*** Bug 43309 has been marked as a duplicate of this bug. ***

<rdar://problem/8259777>

Here's the stack where the drawing area is getting blown away: #0 WebKit::LayerBackedDrawingArea::platformClear (this=0x11c19c190) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit2/WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm:54 #1 0x000000010073f43e in WebKit::LayerBackedDrawingArea::~LayerBackedDrawingArea (this=0x11c19c190) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit2/WebProcess/WebPage/LayerBackedDrawingArea.cpp:66 #2 0x0000000100782f49 in WTF::deleteOwnedPtr<WebKit::DrawingArea> (ptr=0x11c19c190) at OwnPtrCommon.h:57 #3 0x000000010078413a in WTF::OwnPtr<WebKit::DrawingArea>::operator= (this=0x119d01178, o=@0x7fff5fbfe3a0) at OwnPtr.h:129 #4 0x0000000100781ad9 in WebKit::WebPage::changeAcceleratedCompositingMode (this=0x119d010f0, layer=0x0) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit2/WebProcess/WebPage/WebPage.cpp:189 #5 0x0000000100781b60 in WebKit::WebPage::exitAcceleratedCompositingMode (this=0x119d010f0) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit2/WebProcess/WebPage/WebPage.cpp:205 #6 0x000000010076d473 in WebKit::WebChromeClient::attachRootGraphicsLayer (this=0x119d00c70, layer=0x0) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit2/WebProcess/WebCoreSupport/WebChromeClient.cpp:505 #7 0x0000000101c9af8a in WebCore::RenderLayerCompositor::detachRootPlatformLayer (this=0x11c1d64e0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderLayerCompositor.cpp:1409 #8 0x0000000101c9b146 in WebCore::RenderLayerCompositor::destroyRootPlatformLayer (this=0x11c1d64e0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderLayerCompositor.cpp:1343 #9 0x0000000101c9c957 in WebCore::RenderLayerCompositor::enableCompositingMode (this=0x11c1d64e0, enable=false) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderLayerCompositor.cpp:122 #10 0x0000000101c9e5b6 in WebCore::RenderLayerCompositor::computeCompositingRequirements (this=0x11c1d64e0, layer=0x11c19c6b8, overlapMap=0x7fff5fbfe6e0, compositingState=@0x7fff5fbfe6c0, layersChanged=@0x7fff5fbfe6dc) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderLayerCompositor.cpp:644 #11 0x0000000101c9e841 in WebCore::RenderLayerCompositor::updateCompositingLayers (this=0x11c1d64e0, updateType=WebCore::CompositingUpdateAfterLayoutOrStyleChange, updateRoot=0x11c19c6b8) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderLayerCompositor.cpp:215 #12 0x00000001016c127f in WebCore::FrameView::updateCompositingLayers (this=0x11c1d4fa0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/FrameView.cpp:497 #13 0x00000001016c1e0f in WebCore::FrameView::layout (this=0x11c1d4fa0, allowSubtree=true) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/FrameView.cpp:808 #14 0x00000001016c2545 in WebCore::FrameView::layoutIfNeededRecursive (this=0x11c1d4fa0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/FrameView.cpp:2012 #15 0x0000000100780b28 in WebKit::WebPage::layoutIfNeeded (this=0x119d010f0) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit2/WebProcess/WebPage/WebPage.cpp:286 #16 0x000000010073f9ed in WebKit::LayerBackedDrawingArea::updateLayoutRunLoopObserverFired (this=0x11c19c190) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit2/WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm:152 #17 0x000000010073fa29 in WebKit::LayerBackedDrawingArea::updateLayoutRunLoopObserverCallback (info=0x11c19c190) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit2/WebProcess/WebPage/mac/LayerBackedDrawingAreaMac.mm:147 #18 0x00007fff870ae077 in __CFRunLoopDoObservers ()

Created attachment 63284 [details] Part one: make DrawingArea ref-counted

Comment on attachment 63284 [details] Part one: make DrawingArea ref-counted Reference counts. Is there nothing they can't do?

Created attachment 63377 [details] Patch

Attachment 63377 [details] did not pass style-queue: Failed to run "['WebKitTools/Scripts/check-webkit-style']" exit_code: 1 WebKit2/Shared/DrawingAreaBase.h:32: Code inside a namespace should not be indented. [whitespace/indent] [4] WebKit2/Shared/DrawingAreaBase.cpp:26: Found header this file implements before WebCore config.h. Should be: config.h, primary header, blank line, and then alphabetically sorted. [build/include_order] [4] Total errors found: 2 in 21 files If any of these errors are false positives, please file a bug against check-webkit-style.

Comment on attachment 63377 [details] Patch > +class DrawingAreaBase { > +public: > + enum Type { > + None, > + ChunkedUpdateDrawingAreaType, > +#if USE(ACCELERATED_COMPOSITING) > + LayerBackedDrawingAreaType, > +#endif > + }; > + > + typedef uint64_t DrawingAreaID; > + > + virtual ~DrawingAreaBase() { } > + > + Type type() const { return m_type; } > + DrawingAreaID id() const { return m_id; } > + > + struct DrawingAreaInfo { > + Type type; > + DrawingAreaID id; > + > + DrawingAreaInfo(Type type = None, DrawingAreaID indentifier = 0) Typo, "indentifier." > +protected: > + DrawingAreaBase(Type type, DrawingAreaID indentifier) > + : m_type(type) > + , m_id(indentifier) Ditto.

http://trac.webkit.org/changeset/64594 http://trac.webkit.org/changeset/64595