Bug 304085
| Summary: | REGRESSION(304265@main) [WPE][WebDriver] Browser freeze simulating some input actions | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Lauro Moura <lmoura> |
| Component: | WebDriver | Assignee: | Lauro Moura <lmoura> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | bburg, bugs-noreply, ggaren, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=303711 | ||
Lauro Moura
Example of test that triggers the issue:
imported/w3c/webdriver/tests/classic/perform_actions/key_events.py::test_printable_key_sends_correct_events[\xe0-]
`MiniBrowser` just gets stuck with 100% cpu usage (single thread), leading the build to be aborted due to not output being printed.
First failed build: https://build.webkit.org/#/builders/730/builds/179598
Last good: https://build.webkit.org/#/builders/730/builds/179596 (179596 was interrupted)
Stopping the browser shows it stuck in WebKit::SimulatedInputDispatcher::transitionInputSourceToState, but I could not get a debug build yet to pinpoint where. Actually, I'm not sure yet whether this is affecting debug builds.
Finishing a bisect, here are the candidate bad commits:
* 304266@main (b47e7f0debf4) Push weak null removal logic down into HashTable https://bugs.webkit.org/show_bug.cgi?id=303710 rdar://problem/166015673
* 304265@main (87fd6dd1eafd) Adopt isReleasedWeakValue in WeakPtr https://bugs.webkit.org/show_bug.cgi?id=303711 rdar://problem/166015837
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Lauro Moura
Bisecting show the issue starts with 304265@main (bug303711).
Lauro Moura
Pull request: https://github.com/WebKit/WebKit/pull/55407
Lauro Moura
The cause of the infinite loop `SimulatedInputDispatcher::transitionInputSourceToState` iterating over a reference (`a`) of `inputSource.state`, which was being overwritten by `eventDispatchFinished` while still iterating. 304265@main seems to have made ListHashSet stricter, thus exposing this issue.
For reference, here's a trace of running the test under debug (a few lines might be off due to some extra print statements):
#1 0x00007e5cec66ecfd in WTFCrashWithInfo () at WTF/Headers/wtf/Assertions.h:985
#2 0x00007e5cee65b77d in WTF::ListHashSetConstIterator<unsigned int, WTF::DefaultHash<unsigned int> >::operator++ (this=0x7ffca1bba350) at WTF/Headers/wtf/ListHashSet.h:391
#3 0x00007e5cee65b908 in WTF::ListHashSetIterator<unsigned int, WTF::DefaultHash<unsigned int> >::operator++ (this=0x7ffca1bba350) at WTF/Headers/wtf/ListHashSet.h:314
#4 0x00007e5cee6589e5 in WebKit::SimulatedInputDispatcher::transitionInputSourceToState(WebKit::SimulatedInputSource&, WebKit::SimulatedInputSourceState&, WTF::CompletionHandler<void (std::optional<WebKit::AutomationCommandError>)>&&) (this=0x7e5ccb0f8300, inputSource=..., newState=..., completionHandler=...)
at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:395
#5 0x00007e5cee655f35 in WebKit::SimulatedInputDispatcher::transitionToNextInputSourceState (this=0x7e5ccb0f8300) at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:181
#6 0x00007e5cee6561a7 in WebKit::SimulatedInputDispatcher::transitionBetweenKeyFrames(WebKit::SimulatedInputKeyFrame const&, WebKit::SimulatedInputKeyFrame const&, WTF::CompletionHandler<void (std::optional<WebKit::AutomationCommandError>)>&&) (this=0x7e5ccb0f8300, a=..., b=..., completionHandler=...)
