RESOLVED FIXED 198766
Add assertions to help debug crash at WebKit::HistoryEntryDataEncoder::operator<< 
https://bugs.webkit.org/show_bug.cgi?id=198766
Summary Add assertions to help debug crash at WebKit::HistoryEntryDataEncoder::operat...
Sihui Liu
Reported 2019-06-11 13:44:18 PDT
...
Attachments
Patch (3.11 KB, patch)
2019-06-11 13:46 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Patch (3.11 KB, patch)
2019-06-11 14:25 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Patch (3.10 KB, patch)
2019-06-12 09:18 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Patch for landing (3.18 KB, patch)
2019-06-12 14:54 PDT, Sihui Liu 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Sihui Liu
Comment 1 2019-06-11 13:46:03 PDT
Created attachment 371874 [details] Patch
Sihui Liu
Comment 2 2019-06-11 14:25:44 PDT
Created attachment 371879 [details] Patch
Sihui Liu
Comment 3 2019-06-12 09:18:55 PDT
Created attachment 371968 [details] Patch
Geoffrey Garen
Comment 4 2019-06-12 11:15:58 PDT
Comment on attachment 371968 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=371968&action=review r=me > Source/WebKit/Shared/SessionState.h:116 > + bool isDestructed { false }; > + ~FrameState() { isDestructed = true; } This probably deserves a comment that it's only here to help debug an undiagnosed bug, with a Bugzilla or Radar link.
Sihui Liu
Comment 5 2019-06-12 14:54:17 PDT
Created attachment 371990 [details] Patch for landing
WebKit Commit Bot
Comment 6 2019-06-12 15:36:37 PDT
Comment on attachment 371990 [details] Patch for landing Clearing flags on attachment: 371990 Committed r246382: <https://trac.webkit.org/changeset/246382>
WebKit Commit Bot
Comment 7 2019-06-12 15:36:38 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 8 2019-06-12 15:39:17 PDT
<rdar://problem/51686085>
Darin Adler
Comment 9 2019-06-13 09:22:34 PDT
Comment on attachment 371990 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=371990&action=review > Source/WebKit/UIProcess/API/C/WKPage.cpp:485 > + auto data = encodeLegacySessionState(sessionState); > if (shouldReturnData) > - return toAPI(encodeLegacySessionState(sessionState).leakRef()); > + return toAPI(data.leakRef()); This isn’t adding an assertion. This is refactoring that causes us to do additional work when shouldReturnData is false. Nothing in the change log makes it clear why this is a desirable change.
Sihui Liu
Comment 10 2019-06-13 11:14:41 PDT
Comment on attachment 371990 [details] Patch for landing View in context: https://bugs.webkit.org/attachment.cgi?id=371990&action=review >> Source/WebKit/UIProcess/API/C/WKPage.cpp:485 >> + return toAPI(data.leakRef()); > > This isn’t adding an assertion. This is refactoring that causes us to do additional work when shouldReturnData is false. Nothing in the change log makes it clear why this is a desirable change. Right, add some explaining here for reference. Previously the crash traces tell us: WKPageCopySessionState returns WKSessionStateRef => Some pointer casts by user => WKSessionStateCopyData(WKSessionStateRef) -> encodeLegacySessionState(sessionState) [Crash] Now: WKPageCopySessionState [try encodeLegacySessionState(sessionState)] returns WKSessionStateRef => pointer casts => WKSessionStateCopyData(WKSessionStateRef) -> encodeLegacySessionState(sessionState) If we start to see crashes in WKPageCopySessionState after this change, we can confirm sessionState is bad before the casts.
Note You need to log in before you can comment on or make changes to this bug.