Bug 250346

Summary:

AX: With ITM enabled, reloading the page causes a deadlock

Product:

WebKit

Reporter:

Tyler Wilcock <tyler_w>

Component:

Accessibility

Assignee:

Tyler Wilcock <tyler_w>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

aboxhall, andresg_22, apinheiro, cfleizach, dmazzoni, ews-watchlist, jcraig, jdiggs, samuel_white, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

Other

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none

Description Tyler Wilcock 2023-01-09 16:19:40 PST

This is caused by unconditional re-entrant acquisition of s_storeLock when an isolated tree is destroyed.

Comment 1 Radar WebKit Bug Importer 2023-01-09 16:19:54 PST

<rdar://problem/104050533>

Comment 2 Tyler Wilcock 2023-01-09 16:21:08 PST

rdar://104018097

Comment 3 Tyler Wilcock 2023-01-09 16:32:59 PST

Created attachment 464430 [details]
Patch

Comment 4 Andres Gonzalez 2023-01-09 18:13:18 PST

(In reply to Tyler Wilcock from comment #3)
> Created attachment 464430 [details]
> Patch

I think the right fix is to remove this line from applyPendingchanges:

        Locker locker { s_storeLock };

because the new AXTreeStore takes care of the lock for each one of the operations it performs.

Notice that otherwise the problem is still there in debug builds for the block that follows:

#ifndef NDEBUG
        ASSERT(AXTreeStore::contains(treeID()));
...


Should make sure that we are not acquiring the store lock somewhere else unnecessarily.

Comment 5 Tyler Wilcock 2023-01-09 19:45:48 PST

Created attachment 464437 [details]
Patch

Comment 6 Tyler Wilcock 2023-01-09 23:47:32 PST

Created attachment 464440 [details]
Patch

Comment 7 EWS 2023-01-10 10:40:46 PST

Committed 258735@main (9cdd3b498e3e): <https://commits.webkit.org/258735@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 464440 [details].