WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
185022
Use WindowProxy instead of DOMWindow in our IDL
https://bugs.webkit.org/show_bug.cgi?id=185022
Summary
Use WindowProxy instead of DOMWindow in our IDL
Chris Dumez
Reported
2018-04-25 19:38:31 PDT
Use WindowProxy instead of DOMWindow in our IDL, as per respective specifications.
Attachments
WIP Patch
(108.48 KB, patch)
2018-04-25 21:55 PDT
,
Chris Dumez
ews-watchlist
: commit-queue-
Details
Formatted Diff
Diff
WIP Patch
(111.79 KB, patch)
2018-04-26 08:53 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(126.02 KB, patch)
2018-04-26 09:15 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(125.83 KB, patch)
2018-04-26 09:19 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(129.24 KB, patch)
2018-04-26 09:40 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(129.38 KB, patch)
2018-04-26 10:06 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(129.40 KB, patch)
2018-04-26 10:14 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(129.41 KB, patch)
2018-04-26 10:35 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(130.89 KB, patch)
2018-04-26 11:21 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(134.28 KB, patch)
2018-04-26 11:24 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(134.76 KB, patch)
2018-04-26 11:58 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(136.62 KB, patch)
2018-04-26 12:10 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(148.73 KB, patch)
2018-04-26 22:38 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(148.73 KB, patch)
2018-04-26 22:40 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(148.74 KB, patch)
2018-04-26 22:57 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(149.11 KB, patch)
2018-04-27 08:46 PDT
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Show Obsolete
(15)
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2018-04-25 21:55:10 PDT
Created
attachment 338855
[details]
WIP Patch
EWS Watchlist
Comment 2
2018-04-25 21:57:47 PDT
Attachment 338855
[details]
did not pass style-queue: ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] ERROR: Source/WebCore/bindings/js/WindowProxy.cpp:67: Should have a space between // and comment [whitespace/comments] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] Total errors found: 6 in 70 files If any of these errors are false positives, please file a bug against check-webkit-style.
EWS Watchlist
Comment 3
2018-04-25 22:00:02 PDT
Comment on
attachment 338855
[details]
WIP Patch
Attachment 338855
[details]
did not pass bindings-ews (mac): Output:
http://webkit-queues.webkit.org/results/7464405
New failing tests: (JS) JSTestObj.cpp
Chris Dumez
Comment 4
2018-04-26 08:53:16 PDT
Created
attachment 338874
[details]
WIP Patch
EWS Watchlist
Comment 5
2018-04-26 08:55:26 PDT
Attachment 338874
[details]
did not pass style-queue: ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] ERROR: Source/WebCore/bindings/js/WindowProxy.cpp:67: Should have a space between // and comment [whitespace/comments] [4] ERROR: Source/WebCore/dom/Node.cpp:37: Alphabetical sorting problem. [build/include_order] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] Total errors found: 7 in 74 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 6
2018-04-26 09:15:59 PDT
Created
attachment 338877
[details]
Patch
Chris Dumez
Comment 7
2018-04-26 09:19:19 PDT
Created
attachment 338879
[details]
Patch
EWS Watchlist
Comment 8
2018-04-26 09:21:34 PDT
Attachment 338879
[details]
did not pass style-queue: ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] Total errors found: 5 in 76 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 9
2018-04-26 09:40:36 PDT
Created
attachment 338880
[details]
Patch
EWS Watchlist
Comment 10
2018-04-26 09:43:35 PDT
Attachment 338880
[details]
did not pass style-queue: ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] Total errors found: 9 in 78 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 11
2018-04-26 10:06:19 PDT
Created
attachment 338884
[details]
Patch
EWS Watchlist
Comment 12
2018-04-26 10:08:20 PDT
Attachment 338884
[details]
did not pass style-queue: ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] Total errors found: 9 in 78 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 13
2018-04-26 10:14:29 PDT
Created
attachment 338886
[details]
Patch
EWS Watchlist
Comment 14
2018-04-26 10:16:59 PDT
Attachment 338886
[details]
did not pass style-queue: ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] Total errors found: 9 in 78 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 15
2018-04-26 10:35:36 PDT
Created
attachment 338890
[details]
Patch
EWS Watchlist
Comment 16
2018-04-26 10:37:28 PDT
Attachment 338890
[details]
did not pass style-queue: ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] Total errors found: 9 in 78 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 17
2018-04-26 11:21:27 PDT
Created
attachment 338895
[details]
Patch
EWS Watchlist
Comment 18
2018-04-26 11:23:56 PDT
Attachment 338895
[details]
did not pass style-queue: ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLFrameElement.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindowPrivate.h" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMKeyboardEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindow.cpp" ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] Total errors found: 9 in 80 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 19
2018-04-26 11:24:15 PDT
Created
attachment 338897
[details]
Patch
EWS Watchlist
Comment 20
2018-04-26 11:27:05 PDT
Attachment 338897
[details]
did not pass style-queue: WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMWheelEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindowPrivate.h" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLFrameElement.cpp" ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMKeyboardEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMMouseEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMUIEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindow.cpp" ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] Total errors found: 9 in 83 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 21
2018-04-26 11:58:37 PDT
Created
attachment 338901
[details]
Patch
EWS Watchlist
Comment 22
2018-04-26 12:01:50 PDT
Attachment 338901
[details]
did not pass style-queue: WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMWheelEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindowPrivate.h" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLFrameElement.cpp" ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMKeyboardEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMMouseEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMUIEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindow.cpp" ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] Total errors found: 9 in 83 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 23
2018-04-26 12:10:45 PDT
Created
attachment 338902
[details]
Patch
EWS Watchlist
Comment 24
2018-04-26 12:13:20 PDT
Attachment 338902
[details]
did not pass style-queue: WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMWheelEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindowPrivate.h" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLFrameElement.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDocumentGtk.cpp" ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMKeyboardEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMMouseEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMUIEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindow.cpp" ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLIFrameElement.cpp" ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] Total errors found: 9 in 85 files If any of these errors are false positives, please file a bug against check-webkit-style.
Sam Weinig
Comment 25
2018-04-26 21:10:28 PDT
Comment on
attachment 338902
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=338902&action=review
> Source/WebCore/bindings/js/WindowProxy.cpp:-61 > - it->value->window()->setConsoleClient(nullptr);
What prompted this change?
> Source/WebCore/dom/Document.h:802 > DOMWindow* domWindow() const { return m_domWindow.get(); } > // In DOM Level 2, the Document's DOMWindow is called the defaultView. > - DOMWindow* defaultView() const { return domWindow(); } > + WEBCORE_EXPORT WindowProxy* defaultView() const;
In addition to defaultView() returning a WindowProxy*, I think there should be a windowProxy() member function which does the same thing. defaultView() is a terribly uninformatively named function, and only exists to appease the DOM. Internally in WebCore, I think we should use this new windowProxy() member function instead (much like we used to call the domWindow() instead).
> Source/WebCore/editing/AlternativeTextController.cpp:635 > - Ref<TextEvent> event = TextEvent::createForDictation(m_frame.document()->domWindow(), text, dictationAlternatives); > + Ref<TextEvent> event = TextEvent::createForDictation(m_frame.document()->defaultView(), text, dictationAlternatives);
Seems like this could just call m_frame->windowProxy(). Also could probably use auto.
> Source/WebCore/page/DragController.cpp:511 > + auto event = TextEvent::createForDrop(innerFrame->document()->defaultView(), text);
Could just call innerFrame->windowProxy().
> Source/WebCore/page/EventHandler.cpp:3805 > + Ref<TextEvent> event = TextEvent::create(m_frame.document()->defaultView(), text, inputType);
Could just call m_frame.windowProxy(). Could also use auto.
> Source/WebCore/page/Frame.cpp:215 > + windowProxy().destroyAllJSWindowProxies();
This feels icky. It seems weird that it is called here, and then again in the WindowProxy destructor. If we really can't figure out another way, please at least add a comment explaining it.
Chris Dumez
Comment 26
2018-04-26 21:56:36 PDT
Comment on
attachment 338902
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=338902&action=review
>> Source/WebCore/bindings/js/WindowProxy.cpp:-61 >> - it->value->window()->setConsoleClient(nullptr); > > What prompted this change?
JSWindowProxy::window() does a jsCast, which is not allowed during sweeping :/ It is for the same reason that I had to clear all proxies in the Frame destructor. I gave some more details in the change log. I will try and find a better way to address. Let me know if you have an idea.
>> Source/WebCore/dom/Document.h:802 >> + WEBCORE_EXPORT WindowProxy* defaultView() const; > > In addition to defaultView() returning a WindowProxy*, I think there should be a windowProxy() member function which does the same thing. defaultView() is a terribly uninformatively named function, and only exists to appease the DOM. Internally in WebCore, I think we should use this new windowProxy() member function instead (much like we used to call the domWindow() instead).
I guess we can simply rename this method to windowProxy and update all call sites? I do not think keeping defaultView method is very useful.
>> Source/WebCore/editing/AlternativeTextController.cpp:635 >> + Ref<TextEvent> event = TextEvent::createForDictation(m_frame.document()->defaultView(), text, dictationAlternatives); > > Seems like this could just call m_frame->windowProxy(). Also could probably use auto.
Ok
>> Source/WebCore/page/DragController.cpp:511 >> + auto event = TextEvent::createForDrop(innerFrame->document()->defaultView(), text); > > Could just call innerFrame->windowProxy().
Ok.
