Bug 194845

Summary:

Crash under RemoteLayerTreePropertyApplier::applyProperties when reattaching to old process

Product:

WebKit

Reporter:

Tim Horton <thorton>

Component:

New Bugs

Assignee:

Tim Horton <thorton>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, ews-watchlist, koivisto, rniwa, simon.fraser, tsavell, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Archive of layout-test-results from ews101 for mac-highsierra	none
Archive of layout-test-results from ews106 for mac-highsierra-wk2	none
Archive of layout-test-results from ews117 for mac-highsierra	none
Archive of layout-test-results from ews126 for ios-simulator-wk2	none
Archive of layout-test-results from ews200 for win-future	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none

Tim Horton

Reported 2019-02-19 17:42:31 PST

Crash under RemoteLayerTreePropertyApplier::applyProperties when reattaching to old process

Attachments
Patch (18.60 KB, patch) 2019-02-19 17:42 PST, Tim Horton	no flags	Details Formatted Diff Diff
Patch (19.37 KB, patch) 2019-02-19 17:45 PST, Tim Horton	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews101 for mac-highsierra (2.79 MB, application/zip) 2019-02-19 18:56 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews106 for mac-highsierra-wk2 (3.81 MB, application/zip) 2019-02-19 19:05 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews117 for mac-highsierra (2.77 MB, application/zip) 2019-02-19 19:46 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews126 for ios-simulator-wk2 (25.39 MB, application/zip) 2019-02-19 19:59 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews200 for win-future (12.87 MB, application/zip) 2019-02-19 20:12 PST, EWS Watchlist	no flags	Details
Patch (19.65 KB, patch) 2019-02-20 10:50 PST, Tim Horton	no flags	Details Formatted Diff Diff
Patch (30.12 KB, patch) 2019-02-20 17:02 PST, Tim Horton	no flags	Details Formatted Diff Diff
Patch (30.12 KB, patch) 2019-02-20 17:04 PST, Tim Horton	no flags	Details Formatted Diff Diff
Patch (30.12 KB, patch) 2019-02-20 17:48 PST, Tim Horton	no flags	Details Formatted Diff Diff
Patch (35.26 KB, patch) 2019-02-20 19:00 PST, Tim Horton	no flags	Details Formatted Diff Diff
Show Obsolete (10) View All Add attachment proposed patch, testcase, etc.

Tim Horton

Comment 1 2019-02-19 17:42:51 PST

Created attachment 362461 [details] Patch

Tim Horton

Comment 2 2019-02-19 17:42:52 PST

<rdar://problem/47944579>

Tim Horton

Comment 3 2019-02-19 17:45:15 PST

Created attachment 362462 [details] Patch

EWS Watchlist

Comment 4 2019-02-19 18:56:27 PST Comment hidden (obsolete)

Comment on attachment 362462 [details] Patch Attachment 362462 [details] did not pass mac-ews (mac): Output: https://webkit-queues.webkit.org/results/11213039 New failing tests: pageoverlay/overlay-small-frame-paints.html pageoverlay/overlay-installation.html pageoverlay/overlay-large-document-scrolled.html pageoverlay/overlay-small-frame-mouse-events.html pageoverlay/overlay-large-document.html

EWS Watchlist

Comment 5 2019-02-19 18:56:28 PST Comment hidden (obsolete)

Created attachment 362469 [details] Archive of layout-test-results from ews101 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 6 2019-02-19 19:05:40 PST Comment hidden (obsolete)

Comment on attachment 362462 [details] Patch Attachment 362462 [details] did not pass mac-wk2-ews (mac-wk2): Output: https://webkit-queues.webkit.org/results/11212990 New failing tests: pageoverlay/overlay-small-frame-paints.html inspector/dom/highlightNodeList.html pageoverlay/overlay-remove-reinsert-view.html inspector/dom/highlightRect.html inspector/dom/hideHighlight.html pageoverlay/overlay-large-document-scrolled.html pageoverlay/overlay-installation.html pageoverlay/overlay-small-frame-mouse-events.html inspector/dom/highlightFrame.html inspector/dom/highlight-shape-outside-margin.html inspector/dom/highlightNode.html inspector/dom/highlightSelector.html inspector/dom/highlightQuad.html pageoverlay/overlay-large-document.html

