TestWebKitAPI.URLSchemeHandler.Exceptions is a flakey crashing API on Catalina+ and iOS 14-Simulator. HISTORY: https://results.webkit.org/?suite=api-tests&test=TestWebKitAPI.URLSchemeHandler.Exceptions LEAK: 1 WebPage LEAK: 1 WebFrame LEAK: 3 RenderObject LEAK: 1 Page LEAK: 1 Frame LEAK: 4 WebCoreNode
<rdar://problem/77533132>
Created attachment 427714 [details] crash log attaching crash log from a Big Sur bot
Snippet from Crashlog of Crashed Thread: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fff201d49bf objc_release + 31 1 com.apple.WebKit 0x0000000112358977 ~RetainPtr + 20 (RetainPtr.h:180) [inlined] 2 com.apple.WebKit 0x0000000112358977 ~RetainPtr + 20 (RetainPtr.h:178) [inlined] 3 com.apple.WebKit 0x0000000112358977 ~ + 40 (WKURLSchemeTask.mm:120) [inlined] 4 com.apple.WebKit 0x0000000112358977 ~ + 40 (WKURLSchemeTask.mm:120) [inlined] 5 com.apple.WebKit 0x0000000112358977 ~CallableWrapper + 50 (Function.h:46) [inlined] 6 com.apple.WebKit 0x0000000112358977 ~CallableWrapper + 50 (Function.h:46) [inlined] 7 com.apple.WebKit 0x0000000112358977 WTF::Detail::CallableWrapper<-[WKURLSchemeTaskImpl didReceiveData:]::$_5, WebKit::WebURLSchemeTask::ExceptionType>::~CallableWrapper() + 59 (Function.h:46) 8 com.apple.WebKit 0x00000001123577aa operator() + 6 (memory:2368) [inlined] 9 com.apple.WebKit 0x00000001123577aa reset + 21 (memory:2623) [inlined] 10 com.apple.WebKit 0x00000001123577aa ~unique_ptr + 21 (memory:2577) [inlined] 11 com.apple.WebKit 0x00000001123577aa ~unique_ptr + 21 (memory:2577) [inlined] 12 com.apple.WebKit 0x00000001123577aa ~Function + 21 (Function.h:59) [inlined] 13 com.apple.WebKit 0x00000001123577aa ~Function + 21 (Function.h:59) [inlined] 14 com.apple.WebKit 0x00000001123577aa ~ + 21 (WKURLSchemeTask.mm:43) [inlined] 15 com.apple.WebKit 0x00000001123577aa ~ + 21 (WKURLSchemeTask.mm:43) [inlined] 16 com.apple.WebKit 0x00000001123577aa ~CallableWrapper + 31 (Function.h:46) [inlined] 17 com.apple.WebKit 0x00000001123577aa ~CallableWrapper + 31 (Function.h:46) [inlined] 18 com.apple.WebKit 0x00000001123577aa WTF::Detail::CallableWrapper<getExceptionTypeFromMainRunLoop(WTF::Function<WebKit::WebURLSchemeTask::ExceptionType ()>&&)::$_9, void>::~CallableWrapper() + 40 (Function.h:46) 19 com.apple.WebKit 0x0000000112355ebc operator() + 6 (memory:2368) [inlined] 20 com.apple.WebKit 0x0000000112355ebc reset + 21 (memory:2623) [inlined] 21 com.apple.WebKit 0x0000000112355ebc ~unique_ptr + 21 (memory:2577) [inlined] 22 com.apple.WebKit 0x0000000112355ebc ~unique_ptr + 21 (memory:2577) [inlined] 23 com.apple.WebKit 0x0000000112355ebc ~Function + 21 (Function.h:59) [inlined] 24 com.apple.WebKit 0x0000000112355ebc ~Function + 21 (Function.h:59) [inlined] 25 com.apple.WebKit 0x0000000112355ebc getExceptionTypeFromMainRunLoop(WTF::Function<WebKit::WebURLSchemeTask::ExceptionType ()>&&) + 86 (WKURLSchemeTask.mm:43) 26 com.apple.WebKit 0x00000001123560ac -[WKURLSchemeTaskImpl didReceiveData:] + 90 (WKURLSchemeTask.mm:124) 27 TestWebKitAPI 0x000000010f725df5 -[TaskSchemeHandler webView:startURLSchemeTask:] + 376 (WKURLSchemeHandler-1.mm:393) 28 com.apple.WebKit 0x00000001123f5287 WebKit::WebURLSchemeHandlerCocoa::platformStartTask(WebKit::WebPageProxy&, WebKit::WebURLSchemeTask&) + 141 (WebURLSchemeHandlerCocoa.mm:55) 29 com.apple.WebKit 0x00000001124cf37a WebKit::WebURLSchemeHandler::startTask(WebKit::WebPageProxy&, WebKit::WebProcessProxy&, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::URLSchemeTaskParameters&&, WTF::CompletionHandler<void (WebCore::ResourceResponse const&, WebCore::ResourceError const&, WTF::Vector<char, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&)>&&) + 242 (WebURLSchemeHandler.cpp:62) 30 com.apple.WebKit 0x0000000112499821 WebKit::WebPageProxy::startURLSchemeTaskShared(WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebKit::URLSchemeTaskParameters&&) + 119 (WebPageProxy.cpp:9678) 31 com.apple.WebKit 0x0000000112499791 WebKit::WebPageProxy::startURLSchemeTask(WebKit::URLSchemeTaskParameters&&) + 39 (WebPageProxy.cpp:9669) 32 com.apple.WebKit 0x00000001127d266d callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::URLSchemeTaskParameters &&), std::__1::tuple<WebKit::URLSchemeTaskParameters>, 0> + 15 (HandleMessage.h:43) [inlined] 33 com.apple.WebKit 0x00000001127d266d callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::URLSchemeTaskParameters &&), std::__1::tuple<WebKit::URLSchemeTaskParameters>, std::__1::integer_sequence<unsigned long, 0> > + 15 (HandleMessage.h:49) [inlined] 34 com.apple.WebKit 0x00000001127d266d handleMessage<Messages::WebPageProxy::StartURLSchemeTask, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::URLSchemeTaskParameters &&)> + 38 (HandleMessage.h:119) [inlined] 35 com.apple.WebKit 0x00000001127d266d WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 13057 (WebPageProxyMessageReceiver.cpp:1614) 36 com.apple.WebKit 0x00000001120e8e4f IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 219 (MessageReceiverMap.cpp:129) 37 com.apple.WebKit 0x00000001124cad88 WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 24 (WebProcessProxy.cpp:819) 38 com.apple.WebKit 0x00000001120cba5a IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 218 (Connection.cpp:1083) 39 com.apple.WebKit 0x00000001120cb1d5 IPC::Connection::dispatchIncomingMessages() + 323 (Connection.cpp:1187) 40 com.apple.JavaScriptCore 0x00000001104bb281 operator() + 9 (Function.h:83) [inlined] 41 com.apple.JavaScriptCore 0x00000001104bb281 WTF::RunLoop::performWork() + 545 (RunLoop.cpp:133) 42 com.apple.JavaScriptCore 0x00000001104bbad2 WTF::RunLoop::performWork(void*) + 34 (RunLoopCF.cpp:46) 43 com.apple.CoreFoundation 0x00007fff2042ea0c __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 44 com.apple.CoreFoundation 0x00007fff2042e974 __CFRunLoopDoSource0 + 180 45 com.apple.CoreFoundation 0x00007fff2042e6ef __CFRunLoopDoSources0 + 248 46 com.apple.CoreFoundation 0x00007fff2042d121 __CFRunLoopRun + 890 47 com.apple.CoreFoundation 0x00007fff2042c6ce CFRunLoopRunSpecific + 563 48 com.apple.Foundation 0x00007fff211b9fa1 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 212 49 TestWebKitAPI 0x000000010f69a4a6 TestWebKitAPI::Util::run(bool*) + 106 (UtilitiesCocoa.mm:35) 50 TestWebKitAPI 0x000000010f7266b9 checkCallSequence(WTF::Vector<Command, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&, ShouldRaiseException) + 283 (WKURLSchemeHandler-1.mm:427) 51 TestWebKitAPI 0x000000010f726282 URLSchemeHandler_Exceptions_Test::TestBody() + 596 (WKURLSchemeHandler-1.mm:439) 52 TestWebKitAPI 0x000000010f78f8fe void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) + 72 53 TestWebKitAPI 0x000000010f78f867 testing::Test::Run() + 193 54 TestWebKitAPI 0x000000010f790588 testing::TestInfo::Run() + 240 55 TestWebKitAPI 0x000000010f790ee7 testing::TestSuite::Run() + 301 56 TestWebKitAPI 0x000000010f79be15 testing::internal::UnitTestImpl::RunAllTests() + 831 57 TestWebKitAPI 0x000000010f79b9c0 bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) + 72 58 TestWebKitAPI 0x000000010f79b94b testing::UnitTest::Run() + 107 59 TestWebKitAPI 0x000000010f663bf2 RUN_ALL_TESTS + 13 (gtest.h:2471) [inlined] 60 TestWebKitAPI 0x000000010f663bf2 TestWebKitAPI::TestsController::run(int, char**) + 120 (TestsController.cpp:90) 61 TestWebKitAPI 0x000000010f7673ed main + 378 (mainMac.mm:65) 62 libdyld.dylib 0x00007fff20351621 start + 1
Seems related to https://trac.webkit.org/changeset/276797/webkit?
I can hit this quite easily. Fixing...
Created attachment 428029 [details] Patch
Created attachment 428036 [details] Patch
Comment on attachment 428036 [details] Patch Seems clearly better, though I am generally confused about why it was implemented this way, and would like to understand from Brady what the motivation was. Also, if this idiom, specifically a RefCounted class as the only member inside an API::Object, is common, it seems we should try to remove that as I can't see it serving much purpose. The idiom of using data structs inside API classes still seems useful, as it helps to make IPC easier by having a data object to encode/decode.
Committed r277235 (237504@main): <https://commits.webkit.org/237504@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 428036 [details].