RESOLVED FIXED 186468
Reload the Web view in case of crash if the client does not implement webViewWebContentProcessDidTerminate delegate 
https://bugs.webkit.org/show_bug.cgi?id=186468
Summary Reload the Web view in case of crash if the client does not implement webView...
Chris Dumez
Reported 2018-06-09 17:21:29 PDT
We should attempt to reload the Web view if the client does not implement webViewWebContentProcessDidTerminate delegate. Otherwise, clients not implementing the delegate get a blank view in case of a crash / jetsam.
Attachments
Patch (19.32 KB, patch)
2018-06-09 17:40 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (19.74 KB, patch)
2018-06-10 14:26 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2018-06-09 17:40:27 PDT
Created attachment 342376 [details] Patch
EWS Watchlist
Comment 2 2018-06-09 17:41:23 PDT
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Michael Catanzaro
Comment 3 2018-06-10 09:26:19 PDT
Comment on attachment 342376 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=342376&action=review > Source/WebKit/UIProcess/WebPageProxy.cpp:5883 > + if (!handledByClient && isCrashOrTerminationDueToProcessLimits(reason)) > + attemptAutomaticRecoveryAfterCrash(); Hmm, you meant "is crash OR is termination due to process limits" but I read it as "is the reason for crash or termination due to process limits," which is confusing. I was going to complain that it should be !isCrashOrTerminationDueToProcessLimits(reason) because I was confused. Possible alternate names: isCrashOrIsTerminationDueToProcessLimits (clearer but unwieldy) or perhaps doesProcessTerminationReasonAllowAutomaticRecovery (maybe slightly better, also kinda unwieldy).
Geoffrey Garen
Comment 4 2018-06-10 10:33:03 PDT
Comment on attachment 342376 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=342376&action=review > Source/WebKit/UIProcess/WebPageProxy.cpp:5860 > +static bool isCrashOrTerminationDueToProcessLimits(ProcessTerminationReason reason) How about calling this shouldReloadAfterProcessTermination() and calling the action function WebPageProxy::tryReloadAfterProcessTermination(). > Source/WebKit/UIProcess/WebPageProxy.cpp:5897 > + if (!m_resetRecentCrashCountTimer.isActive()) > + m_resetRecentCrashCountTimer.startOneShot(resetRecentCrashCountDelay); I believe Safari's policy is to reload once per page (or maybe URL? or domain?). I think that policy is preferable. In addition to avoiding crash loops, we want to avoid giving malicious pages an opportunity to retry probabilistic attacks. For example, if ASLR reduces attack success to 1/10, the 20s timer increases attack success to 10/10 after three minutes.
Chris Dumez
Comment 5 2018-06-10 14:26:33 PDT
Created attachment 342390 [details] Patch
Chris Dumez
Comment 6 2018-06-10 14:26:59 PDT
Now mimicking Safari behavior.
Geoffrey Garen
Comment 7 2018-06-10 14:33:22 PDT
> In addition to avoiding crash > loops, we want to avoid giving malicious pages an opportunity to retry > probabilistic attacks. I was confused about the timer policy. I thought your patch *reloaded* after the timer fired. But that's not true.
Geoffrey Garen
Comment 8 2018-06-10 14:39:56 PDT
Comment on attachment 342390 [details] Patch r=me
WebKit Commit Bot
Comment 9 2018-06-10 15:39:28 PDT
Comment on attachment 342390 [details] Patch Clearing flags on attachment: 342390 Committed r232668: <https://trac.webkit.org/changeset/232668>
WebKit Commit Bot
Comment 10 2018-06-10 15:39:30 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 11 2018-06-10 15:40:21 PDT
<rdar://problem/40987290>
Note You need to log in before you can comment on or make changes to this bug.