[webkit-changes] [WebKit/WebKit] 11ef58: RELEASE_ASSERT(!m_ptrCount) under ~Frame()

Chris Dumez noreply at github.com
Tue Dec 5 07:43:20 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 11ef5809f84211b6c4ab9155c37f66541d204582
      https://github.com/WebKit/WebKit/commit/11ef5809f84211b6c4ab9155c37f66541d204582
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-12-05 (Tue, 05 Dec 2023)

  Changed paths:
    M Source/WTF/WTF.xcodeproj/project.pbxproj
    M Source/WTF/wtf/CMakeLists.txt
    M Source/WTF/wtf/Forward.h
    M Source/WTF/wtf/WeakPtr.h
    A Source/WTF/wtf/WeakRef.h
    M Source/WebCore/editing/WebContentReader.h
    M Source/WebCore/loader/FrameLoader.cpp
    M Source/WebCore/loader/FrameLoader.h
    M Source/WebCore/page/EventHandler.h
    M Source/WebCore/page/Frame.h
    M Source/WebCore/page/IntersectionObserver.cpp
    M Source/WebCore/page/LocalFrameView.cpp
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/Page.h

  Log Message:
  -----------
  RELEASE_ASSERT(!m_ptrCount) under ~Frame()
https://bugs.webkit.org/show_bug.cgi?id=265833
rdar://118553828

Reviewed by Darin Adler.

This crash occurs because there is still a CheckedPtr / CheckedRef pointing
to the Frame somewhere at the time where the Frame gets destroyed.

However, CheckedPtr / CheckedRef crashes are very hard to debug. Instead,
I updated Frame to stop subclassing CanMakeCheckedPtr and I used WeakPtr
instead of CheckedPtr.

I also introduced a new WeakRef class which is like a WeakPtr except that
it is not expected to ever be null. It is the replacement for CheckedRef.

This patch also updates a few comparisons between Frames instead that were
doing value comparison instead of pointer comparison. Those bad comparisons
stopped building when I dropped CanMakeCheckedPtr as a base class of Frame.

* Source/WTF/WTF.xcodeproj/project.pbxproj:
* Source/WTF/wtf/CMakeLists.txt:
* Source/WTF/wtf/Forward.h:
* Source/WTF/wtf/WeakPtr.h:
* Source/WTF/wtf/WeakRef.h: Added.
(WTF::WeakRef::WeakRef):
(WTF::WeakRef::isHashTableDeletedValue const):
(WTF::WeakRef::isHashTableEmptyValue const):
(WTF::WeakRef::ptr const):
(WTF::WeakRef::get const):
(WTF::WeakRef::operator T& const):
(WTF::WeakRef::operator-> const):
(WTF::WeakRef::canSafelyBeUsed const):
(WTF::WeakRef::implForObject):
(WTF::WeakRefHashTraits::emptyValue):
(WTF::WeakRefHashTraits::constructEmptyValue):
(WTF::WeakRefHashTraits::isEmptyValue):
(WTF::WeakRefHashTraits::peek):
(WTF::WeakRefHashTraits::take):
* Source/WebCore/editing/WebContentReader.h:
* Source/WebCore/loader/FrameLoader.cpp:
* Source/WebCore/loader/FrameLoader.h:
* Source/WebCore/page/EventHandler.h:
* Source/WebCore/page/Frame.h:
* Source/WebCore/page/IntersectionObserver.cpp:
(WebCore::IntersectionObserver::computeIntersectionState const):
* Source/WebCore/page/LocalFrameView.cpp:
(WebCore::LocalFrameView::shouldUpdateCompositingLayersAfterScrolling const):
* Source/WebCore/page/Page.cpp:
(WebCore::Page::outermostFullscreenDocument const):
* Source/WebCore/page/Page.h:
(WebCore::Page::rootFrames const):

Canonical link: https://commits.webkit.org/271551@main

More information about the webkit-changes mailing list