>> Source/WebCore/page/EventHandler.cpp:3805 >> + Ref<TextEvent> event = TextEvent::create(m_frame.document()->defaultView(), text, inputType); > > Could just call m_frame.windowProxy(). Could also use auto.
Ok.
>> Source/WebCore/page/Frame.cpp:215 >> + windowProxy().destroyAllJSWindowProxies(); > > This feels icky. It seems weird that it is called here, and then again in the WindowProxy destructor. If we really can't figure out another way, please at least add a comment explaining it.
Yes, I will try to find a better way. I explained in the change log why I had to do it. I agree it is unfortunate though.
Chris Dumez
Comment 27
2018-04-26 22:05:23 PDT
(In reply to Chris Dumez from
comment #26
)
> Comment on
attachment 338902
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=338902&action=review
> > >> Source/WebCore/bindings/js/WindowProxy.cpp:-61 > >> - it->value->window()->setConsoleClient(nullptr); > > > > What prompted this change? > > JSWindowProxy::window() does a jsCast, which is not allowed during sweeping > :/ It is for the same reason that I had to clear all proxies in the Frame > destructor. I gave some more details in the change log. I will try and find > a better way to address. Let me know if you have an idea.
FYI crash log looks like: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x000000066fc6c3d0 WTFCrash + 16 (Assertions.cpp:261) 1 com.apple.WebCore 0x0000000660096b5b JSC::JSCell::classInfo(JSC::VM&) const + 107 (JSCellInlines.h:297) 2 com.apple.WebCore 0x0000000660096ac1 JSC::JSCell::inherits(JSC::VM&, JSC::ClassInfo const*) const + 33 (JSCellInlines.h:265) 3 com.apple.WebCore 0x0000000660370494 WebCore::JSDOMGlobalObject* JSC::jsCast<WebCore::JSDOMGlobalObject*, JSC::JSObject>(JSC::JSObject*) + 68 (JSCast.h:36) 4 com.apple.WebCore 0x000000066036f14d WebCore::JSWindowProxy::window() const + 29 (JSWindowProxy.h:53) 5 com.apple.WebCore 0x00000006619b0e57 WebCore::ScriptController::enableEval() + 71 (ScriptController.cpp:346) 6 com.apple.WebCore 0x000000066260c65d WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 749 (FrameLoader.cpp:658) 7 com.apple.WebCore 0x000000066261bfac WebCore::FrameLoader::cancelAndClear() + 108 (FrameLoader.cpp:597) 8 com.apple.WebCore 0x00000006627d4c49 WebCore::Frame::~Frame() + 89 (Frame.cpp:217) 9 com.apple.WebCore 0x00000006627d52a5 WebCore::Frame::~Frame() + 21 (Frame.cpp:232) 10 com.apple.WebCore 0x00000006627d52c9 WebCore::Frame::~Frame() + 25 (Frame.cpp:214) 11 com.apple.WebCore 0x000000066042dbbf WTF::ThreadSafeRefCounted<WebCore::AbstractFrame, (WTF::DestructionThread)0>::deref() const + 79 (ThreadSafeRefCounted.h:77) 12 com.apple.WebCore 0x00000006619d611c WebCore::WindowProxy::deref() + 28 (WindowProxy.cpp:192) 13 com.apple.WebCore 0x00000006604e6e9e void WTF::derefIfNotNull<WebCore::WindowProxy>(WebCore::WindowProxy*) + 46 (RefPtr.h:46) 14 com.apple.WebCore 0x00000006604e6e69 WTF::RefPtr<WebCore::WindowProxy, WTF::DumbPtrTraits<WebCore::WindowProxy> >::~RefPtr() + 41 (RefPtr.h:70) 15 com.apple.WebCore 0x00000006604e6e35 WTF::RefPtr<WebCore::WindowProxy, WTF::DumbPtrTraits<WebCore::WindowProxy> >::~RefPtr() + 21 (RefPtr.h:70) 16 com.apple.WebCore 0x0000000661ffe881 WebCore::UIEvent::~UIEvent() + 49 (UIEvent.cpp:56) 17 com.apple.WebCore 0x0000000661f0dce5 WebCore::UIEventWithKeyState::~UIEventWithKeyState() + 21 (UIEventWithKeyState.h:31) 18 com.apple.WebCore 0x0000000661f35145 WebCore::MouseRelatedEvent::~MouseRelatedEvent() + 21 (MouseRelatedEvent.h:39) 19 com.apple.WebCore 0x0000000661f35121 WebCore::MouseEvent::~MouseEvent() + 81 (MouseEvent.cpp:128) 20 com.apple.WebCore 0x0000000661f35165 WebCore::MouseEvent::~MouseEvent() + 21 (MouseEvent.cpp:128) 21 com.apple.WebCore 0x0000000661f35189 WebCore::MouseEvent::~MouseEvent() + 25 (MouseEvent.cpp:128) 22 com.apple.WebCore 0x000000066011733f WTF::RefCounted<WebCore::Event>::deref() const + 79 (RefCounted.h:145) 23 com.apple.WebCore 0x00000006601fc153 WTF::Ref<WebCore::Event, WTF::DumbPtrTraits<WebCore::Event> >::~Ref() + 51 (Ref.h:62) 24 com.apple.WebCore 0x00000006601f0e05 WTF::Ref<WebCore::Event, WTF::DumbPtrTraits<WebCore::Event> >::~Ref() + 21 (Ref.h:62) 25 com.apple.WebCore 0x000000066079ccf9 WebCore::JSDOMWrapper<WebCore::Event>::~JSDOMWrapper() + 25 (JSDOMWrapper.h:72) 26 com.apple.WebCore 0x000000066079ccd5 WebCore::JSEvent::~JSEvent() + 21 (JSEvent.h:30) 27 com.apple.WebCore 0x00000006607984e5 WebCore::JSEvent::~JSEvent() + 21 (JSEvent.h:30) 28 com.apple.WebCore 0x00000006607962dd WebCore::JSEvent::destroy(JSC::JSCell*) + 29 (JSEvent.cpp:253) 29 com.apple.JavaScriptCore 0x0000000670eca2fa JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM&, JSC::JSCell*) const + 42 (JSDestructibleObjectHeapCellType.cpp:38) 30 com.apple.JavaScriptCore 0x0000000670ed16d5 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::'lambda'(void*)::operator()(void*) const + 69 (MarkedBlockInlines.h:256) 31 com.apple.JavaScriptCore 0x0000000670ed1744 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&)::'lambda'(unsigned long)::operator()(unsigned long) const + 84 (MarkedBlockInlines.h:316) 32 com.apple.JavaScriptCore 0x0000000670ecc4d6 void JSC::MarkedBlock::Handle::specializedSweep<false, (JSC::MarkedBlock::Handle::EmptyMode)0, (JSC::MarkedBlock::Handle::SweepMode)0, (JSC::MarkedBlock::Handle::SweepDestructionMode)0, (JSC::MarkedBlock::Handle::ScribbleMode)0, (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, (JSC::MarkedBlock::Handle::MarksMode)0, JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, JSC::MarkedBlock::Handle::SweepDestructionMode, JSC::MarkedBlock::Handle::ScribbleMode, JSC::MarkedBlock::Handle::NewlyAllocatedMode, JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc const&) + 1366 (MarkedBlockInlines.h:337) 33 com.apple.JavaScriptCore 0x0000000670eca290 void JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, JSC::JSDestructibleObjectDestroyFunc const&) + 304 (MarkedBlockInlines.h:432) 34 com.apple.JavaScriptCore 0x0000000670eca158 JSC::JSDestructibleObjectHeapCellType::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) + 40 (JSDestructibleObjectHeapCellType.cpp:53) 35 com.apple.JavaScriptCore 0x0000000670a6c906 JSC::Subspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) + 70 (Subspace.cpp:66) 36 com.apple.JavaScriptCore 0x0000000670a51417 JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) + 615 (MarkedBlock.cpp:432) 37 com.apple.JavaScriptCore 0x0000000670a46134 JSC::LocalAllocator::tryAllocateIn(JSC::MarkedBlock::Handle*) + 164 (LocalAllocator.cpp:260) 38 com.apple.JavaScriptCore 0x0000000670a45ec0 JSC::LocalAllocator::tryAllocateWithoutCollecting() + 224 (LocalAllocator.cpp:221) 39 com.apple.JavaScriptCore 0x0000000670a45b33 JSC::LocalAllocator::allocateSlowCase(JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 371 (LocalAllocator.cpp:168) 40 com.apple.JavaScriptCore 0x00000006709ec7b1 JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::'lambda'()::operator()() const + 81 (LocalAllocatorInlines.h:37) 41 com.apple.JavaScriptCore 0x00000006709ec729 JSC::HeapCell* JSC::FreeList::allocate<JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::'lambda'()>(JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode)::'lambda'() const&) + 169 (FreeListInlines.h:46) 42 com.apple.JavaScriptCore 0x00000006709ec5ce JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 62 (LocalAllocatorInlines.h:34) 43 com.apple.JavaScriptCore 0x00000006709ecd21 void* JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, JSC::AllocationFailureMode, JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) const::'lambda'(JSC::LocalAllocator&)::operator()(JSC::LocalAllocator&) const + 49 (AllocatorInlines.h:45) 44 com.apple.JavaScriptCore 0x00000006709ecccf void JSC::ThreadLocalCache::tryGetAllocator<void* JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, JSC::AllocationFailureMode, JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) const::'lambda'(JSC::LocalAllocator&), void* JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, JSC::AllocationFailureMode, JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) const::'lambda'()>(JSC::VM&, unsigned long, JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&, void* JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, JSC::AllocationFailureMode, JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) const::'lambda'() const&) + 111 (ThreadLocalCacheInlines.h:74) 45 com.apple.JavaScriptCore 0x00000006709ea53f void* JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, JSC::AllocationFailureMode, JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) const + 95 (AllocatorInlines.h:50) 46 com.apple.JavaScriptCore 0x00000006709ea4d0 JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 128 (CompleteSubspace.cpp:64) 47 com.apple.JavaScriptCore 0x0000000670f02ac4 void* JSC::tryAllocateCellHelper<JSC::JSProxy>(JSC::Heap&, unsigned long, JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 196 (JSCellInlines.h:151) 48 com.apple.JavaScriptCore 0x0000000670f02963 void* JSC::allocateCell<JSC::JSProxy>(JSC::Heap&, unsigned long) + 35 (JSCellInlines.h:165) 49 com.apple.JavaScriptCore 0x0000000670ef848e JSC::JSProxy::create(JSC::VM&, JSC::Structure*, JSC::JSObject*) + 46 (JSProxy.h:39) 50 com.apple.JavaScriptCore 0x0000000670ef757f JSC::JSGlobalObject::resetPrototype(JSC::VM&, JSC::JSValue) + 239 (JSGlobalObject.cpp:1313) 51 com.apple.JavaScriptCore 0x0000000670eecbbc JSC::JSGlobalObject::init(JSC::VM&) + 77036 (JSGlobalObject.cpp:1084) 52 com.apple.JavaScriptCore 0x0000000670ef9bac JSC::JSGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 124 (JSGlobalObject.cpp:1624) 53 com.apple.WebCore 0x000000066194c09a WebCore::JSDOMGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 58 (JSDOMGlobalObject.cpp:190) 54 com.apple.WebCore 0x0000000661960438 WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSWindowProxy*) + 72 (JSDOMWindowBase.cpp:92) 55 com.apple.WebCore 0x00000006605c5096 WebCore::JSDOMWindow::finishCreation(JSC::VM&, WebCore::JSWindowProxy*) + 70 (JSDOMWindow.cpp:6129) 56 com.apple.WebCore 0x00000006619a7574 WebCore::JSDOMWindow::create(JSC::VM&, JSC::Structure*, WTF::Ref<WebCore::DOMWindow, WTF::DumbPtrTraits<WebCore::DOMWindow> >&&, WebCore::JSWindowProxy*) + 148 (JSDOMWindow.h:40) 57 com.apple.WebCore 0x00000006619a6b43 WebCore::JSWindowProxy::setWindow(WebCore::AbstractDOMWindow&) + 675 (JSWindowProxy.cpp:107) 58 com.apple.WebCore 0x00000006619d5b60 WebCore::WindowProxy::setDOMWindow(WebCore::AbstractDOMWindow*) + 272 (WindowProxy.cpp:153) 59 com.apple.WebCore 0x000000066260c62b WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 699 (FrameLoader.cpp:653) 60 com.apple.WebCore 0x000000066260bad0 WebCore::DocumentWriter::begin(WebCore::URL const&, bool, WebCore::Document*) + 592 (DocumentWriter.cpp:162) 61 com.apple.WebCore 0x00000006625cf3ae WebCore::DocumentLoader::commitData(char const*, unsigned long) + 142 (DocumentLoader.cpp:994) 62 com.apple.WebKit 0x000000010143428f WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 79 (WebFrameLoaderClient.cpp:1021) 63 com.apple.WebCore 0x00000006625d4bdd WebCore::DocumentLoader::commitLoad(char const*, int) + 205 (DocumentLoader.cpp:965) 64 com.apple.WebCore 0x00000006625d4aff WebCore::DocumentLoader::dataReceived(char const*, int) + 511 (DocumentLoader.cpp:1105) 65 com.apple.WebCore 0x00000006625d52b4 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) + 116 (DocumentLoader.cpp:1078) 66 com.apple.WebCore 0x00000006625d52fa non-virtual thunk to WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) + 58 67 com.apple.WebCore 0x00000006626fc558 WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 152 (CachedRawResource.cpp:132) 68 com.apple.WebCore 0x00000006626fc348 WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) + 344 (CachedRawResource.cpp:71) 69 com.apple.WebCore 0x00000006626975aa WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> >&&, long long, WebCore::DataPayloadType) + 538 (SubresourceLoader.cpp:450) 70 com.apple.WebCore 0x0000000662697372 WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) + 98 (SubresourceLoader.cpp:418) 71 com.apple.WebKit 0x00000001018b7534 WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) + 564 (WebResourceLoader.cpp:143) 72 com.apple.WebKit 0x00000001018bba00 void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 192 (HandleMessage.h:41) 73 com.apple.WebKit 0x00000001018bb930 void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) + 96 (HandleMessage.h:47) 74 com.apple.WebKit 0x00000001018bacc1 void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) + 289 (HandleMessage.h:127) 75 com.apple.WebKit 0x00000001018ba3f6 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) + 502 (WebResourceLoaderMessageReceiver.cpp:62) 76 com.apple.WebKit 0x0000000100e7e429 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 169 (NetworkProcessConnection.cpp:71) 77 com.apple.WebKit 0x0000000100bdced3 IPC::Connection::dispatchMessage(IPC::Decoder&) + 51 (Connection.cpp:907) 78 com.apple.WebKit 0x0000000100bd2488 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 712 79 com.apple.WebKit 0x0000000100bdd4da IPC::Connection::dispatchOneMessage() + 1530 (Connection.cpp:964) 80 com.apple.WebKit 0x0000000100bf579d IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() + 29 (Connection.cpp:901) 81 com.apple.WebKit 0x0000000100bf56f9 WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() + 25 (Function.h:101) 82 com.apple.JavaScriptCore 0x000000066fc90c1b WTF::Function<void ()>::operator()() const + 139 (Function.h:56) 83 com.apple.JavaScriptCore 0x000000066fce28e3 WTF::RunLoop::performWork() + 211 (RunLoop.cpp:107) 84 com.apple.JavaScriptCore 0x000000066fce31e4 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 85 com.apple.CoreFoundation 0x00007fff4c987a61 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 86 com.apple.CoreFoundation 0x00007fff4ca4147c __CFRunLoopDoSource0 + 108 87 com.apple.CoreFoundation 0x00007fff4c96a4c0 __CFRunLoopDoSources0 + 208 88 com.apple.CoreFoundation 0x00007fff4c96993d __CFRunLoopRun + 1293 89 com.apple.CoreFoundation 0x00007fff4c9691a3 CFRunLoopRunSpecific + 483 90 com.apple.HIToolbox 0x00007fff4bc51d96 RunCurrentEventLoopInMode + 286 91 com.apple.HIToolbox 0x00007fff4bc51b06 ReceiveNextEventCommon + 613 92 com.apple.HIToolbox 0x00007fff4bc51884 _BlockUntilNextEventMatchingListInModeWithFilter + 64 93 com.apple.AppKit 0x00007fff49f04b53 _DPSNextEvent + 2085 94 com.apple.AppKit 0x00007fff4a69aeb0 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 95 com.apple.AppKit 0x00007fff49ef9965 -[NSApplication run] + 764 96 com.apple.AppKit 0x00007fff49ec8b3e NSApplicationMain + 804 97 libxpc.dylib 0x00007fff75144f57 _xpc_objc_main + 580 98 libxpc.dylib 0x00007fff75143baa xpc_main + 417 99 com.apple.WebKit.WebContent 0x0000000100a7813b main + 1195 (XPCServiceMain.mm:160) 100 libdyld.dylib 0x00007fff74dea015 start + 1
Chris Dumez
Comment 28
2018-04-26 22:08:05 PDT
(In reply to Chris Dumez from
comment #27
)
> (In reply to Chris Dumez from
comment #26
) > > Comment on
attachment 338902
[details]
> > Patch > > > > View in context: > >
https://bugs.webkit.org/attachment.cgi?id=338902&action=review
> > > > >> Source/WebCore/bindings/js/WindowProxy.cpp:-61 > > >> - it->value->window()->setConsoleClient(nullptr); > > > > > > What prompted this change? > > > > JSWindowProxy::window() does a jsCast, which is not allowed during sweeping > > :/ It is for the same reason that I had to clear all proxies in the Frame > > destructor. I gave some more details in the change log. I will try and find > > a better way to address. Let me know if you have an idea. > > FYI crash log looks like: > Thread 0 Crashed:: Dispatch queue: com.apple.main-thread > 0 com.apple.JavaScriptCore 0x000000066fc6c3d0 WTFCrash + 16 > (Assertions.cpp:261) > 1 com.apple.WebCore 0x0000000660096b5b > JSC::JSCell::classInfo(JSC::VM&) const + 107 (JSCellInlines.h:297) > 2 com.apple.WebCore 0x0000000660096ac1 > JSC::JSCell::inherits(JSC::VM&, JSC::ClassInfo const*) const + 33 > (JSCellInlines.h:265) > 3 com.apple.WebCore 0x0000000660370494 > WebCore::JSDOMGlobalObject* JSC::jsCast<WebCore::JSDOMGlobalObject*, > JSC::JSObject>(JSC::JSObject*) + 68 (JSCast.h:36) > 4 com.apple.WebCore 0x000000066036f14d > WebCore::JSWindowProxy::window() const + 29 (JSWindowProxy.h:53) > 5 com.apple.WebCore 0x00000006619b0e57 > WebCore::ScriptController::enableEval() + 71 (ScriptController.cpp:346) > 6 com.apple.WebCore 0x000000066260c65d > WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 749 > (FrameLoader.cpp:658) > 7 com.apple.WebCore 0x000000066261bfac > WebCore::FrameLoader::cancelAndClear() + 108 (FrameLoader.cpp:597) > 8 com.apple.WebCore 0x00000006627d4c49 > WebCore::Frame::~Frame() + 89 (Frame.cpp:217) > 9 com.apple.WebCore 0x00000006627d52a5 > WebCore::Frame::~Frame() + 21 (Frame.cpp:232) > 10 com.apple.WebCore 0x00000006627d52c9 > WebCore::Frame::~Frame() + 