RESOLVED FIXED Bug 81166
Repro crash in compositing/iframes/page-cache-layer-tree.html 
https://bugs.webkit.org/show_bug.cgi?id=81166
Summary Repro crash in compositing/iframes/page-cache-layer-tree.html
Brady Eidson
Reported 2012-03-14 15:55:09 PDT
Repro crash in compositing/iframes/page-cache-layer-tree.html ASSERTION FAILED: m_suspendedForPageCache Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010b23e31b WebCore::DOMWindow::reconnectDOMWindowProperties() + 91 (DOMWindow.cpp:543) 1 com.apple.WebCore 0x000000010b23e2a9 WebCore::DOMWindow::resumeFromPageCache() + 25 (DOMWindow.cpp:522) 2 com.apple.WebCore 0x000000010b369e6a WebCore::FrameLoader::open(WebCore::CachedFrameBase&) + 970 (FrameLoader.cpp:2060) 3 com.apple.WebCore 0x000000010adf6957 WebCore::CachedFrame::open() + 183 (CachedFrame.cpp:212) 4 com.apple.WebCore 0x000000010adf67ba WebCore::CachedFrameBase::restore() + 762 (CachedFrame.cpp:127) 5 com.apple.WebCore 0x000000010b369ee5 WebCore::FrameLoader::open(WebCore::CachedFrameBase&) + 1093 (FrameLoader.cpp:2065) 6 com.apple.WebCore 0x000000010adf6957 WebCore::CachedFrame::open() + 183 (CachedFrame.cpp:212) 7 com.apple.WebCore 0x000000010adfd499 WebCore::CachedPage::restore(WebCore::Page*) + 377 (CachedPage.cpp:83) 8 com.apple.WebCore 0x000000010b368345 WebCore::FrameLoader::commitProvisionalLoad() + 1253 (FrameLoader.cpp:1789) 9 com.apple.WebCore 0x000000010b36c167 WebCore::FrameLoader::loadProvisionalItemFromCachedPage() + 311 (FrameLoader.cpp:3041) 10 com.apple.WebCore 0x000000010b36698b WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 843 (FrameLoader.cpp:2912) 11 com.apple.WebCore 0x000000010b366a87 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 87 (FrameLoader.cpp:2788) 12 com.apple.WebCore 0x000000010bd43132 WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 370 (PolicyChecker.cpp:69) 13 com.apple.WebCore 0x000000010b366460 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1472 (FrameLoader.cpp:1389) 14 com.apple.WebCore 0x000000010b362921 WebCore::FrameLoader::loadDifferentDocumentItem(WebCore::HistoryItem*, WebCore::FrameLoadType) + 161 (FrameLoader.cpp:3098) 15 com.apple.WebCore 0x000000010b36cc11 WebCore::FrameLoader::loadItem(WebCore::HistoryItem*, WebCore::FrameLoadType) + 161 (FrameLoader.cpp:3186) 16 com.apple.WebCore 0x000000010b41c6ae WebCore::HistoryController::recursiveGoToItem(WebCore::HistoryItem*, WebCore::HistoryItem*, WebCore::FrameLoadType) + 638 (HistoryController.cpp:732) 17 com.apple.WebCore 0x000000010b41c183 WebCore::HistoryController::goToItem(WebCore::HistoryItem*, WebCore::FrameLoadType) + 435 (HistoryController.cpp:274) 18 com.apple.WebCore 0x000000010bce8e49 WebCore::Page::goToItem(WebCore::HistoryItem*, WebCore::FrameLoadType) + 201 (Page.cpp:346) 19 com.apple.WebCore 0x000000010bce90c8 WebCore::Page::goBackOrForward(int) + 328 (Page.cpp:335) 20 com.apple.WebCore 0x000000010adb520e WebCore::BackForwardController::goBackOrForward(int) + 30 (BackForwardController.cpp:60) 21 com.apple.WebCore 0x000000010bc8d938 WebCore::ScheduledHistoryNavigation::fire(WebCore::Frame*) + 312 (NavigationScheduler.cpp:206) 22 com.apple.WebCore 0x000000010bc8b742 WebCore::NavigationScheduler::timerFired(WebCore::Timer<WebCore::NavigationScheduler>*) + 178 (NavigationScheduler.cpp:419) It's a Frame whose ScriptController has no WindowShells, so we can't pull out the DOMWindow for the page cache. But that also means we have no DOMWindow to restore so we create a new one implicitly, and its not ready to "restore from page cache" obviously. The way we've always saved the DOMWindow before was bogus. I'm doing it correctly now. In radar as <rdar://problem/11045584>
Attachments
Patch v1 (4.59 KB, patch)
2012-03-14 16:00 PDT, Brady Eidson 		sam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brady Eidson
Comment 1 2012-03-14 16:00:43 PDT
Created attachment 131946 [details] Patch v1
Brady Eidson
Comment 2 2012-03-14 16:09:28 PDT
http://trac.webkit.org/changeset/110776
Note You need to log in before you can comment on or make changes to this bug.