Bug 303958

Summary: Layout milestone notifications should be dispatched asynchronously
Product: WebKit Reporter: jlee53
Component: WebKit Misc.Assignee: jlee53
Status: REOPENED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 304460    
Bug Blocks:    

jlee53
Reported 2025-12-10 17:09:57 PST
Javascript execution should not happen during in the process of updating the layout. When a layout milestone notification fires, the layout may not be completed but client callbacks to layout milestone notifications can trigger Javascript execution. This results in javascript execution failing (and consequently crashing) to run in the middle of the layout process because it is correctly not permitted to do so. We delay firing layout milestone notifications by dispatching them asychronously in order to prevent this.
Attachments
Add attachment proposed patch, testcase, etc.
jlee53
Comment 1 2025-12-10 17:10:24 PST
<rdar://problem/153254633>
jlee53
Comment 2 2025-12-10 17:11:50 PST
Pull request: https://github.com/WebKit/WebKit/pull/55213
jlee53
Comment 3 2025-12-16 13:46:31 PST
Pull request: https://github.com/WebKit/WebKit/pull/55502
EWS
Comment 4 2025-12-16 19:58:34 PST
Committed 304572@main (bf24e9a12c17): <https://commits.webkit.org/304572@main> Reviewed commits have been landed. Closing PR #55213 and removing active labels.
Chris Dumez
Comment 5 2025-12-18 19:28:49 PST
Reopened Bugzilla. 304572@main caused a 17% PLT regression, tracking revert in https://bugs.webkit.org/show_bug.cgi?id=304460.
Note You need to log in before you can comment on or make changes to this bug.