commit a1c963487865b855fc7a405f4a935b8c455ec2b5
author bburg@apple.com <bburg@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Fri May 05 19:44:47 2017 +0000
committer bburg@apple.com <bburg@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Fri May 05 19:44:47 2017 +0000
tree a71f601daff32a88167d9b3b1b88eedac252226c
parent 22ae6c2b91a5c83ba343019bdbbbcff9840baffd

CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple.WebCore: WebCore::commonVMSlow + 57
https://bugs.webkit.org/show_bug.cgi?id=171669
<rdar://problem/31967684>

Reviewed by Mark Lam.

Source/WebCore:

* bindings/js/CommonVM.h:
(WebCore::commonVMOrNull):
Add an inline accessor function to expose the global variable.

Source/WebKit2:

safaridriver's AutomaticInspection capability causes us to call WebInspectorProxy::connect()
underneath the Automation.inspectBrowsingContext command. This fires a NeedDebuggerBreak
interrupt for the web content's VM, but this is racy because the web content process may
not yet be fully initialized when this interrupt is handled.

To work around this, just don't deliver any interrupts if the VM singleton is still null.
This is a reliable signal that the web content process is not fully initialized yet. Not delivering
is harmless; the interrupt only exists to break out of infinite loops in JS code, but there
could not be any such infinite loop yet if the web content process is not fully initialized.

* WebProcess/WebPage/WebInspectorInterruptDispatcher.cpp:
(WebKit::WebInspectorInterruptDispatcher::notifyNeedDebuggerBreak):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@216263 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog

diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index b8373b7..b0a332a 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2017-05-05  Brian Burg  <bburg@apple.com>
+
+        CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple.WebCore: WebCore::commonVMSlow + 57
+        https://bugs.webkit.org/show_bug.cgi?id=171669
+        <rdar://problem/31967684>
+
+        Reviewed by Mark Lam.
+
+        * bindings/js/CommonVM.h:
+        (WebCore::commonVMOrNull):
+        Add an inline accessor function to expose the global variable.
+
 2017-05-05  Filip Pizlo  <fpizlo@apple.com>
 
         GCController.cpp's collect() should be Async

Source/WebCore/bindings/js/CommonVM.h

diff --git a/Source/WebCore/bindings/js/CommonVM.h b/Source/WebCore/bindings/js/CommonVM.h
index 0505168..2c67f99 100644
--- a/Source/WebCore/bindings/js/CommonVM.h
+++ b/Source/WebCore/bindings/js/CommonVM.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -37,6 +37,11 @@
 
 WEBCORE_EXPORT JSC::VM& commonVMSlow();
 
+inline JSC::VM* commonVMOrNull()
+{
+    return g_commonVMOrNull;
+}
+
 inline JSC::VM& commonVM()
 {
     if (JSC::VM* result = g_commonVMOrNull)

Source/WebKit2/ChangeLog

diff --git a/Source/WebKit2/ChangeLog b/Source/WebKit2/ChangeLog
index abed22f..3a4cbd8 100644
--- a/Source/WebKit2/ChangeLog
+++ b/Source/WebKit2/ChangeLog
@@ -1,5 +1,26 @@
 2017-05-05  Brian Burg  <bburg@apple.com>
 
+        CrashTracer: [USER] com.apple.WebKit.WebContent.Development at com.apple.WebCore: WebCore::commonVMSlow + 57
+        https://bugs.webkit.org/show_bug.cgi?id=171669
+        <rdar://problem/31967684>
+
+        Reviewed by Mark Lam.
+
+        safaridriver's AutomaticInspection capability causes us to call WebInspectorProxy::connect()
+        underneath the Automation.inspectBrowsingContext command. This fires a NeedDebuggerBreak
+        interrupt for the web content's VM, but this is racy because the web content process may
+        not yet be fully initialized when this interrupt is handled.
+
+        To work around this, just don't deliver any interrupts if the VM singleton is still null.
+        This is a reliable signal that the web content process is not fully initialized yet. Not delivering
+        is harmless; the interrupt only exists to break out of infinite loops in JS code, but there
+        could not be any such infinite loop yet if the web content process is not fully initialized.
+
+        * WebProcess/WebPage/WebInspectorInterruptDispatcher.cpp:
+        (WebKit::WebInspectorInterruptDispatcher::notifyNeedDebuggerBreak):
+
+2017-05-05  Brian Burg  <bburg@apple.com>
+
         Web Automation: cookie-related commands don't work correctly
         https://bugs.webkit.org/show_bug.cgi?id=171713
         <rdar://problem/29829930>

Source/WebKit2/WebProcess/WebPage/WebInspectorInterruptDispatcher.cpp

diff --git a/Source/WebKit2/WebProcess/WebPage/WebInspectorInterruptDispatcher.cpp b/Source/WebKit2/WebProcess/WebPage/WebInspectorInterruptDispatcher.cpp
index cca68df..c017851 100644
--- a/Source/WebKit2/WebProcess/WebPage/WebInspectorInterruptDispatcher.cpp
+++ b/Source/WebKit2/WebProcess/WebPage/WebInspectorInterruptDispatcher.cpp
@@ -32,7 +32,7 @@
 #include <wtf/WorkQueue.h>
 
 namespace WebKit {
-    
+
 Ref<WebInspectorInterruptDispatcher> WebInspectorInterruptDispatcher::create()
 {
     return adoptRef(*new WebInspectorInterruptDispatcher);
@@ -54,6 +54,11 @@
 
 void WebInspectorInterruptDispatcher::notifyNeedDebuggerBreak()
 {
+    // If the web process has not been fully initialized yet, then there
+    // is no VM to be notified and thus no infinite loop to break. Bail out.
+    if (!WebCore::commonVMOrNull())
+        return;
+
     JSC::VM& vm = WebCore::commonVM();
     vm.notifyNeedDebuggerBreak();
 }