25 (Frame.cpp:214) > 11 com.apple.WebCore 0x000000066042dbbf > WTF::ThreadSafeRefCounted<WebCore::AbstractFrame, > (WTF::DestructionThread)0>::deref() const + 79 (ThreadSafeRefCounted.h:77) > 12 com.apple.WebCore 0x00000006619d611c > WebCore::WindowProxy::deref() + 28 (WindowProxy.cpp:192) > 13 com.apple.WebCore 0x00000006604e6e9e void > WTF::derefIfNotNull<WebCore::WindowProxy>(WebCore::WindowProxy*) + 46 > (RefPtr.h:46) > 14 com.apple.WebCore 0x00000006604e6e69 > WTF::RefPtr<WebCore::WindowProxy, WTF::DumbPtrTraits<WebCore::WindowProxy> > >::~RefPtr() + 41 (RefPtr.h:70) > 15 com.apple.WebCore 0x00000006604e6e35 > WTF::RefPtr<WebCore::WindowProxy, WTF::DumbPtrTraits<WebCore::WindowProxy> > >::~RefPtr() + 21 (RefPtr.h:70) > 16 com.apple.WebCore 0x0000000661ffe881 > WebCore::UIEvent::~UIEvent() + 49 (UIEvent.cpp:56) > 17 com.apple.WebCore 0x0000000661f0dce5 > WebCore::UIEventWithKeyState::~UIEventWithKeyState() + 21 > (UIEventWithKeyState.h:31) > 18 com.apple.WebCore 0x0000000661f35145 > WebCore::MouseRelatedEvent::~MouseRelatedEvent() + 21 > (MouseRelatedEvent.h:39) > 19 com.apple.WebCore 0x0000000661f35121 > WebCore::MouseEvent::~MouseEvent() + 81 (MouseEvent.cpp:128) > 20 com.apple.WebCore 0x0000000661f35165 > WebCore::MouseEvent::~MouseEvent() + 21 (MouseEvent.cpp:128) > 21 com.apple.WebCore 0x0000000661f35189 > WebCore::MouseEvent::~MouseEvent() + 25 (MouseEvent.cpp:128) > 22 com.apple.WebCore 0x000000066011733f > WTF::RefCounted<WebCore::Event>::deref() const + 79 (RefCounted.h:145) > 23 com.apple.WebCore 0x00000006601fc153 > WTF::Ref<WebCore::Event, WTF::DumbPtrTraits<WebCore::Event> >::~Ref() + 51 > (Ref.h:62) > 24 com.apple.WebCore 0x00000006601f0e05 > WTF::Ref<WebCore::Event, WTF::DumbPtrTraits<WebCore::Event> >::~Ref() + 21 > (Ref.h:62) > 25 com.apple.WebCore 0x000000066079ccf9 > WebCore::JSDOMWrapper<WebCore::Event>::~JSDOMWrapper() + 25 > (JSDOMWrapper.h:72) > 26 com.apple.WebCore 0x000000066079ccd5 > WebCore::JSEvent::~JSEvent() + 21 (JSEvent.h:30) > 27 com.apple.WebCore 0x00000006607984e5 > WebCore::JSEvent::~JSEvent() + 21 (JSEvent.h:30) > 28 com.apple.WebCore 0x00000006607962dd > WebCore::JSEvent::destroy(JSC::JSCell*) + 29 (JSEvent.cpp:253) > 29 com.apple.JavaScriptCore 0x0000000670eca2fa > JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM&, JSC::JSCell*) > const + 42 (JSDestructibleObjectHeapCellType.cpp:38) > 30 com.apple.JavaScriptCore 0x0000000670ed16d5 void > JSC::MarkedBlock::Handle::specializedSweep<false, > (JSC::MarkedBlock::Handle::EmptyMode)0, > (JSC::MarkedBlock::Handle::SweepMode)0, > (JSC::MarkedBlock::Handle::SweepDestructionMode)0, > (JSC::MarkedBlock::Handle::ScribbleMode)0, > (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, > (JSC::MarkedBlock::Handle::MarksMode)0, > JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, > JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, > JSC::MarkedBlock::Handle::SweepDestructionMode, > JSC::MarkedBlock::Handle::ScribbleMode, > JSC::MarkedBlock::Handle::NewlyAllocatedMode, > JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc > const&)::'lambda'(void*)::operator()(void*) const + 69 > (MarkedBlockInlines.h:256) > 31 com.apple.JavaScriptCore 0x0000000670ed1744 void > JSC::MarkedBlock::Handle::specializedSweep<false, > (JSC::MarkedBlock::Handle::EmptyMode)0, > (JSC::MarkedBlock::Handle::SweepMode)0, > (JSC::MarkedBlock::Handle::SweepDestructionMode)0, > (JSC::MarkedBlock::Handle::ScribbleMode)0, > (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, > (JSC::MarkedBlock::Handle::MarksMode)0, > JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, > JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, > JSC::MarkedBlock::Handle::SweepDestructionMode, > JSC::MarkedBlock::Handle::ScribbleMode, > JSC::MarkedBlock::Handle::NewlyAllocatedMode, > JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc > const&)::'lambda'(unsigned long)::operator()(unsigned long) const + 84 > (MarkedBlockInlines.h:316) > 32 com.apple.JavaScriptCore 0x0000000670ecc4d6 void > JSC::MarkedBlock::Handle::specializedSweep<false, > (JSC::MarkedBlock::Handle::EmptyMode)0, > (JSC::MarkedBlock::Handle::SweepMode)0, > (JSC::MarkedBlock::Handle::SweepDestructionMode)0, > (JSC::MarkedBlock::Handle::ScribbleMode)0, > (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, > (JSC::MarkedBlock::Handle::MarksMode)0, > JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, > JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, > JSC::MarkedBlock::Handle::SweepDestructionMode, > JSC::MarkedBlock::Handle::ScribbleMode, > JSC::MarkedBlock::Handle::NewlyAllocatedMode, > JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc > const&) + 1366 (MarkedBlockInlines.h:337) > 33 com.apple.JavaScriptCore 0x0000000670eca290 void > JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC:: > JSDestructibleObjectDestroyFunc>(JSC::FreeList*, > JSC::JSDestructibleObjectDestroyFunc const&) + 304 (MarkedBlockInlines.h:432) > 34 com.apple.JavaScriptCore 0x0000000670eca158 > JSC::JSDestructibleObjectHeapCellType::finishSweep(JSC::MarkedBlock::Handle&, > JSC::FreeList*) + 40 (JSDestructibleObjectHeapCellType.cpp:53) > 35 com.apple.JavaScriptCore 0x0000000670a6c906 > JSC::Subspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) + 70 > (Subspace.cpp:66) > 36 com.apple.JavaScriptCore 0x0000000670a51417 > JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) + 615 (MarkedBlock.cpp:432) > 37 com.apple.JavaScriptCore 0x0000000670a46134 > JSC::LocalAllocator::tryAllocateIn(JSC::MarkedBlock::Handle*) + 164 > (LocalAllocator.cpp:260) > 38 com.apple.JavaScriptCore 0x0000000670a45ec0 > JSC::LocalAllocator::tryAllocateWithoutCollecting() + 224 > (LocalAllocator.cpp:221) > 39 com.apple.JavaScriptCore 0x0000000670a45b33 > JSC::LocalAllocator::allocateSlowCase(JSC::GCDeferralContext*, > JSC::AllocationFailureMode) + 371 (LocalAllocator.cpp:168) > 40 com.apple.JavaScriptCore 0x00000006709ec7b1 > JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, > JSC::AllocationFailureMode)::'lambda'()::operator()() const + 81 > (LocalAllocatorInlines.h:37) > 41 com.apple.JavaScriptCore 0x00000006709ec729 JSC::HeapCell* > JSC::FreeList::allocate<JSC::LocalAllocator::allocate(JSC:: > GCDeferralContext*, > JSC::AllocationFailureMode)::'lambda'()>(JSC::LocalAllocator::allocate(JSC:: > GCDeferralContext*, JSC::AllocationFailureMode)::'lambda'() const&) + 169 > (FreeListInlines.h:46) > 42 com.apple.JavaScriptCore 0x00000006709ec5ce > JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, > JSC::AllocationFailureMode) + 62 (LocalAllocatorInlines.h:34) > 43 com.apple.JavaScriptCore 0x00000006709ecd21 void* > JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC:: > VM&, unsigned long, JSC::GCDeferralContext*, > JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, > JSC::AllocationFailureMode, > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) > const::'lambda'(JSC::LocalAllocator&)::operator()(JSC::LocalAllocator&) > const + 49 (AllocatorInlines.h:45) > 44 com.apple.JavaScriptCore 0x00000006709ecccf void > JSC::ThreadLocalCache::tryGetAllocator<void* > JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC:: > VM&, unsigned long, JSC::GCDeferralContext*, > JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, > JSC::AllocationFailureMode, > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) > const::'lambda'(JSC::LocalAllocator&), void* > JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC:: > VM&, unsigned long, JSC::GCDeferralContext*, > JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, > JSC::AllocationFailureMode, > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) > const::'lambda'()>(JSC::VM&, unsigned long, > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&, void* > JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC:: > VM&, unsigned long, JSC::GCDeferralContext*, > JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, > JSC::AllocationFailureMode, > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) > const::'lambda'() const&) + 111 (ThreadLocalCacheInlines.h:74) > 45 com.apple.JavaScriptCore 0x00000006709ea53f void* > JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC:: > VM&, unsigned long, JSC::GCDeferralContext*, > JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, > JSC::AllocationFailureMode, > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) const + 95 > (AllocatorInlines.h:50) > 46 com.apple.JavaScriptCore 0x00000006709ea4d0 > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 128 > (CompleteSubspace.cpp:64) > 47 com.apple.JavaScriptCore 0x0000000670f02ac4 void* > JSC::tryAllocateCellHelper<JSC::JSProxy>(JSC::Heap&, unsigned long, > JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 196 > (JSCellInlines.h:151) > 48 com.apple.JavaScriptCore 0x0000000670f02963 void* > JSC::allocateCell<JSC::JSProxy>(JSC::Heap&, unsigned long) + 35 > (JSCellInlines.h:165) > 49 com.apple.JavaScriptCore 0x0000000670ef848e > JSC::JSProxy::create(JSC::VM&, JSC::Structure*, JSC::JSObject*) + 46 > (JSProxy.h:39) > 50 com.apple.JavaScriptCore 0x0000000670ef757f > JSC::JSGlobalObject::resetPrototype(JSC::VM&, JSC::JSValue) + 239 > (JSGlobalObject.cpp:1313) > 51 com.apple.JavaScriptCore 0x0000000670eecbbc > JSC::JSGlobalObject::init(JSC::VM&) + 77036 (JSGlobalObject.cpp:1084) > 52 com.apple.JavaScriptCore 0x0000000670ef9bac > JSC::JSGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 124 > (JSGlobalObject.cpp:1624) > 53 com.apple.WebCore 0x000000066194c09a > WebCore::JSDOMGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 58 > (JSDOMGlobalObject.cpp:190) > 54 com.apple.WebCore 0x0000000661960438 > WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSWindowProxy*) > + 72 (JSDOMWindowBase.cpp:92) > 55 com.apple.WebCore 0x00000006605c5096 > WebCore::JSDOMWindow::finishCreation(JSC::VM&, WebCore::JSWindowProxy*) + 70 > (JSDOMWindow.cpp:6129) > 56 com.apple.WebCore 0x00000006619a7574 > WebCore::JSDOMWindow::create(JSC::VM&, JSC::Structure*, > WTF::Ref<WebCore::DOMWindow, WTF::DumbPtrTraits<WebCore::DOMWindow> >&&, > WebCore::JSWindowProxy*) + 148 (JSDOMWindow.h:40) > 57 com.apple.WebCore 0x00000006619a6b43 > WebCore::JSWindowProxy::setWindow(WebCore::AbstractDOMWindow&) + 675 > (JSWindowProxy.cpp:107) > 58 com.apple.WebCore 0x00000006619d5b60 > WebCore::WindowProxy::setDOMWindow(WebCore::AbstractDOMWindow*) + 272 > (WindowProxy.cpp:153) > 59 com.apple.WebCore 0x000000066260c62b > WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 699 > (FrameLoader.cpp:653) > 60 com.apple.WebCore 0x000000066260bad0 > WebCore::DocumentWriter::begin(WebCore::URL const&, bool, > WebCore::Document*) + 592 (DocumentWriter.cpp:162) > 61 com.apple.WebCore 0x00000006625cf3ae > WebCore::DocumentLoader::commitData(char const*, unsigned long) + 142 > (DocumentLoader.cpp:994) > 62 com.apple.WebKit 0x000000010143428f > WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char > const*, int) + 79 (WebFrameLoaderClient.cpp:1021) > 63 com.apple.WebCore 0x00000006625d4bdd > WebCore::DocumentLoader::commitLoad(char const*, int) + 205 > (DocumentLoader.cpp:965) > 64 com.apple.WebCore 0x00000006625d4aff > WebCore::DocumentLoader::dataReceived(char const*, int) + 511 > (DocumentLoader.cpp:1105) > 65 com.apple.WebCore 0x00000006625d52b4 > WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, > int) + 116 (DocumentLoader.cpp:1078) > 66 com.apple.WebCore 0x00000006625d52fa non-virtual thunk to > WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, > int) + 58 > 67 com.apple.WebCore 0x00000006626fc558 > WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, > unsigned int) + 152 (CachedRawResource.cpp:132) > 68 com.apple.WebCore 0x00000006626fc348 > WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) + 344 > (CachedRawResource.cpp:71) > 69 com.apple.WebCore 0x00000006626975aa > WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, > WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> > >&&, long long, WebCore::DataPayloadType) + 538 (SubresourceLoader.cpp:450) > 70 com.apple.WebCore 0x0000000662697372 > WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long > long, WebCore::DataPayloadType) + 98 (SubresourceLoader.cpp:418) > 71 com.apple.WebKit 0x00000001018b7534 > WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long > long) + 564 (WebResourceLoader.cpp:143) > 72 com.apple.WebKit 0x00000001018bba00 void > IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), > std::__1::tuple<IPC::DataReference, long long>, 0ul, > 1ul>(WebKit::WebResourceLoader*, void > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), > std::__1::tuple<IPC::DataReference, long long>&&, > std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 192 > (HandleMessage.h:41) > 73 com.apple.WebKit 0x00000001018bb930 void > IPC::callMemberFunction<WebKit::WebResourceLoader, void > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), > std::__1::tuple<IPC::DataReference, long long>, > std::__1::integer_sequence<unsigned long, 0ul, 1ul> > >(std::__1::tuple<IPC::DataReference, long long>&&, > WebKit::WebResourceLoader*, void > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) + 96 > (HandleMessage.h:47) > 74 com.apple.WebKit 0x00000001018bacc1 void > IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, > WebKit::WebResourceLoader, void > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long > long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) + 289 > (HandleMessage.h:127) > 75 com.apple.WebKit 0x00000001018ba3f6 > WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC:: > Connection&, IPC::Decoder&) + 502 (WebResourceLoaderMessageReceiver.cpp:62) > 76 com.apple.WebKit 0x0000000100e7e429 > WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, > IPC::Decoder&) + 169 (NetworkProcessConnection.cpp:71) > 77 com.apple.WebKit 0x0000000100bdced3 > IPC::Connection::dispatchMessage(IPC::Decoder&) + 51 (Connection.cpp:907) > 78 com.apple.WebKit 0x0000000100bd2488 > IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, > std::__1::default_delete<IPC::Decoder> >) + 712 > 79 com.apple.WebKit 0x0000000100bdd4da > IPC::Connection::dispatchOneMessage() + 1530 (Connection.cpp:964) > 80 com.apple.WebKit 0x0000000100bf579d > IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, > std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() + 29 > (Connection.cpp:901) > 81 com.apple.WebKit 0x0000000100bf56f9 WTF::Function<void > ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1:: > unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> > >)::$_14>::call() + 25 (Function.h:101) > 82 com.apple.JavaScriptCore 0x000000066fc90c1b WTF::Function<void > ()>::operator()() const + 139 (Function.h:56) > 83 com.apple.JavaScriptCore 0x000000066fce28e3 > WTF::RunLoop::performWork() + 211 (RunLoop.cpp:107) > 84 com.apple.JavaScriptCore 0x000000066fce31e4 > WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) > 85 com.apple.CoreFoundation 0x00007fff4c987a61 > __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 > 86 com.apple.CoreFoundation 0x00007fff4ca4147c __CFRunLoopDoSource0 + > 108 > 87 com.apple.CoreFoundation 0x00007fff4c96a4c0 __CFRunLoopDoSources0 > + 208 > 88 com.apple.CoreFoundation 0x00007fff4c96993d __CFRunLoopRun + 1293 > 89 com.apple.CoreFoundation 0x00007fff4c9691a3 CFRunLoopRunSpecific + > 483 > 90 com.apple.HIToolbox 0x00007fff4bc51d96 > RunCurrentEventLoopInMode + 286 > 91 com.apple.HIToolbox 0x00007fff4bc51b06 ReceiveNextEventCommon > + 613 > 92 com.apple.HIToolbox 0x00007fff4bc51884 > _BlockUntilNextEventMatchingListInModeWithFilter + 64 > 93 com.apple.AppKit 0x00007fff49f04b53 _DPSNextEvent + 2085 > 94 com.apple.AppKit 0x00007fff4a69aeb0 > -[NSApplication(NSEvent) > _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 > 95 com.apple.AppKit 0x00007fff49ef9965 -[NSApplication run] + > 764 > 96 com.apple.AppKit 0x00007fff49ec8b3e NSApplicationMain + 804 > 97 libxpc.dylib 0x00007fff75144f57 _xpc_objc_main + 580 > 98 libxpc.dylib 0x00007fff75143baa xpc_main + 417 > 99 com.apple.WebKit.WebContent 0x0000000100a7813b main + 1195 > (XPCServiceMain.mm:160) > 100 libdyld.dylib 0x00007fff74dea015 start + 1
classInfo looks like: ALWAYS_INLINE const ClassInfo* JSCell::classInfo(VM& vm) const { // What we really want to assert here is that we're not currently destructing this object (which makes its classInfo // invalid). If mutatorState() == MutatorState::Running, then we're not currently sweeping, and therefore cannot be // destructing the object. The GC thread or JIT threads, unlike the mutator thread, are able to access classInfo // independent of whether the mutator thread is sweeping or not. Hence, we also check for !currentThreadIsHoldingAPILock() // to allow the GC thread or JIT threads to pass this assertion. ASSERT(vm.heap.mutatorState() != MutatorState::Sweeping || !vm.currentThreadIsHoldingAPILock()); return structure(vm)->classInfo(); }
Chris Dumez
Comment 29
2018-04-26 22:16:32 PDT
