Bug 169855

Summary: Crash when breakpoint hit in unload handler
Product: WebKit Reporter: Daniel Bates <dbates>
Component: Web InspectorAssignee: Matt Baker <mattbaker>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, beidson, cdumez, commit-queue, ddkilzer, ews-watchlist, inspector-bugzilla-changes, japhet, joepeck, koivisto, mattbaker, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Mac   
OS: macOS 10.12   
See Also: https://bugs.webkit.org/show_bug.cgi?id=80427
Attachments:
Description Flags
Test case
none
patch
none
patch
dbates: review+
for landing
none
for landing none

Daniel Bates
Reported 2017-03-18 16:00:05 PDT
Created attachment 304883 [details] Test case Using Mac nightly r213868 with Safari Version 10.1 (12603.1.30.0.31), hitting a breakpoint in the unload handler of a child frame causes a WebProcess crash. To see this, perform the the following: 1. Download and extract the attached test case archive and open file unload-with-inspector-at-breakpoint-crash.html in Safari. 2. Following the instructions in the test case to reproduce the crash. The following is the backtrace I see: [[ Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000002, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Termination Signal: Trace/BPT trap: 5 Termination Reason: Namespace SIGNAL, Code 0x5 Terminating Process: exc handler [0] [...] Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000107cb0272 WebCore::DocumentWriter::addData(char const*, unsigned long) + 50 1 com.apple.WebCore 0x0000000107c98bf5 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 1317 2 com.apple.WebKit 0x00000001050ad336 WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 50 3 com.apple.WebCore 0x0000000107c9ad81 WebCore::DocumentLoader::commitLoad(char const*, int) + 145 4 com.apple.WebCore 0x0000000107a8107c WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 172 5 com.apple.WebCore 0x0000000107a80f41 WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&) + 145 6 com.apple.WebCore 0x00000001089f0132 WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) + 210 7 com.apple.WebCore 0x00000001089f0052 WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) + 34 8 com.apple.WebKit 0x000000010519632f WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) + 249 9 com.apple.WebKit 0x0000000105196dd5 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) + 289 10 com.apple.WebKit 0x0000000104f3779b IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 119 11 com.apple.WebKit 0x0000000104f3a425 IPC::Connection::dispatchOneMessage() + 175 12 com.apple.JavaScriptCore 0x000000010668a3a9 WTF::RunLoop::performWork() + 169 13 com.apple.JavaScriptCore 0x000000010668b4c2 WTF::RunLoop::performWork(void*) + 34 14 com.apple.CoreFoundation 0x00007fff982843b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 15 com.apple.CoreFoundation 0x00007fff9826563c __CFRunLoopDoSources0 + 556 16 com.apple.CoreFoundation 0x00007fff98264b26 __CFRunLoopRun + 934 17 com.apple.CoreFoundation 0x00007fff98264524 CFRunLoopRunSpecific + 420 18 com.apple.HIToolbox 0x00007fff977c4ebc RunCurrentEventLoopInMode + 240 19 com.apple.HIToolbox 0x00007fff977c4cf1 ReceiveNextEventCommon + 432 20 com.apple.HIToolbox 0x00007fff977c4b26 _BlockUntilNextEventMatchingListInModeWithFilter + 71 21 com.apple.AppKit 0x00007fff95d5fe24 _DPSNextEvent + 1120 22 com.apple.AppKit 0x00007fff964db85e -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 2796 23 com.apple.AppKit 0x00007fff95d547ab -[NSApplication run] + 926 24 com.apple.AppKit 0x00007fff95d1f1de NSApplicationMain + 1237 25 libxpc.dylib 0x00007fffae1ed8c7 _xpc_objc_main + 775 26 libxpc.dylib 0x00007fffae1ec2e4 xpc_main + 494 27 com.apple.WebKit.WebContent 0x0000000104ef96bb main + 468 28 libdyld.dylib 0x00007fffadf94235 start + 1 Thread 1:: com.apple.NSEventThread 0 libsystem_kernel.dylib 0x00007fffae0bb34a mach_msg_trap + 10 1 libsystem_kernel.dylib 0x00007fffae0ba797 mach_msg + 55 2 com.apple.CoreFoundation 0x00007fff98265854 __CFRunLoopServiceMachPort + 212 3 com.apple.CoreFoundation 0x00007fff98264cd1 __CFRunLoopRun + 1361 4 com.apple.CoreFoundation 0x00007fff98264524 CFRunLoopRunSpecific + 420 5 com.apple.AppKit 0x00007fff95ead2d2 _NSEventThread + 205 6 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180 7 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286 8 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13 Thread 2: 0 libsystem_kernel.dylib 0x00007fffae0c2f46 __semwait_signal + 10 1 libsystem_c.dylib 0x00007fffae049b72 nanosleep + 199 2 libc++.1.dylib 0x00007fffacb7265b std::__1::this_thread::sleep_for(std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000000000l> > const&) + 80 3 com.apple.JavaScriptCore 0x00000001066afc93 bmalloc::Heap::scavenge(std::__1::unique_lock<bmalloc::StaticMutex>&, std::__1::chrono::duration<long long, std::__1::ratio<1l, 1000l> >) + 275 4 com.apple.JavaScriptCore 0x00000001066afa46 bmalloc::Heap::concurrentScavenge() + 102 5 com.apple.JavaScriptCore 0x00000001066b10d1 bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadRunLoop() + 97 6 com.apple.JavaScriptCore 0x00000001066b0fdd bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>::threadEntryPoint(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*) + 29 7 com.apple.JavaScriptCore 0x00000001066b128d void* std::__1::__thread_proxy<std::__1::tuple<void (*)(bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*), bmalloc::AsyncTask<bmalloc::Heap, void (bmalloc::Heap::*)()>*> >(void*) + 93 8 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180 9 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286 10 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13 Thread 3:: com.apple.NSURLConnectionLoader 0 libsystem_kernel.dylib 0x00007fffae0bb34a mach_msg_trap + 10 1 libsystem_kernel.dylib 0x00007fffae0ba797 mach_msg + 55 2 com.apple.CoreFoundation 0x00007fff98265854 __CFRunLoopServiceMachPort + 212 3 com.apple.CoreFoundation 0x00007fff98264cd1 __CFRunLoopRun + 1361 4 com.apple.CoreFoundation 0x00007fff98264524 CFRunLoopRunSpecific + 420 5 com.apple.CFNetwork 0x00007fff973a1604 +[NSURLConnection(Loader) _resourceLoadLoop:] + 313 6 com.apple.Foundation 0x00007fff99ca4a1d __NSThread__start__ + 1243 7 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180 8 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286 9 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13 Thread 4:: WebCore: Scrolling 0 libsystem_kernel.dylib 0x00007fffae0bb34a mach_msg_trap + 10 1 libsystem_kernel.dylib 0x00007fffae0ba797 mach_msg + 55 2 com.apple.CoreFoundation 0x00007fff98265854 __CFRunLoopServiceMachPort + 212 3 com.apple.CoreFoundation 0x00007fff98264cd1 __CFRunLoopRun + 1361 4 com.apple.CoreFoundation 0x00007fff98264524 CFRunLoopRunSpecific + 420 5 com.apple.CoreFoundation 0x00007fff982a3d01 CFRunLoopRun + 97 6 com.apple.WebCore 0x00000001088b2ddd WebCore::ScrollingThread::initializeRunLoop() + 253 7 com.apple.JavaScriptCore 0x00000001066a03b2 WTF::threadEntryPoint(void*) + 178 8 com.apple.JavaScriptCore 0x00000001066a080f WTF::wtfThreadEntryPoint(void*) + 15 9 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180 10 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286 11 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13 Thread 5: 0 libsystem_kernel.dylib 0x00007fffae0c344e __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x00007fffae1ad791 _pthread_wqthread + 1426 2 libsystem_pthread.dylib 0x00007fffae1ad1ed start_wqthread + 13 Thread 6: 0 libsystem_kernel.dylib 0x00007fffae0c344e __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x00007fffae1ad791 _pthread_wqthread + 1426 2 libsystem_pthread.dylib 0x00007fffae1ad1ed start_wqthread + 13 Thread 7: 0 libsystem_kernel.dylib 0x00007fffae0c344e __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x00007fffae1ad791 _pthread_wqthread + 1426 2 libsystem_pthread.dylib 0x00007fffae1ad1ed start_wqthread + 13 Thread 8: 0 libsystem_kernel.dylib 0x00007fffae0c344e __workq_kernreturn + 10 1 libsystem_pthread.dylib 0x00007fffae1ad5fe _pthread_wqthread + 1023 2 libsystem_pthread.dylib 0x00007fffae1ad1ed start_wqthread + 13 Thread 9:: WTF::AutomaticThread 0 libsystem_kernel.dylib 0x00007fffae0c2bf2 __psynch_cvwait + 10 1 libsystem_pthread.dylib 0x00007fffae1ae96a _pthread_cond_wait + 712 2 com.apple.JavaScriptCore 0x00000001066a17b7 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 119 3 com.apple.JavaScriptCore 0x0000000106687bd2 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2706 4 com.apple.JavaScriptCore 0x0000000105fc6f06 bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 150 5 com.apple.JavaScriptCore 0x0000000106669817 std::__1::__function::__func<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, std::__1::allocator<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>, void ()>::operator()() + 199 6 com.apple.JavaScriptCore 0x00000001066a03b2 WTF::threadEntryPoint(void*) + 178 7 com.apple.JavaScriptCore 0x00000001066a080f WTF::wtfThreadEntryPoint(void*) + 15 8 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180 9 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286 10 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13 Thread 10:: WTF::AutomaticThread 0 libsystem_kernel.dylib 0x00007fffae0c2bf2 __psynch_cvwait + 10 1 libsystem_pthread.dylib 0x00007fffae1ae96a _pthread_cond_wait + 712 2 com.apple.JavaScriptCore 0x00000001066a17b7 