[webkit-changes] [185017] trunk/Source/WebCore

Fri, 29 May 2015 16:42:58 -0700

Title: [185017] trunk/Source/WebCore
Revision
185017
Author
[email protected]
Date
2015-05-29 16:42:24 -0700 (Fri, 29 May 2015)

Log Message

WebContent crash in WebCore::Page::sessionID() const + 0 (Page.cpp:1660)
https://bugs.webkit.org/show_bug.cgi?id=145422
<rdar://problem/20613631>

Reviewed by Brady Eidson.

We sometimes crash when destroying a PageCache CachedFrame because its
DocumentLoader is still loading. This should never happen as we are not
supposed to let pages are still have pending loads into the PageCache.

However, we were using DocumentLoader::isLoadingInAPISense() as check
in PageCache::canCachePageContainingThisFrame() which is not exactly
what we want. isLoadingInAPISense() no longer considers subresource
loads once the frame as loaded. This means if the JS triggers a new
load in a subframe after it has been loaded, then isLoadingInAPISense()
will return false, despite the pending load.

This patch replaces the isLoadingInAPISense() check with isLoading()
as this will consider all pending loads, even after the frame is
loaded.

In most cases, using isLoadingInAPISense() was not an issue because
we call DocumentLoader::stopLoading() in all subframes before starting
a provisional load. However, nothing seems to prevent JS from
triggering a new load after that and before the new load gets committed
(which is when we save the page into PageCache).

No new test as we don't have a reliable reproduction case and the
issue is timing related.

* history/PageCache.cpp:
(WebCore::logCanCacheFrameDecision):
(WebCore::PageCache::canCachePageContainingThisFrame):
* page/DiagnosticLoggingKeys.cpp:
(WebCore::DiagnosticLoggingKeys::isLoading):
(WebCore::DiagnosticLoggingKeys::loadingAPISenseKey): Deleted.
* page/DiagnosticLoggingKeys.h:

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (185016 => 185017)


--- trunk/Source/WebCore/ChangeLog	2015-05-29 23:20:56 UTC (rev 185016)
+++ trunk/Source/WebCore/ChangeLog	2015-05-29 23:42:24 UTC (rev 185017)
@@ -1,5 +1,45 @@
 2015-05-29  Chris Dumez  <[email protected]>
 
+        WebContent crash in WebCore::Page::sessionID() const + 0 (Page.cpp:1660)
+        https://bugs.webkit.org/show_bug.cgi?id=145422
+        <rdar://problem/20613631>
+
+        Reviewed by Brady Eidson.
+
+        We sometimes crash when destroying a PageCache CachedFrame because its
+        DocumentLoader is still loading. This should never happen as we are not
+        supposed to let pages are still have pending loads into the PageCache.
+
+        However, we were using DocumentLoader::isLoadingInAPISense() as check
+        in PageCache::canCachePageContainingThisFrame() which is not exactly
+        what we want. isLoadingInAPISense() no longer considers subresource
+        loads once the frame as loaded. This means if the JS triggers a new
+        load in a subframe after it has been loaded, then isLoadingInAPISense()
+        will return false, despite the pending load.
+
+        This patch replaces the isLoadingInAPISense() check with isLoading()
+        as this will consider all pending loads, even after the frame is
+        loaded.
+
+        In most cases, using isLoadingInAPISense() was not an issue because
+        we call DocumentLoader::stopLoading() in all subframes before starting
+        a provisional load. However, nothing seems to prevent JS from
+        triggering a new load after that and before the new load gets committed
+        (which is when we save the page into PageCache).
+
+        No new test as we don't have a reliable reproduction case and the
+        issue is timing related.
+
+        * history/PageCache.cpp:
+        (WebCore::logCanCacheFrameDecision):
+        (WebCore::PageCache::canCachePageContainingThisFrame):
+        * page/DiagnosticLoggingKeys.cpp:
+        (WebCore::DiagnosticLoggingKeys::isLoading):
+        (WebCore::DiagnosticLoggingKeys::loadingAPISenseKey): Deleted.
+        * page/DiagnosticLoggingKeys.h:
+
+2015-05-29  Chris Dumez  <[email protected]>
+
         Consider throttling DOM timers in iframes outside the viewport
         https://bugs.webkit.org/show_bug.cgi?id=145465
         <rdar://problem/20768957>