(In reply to Chris Dumez from
comment #28
)
> (In reply to Chris Dumez from
comment #27
) > > (In reply to Chris Dumez from
comment #26
) > > > Comment on
attachment 338902
[details]
> > > Patch > > > > > > View in context: > > >
https://bugs.webkit.org/attachment.cgi?id=338902&action=review
> > > > > > >> Source/WebCore/bindings/js/WindowProxy.cpp:-61 > > > >> - it->value->window()->setConsoleClient(nullptr); > > > > > > > > What prompted this change? > > > > > > JSWindowProxy::window() does a jsCast, which is not allowed during sweeping > > > :/ It is for the same reason that I had to clear all proxies in the Frame > > > destructor. I gave some more details in the change log. I will try and find > > > a better way to address. Let me know if you have an idea. > > > > FYI crash log looks like: > > Thread 0 Crashed:: Dispatch queue: com.apple.main-thread > > 0 com.apple.JavaScriptCore 0x000000066fc6c3d0 WTFCrash + 16 > > (Assertions.cpp:261) > > 1 com.apple.WebCore 0x0000000660096b5b > > JSC::JSCell::classInfo(JSC::VM&) const + 107 (JSCellInlines.h:297) > > 2 com.apple.WebCore 0x0000000660096ac1 > > JSC::JSCell::inherits(JSC::VM&, JSC::ClassInfo const*) const + 33 > > (JSCellInlines.h:265) > > 3 com.apple.WebCore 0x0000000660370494 > > WebCore::JSDOMGlobalObject* JSC::jsCast<WebCore::JSDOMGlobalObject*, > > JSC::JSObject>(JSC::JSObject*) + 68 (JSCast.h:36) > > 4 com.apple.WebCore 0x000000066036f14d > > WebCore::JSWindowProxy::window() const + 29 (JSWindowProxy.h:53) > > 5 com.apple.WebCore 0x00000006619b0e57 > > WebCore::ScriptController::enableEval() + 71 (ScriptController.cpp:346) > > 6 com.apple.WebCore 0x000000066260c65d > > WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 749 > > (FrameLoader.cpp:658) > > 7 com.apple.WebCore 0x000000066261bfac > > WebCore::FrameLoader::cancelAndClear() + 108 (FrameLoader.cpp:597) > > 8 com.apple.WebCore 0x00000006627d4c49 > > WebCore::Frame::~Frame() + 89 (Frame.cpp:217) > > 9 com.apple.WebCore 0x00000006627d52a5 > > WebCore::Frame::~Frame() + 21 (Frame.cpp:232) > > 10 com.apple.WebCore 0x00000006627d52c9 > > WebCore::Frame::~Frame() + 25 (Frame.cpp:214) > > 11 com.apple.WebCore 0x000000066042dbbf > > WTF::ThreadSafeRefCounted<WebCore::AbstractFrame, > > (WTF::DestructionThread)0>::deref() const + 79 (ThreadSafeRefCounted.h:77) > > 12 com.apple.WebCore 0x00000006619d611c > > WebCore::WindowProxy::deref() + 28 (WindowProxy.cpp:192) > > 13 com.apple.WebCore 0x00000006604e6e9e void > > WTF::derefIfNotNull<WebCore::WindowProxy>(WebCore::WindowProxy*) + 46 > > (RefPtr.h:46) > > 14 com.apple.WebCore 0x00000006604e6e69 > > WTF::RefPtr<WebCore::WindowProxy, WTF::DumbPtrTraits<WebCore::WindowProxy> > > >::~RefPtr() + 41 (RefPtr.h:70) > > 15 com.apple.WebCore 0x00000006604e6e35 > > WTF::RefPtr<WebCore::WindowProxy, WTF::DumbPtrTraits<WebCore::WindowProxy> > > >::~RefPtr() + 21 (RefPtr.h:70) > > 16 com.apple.WebCore 0x0000000661ffe881 > > WebCore::UIEvent::~UIEvent() + 49 (UIEvent.cpp:56) > > 17 com.apple.WebCore 0x0000000661f0dce5 > > WebCore::UIEventWithKeyState::~UIEventWithKeyState() + 21 > > (UIEventWithKeyState.h:31) > > 18 com.apple.WebCore 0x0000000661f35145 > > WebCore::MouseRelatedEvent::~MouseRelatedEvent() + 21 > > (MouseRelatedEvent.h:39) > > 19 com.apple.WebCore 0x0000000661f35121 > > WebCore::MouseEvent::~MouseEvent() + 81 (MouseEvent.cpp:128) > > 20 com.apple.WebCore 0x0000000661f35165 > > WebCore::MouseEvent::~MouseEvent() + 21 (MouseEvent.cpp:128) > > 21 com.apple.WebCore 0x0000000661f35189 > > WebCore::MouseEvent::~MouseEvent() + 25 (MouseEvent.cpp:128) > > 22 com.apple.WebCore 0x000000066011733f > > WTF::RefCounted<WebCore::Event>::deref() const + 79 (RefCounted.h:145) > > 23 com.apple.WebCore 0x00000006601fc153 > > WTF::Ref<WebCore::Event, WTF::DumbPtrTraits<WebCore::Event> >::~Ref() + 51 > > (Ref.h:62) > > 24 com.apple.WebCore 0x00000006601f0e05 > > WTF::Ref<WebCore::Event, WTF::DumbPtrTraits<WebCore::Event> >::~Ref() + 21 > > (Ref.h:62) > > 25 com.apple.WebCore 0x000000066079ccf9 > > WebCore::JSDOMWrapper<WebCore::Event>::~JSDOMWrapper() + 25 > > (JSDOMWrapper.h:72) > > 26 com.apple.WebCore 0x000000066079ccd5 > > WebCore::JSEvent::~JSEvent() + 21 (JSEvent.h:30) > > 27 com.apple.WebCore 0x00000006607984e5 > > WebCore::JSEvent::~JSEvent() + 21 (JSEvent.h:30) > > 28 com.apple.WebCore 0x00000006607962dd > > WebCore::JSEvent::destroy(JSC::JSCell*) + 29 (JSEvent.cpp:253) > > 29 com.apple.JavaScriptCore 0x0000000670eca2fa > > JSC::JSDestructibleObjectDestroyFunc::operator()(JSC::VM&, JSC::JSCell*) > > const + 42 (JSDestructibleObjectHeapCellType.cpp:38) > > 30 com.apple.JavaScriptCore 0x0000000670ed16d5 void > > JSC::MarkedBlock::Handle::specializedSweep<false, > > (JSC::MarkedBlock::Handle::EmptyMode)0, > > (JSC::MarkedBlock::Handle::SweepMode)0, > > (JSC::MarkedBlock::Handle::SweepDestructionMode)0, > > (JSC::MarkedBlock::Handle::ScribbleMode)0, > > (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, > > (JSC::MarkedBlock::Handle::MarksMode)0, > > JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, > > JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, > > JSC::MarkedBlock::Handle::SweepDestructionMode, > > JSC::MarkedBlock::Handle::ScribbleMode, > > JSC::MarkedBlock::Handle::NewlyAllocatedMode, > > JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc > > const&)::'lambda'(void*)::operator()(void*) const + 69 > > (MarkedBlockInlines.h:256) > > 31 com.apple.JavaScriptCore 0x0000000670ed1744 void > > JSC::MarkedBlock::Handle::specializedSweep<false, > > (JSC::MarkedBlock::Handle::EmptyMode)0, > > (JSC::MarkedBlock::Handle::SweepMode)0, > > (JSC::MarkedBlock::Handle::SweepDestructionMode)0, > > (JSC::MarkedBlock::Handle::ScribbleMode)0, > > (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, > > (JSC::MarkedBlock::Handle::MarksMode)0, > > JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, > > JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, > > JSC::MarkedBlock::Handle::SweepDestructionMode, > > JSC::MarkedBlock::Handle::ScribbleMode, > > JSC::MarkedBlock::Handle::NewlyAllocatedMode, > > JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc > > const&)::'lambda'(unsigned long)::operator()(unsigned long) const + 84 > > (MarkedBlockInlines.h:316) > > 32 com.apple.JavaScriptCore 0x0000000670ecc4d6 void > > JSC::MarkedBlock::Handle::specializedSweep<false, > > (JSC::MarkedBlock::Handle::EmptyMode)0, > > (JSC::MarkedBlock::Handle::SweepMode)0, > > (JSC::MarkedBlock::Handle::SweepDestructionMode)0, > > (JSC::MarkedBlock::Handle::ScribbleMode)0, > > (JSC::MarkedBlock::Handle::NewlyAllocatedMode)0, > > (JSC::MarkedBlock::Handle::MarksMode)0, > > JSC::JSDestructibleObjectDestroyFunc>(JSC::FreeList*, > > JSC::MarkedBlock::Handle::EmptyMode, JSC::MarkedBlock::Handle::SweepMode, > > JSC::MarkedBlock::Handle::SweepDestructionMode, > > JSC::MarkedBlock::Handle::ScribbleMode, > > JSC::MarkedBlock::Handle::NewlyAllocatedMode, > > JSC::MarkedBlock::Handle::MarksMode, JSC::JSDestructibleObjectDestroyFunc > > const&) + 1366 (MarkedBlockInlines.h:337) > > 33 com.apple.JavaScriptCore 0x0000000670eca290 void > > JSC::MarkedBlock::Handle::finishSweepKnowingHeapCellType<JSC:: > > JSDestructibleObjectDestroyFunc>(JSC::FreeList*, > > JSC::JSDestructibleObjectDestroyFunc const&) + 304 (MarkedBlockInlines.h:432) > > 34 com.apple.JavaScriptCore 0x0000000670eca158 > > JSC::JSDestructibleObjectHeapCellType::finishSweep(JSC::MarkedBlock::Handle&, > > JSC::FreeList*) + 40 (JSDestructibleObjectHeapCellType.cpp:53) > > 35 com.apple.JavaScriptCore 0x0000000670a6c906 > > JSC::Subspace::finishSweep(JSC::MarkedBlock::Handle&, JSC::FreeList*) + 70 > > (Subspace.cpp:66) > > 36 com.apple.JavaScriptCore 0x0000000670a51417 > > JSC::MarkedBlock::Handle::sweep(JSC::FreeList*) + 615 (MarkedBlock.cpp:432) > > 37 com.apple.JavaScriptCore 0x0000000670a46134 > > JSC::LocalAllocator::tryAllocateIn(JSC::MarkedBlock::Handle*) + 164 > > (LocalAllocator.cpp:260) > > 38 com.apple.JavaScriptCore 0x0000000670a45ec0 > > JSC::LocalAllocator::tryAllocateWithoutCollecting() + 224 > > (LocalAllocator.cpp:221) > > 39 com.apple.JavaScriptCore 0x0000000670a45b33 > > JSC::LocalAllocator::allocateSlowCase(JSC::GCDeferralContext*, > > JSC::AllocationFailureMode) + 371 (LocalAllocator.cpp:168) > > 40 com.apple.JavaScriptCore 0x00000006709ec7b1 > > JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, > > JSC::AllocationFailureMode)::'lambda'()::operator()() const + 81 > > (LocalAllocatorInlines.h:37) > > 41 