Bug 182319

Summary: Release assertion in Performance::resourceTimingBufferFullTimerFired when the resource timing buffer is shrunk
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: WebCore Misc.Assignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, cdumez, commit-queue, joepeck
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fixes the bug
none
Fixes the bug
none
Patch for landing none

Ryosuke Niwa
Reported 2018-01-30 20:29:05 PST
When the author script shrinks the resource timing buffer while resourcetimingbufferFull event is being dispatched, we hit a release assertion.
Attachments
Fixes the bug (15.74 KB, patch)
2018-01-30 23:42 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Fixes the bug (16.13 KB, patch)
2018-01-31 11:39 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Patch for landing (16.09 KB, patch)
2018-01-31 12:51 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2018-01-30 20:29:20 PST
<rdar://problem/36904312>
Ryosuke Niwa
Comment 2 2018-01-30 23:42:59 PST
Created attachment 332746 [details] Fixes the bug
Chris Dumez
Comment 3 2018-01-31 09:30:16 PST
Comment on attachment 332746 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=332746&action=review Will do a proper review after my meeting. > Source/WebCore/page/Performance.cpp:233 > + for (auto& entry : m_backupResourceTimingBuffer) Wouldn't this work? backupBuffer.appendVector(WTFMove(m_backupResourceTimingBuffer))
Chris Dumez
Comment 4 2018-01-31 10:14:29 PST
Comment on attachment 332746 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=332746&action=review > Source/WebCore/page/Performance.cpp:223 > // Dispatching resourcetimingbufferfull event may have inserted more entries. The line after queues entries from m_backupResourceTimingBuffer but does not seem to clear m_backupResourceTimingBuffer. Is that right? > Source/WebCore/page/Performance.cpp:239 > if (i < remainingBufferSize) { This might be more easily understandable if we used if (!isResourceTimingBufferFull())
Ryosuke Niwa
Comment 5 2018-01-31 11:13:52 PST
(In reply to Chris Dumez from comment #3) > Comment on attachment 332746 [details] > Fixes the bug > > View in context: > https://bugs.webkit.org/attachment.cgi?id=332746&action=review > > Will do a proper review after my meeting. > > > Source/WebCore/page/Performance.cpp:233 > > + for (auto& entry : m_backupResourceTimingBuffer) > > Wouldn't this work? > backupBuffer.appendVector(WTFMove(m_backupResourceTimingBuffer)) Yeah, I realized that after uploading the patch. Fixed. (In reply to Chris Dumez from comment #4) > Comment on attachment 332746 [details] > Fixes the bug > > View in context: > https://bugs.webkit.org/attachment.cgi?id=332746&action=review > > > Source/WebCore/page/Performance.cpp:223 > > // Dispatching resourcetimingbufferfull event may have inserted more entries. > > The line after queues entries from m_backupResourceTimingBuffer but does not > seem to clear m_backupResourceTimingBuffer. Is that right? Oops, fixed. > > Source/WebCore/page/Performance.cpp:239 > > if (i < remainingBufferSize) { > > This might be more easily understandable if we used if > (!isResourceTimingBufferFull()) Sure. Fixed.
Ryosuke Niwa
Comment 6 2018-01-31 11:29:03 PST
(In reply to Chris Dumez from comment #3) > Comment on attachment 332746 [details] > Fixes the bug > > View in context: > https://bugs.webkit.org/attachment.cgi?id=332746&action=review > > Will do a proper review after my meeting. > > > Source/WebCore/page/Performance.cpp:233 > > + for (auto& entry : m_backupResourceTimingBuffer) > > Wouldn't this work? > backupBuffer.appendVector(WTFMove(m_backupResourceTimingBuffer)) Actually, this doesn't work because backupBuffer is a WTFMove(m_backupResourceTimingBuffer).
Ryosuke Niwa
Comment 7 2018-01-31 11:39:29 PST
Created attachment 332788 [details] Fixes the bug
Chris Dumez
Comment 8 2018-01-31 12:27:58 PST
Comment on attachment 332788 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=332788&action=review r=me with suggestion. > Source/WebCore/page/Performance.cpp:232 > + for (auto & entry : m_backupResourceTimingBuffer) I think we should be able to do this on 2 lines instead of 3 (and potentially more efficient) using: backupBuffer.appendVector(m_backupResourceTimingBuffer); m_backupResourceTimingBuffer.clear();
Ryosuke Niwa
Comment 9 2018-01-31 12:46:12 PST
(In reply to Chris Dumez from comment #8) > Comment on attachment 332788 [details] > Fixes the bug > > View in context: > https://bugs.webkit.org/attachment.cgi?id=332788&action=review > > r=me with suggestion. > > > Source/WebCore/page/Performance.cpp:232 > > + for (auto & entry : m_backupResourceTimingBuffer) > > I think we should be able to do this on 2 lines instead of 3 (and > potentially more efficient) using: > backupBuffer.appendVector(m_backupResourceTimingBuffer); > m_backupResourceTimingBuffer.clear(); Sure, will fix. Thanks for the review!
Ryosuke Niwa
Comment 10 2018-01-31 12:51:26 PST
Created attachment 332795 [details] Patch for landing
WebKit Commit Bot
Comment 11 2018-01-31 13:07:42 PST
Comment on attachment 332795 [details] Patch for landing Clearing flags on attachment: 332795 Committed r227926: <https://trac.webkit.org/changeset/227926>
WebKit Commit Bot
Comment 12 2018-01-31 13:07:43 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.