| Summary: | ImageBitmapRenderingContext::setOutputBitmap() can trigger accelerated drawing in the webcontent process | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Simon Fraser (smfr) <simon.fraser> | ||||||||
| Component: | Canvas | Assignee: | Matt Woodrow <mattwoodrow> | ||||||||
| Status: | RESOLVED FIXED | ||||||||||
| Severity: | Normal | CC: | cdumez, changseok, dino, esprehn+autocc, ews-watchlist, gyuyoung.kim, heycam, mattwoodrow, simon.fraser, webkit-bug-importer | ||||||||
| Priority: | P2 | Keywords: | InRadar | ||||||||
| Version: | Safari Technology Preview | ||||||||||
| Hardware: | Unspecified | ||||||||||
| OS: | Unspecified | ||||||||||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=218482 | ||||||||||
| Attachments: |
|
||||||||||
|
Description
Simon Fraser (smfr)
2022-04-05 15:59:10 PDT
Created attachment 456780 [details]
Testcase
I can't seem to reproduce any failures here, though we're definitely allocating an IOSurface from the WebContent process. Since this only happens when we don't have an actual image bitmap (and are just allocated a blank backing store), can we just drop hardware acceleration? Passing RenderingPurpose::Canvas seems like it wouldn't help, since that parameter is only taken into account if we also pass a window via the CreationContext param. I confirm your findings:
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
* frame #0: 0x00000001e00ff320 IOSurface`IOSurfaceCreate
frame #1: 0x00000001165d0f04 WebCore`WebCore::IOSurface::create(WebCore::IOSurfacePool*, WebCore::IntSize, WebCore::IntSize, WebCore::DestinationColorSpace const&, WebCore::IOSurface::Format) + 372
frame #2: 0x0000000117651e64 WebCore`WebCore::ImageBufferIOSurfaceBackend::create(WebCore::ImageBufferBackend::Parameters const&, WebCore::ImageBuffer::CreationContext const&) + 328
frame #3: 0x00000001165ddf44 WebCore`WTF::RefPtr<WebCore::IOSurfaceImageBuffer, WTF::RawPtrTraits<WebCore::IOSurfaceImageBuffer>, WTF::DefaultRefDerefTraits<WebCore::IOSurfaceImageBuffer> > WebCore::ConcreteImageBuffer<WebCore::ImageBufferIOSurfaceBackend>::create<WebCore::IOSurfaceImageBuffer>(WebCore::FloatSize const&, float, WebCore::DestinationColorSpace const&, WebCore::PixelFormat, WebCore::ImageBuffer::CreationContext const&) + 84
frame #4: 0x00000001170c2bb4 WebCore`WebCore::ImageBitmapRenderingContext::setOutputBitmap(WTF::RefPtr<WebCore::ImageBitmap, WTF::RawPtrTraits<WebCore::ImageBitmap>, WTF::DefaultRefDerefTraits<WebCore::ImageBitmap> >) + 296
frame #5: 0x00000001170c2918 WebCore`WebCore::ImageBitmapRenderingContext::create(WebCore::CanvasBase&, WebCore::ImageBitmapRenderingContextSettings&&) + 232
frame #6: 0x0000000116f87c5c WebCore`WebCore::HTMLCanvasElement::getContext(JSC::JSGlobalObject&, WTF::String const&, WTF::FixedVector<JSC::Strong<JSC::Unknown, (JSC::ShouldStrongDestructorGrabLock)0> >&&) + 980
frame #7: 0x0000000115fc65ac WebCore`WebCore::jsHTMLCanvasElementPrototypeFunction_getContext(JSC::JSGlobalObject*, JSC::CallFrame*) + 328
frame #8: 0x0000000bece6c204
frame #9: 0x0000000bece64248
frame #10: 0x0000000bece64248
frame #11: 0x0000000bece64848
frame #12: 0x000000010dcaba84 JavaScriptCore`JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 520
frame #13: 0x000000010df438f0 JavaScriptCore`JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 104
frame #14: 0x0000000116992974 WebCore`WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 936
frame #15: 0x0000000116d17068 WebCore`WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 2ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 556
frame #16: 0x0000000116d16ad8 WebCore`WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 520
frame #17: 0x0000000116d0b820 WebCore`WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 240
frame #18: 0x0000000116d0a94c WebCore`WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + 824
frame #19: 0x0000000116fbd964 WebCore`WebCore::HTMLImageLoader::dispatchLoadEvent() + 356
frame #20: 0x000000011731e004 WebCore`WebCore::ImageLoader::dispatchPendingLoadEvent() + 112
frame #21: 0x000000011731dcc0 WebCore`WebCore::ImageLoader::dispatchPendingEvent(WebCore::EventSender<WebCore::ImageLoader>*) + 100
frame #22: 0x000000011731e208 WebCore`WebCore::EventSender<WebCore::ImageLoader>::dispatchPendingEvents(WebCore::Page*) + 284
frame #23: 0x0000000116ca96dc WebCore`WebCore::Document::implicitClose() + 484
And the surface allocation does fail: 2022-04-07 14:40:37.611544-0700 0x1bd2 Error 0x0 487 0 com.apple.WebKit.WebContent: (IOSurface) IOSurface creation failed. IOSurface open failed: e00002e2 (likely sandbox violation) 2022-04-07 14:40:37.611785-0700 0x1bd2 Error 0x0 487 0 com.apple.WebKit.WebContent: (WebCore) [com.apple.WebKit:Layers] IOSurface creation failed for size: (200 300) and format: (0) Created attachment 456999 [details]
Patch
Created attachment 457001 [details]
Patch
Committed r292729 (249514@main): <https://commits.webkit.org/249514@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 457001 [details]. |