Modified: trunk/Source/WebCore/history/PageCache.cpp (185016 => 185017)


--- trunk/Source/WebCore/history/PageCache.cpp	2015-05-29 23:20:56 UTC (rev 185016)
+++ trunk/Source/WebCore/history/PageCache.cpp	2015-05-29 23:42:24 UTC (rev 185017)
@@ -86,7 +86,7 @@
     HasSharedWorkers, // FIXME: Remove.
     NoHistoryItem,
     QuickRedirectComing,
-    IsLoadingInAPISense,
+    IsLoading,
     IsStopping,
     CannotSuspendActiveDOMObjects,
     DocumentLoaderUsesApplicationCache,
@@ -159,10 +159,10 @@
         logPageCacheFailureDiagnosticMessage(diagnosticLoggingClient, DiagnosticLoggingKeys::quirkRedirectComingKey());
         rejectReasons |= 1 << QuickRedirectComing;
     }
-    if (frame.loader().documentLoader()->isLoadingInAPISense()) {
-        PCLOG("   -DocumentLoader is still loading in API sense");
-        logPageCacheFailureDiagnosticMessage(diagnosticLoggingClient, DiagnosticLoggingKeys::loadingAPISenseKey());
-        rejectReasons |= 1 << IsLoadingInAPISense;
+    if (frame.loader().documentLoader()->isLoading()) {
+        PCLOG("   -DocumentLoader is still loading");
+        logPageCacheFailureDiagnosticMessage(diagnosticLoggingClient, DiagnosticLoggingKeys::isLoadingKey());
+        rejectReasons |= 1 << IsLoading;
     }
     if (frame.loader().documentLoader()->isStopping()) {
         PCLOG("   -DocumentLoader is in the middle of stopping");
@@ -308,7 +308,7 @@
         && !(frame.isMainFrame() && document->url().protocolIs("https") && documentLoader->response().cacheControlContainsNoStore())
         && frameLoader.history().currentItem()
         && !frameLoader.quickRedirectComing()
-        && !documentLoader->isLoadingInAPISense()
+        && !documentLoader->isLoading()
         && !documentLoader->isStopping()
         && document->canSuspendActiveDOMObjectsForPageCache()
         // FIXME: We should investigating caching frames that have an associated

Modified: trunk/Source/WebCore/page/DiagnosticLoggingKeys.cpp (185016 => 185017)


--- trunk/Source/WebCore/page/DiagnosticLoggingKeys.cpp	2015-05-29 23:20:56 UTC (rev 185016)
+++ trunk/Source/WebCore/page/DiagnosticLoggingKeys.cpp	2015-05-29 23:42:24 UTC (rev 185017)
@@ -248,9 +248,9 @@
     return ASCIILiteral("reason");
 }
 
-String DiagnosticLoggingKeys::loadingAPISenseKey()
+String DiagnosticLoggingKeys::isLoadingKey()
 {
-    return ASCIILiteral("loadingAPISense");
+    return ASCIILiteral("isLoading");
 }
 
 String DiagnosticLoggingKeys::documentLoaderStoppingKey()

Modified: trunk/Source/WebCore/page/DiagnosticLoggingKeys.h (185016 => 185017)


--- trunk/Source/WebCore/page/DiagnosticLoggingKeys.h	2015-05-29 23:20:56 UTC (rev 185016)
+++ trunk/Source/WebCore/page/DiagnosticLoggingKeys.h	2015-05-29 23:42:24 UTC (rev 185017)
@@ -60,7 +60,7 @@
     WEBCORE_EXPORT static String isReloadIgnoringCacheDataKey();
     static String loadedKey();
     static String loadingKey();
-    static String loadingAPISenseKey();
+    static String isLoadingKey();
     static String mainDocumentErrorKey();
     static String mainResourceKey();
     static String mediaKey();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to