess/WebPageProxyTesting.cpp:
(WebKit::WebPageProxyTesting::numberOfLiveDocuments):
* Source/WebKit/UIProcess/WebPageProxyTesting.h:
* Source/WebKit/WebProcess/WebPage/WebFrame.cpp:
(WebKit::nodeFromJSHandleIdentifier):
* Source/WebKit/WebProcess/WebPage/WebPageTesting.cpp:
(WebKit::WebPageTesting::numberOfLiveDocuments):
* Source/WebKit/WebProcess/WebPage/WebPageTesting.h:
* Source/WebKit/WebProcess/WebPage/WebPageTesting.messages.in:
* Tools/TestWebKitAPI/Tests/WebKit/WKWebView/JSHandle.mm:
(TestWebKitAPI::TEST(JSHandle, Basic)):
(TestWebKitAPI::TEST(JSHandle, HandleDoesNotKeepDocumentAliveAfterNavigation)):
Canonical link: https://commits.webkit.org/315168@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
