Animation Worklet - CompositorMutatorImpl::RegisterCompositorAnimator crashes when there are multiple AnimationWorklet scopes |
||
Issue descriptionSee attached reproduction. Note you will have to host these on a server or use --disable-web-security in order to do the blob content load. It appears our code has a strong assumption that there is exactly one AnimationWorkletGlobalScope with a sole task runner, but that doesn't appear to be true. If one accesses window.animationWorklet inside an iframe, another scope is created. This then causes crashes because CompositorMutatorImpl caches the runner. Note that AnimationWorkletProxyClientImpl also has assumptions about a single scope.
,
Jun 6 2018
There is nothing attached. smcgruer@ do you still have the repro around ?
,
Jul 5
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/fea34a17e66b9cac82a7c534b04b919099c7ab90 commit fea34a17e66b9cac82a7c534b04b919099c7ab90 Author: Majid Valipour <majidvp@chromium.org> