Bug 302416

Summary: Inspector agents should use CheckedRef for InspectorEnvironment references
Product: WebKit Reporter: Basuke Suzuki <basuke>
Component: New BugsAssignee: Basuke Suzuki <basuke>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 302559, 303870    
Bug Blocks:    

Basuke Suzuki
Reported 2025-11-12 13:09:34 PST
Inspector agents hold references to their InspectorEnvironment through the AgentContext structure. Currently, this uses a raw reference which doesn't provide any lifetime safety guarantees. If an agent outlives its environment (which should never happen but could be a bug), we'd have undefined behavior. This change makes InspectorEnvironment inherit from CanMakeCheckedPtr and updates AgentContext to hold a CheckedRef<InspectorEnvironment>. This provides runtime checking that the environment is never destroyed while agents still reference it, making bugs more actionable by causing immediate crashes rather than subtle memory corruption. The change required: 1. Making InspectorEnvironment support CheckedPtr/CheckedRef 2. JSGlobalObjectInspectorController implementing the AbstractCanMakeCheckedPtr interface 3. Updating AgentContext to use CheckedRef instead of a raw reference 4. Including InspectorEnvironment.h instead of forward declaring it (required for CheckedRef)
Attachments
Add attachment proposed patch, testcase, etc.
Basuke Suzuki
Comment 1 2025-11-12 13:11:12 PST
rdar://164582768
Basuke Suzuki
Comment 2 2025-11-12 13:13:53 PST
Pull request: https://github.com/WebKit/WebKit/pull/53828
EWS
Comment 3 2025-11-13 16:47:28 PST
Committed 303022@main (3db54ba8bc59): <https://commits.webkit.org/303022@main> Reviewed commits have been landed. Closing PR #53828 and removing active labels.
Marta Darbinyan
Comment 4 2025-11-14 18:35:57 PST
Reopened Bugzilla. REGRESSION(303022@main): [macOS Release wk1] webaudio/audiobuffersource-not-gced-until-ended.html is a flaky crash, tracking revert in https://bugs.webkit.org/show_bug.cgi?id=302559.
Basuke Suzuki
Comment 5 2025-11-18 17:15:09 PST
<rdar://problem/165006365>
Basuke Suzuki
Comment 6 2025-11-18 17:15:23 PST
Pull request: https://github.com/WebKit/WebKit/pull/54147
EWS
Comment 7 2025-12-05 14:02:01 PST
Committed 304015@main (0f0653d9eddc): <https://commits.webkit.org/304015@main> Reviewed commits have been landed. Closing PR #54147 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.