Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b08cb7a8eb99d364368fa08ede6cf18b47235a20
https://github.com/WebKit/WebKit/commit/b08cb7a8eb99d364368fa08ede6cf18b47235a20
Author: Ryosuke Niwa <[email protected]>
Date: 2026-01-18 (Sun, 18 Jan 2026)
Changed paths:
M Source/WebKit/Scripts/webkit/messages.py
M Source/WebKit/Shared/WTFArgumentCoders.serialization.in
M Source/WebKit/UIProcess/WebEditCommandProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.cpp
M Source/WebKit/UIProcess/WebPageProxy.h
M Source/WebKit/UIProcess/WebPageProxy.messages.in
M Source/WebKit/WebProcess/WebCoreSupport/WebEditorClient.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.cpp
M Source/WebKit/WebProcess/WebPage/WebPage.h
M Source/WebKit/WebProcess/WebPage/WebPage.messages.in
M Source/WebKit/WebProcess/WebPage/WebUndoStep.cpp
M Source/WebKit/WebProcess/WebPage/WebUndoStepID.h
Log Message:
-----------
Release assert in performLayout via WebPage::unapplyEditCommand through
WebEditorClient::undo
https://bugs.webkit.org/show_bug.cgi?id=305689
Reviewed by Wenson Hsieh.
The bug was caused by undo/redo IPC from UI process being dispatched while
WebContent process
is waiting on a sync IPC reply. Because sync IPCs are used to fetch resources,
etc... while
layout or style update is happening, this can lead to release assert failures
in various places.
This is an inherent IPC design flaw from when WebKit2 was initially brought up.
We use a sync
IPC to trigger undo/redo from WebContent process (e.g. for execCommand('undo'))
and undo/redo
request from UI process to WebContent for the very undo/redo started in
WebContent process must
dispatch to avoid a dead lock.
This PR fixes this IPC design flaw by making undo/redo request from UI process
no longer dispatch
while WebContent process is waiting for a sync reply. Instead, the IPC to
trigger undo/redo from
WebContent process now obtains the list of undo/redo to execute from UI
process. WebContent now
executes all the pending undo/redo requests from UI process when undo/redo
request originating
from WebContent process completes.
Because there is a race condition between undo/redo requests being sent from UI
process to
WebContent process and undo/redo requests being triggered in WebContent
process, we introduce
the notion of "undo version" which monotonically increases whenever we trigger
an undo or redo
in UI process. WebContent process ignores any undo/redo requests with an older
undo version.
No new tests since we don't have a reliable test case.
* Source/WebKit/Scripts/webkit/messages.py:
(serialized_identifiers):
(types_that_cannot_be_forward_declared):
* Source/WebKit/Shared/WTFArgumentCoders.serialization.in:
* Source/WebKit/UIProcess/WebEditCommandProxy.cpp:
(WebKit::WebEditCommandProxy::unapply):
(WebKit::WebEditCommandProxy::reapply):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::registerEditCommandForUndo):
(WebKit::WebPageProxy::executeUndoRedo):
(WebKit::WebPageProxy::addPendingUndoRedo):
(WebKit::WebPageProxy::removePendingUndoRedo):
* Source/WebKit/UIProcess/WebPageProxy.h:
* Source/WebKit/UIProcess/WebPageProxy.messages.in:
* Source/WebKit/WebProcess/WebCoreSupport/WebEditorClient.cpp:
(WebKit::applyPendingUndoRedo):
(WebKit::WebEditorClient::undo):
(WebKit::WebEditorClient::redo):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::unapplyEditCommand):
(WebKit::WebPage::reapplyEditCommand):
* Source/WebKit/WebProcess/WebPage/WebPage.h:
* Source/WebKit/WebProcess/WebPage/WebPage.messages.in:
* Source/WebKit/WebProcess/WebPage/WebUndoStep.cpp:
(WebKit::WebUndoStep::create):
(WebKit::generateUndoStep): Deleted.
* Source/WebKit/WebProcess/WebPage/WebUndoStepID.h:
Canonical link: https://commits.webkit.org/305778@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
