[Webkit-unassigned] [Bug 196825] New: REGRESSION (r244182): RemoteLayerTreeDrawingArea::flushLayers() should not be reentrant
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 11 12:25:49 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=196825
Bug ID: 196825
Summary: REGRESSION (r244182):
RemoteLayerTreeDrawingArea::flushLayers() should not
be reentrant
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Animations
Assignee: webkit-unassigned at lists.webkit.org
Reporter: sabouhallawa at apple.com
CC: dino at apple.com
After r244182, RemoteLayerTreeDrawingArea::flushLayers() can be reentrant when running run-webkit-tests. This can happen when notifyDone() is called from the rAF callback which forces repaint. Here is the problematic call stack:
3 0x1033b3acd WebKit::RemoteLayerTreeDrawingArea::flushLayers()
4 0x1033b64be WebKit::RemoteLayerTreeDrawingArea::forceRepaint()
5 0x104462f85 WebKit::WebPage::forceRepaintWithoutCallback()
6 0x10413ddbd WKBundlePageForceRepaint
7 0x4ec12346e WTR::InjectedBundlePage::dump()
8 0x4ec146afd WTR::TestRunner::notifyDone()
9 0x4ec1390a7 WTR::JSTestRunner::notifyDone(OpaqueJSContext const*, OpaqueJSValue*, OpaqueJSValue*, unsigned long, OpaqueJSValue const* const*, OpaqueJSValue const**)
10 0x4cb554d51 long long JSC::APICallbackFunction::call<JSC::JSCallbackFunction>(JSC::ExecState*)
11 0x23a354601027
12 0x4cb4d18b1 llint_entry
13 0x4cb4d18b1 llint_entry
14 0x4cb4d18b1 llint_entry
15 0x4cb4be500 vmEntryToJavaScript
16 0x4cbe3dace JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*)
17 0x4cbe3e0ff JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
18 0x4cc115c4c JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
19 0x4cc115d3a JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
20 0x4cc11602e JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
21 0x4d0ec3fdb WebCore::JSExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&)
22 0x4d0ec3e8f WebCore::JSCallbackData::invokeCallback(WebCore::JSDOMGlobalObject&, JSC::JSObject*, JSC::JSValue, JSC::MarkedArgumentBuffer&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&)
23 0x4cf65d332 WebCore::JSCallbackDataStrong::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, WebCore::JSCallbackData::CallbackType, JSC::PropertyName, WTF::NakedPtr<JSC::Exception>&)
24 0x4d020deb9 WebCore::JSRequestAnimationFrameCallback::handleEvent(double)
25 0x4d15d8344 WebCore::ScriptedAnimationController::serviceRequestAnimationFrameCallbacks(double)
26 0x4d14180d6 WebCore::Document::serviceRequestAnimationFrameCallbacks(double)
27 0x4d1f29387 WebCore::Page::updateRendering()
28 0x1044642d4 WebKit::WebPage::updateRendering()
29 0x1033b3ae9 WebKit::RemoteLayerTreeDrawingArea::flushLayers()
30 0x1033bcf91 WTF::Function<void ()>::CallableWrapper<std::__1::__bind<void (WebKit::RemoteLayerTreeDrawingArea::*&)(), WebKit::RemoteLayerTreeDrawingArea*> >::call()
31 0x1032f665d WTF::Function<void ()>::operator()() const
This call stack was caught by the iOS simulator layout tests because RemoteLayerTreeDrawingAreaProxy::commitLayerTree() asserts the transition IDs are sequential.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190411/f509ef06/attachment-0001.html>
More information about the webkit-unassigned
mailing list