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 119 3 com.apple.JavaScriptCore 0x0000000106687bd2 WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) + 2706 4 com.apple.JavaScriptCore 0x0000000105fc6f06 bool WTF::ConditionBase::waitUntil<WTF::Lock>(WTF::Lock&, WTF::TimeWithDynamicClockType const&) + 150 5 com.apple.JavaScriptCore 0x0000000106669817 std::__1::__function::__func<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0, std::__1::allocator<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>, void ()>::operator()() + 199 6 com.apple.JavaScriptCore 0x00000001066a03b2 WTF::threadEntryPoint(void*) + 178 7 com.apple.JavaScriptCore 0x00000001066a080f WTF::wtfThreadEntryPoint(void*) + 15 8 libsystem_pthread.dylib 0x00007fffae1adaab _pthread_body + 180 9 libsystem_pthread.dylib 0x00007fffae1ad9f7 _pthread_start + 286 10 libsystem_pthread.dylib 0x00007fffae1ad1fd thread_start + 13 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x0000000000000000 rbx: 0x00000001103ab770 rcx: 0x0000000111eb22a0 rdx: 0x00000001103ab770 rdi: 0x00000001103ab770 rsi: 0x0000000000000002 rbp: 0x00007fff5ad05d80 rsp: 0x00007fff5ad05d80 r8: 0x00000000000000a2 r9: 0x0000000000000006 r10: 0x0000000000000001 r11: 0x0000000108d5e830 r12: 0x0000000000000000 r13: 0x00000001103ab700 r14: 0x00000001103ac350 r15: 0x00000001103ac338 rip: 0x0000000107cb0272 rfl: 0x0000000000000246 cr2: 0x0000000146de4000 Logical CPU: 18 Error Code: 0x00000000 Trap Number: 3 ]]
Attachments
Test case (2.10 KB, application/zip)
2017-03-18 16:00 PDT, Daniel Bates 		no flags
Details
patch (6.72 KB, patch)
2018-02-12 17:26 PST, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
patch (6.71 KB, patch)
2018-02-12 19:32 PST, Antti Koivisto 		dbates: review+
DetailsFormatted DiffDiff
for landing (6.71 KB, patch)
2018-02-13 09:56 PST, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
for landing (6.71 KB, patch)
2018-02-13 09:58 PST, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2017-03-18 16:00:57 PDT
<rdar://problem/28683567>
Antti Koivisto
Comment 2 2018-02-12 17:26:44 PST
Created attachment 333651 [details] patch
Antti Koivisto
Comment 3 2018-02-12 19:32:28 PST
Created attachment 333662 [details] patch
Joseph Pecoraro
Comment 4 2018-02-12 20:24:58 PST
Comment on attachment 333662 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=333662&action=review Inspector test looks good to me. The rest too, but should get a more qualified review. > LayoutTests/inspector/debugger/reload-paused.html:16 > + let suite = InspectorTest.createAsyncSuite("Reloading paused page"); I'd prefer a name like "ReloadPaused" > LayoutTests/inspector/debugger/reload-paused.html:19 > + name: "No crash", And here "ReloadPausedNoCrash"
Daniel Bates
Comment 5 2018-02-12 21:08:26 PST
Comment on attachment 333662 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=333662&action=review Looks sane to me. r=me > Source/WebCore/ChangeLog:11 > + CachedRawResource::updateBuffer may generate unload event in client notify callback. If Inspector was CachedRawResource::updateBuffer => updateBuffer() > Source/WebCore/ChangeLog:12 > + paused, this even would spawn a nested runloop. CachedRawResource::finishLoading would get called in CachedRawResource::finishLoading => CachedRawResource::finishLoading() > Source/WebCore/ChangeLog:20 > + Set a bit when entering the client callback. > + Ensure we don't re-enter updateBuffer. > + If finishLoading got delayed during client callback, do it at the end. This is OK as-is. I do not see the need to put each sentence on its own line. I suggest you removing the newlines and use the same approach as you did when writing the description for this ChangeLog and break long lines around 100 characters. > Source/WebCore/loader/cache/CachedRawResource.cpp:59 > + // Skip any updateBuffers triggered from nested runloops. We'll have complete buffer in finishLoading. have => have the updateBuffers => updateBuffers() finishLoading => finishLoading() > Source/WebCore/loader/cache/CachedRawResource.cpp:84 > + auto buffer = WTFMove(m_delayedFinishLoadingData->buffer); > + m_delayedFinishLoadingData = std::nullopt; > + finishLoading(buffer.get()); I would have written this as: auto delayedFinishLoadingData = std::exchange(m_delayedFinishLoadingData, std::nullopt); finishLoading(delayedFinishLoadingData->buffer.get()); > Source/WebCore/loader/cache/CachedRawResource.h:96 > + struct DelayedFinishLoadingData { > + RefPtr<SharedBuffer> buffer; > + }; I take it you feel that this struct improves the readability of the code or makes the code less error prone as opposed to using std::optional<RefPtr<SharedBuffer>> or defining DelayedFinishLoadingData to be a type alias for RefPtr<SharedBuffer>.
