[webkit-changes] [WebKit/WebKit] 5df080: REGRESSION(257266 at main): Various iOS layout tests ...

Kimmo Kinnunen noreply at github.com
Wed Dec 7 00:19:56 PST 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 5df080eee4f37a71eb81ad1de85af649db603f74
      https://github.com/WebKit/WebKit/commit/5df080eee4f37a71eb81ad1de85af649db603f74
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2022-12-07 (Wed, 07 Dec 2022)

  Changed paths:
    M Source/WTF/wtf/ObjectIdentifier.h
    M Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.cpp
    M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp
    M Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.h
    M Source/WebKit/Sources.txt
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj
    M Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferProxy.cpp
    M Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferProxy.h
    M Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp
    M Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.h
    M Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.messages.in
    R Source/WebKit/WebProcess/GPU/graphics/ThreadSafeRemoteImageBufferFlusher.cpp
    R Source/WebKit/WebProcess/GPU/graphics/ThreadSafeRemoteImageBufferFlusher.h

  Log Message:
  -----------
  REGRESSION(257266 at main): Various iOS layout tests asserting in RemoteImageBufferProxy::~RemoteImageBufferProxy()
https://bugs.webkit.org/show_bug.cgi?id=248750
rdar://problem/102967237

Reviewed by Simon Fraser.

Commit 257266 at main would remove the DestructionThread::Main from ImageBuffer.
This is needed for Offscreen cases, where the RemoteImageBufferProxy is created in
non-main thread. This would cause invalid weakptr ref in ~RemoteImageBufferProxy.

The RemoteImageBufferProxy is mostly ref'ed from the expected thread, e.g. the creation
thread.

ThreadSafeRemoteImageBufferFlusher refs the RemoteImageBufferProxy and this is used
in the compositing thread. This means sometimes the last ref to RIBP is dropped in
unintended thread, and this would access the weakptrs in wrong thread for the destructor.

The *Flusher and *Proxy need the "last completed flush" token. Move this shared state
to a refcounted instance. Hold this state in RemoteRenderingBackendProxy, so that the
Flusher gets released properly also when the RIBP is destroyed before the flush completes.

Theoretically the flushes might come out of order due to how waiting is implemented in IPC.
Use >= instead of != when checking last completed flush token to address this.

* Source/WTF/wtf/ObjectIdentifier.h:
(WTF::ObjectIdentifier::operator> const):
(WTF::ObjectIdentifier::operator>= const):
(WTF::ObjectIdentifier::operator< const):
(WTF::ObjectIdentifier::operator<= const):
Add needed operators for full ordering. This patch uses >=.

* Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.cpp:
(WebKit::RemoteDisplayListRecorder::flushContext):
* Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.cpp:
(WebKit::RemoteRenderingBackend::didFlush):
* Source/WebKit/GPUProcess/graphics/RemoteRenderingBackend.h:
* Source/WebKit/Sources.txt:
* Source/WebKit/WebKit.xcodeproj/project.pbxproj:
* Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferProxy.cpp:
(WebKit::RemoteImageBufferProxy::RemoteImageBufferProxy):
(WebKit::RemoteImageBufferProxy::hasPendingFlush const):
(WebKit::RemoteImageBufferProxy::clearBackend):
(WebKit::RemoteImageBufferProxy::flushDrawingContextAsync):
(WebKit::RemoteImageBufferProxy::createFlusher):
(WebKit::RemoteImageBufferProxyFlushState::waitForDidFlushOnSecondaryThread):
(WebKit::RemoteImageBufferProxyFlushState::markCompletedFlush):
(WebKit::RemoteImageBufferProxyFlushState::completedFlush const):
(WebKit::RemoteImageBufferProxyFlushState::cancel):
(WebKit::RemoteImageBufferProxy::waitForDidFlushOnSecondaryThread): Deleted.
(WebKit::RemoteImageBufferProxy::didFlush): Deleted.
* Source/WebKit/WebProcess/GPU/graphics/RemoteImageBufferProxy.h:
* Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.cpp:
(WebKit::RemoteRenderingBackendProxy::disconnectGPUProcess):
(WebKit::RemoteRenderingBackendProxy::didFlush):
(WebKit::RemoteRenderingBackendProxy::addPendingFlush):
* Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.h:
* Source/WebKit/WebProcess/GPU/graphics/RemoteRenderingBackendProxy.messages.in:
* Source/WebKit/WebProcess/GPU/graphics/ThreadSafeRemoteImageBufferFlusher.cpp: Removed.
* Source/WebKit/WebProcess/GPU/graphics/ThreadSafeRemoteImageBufferFlusher.h: Removed.
Remove the files and move the corresponding class to RemoteImageBufferProxy. This simplifies
the implementation.

 * Source/WebKit/GPUProcess/graphics/RemoteDisplayListRecorder.cpp:

Canonical link: https://commits.webkit.org/257460@main

More information about the webkit-changes mailing list