EWS Watchlist

Comment 7 2019-02-19 19:05:42 PST Comment hidden (obsolete)

Created attachment 362470 [details] Archive of layout-test-results from ews106 for mac-highsierra-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews106 Port: mac-highsierra-wk2 Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 8 2019-02-19 19:46:55 PST Comment hidden (obsolete)

Comment on attachment 362462 [details] Patch Attachment 362462 [details] did not pass mac-debug-ews (mac): Output: https://webkit-queues.webkit.org/results/11213275 New failing tests: pageoverlay/overlay-small-frame-paints.html pageoverlay/overlay-installation.html pageoverlay/overlay-large-document-scrolled.html pageoverlay/overlay-small-frame-mouse-events.html pageoverlay/overlay-large-document.html

EWS Watchlist

Comment 9 2019-02-19 19:46:57 PST Comment hidden (obsolete)

Created attachment 362474 [details] Archive of layout-test-results from ews117 for mac-highsierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews117 Port: mac-highsierra Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 10 2019-02-19 19:59:56 PST Comment hidden (obsolete)

Comment on attachment 362462 [details] Patch Attachment 362462 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/11213290 New failing tests: platform/ios/fast/scrolling/find-text-in-overflow-node.html platform/ios/fast/scrolling/find-text-in-overflow-node-indicator-position.html platform/ios/fast/scrolling/find-text-in-subframe.html

EWS Watchlist

Comment 11 2019-02-19 19:59:58 PST Comment hidden (obsolete)

Created attachment 362475 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6

EWS Watchlist

Comment 12 2019-02-19 20:12:10 PST Comment hidden (obsolete)

Comment on attachment 362462 [details] Patch Attachment 362462 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/11213584 New failing tests: pageoverlay/overlay-small-frame-paints.html pageoverlay/overlay-remove-reinsert-view.html pageoverlay/overlay-large-document-scrolled.html pageoverlay/overlay-installation.html pageoverlay/overlay-large-document.html pageoverlay/overlay-small-frame-mouse-events.html

EWS Watchlist

Comment 13 2019-02-19 20:12:21 PST Comment hidden (obsolete)

Created attachment 362476 [details] Archive of layout-test-results from ews200 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews200 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit

Tim Horton

Comment 14 2019-02-19 21:07:55 PST

Oh... boy.

Tim Horton

Comment 15 2019-02-20 10:50:57 PST

Created attachment 362515 [details] Patch

Tim Horton

Comment 16 2019-02-20 17:02:56 PST

Created attachment 362573 [details] Patch

Tim Horton

Comment 17 2019-02-20 17:04:08 PST

Created attachment 362574 [details] Patch

Simon Fraser (smfr)

Comment 18 2019-02-20 17:31:53 PST

Comment on attachment 362574 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=362574&action=review > Source/WebCore/page/PageOverlayController.cpp:253 > + for (auto& overlay : m_pageOverlays) { > + if (auto optionalLayer = m_overlayGraphicsLayers.take(overlay.get())) > + optionalLayer.value()->removeFromParent(); > + > + overlay->willReattachToPage(&m_page); If an overlay triggers mutation of m_pageOverlays inside willReattachToPage() bad things will happen > Source/WebCore/page/PageOverlayController.cpp:259 > + installLayerForOverlay(*overlay); Does this call into overlay code that could mutate m_pageOverlays? > Tools/TestWebKitAPI/Tests/WebKitCocoa/PageOverlayPlugin.mm:61 > + > + Two blank lines.