Daniel Bates
Comment 6 2018-02-12 21:14:14 PST
Comment on attachment 333662 [details] patch I am assuming that derived classes (e.g. CachedImage) that override CachedResource::{updateBuffer, finishLoading} do not call out to the embedding client or in some way cause reentrancy before calling into the base class (CachedRawResource). Otherwise we would need a similar fix to for derived classes that have this behavior.
David Kilzer (:ddkilzer)
Comment 7 2018-02-13 03:56:15 PST
<rdar://problem/27828570>
Antti Koivisto
Comment 8 2018-02-13 09:29:00 PST
This is the stack that messes up the loading state, btw: (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 2.1 * frame #0: 0x00000003fa4e93b6 WebCore`WebCore::DocumentWriter::begin(this=0x000000040e6eb0b0, urlReference=0x00007ffeef05aa80, dispatch=false, ownerDocument=0x0000000000000000) at DocumentWriter.cpp:135 frame #1: 0x00000003fa4ae1ee WebCore`WebCore::DocumentLoader::commitData(this=0x000000040e6eb000, bytes=0x0000000000000000, length=0) at DocumentLoader.cpp:942 frame #2: 0x00000003fa4adc75 WebCore`WebCore::DocumentLoader::finishedLoading(this=0x000000040e6eb000) at DocumentLoader.cpp:425 frame #3: 0x00000003fa4ada5d WebCore`WebCore::DocumentLoader::notifyFinished(this=0x000000040e6eb000, resource=0x000000040f2d7700) at DocumentLoader.cpp:379 frame #4: 0x00000003fa4ade4c WebCore`non-virtual thunk to WebCore::DocumentLoader::notifyFinished(this=0x000000040e6eb000, resource=0x000000040f2d7700) at DocumentLoader.cpp:0 frame #5: 0x00000003fa5d231d WebCore`WebCore::CachedResource::checkNotify(this=0x000000040f2d7700) at CachedResource.cpp:348 frame #6: 0x00000003fa5c5041 WebCore`WebCore::CachedResource::finishLoading(this=0x000000040f2d7700, (null)=0x000000040f295a80) at CachedResource.cpp:364 frame #7: 0x00000003fa5cf41c WebCore`WebCore::CachedRawResource::finishLoading(this=0x000000040f2d7700, data=0x000000040f295a80) at CachedRawResource.cpp:100 frame #8: 0x00000003fa56c7a9 WebCore`WebCore::SubresourceLoader::didFinishLoading(this=0x000000040d7d3000, networkLoadMetrics=0x00007ffeef05b0c8) at SubresourceLoader.cpp:599 frame #9: 0x000000010192559d WebKit`WebKit::WebResourceLoader::didFinishResourceLoad(this=0x000000040f299888, networkLoadMetrics=0x00007ffeef05b0c8) at WebResourceLoader.cpp:150 frame #10: 0x000000010192917a WebKit`void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, 0ul>(object=0x000000040f299888, function=00 54 92 01 01 00 00 00 00 00 00 00 00 00 00 00, args=0x00007ffeef05b0c8, (null)=std::__1::index_sequence<0UL> @ 0x00007ffeef05aff0)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>&&, std::__1::integer_sequence<unsigned long, 0ul>) at HandleMessage.h:40 frame #11: 0x0000000101928fe0 WebKit`void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&), std::__1::tuple<WebCore::NetworkLoadMetrics>, std::__1::integer_sequence<unsigned long, 0ul> >(args=0x00007ffeef05b0c8, object=0x000000040f299888, function=00 54 92 01 01 00 00 00 00 00 00 00 00 00 00 00)(WebCore::NetworkLoadMetrics const&)) at HandleMessage.h:46 frame #12: 0x0000000101928346 WebKit`void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(decoder=0x000000040d722ac8, object=0x000000040f299888, function=00 54 92 01 01 00 00 00 00 00 00 00 00 00 00 00)(WebCore::NetworkLoadMetrics const&)) at HandleMessage.h:126 frame #13: 0x00000001019279bc WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(this=0x000000040f299888, connection=0x000000040d7ee1b8, decoder=0x000000040d722ac8) at WebResourceLoaderMessageReceiver.cpp:65 frame #14: 0x0000000100f74bd9 WebKit`WebKit::NetworkProcessConnection::didReceiveMessage(this=0x000000040d7dc000, connection=0x000000040d7ee1b8, decoder=0x000000040d722ac8) at NetworkProcessConnection.cpp:69 frame #15: 0x0000000100cfca83 WebKit`IPC::Connection::dispatchMessage(this=0x000000040d7ee1b8, decoder=0x000000040d722ac8) at Connection.cpp:907 frame #16: 0x0000000100cf2068 WebKit`IPC::Connection::dispatchMessage(this=0x000000040d7ee1b8, message=unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> > @ 0x00007ffeef05b7b0) at Connection.cpp:934 frame #17: 0x0000000100cfd08a WebKit`IPC::Connection::dispatchOneMessage(this=0x000000040d7ee1b8) at Connection.cpp:965 frame #18: 0x0000000100d1564d WebKit`IPC::Connection::enqueueIncomingMessage(this=0x000000040d760148)::$_14::operator()() at Connection.cpp:901 frame #19: 0x0000000100d155a9 WebKit`WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(this=0x000000040d760140)::$_14>::call() at Function.h:101 frame #20: 0x00000004089dbefb JavaScriptCore`WTF::Function<void ()>::operator(this=0x00007ffeef05bc38)() const at Function.h:56 frame #21: 0x0000000408a21043 JavaScriptCore`WTF::RunLoop::performWork(this=0x000000040d7f9000) at RunLoop.cpp:106 frame #22: 0x0000000408a218e4 JavaScriptCore`WTF::RunLoop::performWork(context=0x000000040d7f9000) at RunLoopCF.cpp:38 frame #23: 0x00007fff2ff8e271 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #24: 0x00007fff30047c6c CoreFoundation`__CFRunLoopDoSource0 + 108 frame #25: 0x00007fff2ff70db0 CoreFoundation`__CFRunLoopDoSources0 + 208 frame #26: 0x00007fff2ff7022d CoreFoundation`__CFRunLoopRun + 1293 frame #27: 0x00007fff2ff6fa93 CoreFoundation`CFRunLoopRunSpecific + 483 frame #28: 0x00007fff2f260ef6 HIToolbox`RunCurrentEventLoopInMode + 286 frame #29: 0x00007fff2f260b6f HIToolbox`ReceiveNextEventCommon + 366 frame #30: 0x00007fff2f2609e4 HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 64 frame #31: 0x00007fff2d4e94db AppKit`_DPSNextEvent + 2085 frame #32: 0x00007fff2dc7f6f8 AppKit`-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 frame #33: 0x00000003f89b5eb8 WebCore`WebCore::EventLoop::cycle(this=0x00007ffeef05d290) at EventLoopMac.mm:40 frame #34: 0x00000003fa3b35c1 WebCore`WebCore::PageScriptDebugServer::runEventLoopWhilePausedInternal(this=0x000000040d7d5038) at PageScriptDebugServer.cpp:121 frame #35: 0x00000003fa3b3545 WebCore`WebCore::PageScriptDebugServer::runEventLoopWhilePaused(this=0x000000040d7d5038) at PageScriptDebugServer.cpp:110 frame #36: 0x00000004081c5624 JavaScriptCore`Inspector::ScriptDebugServer::handlePause(this=0x000000040d7d5038, vmEntryGlobalObject=0x000000040e7fcfb0, (null)=PausedForBreakpoint) at ScriptDebugServer.cpp:301 frame #37: 0x0000000407a3dee1 JavaScriptCore`JSC::Debugger::pauseIfNeeded(this=0x000000040d7d5038, callFrame=0x00007ffeef05d690) at Debugger.cpp:739 frame #38: 0x0000000407a3e1de JavaScriptCore`JSC::Debugger::updateCallFrame(this=0x000000040d7d5038, callFrame=0x00007ffeef05d690, action=AttemptPause) at Debugger.cpp:668 frame #39: 0x0000000407a3e7f3 JavaScriptCore`JSC::Debugger::atStatement(this=0x000000040d7d5038, callFrame=0x00007ffeef05d690) at Debugger.cpp:787 frame #40: 0x000000040821384a JavaScriptCore`JSC::Interpreter::debug(this=0x000000040d7fe728, callFrame=0x00007ffeef05d690, debugHookType=WillExecuteStatement) at Interpreter.cpp:1375 frame #41: 0x00000004082e0073 JavaScriptCore`::llint_slow_path_debug(exec=0x00007ffeef05d690, pc=0x000000040d7d2e40) at LLIntSlowPaths.cpp:1596 frame #42: 0x00000004074f490d JavaScriptCore`llint_entry at LowLevelInterpreter64.asm:58 frame #43: 0x00000004074f3d65 JavaScriptCore`llint_entry at LowLevelInterpreter.asm:832 frame #44: 0x00000004074ebc52 JavaScriptCore`vmEntryToJavaScript at LowLevelInterpreter64.asm:257 frame #45: 0x000000040826c3de JavaScriptCore`JSC::JITCode::execute(this=0x000000040f271988, vm=0x000000040e500000, protoCallFrame=0x00007ffeef05d8d8) at JITCode.cpp:81 frame #46: 0x0000000408211d65 JavaScriptCore`JSC::Interpreter::executeCall(this=0x000000040d7fe728, callFrame=0x000000040e7fd008, function=0x000000040e7ebea0, callType=JS, callData=0x00007ffeef05df20, thisValue=JSValue @ 0x00007ffeef05da00, args=0x00007ffeef05ddf0) at Interpreter.cpp:1028 frame #47: 0x000000040847af1a JavaScriptCore`JSC::call(exec=0x000000040e7fd008, functionObject=JSValue @ 0x00007ffeef05da80, callType=JS, callData=0x00007ffeef05df20, thisValue=JSValue @ 0x00007ffeef05da78, args=0x00007ffeef05ddf0) at CallData.cpp:41 frame #48: 0x000000040847aff9 JavaScriptCore`JSC::call(exec=0x000000040e7fd008, functionObject=JSValue @ 0x00007ffeef05db70, callType=JS, callData=0x00007ffeef05df20, thisValue=JSValue @ 0x00007ffeef05db68, args=0x00007ffeef05ddf0, returnedException=0x00007ffeef05de18) at CallData.cpp:48 frame #49: 0x000000040847b29d JavaScriptCore`JSC::profiledCall(exec=0x000000040e7fd008, reason=Other, functionObject=JSValue @ 0x00007ffeef05dc00, callType=JS, callData=0x00007ffeef05df20, thisValue=JSValue @ 0x00007ffeef05dbf8, args=0x00007ffeef05ddf0, returnedException=0x00007ffeef05de18) at CallData.cpp:67 frame #50: 0x00000003f990eb3b WebCore`WebCore::JSMainThreadExecState::profiledCall(exec=0x000000040e7fd008, reason=Other, functionObject=JSValue @ 0x00007ffeef05dc90, callType=JS, callData=0x00007ffeef05df20, thisValue=JSValue @ 0x00007ffeef05dc88, args=0x00007ffeef05ddf0, returnedException=0x00007ffeef05de18) at JSMainThreadExecState.h:72 frame #51: 0x00000003f994c752 WebCore`WebCore::JSEventListener::handleEvent(this=0x000000040f2cd548, scriptExecutionContext=0x000000040f2cf000, event=0x000000040f2946e0) at JSEventListener.cpp:169 frame #52: 0x00000003f9ebb392 WebCore`WebCore::EventTarget::fireEventListeners(this=0x000000040d7e1d40, event=0x000000040f2946e0, listeners=WebCore::EventListenerVector @ 0x00007ffeef05e158) at EventTarget.cpp:290 frame #53: 0x00000003f9eb2dea WebCore`WebCore::EventTarget::fireEventListeners(this=0x000000040d7e1d40, event=0x000000040f2946e0) at EventTarget.cpp:232 frame #54: 0x00000003fa63dab1 WebCore`WebCore::DOMWindow::dispatchEvent(this=0x000000040d7e1d40, event=0x000000040f2946e0, target=0x000000040f2cf000) at DOMWindow.cpp:2064 frame #55: 0x00000003fa4f91ec WebCore`WebCore::FrameLoader::dispatchUnloadEvents(this=0x00007fd8c5436100, unloadEventPolicy=UnloadEventPolicyUnloadAndPageHide) at FrameLoader.cpp:3039 frame #56: 0x00000003fa4f8db5 WebCore`WebCore::FrameLoader::stopLoading(this=0x00007fd8c5436100, unloadEventPolicy=UnloadEventPolicyUnloadAndPageHide) at FrameLoader.cpp:472 frame #57: 0x00000003fa4f96e5 WebCore`WebCore::FrameLoader::closeURL(this=0x00007fd8c5436100) at FrameLoader.cpp:537 frame #58: 0x00000003fa5055a5 WebCore`WebCore::FrameLoader::detachFromParent(this=0x00007fd8c5436100) at FrameLoader.cpp:2585 frame #59: 0x00000003fa4fd890 WebCore`WebCore::FrameLoader::detachChildren(this=0x00007fd8c5538310) at FrameLoader.cpp:2504 frame #60: 0x00000003fa4f764b WebCore`WebCore::FrameLoader::setDocumentLoader(this=0x00007fd8c5538310, loader=0x000000040e6eb000) at FrameLoader.cpp:1775 frame #61: 0x00000003fa503046 WebCore`WebCore::FrameLoader::transitionToCommitted(this=0x00007fd8c5538310, cachedPage=0x0000000000000000) at FrameLoader.cpp:1998 frame #62: 0x00000003fa50235a WebCore`WebCore::FrameLoader::commitProvisionalLoad(this=0x00007fd8c5538310) at FrameLoader.cpp:1871 frame #63: 0x00000003fa4ad8ec WebCore`WebCore::DocumentLoader::commitIfReady(this=0x000000040e6eb000) at DocumentLoader.cpp:354 frame #64: 0x00000003fa4b1fec WebCore`WebCore::DocumentLoader::commitLoad(this=0x000000040e6eb000, data="<!DOCTYPE html>\n<html>\n<head>\n</head>\n<body>\n<iframe src=\"unload-with-inspector-at-breakpoint-crash-frame.html\" width=\"500\" height=\"500\"></iframe>\n</body>\n</html>", length=162) at DocumentLoader.cpp:903 frame #65: 0x00000003fa4b1f8f WebCore`WebCore::DocumentLoader::dataReceived(this=0x000000040e6eb000, data="<!DOCTYPE html>\n<html>\n<head>\n</head>\n<body>\n<iframe src=\"unload-with-inspector-at-breakpoint-crash-frame.html\" width=\"500\" height=\"500\"></iframe>\n</body>\n</html>", length=162) at DocumentLoader.cpp:1050 frame #66: 0x00000003fa4b2894 WebCore`WebCore::DocumentLoader::dataReceived(this=0x000000040e6eb000, resource=0x000000040f2d7700, data="<!DOCTYPE html>\n<html>\n<head>\n</head>\n<body>\n<iframe src=\"unload-with-inspector-at-breakpoint-crash-frame.html\" width=\"500\" height=\"500\"></iframe>\n</body>\n</html>", length=162) at DocumentLoader.cpp:1023 frame #67: 0x00000003fa4b28da WebCore`non-virtual thunk to WebCore::DocumentLoader::dataReceived(this=0x000000040e6eb000, resource=0x000000040f2d7700, data="<!DOCTYPE html>\n<html>\n<head>\n</head>\n<body>\n<iframe src=\"unload-with-inspector-at-breakpoint-crash-frame.html\" width=\"500\" height=\"500\"></iframe>\n</body>\n</html>", length=162) at DocumentLoader.cpp:0 frame #68: 0x00000003fa5cf178 WebCore`WebCore::CachedRawResource::notifyClientsDataWasReceived(this=0x000000040f2d7700, data="<!DOCTYPE html>\n<html>\n<head>\n</head>\n<body>\n<iframe src=\"unload-with-inspector-at-breakpoint-crash-frame.html\" width=\"500\" height=\"500\"></iframe>\n</body>\n</html>", length=162) at CachedRawResource.cpp:116 frame #69: 0x00000003fa5cf00d WebCore`WebCore::CachedRawResource::updateBuffer(this=0x000000040f2d7700, data=0x000000040f295a80) at CachedRawResource.cpp:65 frame #70: 0x00000003fa56de6a WebCore`WebCore::SubresourceLoader::didReceiveDataOrBuffer(this=0x000000040d7d3000, data="<!DOCTYPE html>\n<html>\n<head>\n</head>\n<body>\n<iframe src=\"unload-with-inspector-at-breakpoint-crash-frame.html\" width=\"500\" height=\"500\"></iframe>\n</body>\n</html>", length=162, buffer=0x00007ffeef05f3f0, encodedDataLength=162, dataPayloadType=DataPayloadBytes) at SubresourceLoader.cpp:430 frame #71: 0x00000003fa56dc32 WebCore`WebCore::SubresourceLoader::didReceiveData(this=0x000000040d7d3000, data="<!DOCTYPE html>\n<html>\n<head>\n</head>\n<body>\n<iframe src=\"unload-with-inspector-at-breakpoint-crash-frame.html\" width=\"500\" height=\"500\"></iframe>\n</body>\n</html>", length=162, encodedDataLength=162, dataPayloadType=DataPayloadBytes) at SubresourceLoader.cpp:398 frame #72: 0x00000001019252d4 WebKit`WebKit::WebResourceLoader::didReceiveData(this=0x000000040f299888, data=0x00007ffeef05f5f0, encodedDataLength=162) at WebResourceLoader.cpp:134 frame #73: 0x0000000101928f40 WebKit`void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(object=0x000000040f299888, function=e0 50 92 01 01 00 00 00 00 00 00 00 00 00 00 00, args=0x00007ffeef05f5f0, (null)=std::__1::index_sequence<0UL, 1UL> @ 0x00007ffeef05f4f8)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) at HandleMessage.h:40 frame #74: 0x0000000101928e70 WebKit`void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(args=0x00007ffeef05f5f0, object=0x000000040f299888, function=e0 50 92 01 01 00 00 00 00 00 00 00 00 00 00 00)(IPC::DataReference const&, long long)) at HandleMessage.h:46 frame #75: 0x0000000101928201 WebKit`void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(decoder=0x000000040d722a50, object=0x000000040f299888, function=e0 50 92 01 01 00 00 00 00 00 00 00 00 00 00 00)(IPC::DataReference const&, long long)) at HandleMessage.h:126 frame #76: 0x0000000101927936 WebKit`WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(this=0x000000040f299888, connection=0x000000040d7ee1b8, decoder=0x000000040d722a50) at WebResourceLoaderMessageReceiver.cpp:61 frame #77: 0x0000000100f74bd9 WebKit`WebKit::NetworkProcessConnection::didReceiveMessage(this=0x000000040d7dc000, connection=0x000000040d7ee1b8, decoder=0x000000040d722a50) at NetworkProcessConnection.cpp:69 frame #78: 0x0000000100cfca83 WebKit`IPC::Connection::dispatchMessage(this=0x000000040d7ee1b8, decoder=0x000000040d722a50) at