Skip to site navigation (Press enter)

[webkit-changes] [167822] trunk/Source/WebKit2

timothy_horton Fri, 25 Apr 2014 14:28:17 -0700

Title: [167822] trunk/Source/WebKit2

Revision: 167822
Author: [email protected]
Date: 2014-04-25 14:28:04 -0700 (Fri, 25 Apr 2014)

Log Message

REGRESSION (r167775): Safari crashes in ViewSnapshotStore::pruneSnapshots after loading 20 pages
https://bugs.webkit.org/show_bug.cgi?id=132204
<rdar://problem/16729123>


Reviewed by Anders Carlsson.

* UIProcess/mac/ViewSnapshotStore.h:
* UIProcess/mac/ViewSnapshotStore.mm:
(WebKit::ViewSnapshotStore::ViewSnapshotStore):
(WebKit::ViewSnapshotStore::pruneSnapshots):
(WebKit::ViewSnapshotStore::recordSnapshot):
Keep track of the number of snapshots that actually have live images; the
size of the snapshot map no longer represents that.
Also, fix the crash by using the UUID from the current item instead of from
the (potentially null) most distant item; r167775 accidentally typo'd this.

Modified Paths

trunk/Source/WebKit2/ChangeLog
trunk/Source/WebKit2/UIProcess/mac/ViewSnapshotStore.h
trunk/Source/WebKit2/UIProcess/mac/ViewSnapshotStore.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (167821 => 167822)


--- trunk/Source/WebKit2/ChangeLog	2014-04-25 21:17:45 UTC (rev 167821)
+++ trunk/Source/WebKit2/ChangeLog	2014-04-25 21:28:04 UTC (rev 167822)
@@ -1,3 +1,21 @@
+2014-04-25  Tim Horton  <[email protected]>
+
+        REGRESSION (r167775): Safari crashes in ViewSnapshotStore::pruneSnapshots after loading 20 pages
+        https://bugs.webkit.org/show_bug.cgi?id=132204
+        <rdar://problem/16729123>
+
+        Reviewed by Anders Carlsson.
+
+        * UIProcess/mac/ViewSnapshotStore.h:
+        * UIProcess/mac/ViewSnapshotStore.mm:
+        (WebKit::ViewSnapshotStore::ViewSnapshotStore):
+        (WebKit::ViewSnapshotStore::pruneSnapshots):
+        (WebKit::ViewSnapshotStore::recordSnapshot):
+        Keep track of the number of snapshots that actually have live images; the
+        size of the snapshot map no longer represents that.
+        Also, fix the crash by using the UUID from the current item instead of from
+        the (potentially null) most distant item; r167775 accidentally typo'd this.
+
 2014-04-25  Carlos Garcia Campos  <[email protected]>
 
         [GTK] Plugin process crashes with GTK2 windowed plugins

Modified: trunk/Source/WebKit2/UIProcess/mac/ViewSnapshotStore.h (167821 => 167822)


--- trunk/Source/WebKit2/UIProcess/mac/ViewSnapshotStore.h	2014-04-25 21:17:45 UTC (rev 167821)
+++ trunk/Source/WebKit2/UIProcess/mac/ViewSnapshotStore.h	2014-04-25 21:28:04 UTC (rev 167822)
@@ -72,6 +72,7 @@
     HashMap<String, Snapshot> m_snapshotMap;
 
     bool m_enabled;
+    unsigned m_snapshotsWithImagesCount;
 };
 
 } // namespace WebKit

Modified: trunk/Source/WebKit2/UIProcess/mac/ViewSnapshotStore.mm (167821 => 167822)


--- trunk/Source/WebKit2/UIProcess/mac/ViewSnapshotStore.mm	2014-04-25 21:17:45 UTC (rev 167821)
+++ trunk/Source/WebKit2/UIProcess/mac/ViewSnapshotStore.mm	2014-04-25 21:28:04 UTC (rev 167822)
@@ -40,6 +40,7 @@
 
 ViewSnapshotStore::ViewSnapshotStore()
     : m_enabled(true)
+    , m_snapshotsWithImagesCount(0)
 {
 }
 
@@ -55,12 +56,12 @@
 
 void ViewSnapshotStore::pruneSnapshots(WebPageProxy& webPageProxy)
 {
-    if (m_snapshotMap.size() <= maximumSnapshotCount)
+    if (m_snapshotsWithImagesCount <= maximumSnapshotCount)
         return;
 
     uint32_t currentIndex = webPageProxy.backForwardList().currentIndex();
     uint32_t maxDistance = 0;
-    WebBackForwardListItem* mostDistantSnapshottedItem = nullptr;
+    auto mostDistantSnapshotIter = m_snapshotMap.end();
     auto backForwardEntries = webPageProxy.backForwardList().entries();
 
     // First, try to evict the snapshot for the page farthest from the current back-forward item.
@@ -75,21 +76,21 @@
         if (snapshotUUID.isEmpty())
             continue;
 
-        const auto& snapshot = m_snapshotMap.find(mostDistantSnapshottedItem->snapshotUUID());
-        if (snapshot == m_snapshotMap.end())
+        const auto& snapshotIter = m_snapshotMap.find(snapshotUUID);
+        if (snapshotIter == m_snapshotMap.end())
             continue;
 
         // We're only interested in evicting snapshots that still have images.
-        if (!snapshot->value.hasImage())
+        if (!snapshotIter->value.hasImage())
             continue;
 
-        mostDistantSnapshottedItem = item;
+        mostDistantSnapshotIter = snapshotIter;
         maxDistance = distance;
     }
 
-    if (mostDistantSnapshottedItem) {
-        const auto& snapshot = m_snapshotMap.find(mostDistantSnapshottedItem->snapshotUUID());
-        snapshot->value.clearImage();
+    if (mostDistantSnapshotIter != m_snapshotMap.end()) {
+        mostDistantSnapshotIter->value.clearImage();
+        m_snapshotsWithImagesCount--;
         return;
     }
 
@@ -107,6 +108,7 @@
 
     const auto& snapshot = m_snapshotMap.find(oldestSnapshotUUID);
     snapshot->value.clearImage();
+    m_snapshotsWithImagesCount--;
 }
 
 #if USE(IOSURFACE)
@@ -158,6 +160,9 @@
 #endif
 
     m_snapshotMap.add(item->snapshotUUID(), snapshot);
+
+    if (snapshot.hasImage())
+        m_snapshotsWithImagesCount++;
 }
 
 bool ViewSnapshotStore::getSnapshot(WebBackForwardListItem* item, ViewSnapshotStore::Snapshot& snapshot)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes