Bug 139740

Summary: Web Inspector: [Mac] Occasional Crashes Closing Inspector
Product: WebKit Reporter: Joseph Pecoraro <joepeck>
Component: Web InspectorAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, ap, commit-queue, enrica, graouts, joepeck, jonowells, mattbaker, nvasilyev, timothy, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
[PATCH] Proposed Fix none

Joseph Pecoraro
Reported 2014-12-17 12:12:25 PST
* SUMMARY I've been able to hit some crashes when closing Inspector Windows and using Guard Malloc. * STEPS TO REPRODUCE 1. shell> DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib run-safari 2. Open http://bogojoker.com 3. Rapidly open/close inspector windows (e.g. hold down Cmd+Shift+I and Cmd+W occasionally when inspector window is focused) => Crash * NOTES Two frequent crash points: (1) In WebInspectorProxy::inspectorWindowFrame using destroyed WebInspectorProxy as the client of the WKView's Page. This was because we were clearing our reference to the WKWebInspectorWKView, but it was actually kept alive by a dispatch in WKView, the WebInspectorProxy was destroyed, but still had a weak reference in the UIClient. - (void)_updateWindowAndViewFrames { ... dispatch_async(dispatch_get_main_queue(), ^{ ... _data->_page->windowAndViewFramesChanged(viewFrameInWindowCoordinates, accessibilityPosition); }); } (2) In WebPageProxy::didReceiveEvent. While handling a keypress, the WebPageProxy is destroyed, and we continue and use bad objects.
Attachments
[PATCH] Proposed Fix (5.15 KB, patch)
2014-12-17 12:28 PST, Joseph Pecoraro 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2014-12-17 12:12:50 PST
<rdar://problem/19282330>
Joseph Pecoraro
Comment 2 2014-12-17 12:28:29 PST
Created attachment 243451 [details] [PATCH] Proposed Fix
Timothy Hatcher
Comment 3 2014-12-17 12:44:39 PST
Comment on attachment 243451 [details] [PATCH] Proposed Fix View in context: https://bugs.webkit.org/attachment.cgi?id=243451&action=review > Source/WebKit2/UIProcess/mac/WebInspectorProxyMac.mm:296 > + WebPageProxy* inspectorPage = toImpl(m_inspectorView.get().pageRef); > + inspectorPage->close(); WKView dealloc calls close(), but that assumes we hold the last ref here.
WebKit Commit Bot
Comment 4 2014-12-17 13:18:35 PST
Comment on attachment 243451 [details] [PATCH] Proposed Fix Clearing flags on attachment: 243451 Committed r177459: <http://trac.webkit.org/changeset/177459>
WebKit Commit Bot
Comment 5 2014-12-17 13:18:39 PST
All reviewed patches have been landed. Closing bug.
Joseph Pecoraro
Comment 6 2014-12-17 13:32:10 PST
(In reply to comment #3) > Comment on attachment 243451 [details] > [PATCH] Proposed Fix > > View in context: > https://bugs.webkit.org/attachment.cgi?id=243451&action=review > > > Source/WebKit2/UIProcess/mac/WebInspectorProxyMac.mm:296 > > + WebPageProxy* inspectorPage = toImpl(m_inspectorView.get().pageRef); > > + inspectorPage->close(); > > WKView dealloc calls close(), but that assumes we hold the last ref here. Correct, we were not holding the lat ref, because the WKWebInspectorWKView was being retained by a dispatch_async block. =(
Note You need to log in before you can comment on or make changes to this bug.