com.apple.JavaScriptCore 0x00000006709ec729 JSC::HeapCell* > > JSC::FreeList::allocate<JSC::LocalAllocator::allocate(JSC:: > > GCDeferralContext*, > > JSC::AllocationFailureMode)::'lambda'()>(JSC::LocalAllocator::allocate(JSC:: > > GCDeferralContext*, JSC::AllocationFailureMode)::'lambda'() const&) + 169 > > (FreeListInlines.h:46) > > 42 com.apple.JavaScriptCore 0x00000006709ec5ce > > JSC::LocalAllocator::allocate(JSC::GCDeferralContext*, > > JSC::AllocationFailureMode) + 62 (LocalAllocatorInlines.h:34) > > 43 com.apple.JavaScriptCore 0x00000006709ecd21 void* > > JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC:: > > VM&, unsigned long, JSC::GCDeferralContext*, > > JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, > > JSC::AllocationFailureMode, > > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) > > const::'lambda'(JSC::LocalAllocator&)::operator()(JSC::LocalAllocator&) > > const + 49 (AllocatorInlines.h:45) > > 44 com.apple.JavaScriptCore 0x00000006709ecccf void > > JSC::ThreadLocalCache::tryGetAllocator<void* > > JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC:: > > VM&, unsigned long, JSC::GCDeferralContext*, > > JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, > > JSC::AllocationFailureMode, > > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) > > const::'lambda'(JSC::LocalAllocator&), void* > > JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC:: > > VM&, unsigned long, JSC::GCDeferralContext*, > > JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, > > JSC::AllocationFailureMode, > > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) > > const::'lambda'()>(JSC::VM&, unsigned long, > > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&, void* > > JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC:: > > VM&, unsigned long, JSC::GCDeferralContext*, > > JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, > > JSC::AllocationFailureMode, > > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) > > const::'lambda'() const&) + 111 (ThreadLocalCacheInlines.h:74) > > 45 com.apple.JavaScriptCore 0x00000006709ea53f void* > > JSC::Allocator::tryAllocate<JSC::CompleteSubspace::allocateNonVirtual(JSC:: > > VM&, unsigned long, JSC::GCDeferralContext*, > > JSC::AllocationFailureMode)::$_0>(JSC::VM&, JSC::GCDeferralContext*, > > JSC::AllocationFailureMode, > > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > > JSC::GCDeferralContext*, JSC::AllocationFailureMode)::$_0 const&) const + 95 > > (AllocatorInlines.h:50) > > 46 com.apple.JavaScriptCore 0x00000006709ea4d0 > > JSC::CompleteSubspace::allocateNonVirtual(JSC::VM&, unsigned long, > > JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 128 > > (CompleteSubspace.cpp:64) > > 47 com.apple.JavaScriptCore 0x0000000670f02ac4 void* > > JSC::tryAllocateCellHelper<JSC::JSProxy>(JSC::Heap&, unsigned long, > > JSC::GCDeferralContext*, JSC::AllocationFailureMode) + 196 > > (JSCellInlines.h:151) > > 48 com.apple.JavaScriptCore 0x0000000670f02963 void* > > JSC::allocateCell<JSC::JSProxy>(JSC::Heap&, unsigned long) + 35 > > (JSCellInlines.h:165) > > 49 com.apple.JavaScriptCore 0x0000000670ef848e > > JSC::JSProxy::create(JSC::VM&, JSC::Structure*, JSC::JSObject*) + 46 > > (JSProxy.h:39) > > 50 com.apple.JavaScriptCore 0x0000000670ef757f > > JSC::JSGlobalObject::resetPrototype(JSC::VM&, JSC::JSValue) + 239 > > (JSGlobalObject.cpp:1313) > > 51 com.apple.JavaScriptCore 0x0000000670eecbbc > > JSC::JSGlobalObject::init(JSC::VM&) + 77036 (JSGlobalObject.cpp:1084) > > 52 com.apple.JavaScriptCore 0x0000000670ef9bac > > JSC::JSGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 124 > > (JSGlobalObject.cpp:1624) > > 53 com.apple.WebCore 0x000000066194c09a > > WebCore::JSDOMGlobalObject::finishCreation(JSC::VM&, JSC::JSObject*) + 58 > > (JSDOMGlobalObject.cpp:190) > > 54 com.apple.WebCore 0x0000000661960438 > > WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSWindowProxy*) > > + 72 (JSDOMWindowBase.cpp:92) > > 55 com.apple.WebCore 0x00000006605c5096 > > WebCore::JSDOMWindow::finishCreation(JSC::VM&, WebCore::JSWindowProxy*) + 70 > > (JSDOMWindow.cpp:6129) > > 56 com.apple.WebCore 0x00000006619a7574 > > WebCore::JSDOMWindow::create(JSC::VM&, JSC::Structure*, > > WTF::Ref<WebCore::DOMWindow, WTF::DumbPtrTraits<WebCore::DOMWindow> >&&, > > WebCore::JSWindowProxy*) + 148 (JSDOMWindow.h:40) > > 57 com.apple.WebCore 0x00000006619a6b43 > > WebCore::JSWindowProxy::setWindow(WebCore::AbstractDOMWindow&) + 675 > > (JSWindowProxy.cpp:107) > > 58 com.apple.WebCore 0x00000006619d5b60 > > WebCore::WindowProxy::setDOMWindow(WebCore::AbstractDOMWindow*) + 272 > > (WindowProxy.cpp:153) > > 59 com.apple.WebCore 0x000000066260c62b > > WebCore::FrameLoader::clear(WebCore::Document*, bool, bool, bool) + 699 > > (FrameLoader.cpp:653) > > 60 com.apple.WebCore 0x000000066260bad0 > > WebCore::DocumentWriter::begin(WebCore::URL const&, bool, > > WebCore::Document*) + 592 (DocumentWriter.cpp:162) > > 61 com.apple.WebCore 0x00000006625cf3ae > > WebCore::DocumentLoader::commitData(char const*, unsigned long) + 142 > > (DocumentLoader.cpp:994) > > 62 com.apple.WebKit 0x000000010143428f > > WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char > > const*, int) + 79 (WebFrameLoaderClient.cpp:1021) > > 63 com.apple.WebCore 0x00000006625d4bdd > > WebCore::DocumentLoader::commitLoad(char const*, int) + 205 > > (DocumentLoader.cpp:965) > > 64 com.apple.WebCore 0x00000006625d4aff > > WebCore::DocumentLoader::dataReceived(char const*, int) + 511 > > (DocumentLoader.cpp:1105) > > 65 com.apple.WebCore 0x00000006625d52b4 > > WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, > > int) + 116 (DocumentLoader.cpp:1078) > > 66 com.apple.WebCore 0x00000006625d52fa non-virtual thunk to > > WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, > > int) + 58 > > 67 com.apple.WebCore 0x00000006626fc558 > > WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, > > unsigned int) + 152 (CachedRawResource.cpp:132) > > 68 com.apple.WebCore 0x00000006626fc348 > > WebCore::CachedRawResource::updateBuffer(WebCore::SharedBuffer&) + 344 > > (CachedRawResource.cpp:71) > > 69 com.apple.WebCore 0x00000006626975aa > > WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, > > WTF::RefPtr<WebCore::SharedBuffer, WTF::DumbPtrTraits<WebCore::SharedBuffer> > > >&&, long long, WebCore::DataPayloadType) + 538 (SubresourceLoader.cpp:450) > > 70 com.apple.WebCore 0x0000000662697372 > > WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long > > long, WebCore::DataPayloadType) + 98 (SubresourceLoader.cpp:418) > > 71 com.apple.WebKit 0x00000001018b7534 > > WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long > > long) + 564 (WebResourceLoader.cpp:143) > > 72 com.apple.WebKit 0x00000001018bba00 void > > IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void > > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), > > std::__1::tuple<IPC::DataReference, long long>, 0ul, > > 1ul>(WebKit::WebResourceLoader*, void > > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), > > std::__1::tuple<IPC::DataReference, long long>&&, > > std::__1::integer_sequence<unsigned long, 0ul, 1ul>) + 192 > > (HandleMessage.h:41) > > 73 com.apple.WebKit 0x00000001018bb930 void > > IPC::callMemberFunction<WebKit::WebResourceLoader, void > > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), > > std::__1::tuple<IPC::DataReference, long long>, > > std::__1::integer_sequence<unsigned long, 0ul, 1ul> > > >(std::__1::tuple<IPC::DataReference, long long>&&, > > WebKit::WebResourceLoader*, void > > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) + 96 > > (HandleMessage.h:47) > > 74 com.apple.WebKit 0x00000001018bacc1 void > > IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, > > WebKit::WebResourceLoader, void > > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long > > long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void > > (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) + 289 > > (HandleMessage.h:127) > > 75 com.apple.WebKit 0x00000001018ba3f6 > > WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC:: > > Connection&, IPC::Decoder&) + 502 (WebResourceLoaderMessageReceiver.cpp:62) > > 76 com.apple.WebKit 0x0000000100e7e429 > > WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, > > IPC::Decoder&) + 169 (NetworkProcessConnection.cpp:71) > > 77 com.apple.WebKit 0x0000000100bdced3 > > IPC::Connection::dispatchMessage(IPC::Decoder&) + 51 (Connection.cpp:907) > > 78 