at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:206
#7 0x00007e5cee655c6c in WebKit::SimulatedInputDispatcher::transitionToNextKeyFrame (this=0x7e5ccb0f8300) at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:155
#8 0x00007e5cee655b00 in operator() (__closure=0x7e5ccb0d5328, error=std::optional [no contained value]) at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:161
#9 0x00007e5cee66b2a5 in WTF::Detail::CallableWrapper<WebKit::SimulatedInputDispatcher::transitionToNextKeyFrame()::<lambda(std::optional<WebKit::AutomationCommandError>)>, void, std::optional<WebKit::AutomationCommandError> >::call(std::optional<WebKit::AutomationCommandError>)
(this=0x7e5ccb0d5320, in#0=std::optional [no contained value]) at WTF/Headers/wtf/Function.h:59
#10 0x00007e5cee65df16 in WTF::Function<void (std::optional<WebKit::AutomationCommandError>)>::operator()(std::optional<WebKit::AutomationCommandError>) const (this=0x7ffca1bba688, in#0=std::optional [no contained value]) at WTF/Headers/wtf/Function.h:103
#11 0x00007e5cee65a87b in WTF::CompletionHandler<void (std::optional<WebKit::AutomationCommandError>)>::operator()(std::optional<WebKit::AutomationCommandError>) (this=0x7ffca1bba6e0, in#0=std::optional [no contained value]) at WTF/Headers/wtf/CompletionHandler.h:94
#12 0x00007e5cee6558f4 in WebKit::SimulatedInputDispatcher::keyFrameTransitionDurationTimerFired (this=0x7e5ccb0f8300) at ../../../Source/WebKit/UIProcess/Automation/SimulatedInputDispatcher.cpp:130
#13 0x00007e5cee65a44e in WTF::RunLoop::Timer::Timer<WebKit::SimulatedInputDispatcher>(WTF::Ref<WTF::RunLoop, WTF::RawPtrTraits<WTF::RunLoop>, WTF::DefaultRefDerefTraits<WTF::RunLoop> >&&, WTF::ASCIILiteral, WebKit::SimulatedInputDispatcher*, void (WebKit::SimulatedInputDispatcher::*)())::{lambda()#1}::operator()() const (__closure=0x7e5ccb0399b8) at WTF/Headers/wtf/RunLoop.h:220
#14 0x00007e5cee66b2ec in WTF::Detail::CallableWrapper<WTF::RunLoop::Timer::Timer<WebKit::SimulatedInputDispatcher>(WTF::Ref<WTF::RunLoop, WTF::RawPtrTraits<WTF::RunLoop>, WTF::DefaultRefDerefTraits<WTF::RunLoop> >&&, WTF::ASCIILiteral, WebKit::SimulatedInputDispatcher*, void (WebKit::SimulatedInputDispatcher::*)())::{lambda()#1}, void>::call() (this=0x7e5ccb0399b0) at WTF/Headers/wtf/Function.h:59
#15 0x00007e5cec6ba1c9 in WTF::Function<void ()>::operator()() const (this=0x7e5ccb0f8398) at WTF/Headers/wtf/Function.h:103
#16 0x00007e5cec6b8ddc in WTF::RunLoop::Timer::fired (this=0x7e5ccb0f8360) at WTF/Headers/wtf/RunLoop.h:262
#17 0x00007e5cf2004621 in operator() (__closure=0x0, userData=0x7e5ccb0f8360) at ../../../Source/WTF/wtf/glib/RunLoopGLib.cpp:252
#18 0x00007e5cf2004665 in _FUN () at ../../../Source/WTF/wtf/glib/RunLoopGLib.cpp:256
#19 0x00007e5cf2003273 in operator() (__closure=0x0, source=0x64a24afaa700, callback=0x7e5cf2004644 <_FUN(gpointer)>, userData=0x7e5ccb0f8360) at ../../../Source/WTF/wtf/glib/RunLoopGLib.cpp:57
#20 0x00007e5cf20032c5 in _FUN () at ../../../Source/WTF/wtf/glib/RunLoopGLib.cpp:60
#21 0x00007e5cdc8e149e in ??? () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#22 0x00007e5cdc940737 in ??? () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x00007e5cdc8e0a63 in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007e5cdcb1787d in g_application_run () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#25 0x000064a225d99df4 in main (argc=1, argv=0x7ffca1bbab98) at ../../../Tools/MiniBrowser/wpe/main.cpp:760
EWS
Committed 304511@main (b29596b70459): <https://commits.webkit.org/304511@main>
Reviewed commits have been landed. Closing PR #55407 and removing active labels.
Radar WebKit Bug Importer
<rdar://problem/166614361>