RESOLVED FIXED 187821
[ITP] Crash under ResourceLoadStatisticsMemoryStore::removeDataRecords()
https://bugs.webkit.org/show_bug.cgi?id=187821
Summary [ITP] Crash under ResourceLoadStatisticsMemoryStore::removeDataRecords()
Chris Dumez
Reported 2018-07-19 14:47:20 PDT
Crash under ResourceLoadStatisticsMemoryStore::removeDataRecords(): Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed ↩: 0 libdispatch.dylib 0x00000001a451dc3c dispatch_async$VARIANT$armv81 + 208 (inline_internal.h:2596) 1 libdispatch.dylib 0x00000001a451dba4 dispatch_async$VARIANT$armv81 + 56 (inline_internal.h:2567) 2 JavaScriptCore 0x00000001ac7c74d4 WTF::WorkQueue::dispatch(WTF::Function<void ()>&&) + 140 (WorkQueueCocoa.cpp:35) 3 WebKit 0x00000001b4e8f620 WTF::Function<void (WTF::HashSet<WTF::String, WTF::StringHash, WTF::HashTraits<WTF::String> > const&)>::CallableWrapper<WebKit::ResourceLoadStatisticsMemoryStore::removeDataRecords(WTF::CompletionHandler<void ()>&&)::$_1::operator()()::'lambda'(WTF::HashSet<WTF::String, WTF::StringHash, WTF::HashTraits<WTF::String> > const&)>::call(WTF::HashSet<WTF::String, WTF::StringHash, WTF::HashTraits<WTF::String> > const&) + 172 (ResourceLoadStatisticsMemoryStore.cpp:249) 4 WebKit 0x00000001b50498e8 WTF::Function<void (WTF::HashSet<WTF::String, WTF::StringHash, WTF::HashTraits<WTF::String> >)>::operator()(WTF::HashSet<WTF::String, WTF::StringHash, WTF::HashTraits<WTF::String> >) const + 64 (Function.h:56) 5 WebKit 0x00000001b50497a8 WTF::Function<void (WTF::HashSet<WTF::String, WTF::StringHash, WTF::HashTraits<WTF::String> >&&)>::CallableWrapper<WebKit::WebProcessProxy::deleteWebsiteDataForTopPrivatelyControlledDomainsInAllPersistentDataStores(WTF::OptionSet<WebKit::WebsiteDataType>, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul>&&, bool, WTF::Function<void (WTF::HashSet<WTF::String, WTF::StringHash, WTF::HashTraits<WTF::String> > const&)>&&)::$_1>::call(WTF::HashSet<WTF::String, WTF::StringHash, WTF::HashTraits<WTF::String> >&&) + 224 (WebProcessProxy.cpp:277) 6 JavaScriptCore 0x00000001ac7aea98 WTF::RunLoop::performWork() + 276 (Function.h:56) 7 JavaScriptCore 0x00000001ac7aed60 WTF::RunLoop::performWork(void*) + 36 (RunLoopCF.cpp:38) 8 CoreFoundation 0x00000001a4a9c3cc __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 24 (CFRunLoop.c:1980) 9 CoreFoundation 0x00000001a4a9c34c __CFRunLoopDoSource0 + 88 (CFRunLoop.c:2015) 10 CoreFoundation 0x00000001a4a9bc2c __CFRunLoopDoSources0 + 176 (CFRunLoop.c:2051) 11 CoreFoundation 0x00000001a4a96ad0 __CFRunLoopRun + 1044 (CFRunLoop.c:2922) 12 CoreFoundation 0x00000001a4a96398 CFRunLoopRunSpecific + 436 (CFRunLoop.c:3247) 13 GraphicsServices 0x00000001a6d05570 GSEventRunModal + 100 (GSEvent.c:2245) 14 UIKitCore 0x00000001d2560f5c UIApplicationMain + 212 (UIApplication.m:4314) 15 SafariViewService 0x00000001007068bc main + 244 (main.m:60) 16 libdyld.dylib 0x00000001a4556ddc start + 4
Attachments
Patch (5.11 KB, patch)
2018-07-19 14:53 PDT, Chris Dumez
no flags
Chris Dumez
Comment 1 2018-07-19 14:47:33 PDT
Chris Dumez
Comment 2 2018-07-19 14:53:13 PDT
John Wilander
Comment 3 2018-07-19 16:20:13 PDT
Looks good to me. I assume we weren't able to add a test case that caused the crash?
Chris Dumez
Comment 4 2018-07-19 16:42:02 PDT
(In reply to John Wilander from comment #3) > Looks good to me. I assume we weren't able to add a test case that caused > the crash? I assume this code path is exercised on the bots. However, this is racy and to experience the crash, the store would need to get destroyed on the background thread *while* the WebPageProxy operation is going on on the main thread.
David Kilzer (:ddkilzer)
Comment 5 2018-07-19 20:19:02 PDT
Comment on attachment 345384 [details] Patch r=me
WebKit Commit Bot
Comment 6 2018-07-19 20:45:05 PDT
Comment on attachment 345384 [details] Patch Clearing flags on attachment: 345384 Committed r234020: <https://trac.webkit.org/changeset/234020>
WebKit Commit Bot
Comment 7 2018-07-19 20:45:07 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.