com.apple.WebKit 0x0000000100bd2488 > > IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, > > std::__1::default_delete<IPC::Decoder> >) + 712 > > 79 com.apple.WebKit 0x0000000100bdd4da > > IPC::Connection::dispatchOneMessage() + 1530 (Connection.cpp:964) > > 80 com.apple.WebKit 0x0000000100bf579d > > IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, > > std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() + 29 > > (Connection.cpp:901) > > 81 com.apple.WebKit 0x0000000100bf56f9 WTF::Function<void > > ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1:: > > unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> > > >)::$_14>::call() + 25 (Function.h:101) > > 82 com.apple.JavaScriptCore 0x000000066fc90c1b WTF::Function<void > > ()>::operator()() const + 139 (Function.h:56) > > 83 com.apple.JavaScriptCore 0x000000066fce28e3 > > WTF::RunLoop::performWork() + 211 (RunLoop.cpp:107) > > 84 com.apple.JavaScriptCore 0x000000066fce31e4 > > WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) > > 85 com.apple.CoreFoundation 0x00007fff4c987a61 > > __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 > > 86 com.apple.CoreFoundation 0x00007fff4ca4147c __CFRunLoopDoSource0 + > > 108 > > 87 com.apple.CoreFoundation 0x00007fff4c96a4c0 __CFRunLoopDoSources0 > > + 208 > > 88 com.apple.CoreFoundation 0x00007fff4c96993d __CFRunLoopRun + 1293 > > 89 com.apple.CoreFoundation 0x00007fff4c9691a3 CFRunLoopRunSpecific + > > 483 > > 90 com.apple.HIToolbox 0x00007fff4bc51d96 > > RunCurrentEventLoopInMode + 286 > > 91 com.apple.HIToolbox 0x00007fff4bc51b06 ReceiveNextEventCommon > > + 613 > > 92 com.apple.HIToolbox 0x00007fff4bc51884 > > _BlockUntilNextEventMatchingListInModeWithFilter + 64 > > 93 com.apple.AppKit 0x00007fff49f04b53 _DPSNextEvent + 2085 > > 94 com.apple.AppKit 0x00007fff4a69aeb0 > > -[NSApplication(NSEvent) > > _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044 > > 95 com.apple.AppKit 0x00007fff49ef9965 -[NSApplication run] + > > 764 > > 96 com.apple.AppKit 0x00007fff49ec8b3e NSApplicationMain + 804 > > 97 libxpc.dylib 0x00007fff75144f57 _xpc_objc_main + 580 > > 98 libxpc.dylib 0x00007fff75143baa xpc_main + 417 > > 99 com.apple.WebKit.WebContent 0x0000000100a7813b main + 1195 > > (XPCServiceMain.mm:160) > > 100 libdyld.dylib 0x00007fff74dea015 start + 1 > > classInfo looks like: > ALWAYS_INLINE const ClassInfo* JSCell::classInfo(VM& vm) const > { > // What we really want to assert here is that we're not currently > destructing this object (which makes its classInfo > // invalid). If mutatorState() == MutatorState::Running, then we're not > currently sweeping, and therefore cannot be > // destructing the object. The GC thread or JIT threads, unlike the > mutator thread, are able to access classInfo > // independent of whether the mutator thread is sweeping or not. Hence, > we also check for !currentThreadIsHoldingAPILock() > // to allow the GC thread or JIT threads to pass this assertion. > ASSERT(vm.heap.mutatorState() != MutatorState::Sweeping || > !vm.currentThreadIsHoldingAPILock()); > return structure(vm)->classInfo(); > }
+ Mark & Keith in case they have an idea how to fix this.
Chris Dumez
Comment 30
2018-04-26 22:38:51 PDT
Created
attachment 338973
[details]
Patch
Chris Dumez
Comment 31
2018-04-26 22:40:03 PDT
Created
attachment 338974
[details]
Patch
EWS Watchlist
Comment 32
2018-04-26 22:41:34 PDT
Attachment 338974
[details]
did not pass style-queue: WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMWheelEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindowPrivate.h" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLFrameElement.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDocumentGtk.cpp" ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMKeyboardEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMMouseEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMUIEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindow.cpp" ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLIFrameElement.cpp" ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] Total errors found: 9 in 88 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 33
2018-04-26 22:57:00 PDT
Created
attachment 338976
[details]
Patch
EWS Watchlist
Comment 34
2018-04-26 22:59:45 PDT
Attachment 338976
[details]
did not pass style-queue: WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMWheelEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindowPrivate.h" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLFrameElement.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDocumentGtk.cpp" ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMKeyboardEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMMouseEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMUIEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindow.cpp" ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLIFrameElement.cpp" ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] Total errors found: 9 in 88 files If any of these errors are false positives, please file a bug against check-webkit-style.
Chris Dumez
Comment 35
2018-04-27 08:46:42 PDT
Created
attachment 338993
[details]
Patch
EWS Watchlist
Comment 36
2018-04-27 08:49:52 PDT
Attachment 338993
[details]
did not pass style-queue: WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMWheelEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindowPrivate.h" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLFrameElement.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDocumentGtk.cpp" ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseEvent.cpp:88: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMKeyboardEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMMouseEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMUIEvent.cpp" WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMDOMWindow.cpp" ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Wrong number of spaces before statement. (expected: 12) [whitespace/indent] [4] ERROR: Source/WebCore/dom/TouchEvent.cpp:43: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] ERROR: Source/WebCore/dom/TouchEvent.h:49: When wrapping a line, only indent 4 spaces. [whitespace/indent] [3] WARNING: File exempt from style guide. Skipping: "Source/WebKit/WebProcess/InjectedBundle/API/gtk/DOM/WebKitDOMHTMLIFrameElement.cpp" ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Code inside a namespace should not be indented. [whitespace/indent] [4] ERROR: Source/WebCore/dom/MouseRelatedEvent.cpp:41: Wrong number of spaces before statement. (expected: 41) [whitespace/indent] [4] Total errors found: 9 in 88 files If any of these errors are false positives, please file a bug against check-webkit-style.
Mark Lam
Comment 37
2018-04-27 09:57:52 PDT
Comment on
attachment 338993
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=338993&action=review
> Source/WebCore/ChangeLog:23 > + Use static_cast<>() instead of jsCast<>() because jsCast<>() > + relies on classInfo() which is not allowed to be called during > + JS sweep due to an assertion inside classInfo(). The JSWindowProxy > + objects are held strongly by the WindowProxy so we know the JSWindowProxy > + object is not getting destroyed here.
There are 2 issues discussed here: 1. The jsCast is unnecessary. The only reason we would use a jsCast is so that we can assert that the target object is indeed of the type we expect i.e. JSDOMGlobalObject in this case. But here in JSWindowProxy, we already know that the target is always a JSDOMGlobalObject. This is why it's safe to replace it with a static_cast. 2. The liveness of the target JSDOMGlobalObject is tied to the JSWindowProxy. The client invoking this window() method on the JSWindowProxy implies that the JSWindowProxy is alive. By inference, this also means that the target JSDOMGlobalObject is also alive and safe to access. While this detail is important, it is orthogonal to the use of jsCast here, and does not prohibit its replacement with a static_cast. In short, it is correct to replace this jsCast with a static_cast.
Chris Dumez
Comment 38
2018-04-27 15:11:07 PDT
Comment on
attachment 338993
[details]
Patch Clearing flags on attachment: 338993 Committed
r231114
: <
https://trac.webkit.org/changeset/231114
>
Chris Dumez
Comment 39
2018-04-27 15:11:10 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 40
2018-04-27 15:12:21 PDT
<
rdar://problem/39806231
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug