Bug 176881

Summary: REGRESSION (r164015): Layout Test plugins/js-from-destroy.html is flaky
Product: WebKit Reporter: Matt Lewis <jlewis3>
Component: Plug-insAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, dbates, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar, Regression
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=181889
Bug Depends on: 128712    
Bug Blocks:    

Description Matt Lewis 2017-09-13 16:25:12 PDT 
plugins/js-from-destroy.html is a flaky failure on macOS according to the flakiness dashboard:

https://webkit-test-results.webkit.org/dashboards/flakiness_dashboard.html#showAllRuns=true&tests=plugins%2Fjs-from-destroy.html

Results:

https://build.webkit.org/results/Apple%20Sierra%20Debug%20WK2%20(Tests)/r221995%20(3021)/results.html
https://build.webkit.org/builders/Apple%20Sierra%20Debug%20WK2%20(Tests)/builds/3021

Diff:

--- /Volumes/Data/slave/sierra-debug-tests-wk2/build/layout-test-results/plugins/js-from-destroy-expected.txt
+++ /Volumes/Data/slave/sierra-debug-tests-wk2/build/layout-test-results/plugins/js-from-destroy-actual.txt
@@ -1 +1,2 @@
+CONSOLE MESSAGE: XMLHttpRequest cannot load  due to access control checks.
 PASS if didn't crash.
Comment 1 Alexey Proskuryakov 2017-09-14 10:04:07 PDT 
Is this leaking from a preceding test?
Comment 2 Matt Lewis 2017-10-16 14:53:50 PDT 
I was able to reproduce the failure with:

run-webkit-tests --no-retry-failure --iterations=50 plugins/js-from-destroy.html
Comment 3 Radar WebKit Bug Importer 2017-10-17 08:40:47 PDT 
<rdar://problem/35029828>
Comment 4 Matt Lewis 2017-10-20 13:58:54 PDT 
Marked as Flaky in:

https://trac.webkit.org/changeset/223793/webkit/
Comment 5 Daniel Bates 2018-01-19 16:29:59 PST 
The cause of the flakiness is <https://trac.webkit.org/changeset/164015> (bug #128712).

We have not supported JavaScript evaluation from NPP_Destroy() on macOS for Out-of-Process plugins for many years now. We disallowed such behavior in <https://trac.webkit.org/changeset/42789> and <https://trac.webkit.org/changeset/62279> (bug #41431). We should make WebKit match the behavior the OOP plugins on macOS and then change the test plugins/js-from-destroy.html and others to ensure that we do not allow JavaScript evaluation from NPP_Destroy(). See bug #181889 for more details.

Additional remarks:

Plugin tests that evaluate JavaScript from NPP_Destroy() have been flaky in WebKit since <https://trac.webkit.org/changeset/164015> (bug #128712). Following r164015 when NPP_Destroy() is called there is a racy between the time the PluginProcess's response reaches the WebProcess and it invalidates the PluginProcess connection and the PluginProcess sends a synchronous message to the WebProcess to evaluate the JavaScript specified in the ondestroy handler of an <embed>. Depending on who wins the race the ondestroy handler may or may not be invoked => a console message may or may not be in the result for the test plugins/js-from-destroy.html.
Comment 6 Daniel Bates 2018-02-05 14:58:48 PST 
Following <https://trac.webkit.org/changeset/228100> (bug #181889) test plugins/js-from-destroy.html is marked WontFix for both WebKit2 and Mac WebKit1 as both WebKit and WebKit Legacy on Mac do not allow JavaScript execution from NPP_Destroy().
Comment 7 Daniel Bates 2018-02-05 15:07:12 PST 
(In reply to Daniel Bates from comment #6)
> Following <https://trac.webkit.org/changeset/228100> (bug #181889) test
> plugins/js-from-destroy.html is marked WontFix for both WebKit2 and Mac
> WebKit1 as both WebKit and WebKit Legacy on Mac do not allow JavaScript
> execution from NPP_Destroy().

Elaborating further, plugins/js-from-destroy.html is no longer flaky following <https://trac.webkit.org/changeset/228100> when run. It is marked WontFix because it no longer tests anything meaningful in WebKit2 and Mac WebKit1 since the we longer allow JavaScript execution from NPP_Destroy(), which was what this test was testing. There is still some value in keeping plugins/js-from-destroy.html in the tree for WebKit Legacy on Windows.