This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24771 - Provide guidance on object and CDM lifetime (including when events are guaranteed to be fired)
Summary: Provide guidance on object and CDM lifetime (including when events are guaran...
Alias: None
Product: HTML WG
Classification: Unclassified
Component: Encrypted Media Extensions (show other bugs)
Version: unspecified
Hardware: All All
: P3 normal
Target Milestone: ---
Assignee: David Dorwin
QA Contact: HTML WG Bugzilla archive list
Whiteboard: to_be_implemented
Keywords: editorial
Depends on: 24322 25199
  Show dependency treegraph
Reported: 2014-02-21 21:40 UTC by David Dorwin
Modified: 2015-03-24 15:31 UTC (History)
5 users (show)

See Also:


Description David Dorwin 2014-02-21 21:40:51 UTC
The spec does not specify the lifetime of the MediaKeys or MediaKeySession objects or when to destroy the CDM instance. The following are proposals for each of these.

*** MediaKeys ***
The MediaKeys lifetime is pretty simple - it can be destroyed when there are no more JS references (including video.mediaKeys) to it.

*** MediaKeySession ***
MediaKeySession is more complex. Since it is an EventTarget for events originating in the CDM, it should be alive as long as there are JavaScript references to it OR it may receive events. Since the CDM must outlive the MediaKeySession (see below) and the CDM could in theory fire events at any time, this would mean we can never destroy an unclosed MediaKeySession and thus never destroy the CDM instance. Therefore, we must change the second condition to: it may receive _meaningful_ events. Defining meaningful is the tricky part.

For the purpose of this discussion, let’s say events are only meaningful when they can affect a media element, meaning the MediaKeys object is or will potentially be attached to a media element. (That is, the MediaKeys is either currently attached or there is a JS reference to it that could be passed to setMediaKeys().)

It is possible that the CDM could fire (“non-meaningful”) events that would be caught by an event listener even when there are no JS (or media element) references to any MediaKeys or MediaKeySession objects. However, as mentioned above, we have to draw a line somewhere to prevent indefinite memory leaks, so I think we should require applications to have a reference to one of the two objects (including an attachment to a media element) in order to receive MediaKeySession events. (Applications that wish to to handle events that cannot affect the media element, such as those related to session accounting, must hold a reference to the session(s).)

This means applications are only guaranteed to receive events for a MediaKeySession when they hold a reference to the session, its MediaKeys object, or there is a valid HTMLMediaElement whose mediaKeys attribute references the MediaKeys object that created the session.

Thus, a MediaKeySession object should be destroyed when both of the following are true:
1) There are no JS references to it.
2) Either of the following is true:
  a) The session is closed.
  b) The MediaKeys object that created the session has been destroyed.

*** CDM Instance ***
Since MediaKeys represents a CDM instance, the naive approach would be to destroy it when MediaKeys is destroyed. However, it also needs to remain alive as long as there are any (non-closed) MediaKeySessions that can be used to access the CDM instance.

Thus, the CDM instance may be destroyed when both of the following are true:
1) The MediaKeys object has been destroyed.
2) All the MediaKeySession objects that MediaKeys object created have been destroyed.
(Really, we could add “or closed” to the second condition. Doing so might slightly accelerate destruction of the CDM instance in some cases since there could be a slight delay between closing the last session and garbage collection destroying the MediaKeySession. However, I don’t think it’s worth adding more conditions to close this gap.)

*** Notes ***
- Another approach would be to tie the CDM instance lifetime to the MediaKeys object’s lifetime and not destroy the MediaKeys as long as there are valid MediaKeySession objects. However, that would create a circular reference for unclosed sessions that would never be broken (since unclosed MediaKeySession objects are not destroyed until the MediaKeys object is destroyed).

- There is an assumption that no events are fired at a session after the “close” event. If this is not already explicitly stated, we should probably do so.

- "CDM instance" is not actually used in the spec. Instead, we just refer to the "CDM" and loading it (i.e. as if it is a library). We should probably refer to a "CDM instance" or otherwise limit the context of the CDM to this specific MediaKeys object. This may be related to issue 17202.
Comment 1 Joe Steele 2014-03-17 21:25:25 UTC
This seems well thought out. I have no objections to this going in the spec.
Comment 2 Mark Watson 2014-03-18 14:48:02 UTC
Comment 3 Jerry Smith 2014-04-01 15:12:30 UTC
This seems solid and complete to me as well.
Comment 4 David Dorwin 2014-08-19 15:32:41 UTC
I will make this change after the spec is organized by object (bug 24322).
Comment 5 David Dorwin 2014-09-09 20:52:31 UTC
If MediaKeys can be destroyed while a MediaKeySession is still in use, we may need to avoid referencing "the MediaKeys object that created this object" in MediaKeySession algorithms and instead store internal variables for whatever we want to reference.
Comment 6 David Dorwin 2015-03-24 15:31:12 UTC
Moved to for tracking and implementation.