282846 2024-11-08 11:21:32 -0800 On some cases async/await creates a race where we try to compute translate with null values 2024-11-15 12:00:11 -0800 1 1 1 Unclassified WebKit CSS Other Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 pvarangot webkit-unassigned koivisto webkit-bug-importer oldest_to_newest 2073896 0 pvarangot 2024-11-08 11:21:32 -0800 This test will crash sometimes, around 20% to 50% of the time on main. Removing unused function or asynchronous code doesn't crash: <html> <head> <style> * { read-only; translate: 640rlh; }; </style> <script> nodes = new Map([ ['n0', new WeakRef(document.documentElement)] ]); function getObject(key) { entriesForKey = stuff.get(key); { nextEntry = entriesForKey.shift(); theObject = nextEntry.deref(); { return theObject; } } } node = document.createElementNS('http://www.w3.org/1999/xhtml', 'img'); nodes.get('n0').deref().append(node); (async () => { globalThis.testRunner?.waitUntilDone(); for (let i = 0; i < 1700; i++) { const url = new URL(`https://example.com/?q=${i}`); } frames.history.back(); try { await (() => { return window.caches.has("something"); })(); } catch {} node.computedStyleMap().getAll('translate'); globalThis.testRunner?.notifyDone(); globalThis.testRunner?.dumpAsText(); })(); </script> </head> </html> 2073897 1 pvarangot 2024-11-08 11:22:35 -0800 <rdar://problem/137177447> 2073899 2 pvarangot 2024-11-08 11:26:03 -0800 Pull request: https://github.com/WebKit/WebKit/pull/36409 2074131 3 pvarangot 2024-11-10 08:46:03 -0800 Relevant part of the stack trace: 1 WebCore 0x134ff0980 WebCore::CSSPrimitiveValue::create(WebCore::Length const&, WebCore::RenderStyle const&) + 1084 (CSSPrimitiveValue.cpp:576) 2 WebCore 0x135124a20 WebCore::ComputedStyleExtractor::zoomAdjustedPixelValueForLength(WebCore::Length const&, WebCore::RenderStyle const&) + 16 (ComputedStyleExtractor.cpp:437) [inlined] 3 WebCore 0x135124a20 WebCore::computedTranslate(WebCore::RenderObject*, WebCore::RenderStyle const&)::$_0::operator()(WebCore::Length const&) const + 16 (ComputedStyleExtractor.cpp:995) [inlined] 4 WebCore 0x135124a20 WebCore::computedTranslate(WebCore::RenderObject*, WebCore::RenderStyle const&) + 7644 (ComputedStyleExtractor.cpp:1002) 5 WebCore 0x1350d21dc WebCore::ComputedStyleExtractor::valueForPropertyInStyle(WebCore::RenderStyle const&, WebCore::CSSPropertyID, WebCore::RenderElement*, WebCore::ComputedStyleExtractor::PropertyValueType) const + 99240 (ComputedStyleExtractor.cpp:4591) 6 WebCore 0x1350b81a8 WebCore::ComputedStyleExtractor::propertyValue(WebCore::CSSPropertyID, WebCore::ComputedStyleExtractor::UpdateLayout, WebCore::ComputedStyleExtractor::PropertyValueType) const + 1168 (ComputedStyleExtractor.cpp:3445) 7 WebCore 0x13588abec WebCore::ComputedStylePropertyMapReadOnly::propertyValue(WebCore::CSSPropertyID) const + 228 (ComputedStylePropertyMapReadOnly.cpp:53) 8 WebCore 0x1358944a4 WebCore::MainThreadStylePropertyMapReadOnly::getAll(WebCore::ScriptExecutionContext&, WTF::AtomString const&) const + 2484 (MainThreadStylePropertyMapReadOnly.cpp:107) 9 WebCore 0x132be9460 WebCore::jsStylePropertyMapReadOnlyPrototypeFunction_getAllBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSStylePropertyMapReadOnly*) + 920 (JSStylePropertyMapReadOnly.cpp:252) 2075424 4 ews-feeder 2024-11-15 12:00:09 -0800 Committed 286647@main (c1664193f635): <https://commits.webkit.org/286647@main> Reviewed commits have been landed. Closing PR #36409 and removing active labels.