Tim Horton

Comment 19 2019-02-20 17:34:23 PST

Comment on attachment 362574 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=362574&action=review >> Source/WebCore/page/PageOverlayController.cpp:253 >> + overlay->willReattachToPage(&m_page); > > If an overlay triggers mutation of m_pageOverlays inside willReattachToPage() bad things will happen True, I suppose an oddly-written overlay implementation could do something weird like uninstall itself on attach (or install a new one). I don't think there are any that do now, but better safe than sorry

Tim Horton

Comment 20 2019-02-20 17:48:02 PST

Created attachment 362578 [details] Patch

Tim Horton

Comment 21 2019-02-20 19:00:54 PST

Created attachment 362583 [details] Patch

Antti Koivisto

Comment 22 2019-02-21 10:17:35 PST

Comment on attachment 362583 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=362583&action=review > Source/WebKit/WebProcess/WebPage/RemoteLayerTree/GraphicsLayerCARemote.h:56 > + RemoteLayerTreeContext* m_context; Some WeakPtrs would be nice.

WebKit Commit Bot

Comment 23 2019-02-21 13:34:32 PST

Comment on attachment 362583 [details] Patch Clearing flags on attachment: 362583 Committed r241899: <https://trac.webkit.org/changeset/241899>

WebKit Commit Bot

Comment 24 2019-02-21 13:34:34 PST

All reviewed patches have been landed. Closing bug.

Truitt Savell

Comment 25 2019-02-22 11:32:33 PST

The new API test ProcessSwap.PageOverlayLayerPersistence added in https://trac.webkit.org/changeset/241899/webkit is failing on iOS: https://build.webkit.org/builders/Apple%20iOS%2012%20Simulator%20Release%20WK2%20%28Tests%29/builds/2763 Failed TestWebKitAPI.ProcessSwap.PageOverlayLayerPersistence Received data during response processing, queuing it. Received data during response processing, queuing it. /Volumes/Data/slave/ios-simulator-12-release/build/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:5184 Value of: hasOverlay([webView layer]) Actual: false Expected: true

Tim Horton

Comment 26 2019-02-22 11:40:45 PST

(In reply to Truitt Savell from comment #25) > The new API test ProcessSwap.PageOverlayLayerPersistence > > added in https://trac.webkit.org/changeset/241899/webkit > > is failing on iOS: > https://build.webkit.org/builders/ > Apple%20iOS%2012%20Simulator%20Release%20WK2%20%28Tests%29/builds/2763 > > Failed > > TestWebKitAPI.ProcessSwap.PageOverlayLayerPersistence > Received data during response processing, queuing it. > Received data during response processing, queuing it. > > > /Volumes/Data/slave/ios-simulator-12-release/build/Tools/TestWebKitAPI/Tests/ > WebKitCocoa/ProcessSwapOnNavigation.mm:5184 > Value of: hasOverlay([webView layer]) > Actual: false > Expected: true I'll take a peek; it was passing for me!

Tim Horton

Comment 27 2019-02-22 13:13:43 PST

(In reply to Tim Horton from comment #26) > (In reply to Truitt Savell from comment #25) > > The new API test ProcessSwap.PageOverlayLayerPersistence > > > > added in https://trac.webkit.org/changeset/241899/webkit > > > > is failing on iOS: > > https://build.webkit.org/builders/ > > Apple%20iOS%2012%20Simulator%20Release%20WK2%20%28Tests%29/builds/2763 > > > > Failed > > > > TestWebKitAPI.ProcessSwap.PageOverlayLayerPersistence > > Received data during response processing, queuing it. > > Received data during response processing, queuing it. > > > > > > /Volumes/Data/slave/ios-simulator-12-release/build/Tools/TestWebKitAPI/Tests/ > > WebKitCocoa/ProcessSwapOnNavigation.mm:5184 > > Value of: hasOverlay([webView layer]) > > Actual: false > > Expected: true > > I'll take a peek; it was passing for me! Ah, I see what's up. It's a trunk-only problem (or actually a pair of them).

Tim Horton

Comment 28 2019-02-22 15:59:07 PST

Fixing the API test in https://bugs.webkit.org/show_bug.cgi?id=194963

Note You need to log in before you can comment on or make changes to this bug.