[WinCairo] Crashed while destructing GLContextEGL I observed a crash after browsing some sites and closing the MiniBroser. I don't know how to reproduce this crash. I was using WinCairo WK2 release r263953, Callstack: > atidxx64.dll!00007ffabcddfa03() Unknown > atiuxp64.dll!00007ffabde0c89e() Unknown > d3d11.dll!CResource<ID3D11Buffer>::CLS::FinalRelease() Unknown > d3d11.dll!TCLSWrappers<class CBuffer>::CLSDestroy(struct CBuffer::CLS *,class CContext *) Unknown > d3d11.dll!CLayeredObjectWithCLS<class CBuffer>::~CLayeredObjectWithCLS<class CBuffer>(void) Unknown > d3d11.dll!CLayeredObjectWithCLS<class CBuffer>::Release(void) Unknown > d3d11.dll!NDXGI::CDeviceChild<struct IDXGIResource1,struct IDXGISwapChainInternal>::FinalRelease(void) Unknown > d3d11.dll!CLayeredObject<NDXGI::CResource>::Release() Unknown > d3d11.dll!CUseCountedObject<NOutermost::CDeviceChild>::`scalar deleting destructor'() Unknown > d3d11.dll!CUseCountedObject<class NOutermost::CDeviceChild>::UCDestroy(void) Unknown > d3d11.dll!CUseCountedObject<class NOutermost::CDeviceChild>::Release(void) Unknown > [Inline Frame] libGLESv2.dll!rx::TypedData<ID3D11Buffer>::~TypedData() Line 362 C++ > [Inline Frame] libGLESv2.dll!std::default_delete<rx::TypedData<ID3D11Buffer>>::operator()(rx::TypedData<ID3D11Buffer> * _Ptr) Line 1758 C++ > [Inline Frame] libGLESv2.dll!std::unique_ptr<rx::TypedData<ID3D11Buffer>,std::default_delete<rx::TypedData<ID3D11Buffer>>>::reset(rx::TypedData<ID3D11Buffer> * _Ptr) Line 1908 C++ > libGLESv2.dll!rx::Resource11Base<ID3D11Buffer,UniquePtr,rx::TypedData<ID3D11Buffer>>::~Resource11Base() Line 225 C++ > libGLESv2.dll!rx::Buffer11::NativeStorage::~NativeStorage() Line 1130 C++ > [Inline Frame] libGLESv2.dll!SafeDelete(rx::Buffer11::BufferStorage * & resource) Line 100 C++ > libGLESv2.dll!rx::Buffer11::~Buffer11() Line 360 C++ > libGLESv2.dll!rx::Buffer11::~Buffer11() Line 357 C++ > [Inline Frame] libGLESv2.dll!SafeDelete(rx::BufferImpl * & resource) Line 100 C++ > libGLESv2.dll!gl::Buffer::~Buffer() Line 51 C++ > libGLESv2.dll!gl::Buffer::~Buffer() Line 50 C++ > [Inline Frame] libGLESv2.dll!angle::RefCountObject<gl::Context,angle::Result>::release(const gl::Context * context) Line 46 C++ > [Inline Frame] libGLESv2.dll!gl::ProgramPipelineManager::DeleteObject(const gl::Context * context, gl::ProgramPipeline * pipeline) Line 409 C++ > libGLESv2.dll!gl::TypedResourceManager<gl::ProgramPipeline,gl::HandleAllocator,gl::ProgramPipelineManager,gl::ProgramPipelineID>::reset(const gl::Context * context) Line 74 C++ > libGLESv2.dll!gl::ResourceManagerBase<gl::HandleAllocator>::release(const gl::Context * context) Line 59 C++ > libGLESv2.dll!gl::Context::onDestroy(const egl::Display * display) Line 571 C++ > libGLESv2.dll!egl::Display::destroyContext(const egl::Thread * thread, gl::Context * context) Line 1219 C++ > libGLESv2.dll!EGL_DestroyContext(void * dpy, void * ctx) Line 409 C++ > WebKit2.dll!WebCore::GLContextEGL::~GLContextEGL() Line 359 C++ > WebKit2.dll!WebCore::GLContextEGL::~GLContextEGL() Line 346 C++ > [Inline Frame] WebKit2.dll!std::default_delete<WebCore::GLContext>::operator()(WebCore::GLContext * _Ptr) Line 1758 C++ > [Inline Frame] WebKit2.dll!std::unique_ptr<WebCore::GLContext,std::default_delete<WebCore::GLContext>>::~unique_ptr() Line 1873 C++ > [Inline Frame] WebKit2.dll!WebCore::PlatformDisplay::~PlatformDisplay() Line 166 C++ > WebKit2.dll!WebCore::PlatformDisplayWin::~PlatformDisplayWin() Line 42 C++ > [External Code] > WebKit2.dll!WebKit::AuxiliaryProcess::didClose(IPC::Connection &) Line 60 C++ > WebKit2.dll!IPC::Connection::connectionDidClose() Line 856 C++ > WebKit2.dll!IPC::Connection::readEventHandler() Line 155 C++ > [Inline Frame] WTF.dll!WTF::Function<void ()>::operator()() Line 84 C++ > WTF.dll!WTF::RunLoop::performWork() Line 140 C++ > [Inline Frame] WTF.dll!WTF::RunLoop::wndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 56 C++ > WTF.dll!WTF::RunLoop::RunLoopWndProc(HWND__ * hWnd, unsigned int message, unsigned __int64 wParam, __int64 lParam) Line 39 C++ > [External Code] > WTF.dll!WTF::RunLoop::run() Line 73 C++ > [Inline Frame] WTF.dll!WTF::Function<void ()>::operator()() Line 84 C++ > WTF.dll!WTF::Thread::entryPoint(WTF::Thread::NewThreadContext * newThreadContext) Line 168 C++ > WTF.dll!WTF::wtfThreadEntryPoint(void * data) Line 153 C++ > [External Code]
ANGLE D3D renderer isn't thread-safe. PlatformDisplay was destructed in IPC thread. This is not expected for WinCairo. WinCairo shouldn't destruct PlatformDisplay because it can cause crash (Bug 170331). PlatformDisplay::sharedDisplay has static variable of std::unique_ptr<PlatformDisplay>. This triggers PlatformDisplay dtor. This is not expected for WinCairo.
Created attachment 405333 [details] Patch
Comment on attachment 405333 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=405333&action=review r=me with nit about name > Source/WebCore/ChangeLog:3 > + [WinCairo] ANGLE D3D renderer rarely crashes while destructing PlatformDisplayWin in IPC thread Maybe a better bug name would be something like this? [WinCairo] ANGLE D3D renderer can crash when PlatformDisplayWin is destructed in IPC thread
Committed r265003: <https://trac.webkit.org/changeset/265003>
<rdar://problem/66234135>