Bug 197902

Summary:

Constant crashes under WebPage::isThrottleable() after r245299

Product:

WebKit

Reporter:

Tim Horton <thorton>

Component:

WebKit2

Assignee:

youenn fablet <youennf>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, cdumez, commit-queue, dbates, dino, ews-watchlist, simon.fraser, webkit-bug-importer, youennf

Priority:

Keywords:

InRadar, Regression

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Archive of layout-test-results from ews215 for win-future	none

Description Tim Horton 2019-05-14 18:43:11 PDT

If you window.open (I can give you exact repro steps offline), you'll often crash under this stack:

WebKit::WebPage::isThrottleable() const
auto WebKit::WebProcess::areAllPagesThrottleable()
bool WTF::allOf<WTF::SizedIteratorRange<WTF::HashMap<unsigned long long, ...
WebKit::WebProcess::areAllPagesThrottleable() const
WebKit::WebSWClientConnection::updateThrottleState()
WebKit::WebPage::updateThrottleState()
WebKit::WebPage::WebPage(unsigned long long, WebKit::WebPageCreationParameters&&)
WebKit::WebPage::WebPage(unsigned long long, WebKit::WebPageCreationParameters&&) [inlined]
WebKit::WebPage::create(unsigned long long, WebKit::WebPageCreationParameters&&)
WebKit::WebProcess::createWebPage(unsigned long long, WebKit::WebPageCreationParameters&&)
void IPC::handleMessage<Messages::WebProcess::CreateWebPage, WebKit::WebProcess...

Because WebProcess::createWebPage has added an item to m_pageMap, and then areAllPagesThrottleable iterates m_pageMap before the new item has been assigned a value.

Comment 1 Radar WebKit Bug Importer 2019-05-14 18:48:47 PDT

<rdar://problem/50793796>

Comment 2 youenn fablet 2019-05-14 22:30:49 PDT

Created attachment 369924 [details]
Patch

Comment 3 youenn fablet 2019-05-15 07:47:37 PDT

Created attachment 369951 [details]
Patch

Comment 4 EWS Watchlist 2019-05-15 09:03:54 PDT

Comment on attachment 369951 [details]
Patch

Attachment 369951 [details] did not pass win-ews (win):
Output: https://webkit-queues.webkit.org/results/12197730

New failing tests:
fast/shadow-dom/svg-use-href-change-in-shadow-tree.html

Comment 5 EWS Watchlist 2019-05-15 09:03:56 PDT

Created attachment 369956 [details]
Archive of layout-test-results from ews215 for win-future

The attached test failures were seen while running run-webkit-tests on the win-ews.
Bot: ews215  Port: win-future  Platform: CYGWIN_NT-10.0-17763-3.0.5-338.x86_64-x86_64-64bit

Comment 6 youenn fablet 2019-05-15 09:04:55 PDT

Comment on attachment 369951 [details]
Patch

Win error unrelated

Comment 7 WebKit Commit Bot 2019-05-15 09:36:04 PDT

Comment on attachment 369951 [details]
Patch

Clearing flags on attachment: 369951

Committed r245327: <https://trac.webkit.org/changeset/245327>

Comment 8 WebKit Commit Bot 2019-05-15 09:36:06 PDT

All reviewed patches have been landed.  Closing bug.