WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
Bug 204460
Null check callback in NetworkConnectionToWebProcess::didDeliverMessagePortMessages
https://bugs.webkit.org/show_bug.cgi?id=204460
Summary
Null check callback in NetworkConnectionToWebProcess::didDeliverMessagePortMe...
Alex Christensen
Reported
2019-11-21 10:55:55 PST
Null check callback in NetworkConnectionToWebProcess::didDeliverMessagePortMessages
Attachments
Patch
(1.54 KB, patch)
2019-11-21 10:56 PST
,
Alex Christensen
no flags
Details
Formatted Diff
Diff
Patch
(2.08 KB, patch)
2019-11-22 12:46 PST
,
Alex Christensen
no flags
Details
Formatted Diff
Diff
Patch
(2.00 KB, patch)
2019-11-22 14:54 PST
,
Alex Christensen
cdumez
: review+
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Alex Christensen
Comment 1
2019-11-21 10:56:38 PST
Created
attachment 384072
[details]
Patch
Maciej Stachowiak
Comment 2
2019-11-21 12:17:04 PST
Comment on
attachment 384072
[details]
Patch Do we understand why the callback can be null here?
Chris Dumez
Comment 3
2019-11-21 12:18:28 PST
Comment on
attachment 384072
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=384072&action=review
> Source/WebKit/ChangeLog:5 > + <
rdar://57448618
>
This does not look like a valid radar number?
Chris Dumez
Comment 4
2019-11-21 12:21:06 PST
Comment on
attachment 384072
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=384072&action=review
> Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:992 > + if (auto callback = m_messageBatchDeliveryCompletionHandlers.take(messageBatchIdentifier))
This should not be possible in theory, I think we need to find the root cause. m_messageBatchDeliveryCompletionHandlers is only modified here and in takeAllMessagesForPort(). So either we're getting an unexpected didDeliverMessagePortMessages or the NetworkConnectionToWebProcess is stale.
Chris Dumez
Comment 5
2019-11-21 12:23:59 PST
Comment on
attachment 384072
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=384072&action=review
>> Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:992 >> + if (auto callback = m_messageBatchDeliveryCompletionHandlers.take(messageBatchIdentifier)) > > This should not be possible in theory, I think we need to find the root cause. > > m_messageBatchDeliveryCompletionHandlers is only modified here and in takeAllMessagesForPort(). So either we're getting an unexpected didDeliverMessagePortMessages or the NetworkConnectionToWebProcess is stale.
Maybe if the network process crashes in between the takeAllMessagesForPort() call and the didDeliverMessagePortMessages() one? Then it'd be a new NetworkConnectionToWebProcess. The WebProcess would send the DidDeliverMessagePortMessages IPC to the new network process, which does not know about the takeAllMessagesForPort request.
Chris Dumez
Comment 6
2019-11-21 12:24:41 PST
(In reply to Chris Dumez from
comment #5
)
> Comment on
attachment 384072
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=384072&action=review
> > >> Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:992 > >> + if (auto callback = m_messageBatchDeliveryCompletionHandlers.take(messageBatchIdentifier)) > > > > This should not be possible in theory, I think we need to find the root cause. > > > > m_messageBatchDeliveryCompletionHandlers is only modified here and in takeAllMessagesForPort(). So either we're getting an unexpected didDeliverMessagePortMessages or the NetworkConnectionToWebProcess is stale. > > Maybe if the network process crashes in between the takeAllMessagesForPort() > call and the didDeliverMessagePortMessages() one? Then it'd be a new > NetworkConnectionToWebProcess. The WebProcess would send the > DidDeliverMessagePortMessages IPC to the new network process, which does not > know about the takeAllMessagesForPort request.
If that's what's doing on, it may be possible to write a test for this.
Alex Christensen
Comment 7
2019-11-22 11:35:15 PST
Comment on
attachment 384072
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=384072&action=review
>> Source/WebKit/ChangeLog:5 >> + <
rdar://57448618
> > > This does not look like a valid radar number?
I have no idea where that came from. Should be
rdar://problem/57348618
and will update.
>>>> Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:992 >>>> + if (auto callback = m_messageBatchDeliveryCompletionHandlers.take(messageBatchIdentifier)) >>> >>> This should not be possible in theory, I think we need to find the root cause. >>> >>> m_messageBatchDeliveryCompletionHandlers is only modified here and in takeAllMessagesForPort(). So either we're getting an unexpected didDeliverMessagePortMessages or the NetworkConnectionToWebProcess is stale. >> >> Maybe if the network process crashes in between the takeAllMessagesForPort() call and the didDeliverMessagePortMessages() one? Then it'd be a new NetworkConnectionToWebProcess. The WebProcess would send the DidDeliverMessagePortMessages IPC to the new network process, which does not know about the takeAllMessagesForPort request. > > If that's what's doing on, it may be possible to write a test for this.
I think that's what's going on and that was mentioned in
https://bugs.webkit.org/show_bug.cgi?id=201299#c4
, but there doesn't seem to be a good way to call _terminateNetworkProcess exactly between these two calls.
Chris Dumez
Comment 8
2019-11-22 11:59:33 PST
Comment on
attachment 384072
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=384072&action=review
>>>>> Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:992 >>>>> + if (auto callback = m_messageBatchDeliveryCompletionHandlers.take(messageBatchIdentifier)) >>>> >>>> This should not be possible in theory, I think we need to find the root cause. >>>> >>>> m_messageBatchDeliveryCompletionHandlers is only modified here and in takeAllMessagesForPort(). So either we're getting an unexpected didDeliverMessagePortMessages or the NetworkConnectionToWebProcess is stale. >>> >>> Maybe if the network process crashes in between the takeAllMessagesForPort() call and the didDeliverMessagePortMessages() one? Then it'd be a new NetworkConnectionToWebProcess. The WebProcess would send the DidDeliverMessagePortMessages IPC to the new network process, which does not know about the takeAllMessagesForPort request. >> >> If that's what's doing on, it may be possible to write a test for this. > > I think that's what's going on and that was mentioned in
https://bugs.webkit.org/show_bug.cgi?id=201299#c4
, but there doesn't seem to be a good way to call _terminateNetworkProcess exactly between these two calls.
Then the ChangeLog should state so. Also maybe a comment in the code indicating why this can happen.
Alex Christensen
Comment 9
2019-11-22 12:46:15 PST
Created
attachment 384185
[details]
Patch
Chris Dumez
Comment 10
2019-11-22 14:53:13 PST
Comment on
attachment 384185
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=384185&action=review
> Source/WebKit/ChangeLog:10 > + a web process may have an identifier that becomes stale. In this case, we should not crsah again.
Typo: crash
> Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:1001 > + ASSERT_NOT_REACHED();
Since we know this can happen in practice and we have a valid explanation for it, I do not think we should ASSERT.
Alex Christensen
Comment 11
2019-11-22 14:54:58 PST
Created
attachment 384201
[details]
Patch
Alex Christensen
Comment 12
2019-11-22 15:14:26 PST
http://trac.webkit.org/r252809
Radar WebKit Bug Importer
Comment 13
2019-11-22 15:15:22 PST
<
rdar://problem/57442544
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug