[webkit-changes] [WebKit/WebKit] 9635c3: REGRESSION(282394 at main): Flaky ASSERTION FAILED: !...

Alex Christensen noreply at github.com
Fri Oct 4 18:25:14 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 9635c3817243eae7f1c113a4542a583ebdbc6048
      https://github.com/WebKit/WebKit/commit/9635c3817243eae7f1c113a4542a583ebdbc6048
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-10-04 (Fri, 04 Oct 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/Navigation.mm

  Log Message:
  -----------
  REGRESSION(282394 at main): Flaky ASSERTION FAILED: !users.contains(pageID) on TestWebKitAPI.ProcessSwap.ConcurrentHistoryNavigations
https://bugs.webkit.org/show_bug.cgi?id=280888
rdar://136716513

Reviewed by Chris Dumez.

The assertion happens when registering a pageID as a VisitedLinkStore client and the crash
happens if the pageID is already registered. Normally, when we construct a ProvisionalPageProxy
(for a process swap), we will register the pageID as a VisitedLinkStore client for the new
WebProcess used for the navigation. However, due to a race, the ProvisionalPageProxy sometimes
ends up using the same WebProcess as the WebPageProxy's current WebProcess. This doesn't make
sense since ProvisionalPageProxy is only supposed to be used in case of process-swap.

The race is in WebPageProxy::receivedNavigationActionPolicyDecision(), where the lambda may
sometimes run after the frame has been detached from the frame tree (the frame has been replaced).
To address the issue, we now early return in the lambda if the frame has been detached so that
we don't attempt to do a process swap in this case.

This case is hit by the API test WKNavigation.HTTPSOnlyWithHTTPRedirect which rapidly redirects
back and forth until the maximum number of redirects is hit.  The early return is registering
one fewer callback now, which is fine.  The exact number of callbacks isn't what that test was
testing, but rather that didFailNavigation happens after it is hit.

* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::receivedNavigationActionPolicyDecision):

Canonical link: https://commits.webkit.org/284719@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list