Connection.cpp:907 frame #79: 0x0000000100cf2068 WebKit`IPC::Connection::dispatchMessage(this=0x000000040d7ee1b8, message=unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> > @ 0x00007ffeef05fbe0) at Connection.cpp:934 frame #80: 0x0000000100cfd08a WebKit`IPC::Connection::dispatchOneMessage(this=0x000000040d7ee1b8) at Connection.cpp:965 frame #81: 0x0000000100d1564d WebKit`IPC::Connection::enqueueIncomingMessage(this=0x000000040d760138)::$_14::operator()() at Connection.cpp:901 frame #82: 0x0000000100d155a9 WebKit`WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(this=0x000000040d760130)::$_14>::call() at Function.h:101 frame #83: 0x00000004089dbefb JavaScriptCore`WTF::Function<void ()>::operator(this=0x00007ffeef060068)() const at Function.h:56 frame #84: 0x0000000408a21043 JavaScriptCore`WTF::RunLoop::performWork(this=0x000000040d7f9000) at RunLoop.cpp:106 frame #85: 0x0000000408a218e4 JavaScriptCore`WTF::RunLoop::performWork(context=0x000000040d7f9000) at RunLoopCF.cpp:38 frame #86: 0x00007fff2ff8e271 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 frame #87: 0x00007fff30047c6c CoreFoundation`__CFRunLoopDoSource0 + 108 frame #88: 0x00007fff2ff70db0 CoreFoundation`__CFRunLoopDoSources0 + 208 frame #89: 0x00007fff2ff7022d CoreFoundation`__CFRunLoopRun + 1293 frame #90: 0x00007fff2ff6fa93 CoreFoundation`CFRunLoopRunSpecific + 483 frame #91: 0x00007fff2f260ef6 HIToolbox`RunCurrentEventLoopInMode + 286 frame #92: 0x00007fff2f260c66 HIToolbox`ReceiveNextEventCommon + 613 frame #93: 0x00007fff2f2609e4 HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 64 frame #94: 0x00007fff2d4e94db AppKit`_DPSNextEvent + 2085 frame #95: 0x00007fff2dc7f6f8 AppKit`-[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 frame #96: 0x00007fff2d4de2ed AppKit`-[NSApplication run] + 764 frame #97: 0x00007fff2d4ad4c6 AppKit`NSApplicationMain + 804 frame #98: 0x00007fff58a75f83 libxpc.dylib`_xpc_objc_main + 580 frame #99: 0x00007fff58a74bd6 libxpc.dylib`xpc_main + 417 frame #100: 0x0000000100b9f13b com.apple.WebKit.WebContent.Development`main(argc=1, argv=0x00007ffeef061a18) at XPCServiceMain.mm:148 frame #101: 0x00007fff58727015 libdyld.dylib`start + 1 frame #102: 0x00007fff58727015 libdyld.dylib`start + 1
Antti Koivisto
Comment 9 2018-02-13 09:31:17 PST
> > I take it you feel that this struct improves the readability of the code or > makes the code less error prone as opposed to using > std::optional<RefPtr<SharedBuffer>> or defining DelayedFinishLoadingData to > be a type alias for RefPtr<SharedBuffer>. Yeah, nullable types as optionals can be bit awkward and confusing.
Antti Koivisto
Comment 10 2018-02-13 09:34:05 PST
(In reply to Daniel Bates from comment #6) > Comment on attachment 333662 [details] > patch > > I am assuming that derived classes (e.g. CachedImage) that override > CachedResource::{updateBuffer, finishLoading} do not call out to the > embedding client or in some way cause reentrancy before calling into the > base class (CachedRawResource). Otherwise we would need a similar fix to for > derived classes that have this behavior. Most subtypes don't stream the data at all or the streaming won't cause events to be sent. It is still possible that something else has the same problem, however it is better to do a conservative fix at this point.
Antti Koivisto
Comment 11 2018-02-13 09:56:36 PST
Created attachment 333697 [details] for landing
Antti Koivisto
Comment 12 2018-02-13 09:58:59 PST
Created attachment 333698 [details] for landing
WebKit Commit Bot
Comment 13 2018-02-13 14:39:52 PST
Comment on attachment 333698 [details] for landing Clearing flags on attachment: 333698 Committed r228435: <https://trac.webkit.org/changeset/228435>
WebKit Commit Bot
Comment 14 2018-02-13 14:39:54 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.