RESOLVED FIXED 159722
v2: WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver() 
https://bugs.webkit.org/show_bug.cgi?id=159722
Summary v2: WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleRe...
Antti Koivisto
Reported 2016-07-13 09:37:40 PDT
Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed ↩: 0 WebCore 0x000000018fa989dc WebCore::StyleResolver::~StyleResolver() + 500 (StyleResolver.cpp:318) 1 WebCore 0x000000018fa987bc WebCore::Document::clearStyleResolver() + 32 (memory:2525) 2 WebCore 0x000000018fa987bc WebCore::Document::clearStyleResolver() + 32 (memory:2525) 3 WebCore 0x000000018fc84fdc WebCore::AuthorStyleSheets::updateActiveStyleSheets(WebCore::AuthorStyleSheets::UpdateFlag) + 484 (AuthorStyleSheets.cpp:317) 4 WebCore 0x000000018fa976e8 WebCore::Document::styleResolverChanged(WebCore::StyleResolverUpdateFlag) + 116 (Document.cpp:3671) 5 WebKit 0x000000019466a324 WebKit::WebPage::viewportConfigurationChanged() + 196 (WebPageIOS.mm:2934) 6 WebKit 0x000000019465d5e0 WebKit::WebPage::mainFrameDidLayout() + 156 (WebPage.cpp:3807) 7 WebCore 0x000000018fadad1c WebCore::FrameView::performPostLayoutTasks() + 292 (FrameView.cpp:3198) 8 WebCore 0x000000018fad6ec4 WebCore::FrameView::layout(bool) + 3536 (FrameView.cpp:1493) 9 WebCore 0x000000018fad3bd4 WebCore::Document::implicitClose() + 788 (Document.cpp:2797) 10 WebCore 0x000000018fad2fd4 WebCore::FrameLoader::checkCompleted() + 352 (FrameLoader.cpp:869) 11 WebCore 0x000000018fb04a88 WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*, bool) + 124 (CachedResourceLoader.cpp:985) 12 WebCore 0x000000018fb06afc WebCore::SubresourceLoader::didCancel(WebCore::ResourceError const&) + 92 (SubresourceLoader.cpp:519) 13 WebCore 0x000000018fb06500 WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) + 476 (ResourceLoader.cpp:598) 14 WebCore 0x000000018fb06298 WebCore::ResourceLoader::cancel() + 64 (ResourceLoader.cpp:554) 15 WebCore 0x0000000190817e10 WebCore::SubresourceLoader::willSendRequestInternal(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 836 (SubresourceLoader.cpp:222) 16 WebCore 0x000000018fa78378 WebCore::ResourceLoader::init(WebCore::ResourceRequest const&) + 284 (ResourceLoader.cpp:146) 17 WebCore 0x000000018fa78114 WebCore::SubresourceLoader::init(WebCore::ResourceRequest const&) + 32 (SubresourceLoader.cpp:144) 18 WebCore 0x00000001908179f8 WebCore::SubresourceLoader::create(WebCore::Frame&, WebCore::CachedResource&, WebCore::ResourceRequest const&, WebCore::ResourceLoaderOptions const&) + 196 (SubresourceLoader.cpp:112) 19 WebKit 0x000000019464c724 WebKit::WebLoaderStrategy::loadResource(WebCore::Frame&, WebCore::CachedResource&, WebCore::ResourceRequest const&, WebCore::ResourceLoaderOptions const&) + 52 (WebLoaderStrategy.cpp:76) 20 WebCore 0x000000018fcb75ec WebCore::CachedResource::load(WebCore::CachedResourceLoader&, WebCore::ResourceLoaderOptions const&) + 1136 (CachedResource.cpp:291) 21 WebCore 0x000000018fa75288 WebCore::CachedResourceLoader::requestResource(WebCore::CachedResource::Type, WebCore::CachedResourceRequest&) + 2060 (CachedResourceLoader.cpp:642) 22 WebCore 0x000000018fb1268c WebCore::CachedResourceLoader::requestImage(WebCore::CachedResourceRequest&) + 284 (CachedResourceLoader.cpp:192) 23 WebCore 0x000000018fd729ac WebCore::CSSImageValue::cachedImage(WebCore::CachedResourceLoader&, WebCore::ResourceLoaderOptions const&) + 448 (CSSImageValue.cpp:89) 24 WebCore 0x000000019035c520 WebCore::Style::loadPendingImage(WebCore::Document&, WebCore::StyleImage const&, WebCore::Element const*, WebCore::Style::LoadPolicy) + 168 (StylePendingResources.cpp:60) 25 WebCore 0x000000019035c148 WebCore::Style::loadPendingResources(WebCore::Style::PendingResources const&, WebCore::Document&, WebCore::RenderStyle&, WebCore::Element const*) + 1876 (StylePendingResources.cpp:86) 26 WebCore 0x000000019080233c WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const&, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) + 2316 (StyleResolver.cpp:2115) 27 WebCore 0x00000001908043e0 WebCore::StyleResolver::pseudoStyleForElement(WebCore::Element const&, WebCore::PseudoStyleRequest const&, WebCore::RenderStyle const&) + 596 (StyleResolver.cpp:650) 28 WebCore 0x000000019061fe84 WebCore::RenderElement::getCachedPseudoStyle(WebCore::PseudoId, WebCore::RenderStyle const*) const + 128 (RenderElement.cpp:1546) 29 WebCore 0x00000001906ec0d8 WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement(WebCore::Element&, WebCore::PseudoId) + 320 (RenderTreeUpdater.cpp:465) 30 WebCore 0x00000001906ec2e0 WebCore::RenderTreeUpdater::popParent() + 64 (RenderTreeUpdater.cpp:194) 31 WebCore 0x00000001906eb090 WebCore::RenderTreeUpdater::updateRenderTree(WebCore::ContainerNode&) + 736 (RenderTreeUpdater.cpp:207) 32 WebCore 0x00000001906ead50 WebCore::RenderTreeUpdater::commit(std::__1::unique_ptr<WebCore::Style::Update, std::__1::default_delete<WebCore::Style::Update> >) + 500 (RenderTreeUpdater.cpp:101) 33 WebCore 0x000000018fe09dd4 WebCore::Document::recalcStyle(WebCore::Style::Change) + 624 (Document.cpp:1926) 34 WebCore 0x000000018fad21b4 WebCore::Document::finishedParsing() + 340 (Document.cpp:1972) 35 WebCore 0x000000018facfb8c WebCore::HTMLDocumentParser::prepareToStopParsing() + 172 (HTMLDocumentParser.cpp:405) 36 WebCore 0x000000018facf0a8 WebCore::DocumentWriter::end() + 92 (DocumentWriter.cpp:272) 37 WebCore 0x000000018fac6d54 WebCore::DocumentLoader::finishedLoading(double) + 256 (DocumentLoader.cpp:437) 38 WebCore 0x000000018fb0437c WebCore::CachedResource::checkNotify() + 448 (CachedResource.cpp:307) 39 WebCore 0x000000018fcb5de8 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) + 224 (CachedRawResource.cpp:103) 40 WebCore 0x000000018fb04060 WebCore::SubresourceLoader::didFinishLoading(double) + 1020 (SubresourceLoader.cpp:440) 41 WebKit 0x00000001946f7aa8 WebKit::WebResourceLoader::didFinishResourceLoad(double) + 216 (WebResourceLoader.cpp:158) 42 WebKit 0x00000001946f82e0 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) + 308 (HandleMessage.h:16) 43 WebKit 0x0000000194539194 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 160 (Connection.cpp:887) 44 WebKit 0x000000019453b770 IPC::Connection::dispatchOneMessage() + 204 (Connection.cpp:949)
Attachments
Patch (3.30 KB, patch)
2016-07-13 10:00 PDT, Antti Koivisto 		kling: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2016-07-13 09:38:14 PDT
rdar://problem/27306545
Antti Koivisto
Comment 2 2016-07-13 10:00:47 PDT
Created attachment 283540 [details] Patch
Simon Fraser (smfr)
Comment 3 2016-07-13 11:27:26 PDT
Shouldn't we instead try to avoid the call into FrameView::layout() under Document::recalcStyle(), which would require making something under the ResourceLoader::cancel() code path async?
Antti Koivisto
Comment 4 2016-07-13 11:34:28 PDT
(In reply to comment #3) > Shouldn't we instead try to avoid the call into FrameView::layout() under > Document::recalcStyle(), which would require making something under the > ResourceLoader::cancel() code path async? Yes but those are all complex and risky changes.
Antti Koivisto
Comment 5 2016-07-13 11:36:11 PDT
What we really want is to not trigger loads synchronously from the style resolver in the first place.
Andreas Kling
Comment 6 2016-07-13 12:07:39 PDT
Comment on attachment 283540 [details] Patch r=me It would be good to eventually move to a system where we gather all the loads we need to schedule and fire them at a later point instead of initiating them synchronously from loadPendingImages. That would sidestep the hackish situation Simon raised concerns about.
Antti Koivisto
Comment 7 2016-07-13 12:19:31 PDT
https://trac.webkit.org/r203172
Note You need to log in before you can comment on or make changes to this bug.