Bug 73183

Summary: REGRESSION (r101201): Crash inside WebKit::WebInspector::didClose() when closing any tab
Product: WebKit Reporter: Kevin M. Dean <kevin>
Component: Web Inspector (Deprecated)Assignee: Pavel Feldman <pfeldman>
Status: RESOLVED FIXED    
Severity: Critical CC: artmeakin, juanfc, mitz, mmcneil, mrowe, ossy, pfeldman, phiw2, svetloslav, yurys
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.7   
Attachments:
Description Flags
Patch yurys: review+

Description Kevin M. Dean 2011-11-27 19:27:03 PST 
If I have more than one tab open and close one of the tabs. The WebProcess crashes and reloads the remaining tabs.

Note that the Web Inspector isn't even open at the time when the crash occurs.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebKit2             	0x0000000103c542a0 WebKit::WebInspector::didClose() + 18
1   com.apple.WebKit2             	0x0000000103bdf814 WebKit::WebInspectorClient::inspectorDestroyed() + 18
2   com.apple.WebCore             	0x0000000104587fc5 WebCore::InspectorController::inspectedPageDestroyed() + 85
3   com.apple.WebCore             	0x000000010490eeed WebCore::Page::~Page() + 397
4   com.apple.WebKit2             	0x0000000103be8db8 WTF::OwnPtr<WebCore::Page>::clear() + 36
5   com.apple.WebKit2             	0x0000000103be2189 WebKit::WebPage::close() + 315
6   com.apple.WebKit2             	0x0000000103baafd7 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 175
7   com.apple.WebKit2             	0x0000000103bac409 CoreIPC::Connection::dispatchMessages() + 147
8   com.apple.WebKit2             	0x0000000103bc601b RunLoop::performWork() + 111
9   com.apple.WebKit2             	0x0000000103bc6357 RunLoop::performWork(void*) + 75
10  com.apple.CoreFoundation      	0x00007fff97b77b51 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
11  com.apple.CoreFoundation      	0x00007fff97b773bd __CFRunLoopDoSources0 + 253
12  com.apple.CoreFoundation      	0x00007fff97b9e1a9 __CFRunLoopRun + 905
13  com.apple.CoreFoundation      	0x00007fff97b9dae6 CFRunLoopRunSpecific + 230
14  com.apple.HIToolbox           	0x00007fff910003d3 RunCurrentEventLoopInMode + 277
15  com.apple.HIToolbox           	0x00007fff9100763d ReceiveNextEventCommon + 355
16  com.apple.HIToolbox           	0x00007fff910074ca BlockUntilNextEventMatchingListInMode + 62
17  com.apple.AppKit              	0x00007fff8f2e03f1 _DPSNextEvent + 659
18  com.apple.AppKit              	0x00007fff8f2dfcf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135
19  com.apple.AppKit              	0x00007fff8f2dc62d -[NSApplication run] + 470
20  com.apple.WebKit2             	0x0000000103bc6517 RunLoop::run() + 67
21  com.apple.WebKit2             	0x0000000103c0c5d4 WebKit::WebProcessMain(WebKit::CommandLine const&) + 678
22  com.apple.WebKit2             	0x0000000103bdfb19 WebKitMain + 285
23  com.apple.WebProcess          	0x0000000103b6ee5f main + 219
24  com.apple.WebProcess          	0x0000000103b6ed7c start + 52
Comment 1 Mark Rowe (bdash) 2011-11-28 01:33:33 PST 
The immediate reason for this crash is:

void WebInspectorClient::closeInspectorFrontend()
{
    m_page->inspector()->didClose();
}

m_page->inspector() is returning 0.
Comment 2 Mark Rowe (bdash) 2011-11-28 01:38:15 PST 
And that happens because WebPage marks itself as closed in WebPage::close before the WebCore::Page is torn down. Does WebInspectorClient::inspectorDestroyed just need to grow a null check?
Comment 3 Pavel Feldman 2011-11-28 02:05:43 PST 
Created attachment 116715 [details]
Patch
Comment 4 Mark Rowe (bdash) 2011-11-28 02:09:06 PST 
Comment on attachment 116715 [details]
Patch

Given that ::inspector() is more than a trivial getter I think it’d be preferable to do:


    if (WebInspector* inspector = m_page->inspector())                                                                                                                              
        inspector->didClose();
Comment 5 Pavel Feldman 2011-11-28 02:09:59 PST 
Committed r101239: <http://trac.webkit.org/changeset/101239>
Comment 6 Pavel Feldman 2011-11-28 03:36:31 PST 
*** Bug 73188 has been marked as a duplicate of this bug. ***
Comment 7 Mark Rowe (bdash) 2011-11-28 09:12:48 PST 
*** Bug 73223 has been marked as a duplicate of this bug. ***
Comment 8 mitz 2011-11-28 09:44:10 PST 
<rdar://problem/10489008>
Comment 9 Mark Rowe (bdash) 2011-11-28 09:49:04 PST 
*** Bug 73222 has been marked as a duplicate of this bug. ***
Comment 10 Alexey Proskuryakov 2011-11-29 08:54:22 PST 
*** Bug 73207 has been marked as a duplicate of this bug. ***
Comment 11 Alexey Proskuryakov 2011-12-02 12:32:24 PST 
*** Bug 73657 has been marked as a duplicate of this bug. ***