You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Avoid creating JS wrapper on a removed node when the subtree is not observable
https://bugs.webkit.org/show_bug.cgi?id=221243
<rdar://problem/73719386>
Reviewed by Geoffrey Garen.
Prior to this patch, WebKit forced the creation the JS wrapper on the root DOM node of a removed subtree
to avoid script observable deletion of nodes. This is necessary because DOM nodes are reference counted
in the C++ side, and while a DOM node keeps its child nodes alive, it won't keep its parent node alive
to avoid reference cycles (leaks). If we didn't force the creation of the JS wrapper and the root node
of the removed subtree didn't have any external reference to it in C++ side, we would happily delete it
and all its descendant nodes above any subtree with a JS wrapper or an external C++ reference.
While this turned out to be an effective strategy for implementing DOM nodes' GC semantics correctly,
it has a significant runtime and memory cost - the latter is because we don't collect the JS wrappers
of DOM nodes once they're created until they're ready to be destructed.
This patch introduces a new optimization to avoid creating these JS wrappers when the removed subtree
won't be observable by scripts in the future. The current heuristic is to check if the removed node
has any external reference to it (i.e. refCount() > 0 excluding any reference counting that happens within
our algorithm). This is sufficient because a given node should not be observable at a later time unless
it has an external reference to it. This is ~0.5% progression on Speedometer-2.0 on MacBookAir7,2.
To do this, we take advantage of the fact notifyChildNodeRemoved already traverses each removed subtree,
and check if any of them has a reference count greater than 1 (greater than 1 because notifyChildNodeRemoved
itself increments node's reference count before calling itself on child nodes). Note that we exclude the
root node of the removed subtree as these JS wrapper creation is only needed to keep the root node alive.
If the root node is already kept alive by some external reference to it, there is no need to keep it alive
again by creating a JS wrapper on it.
No new tests since existing tests such as fast/dom/gc-3.html covers it.
* dom/ContainerNode.cpp:
(WebCore::ContainerNode::removeAllChildrenWithScriptAssertion): Call willCreatePossiblyOrphanedTreeByRemoval
if the removed subtree contains an observable node.
(WebCore::ContainerNode::removeNodeWithScriptAssertion): Ditto.
(WebCore::ContainerNode::removeSelfOrChildNodesForInsertion): Renamed from collectChildrenAndRemoveFromOldParent.
Avoid collecting the removed nodes in this function in addition to removeAllChildrenWithScriptAssertion.
(WebCore::ContainerNode::insertBefore):
(WebCore::ContainerNode::replaceChild):
(WebCore::ContainerNode::appendChildWithoutPreInsertionValidityCheck):
(WebCore::dispatchChildRemovalEvents): Don't call willCreatePossiblyOrphanedTreeByRemoval here.
* dom/ContainerNode.h:
* dom/ContainerNodeAlgorithms.cpp:
(WebCore::observabilityOfRemovedNode): Added. Checks the observability of a node excluding the root node of
the removed subtree since it needs a special case in removeAllChildrenWithScriptAssertion.
As notifyNodeRemovedFromDocument and notifyNodeRemovedFromTree ref's each child node before recursing on itself,
we check refCount() > 1 here.
(WebCore::updateObservability): Added. A helper function to update RemovedSubtreeObservability.
(WebCore::notifyNodeRemovedFromDocument): Now returns RemovedSubtreeObservability,
(WebCore::notifyNodeRemovedFromTree): Ditto.
(WebCore::notifyChildNodeRemoved): Ditto.
* dom/ContainerNodeAlgorithms.h:
Canonical link: https://commits.webkit.org/233719@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@272394 268f45cc-cd09-0410-ab3c-d52691b4dbfc
0 commit comments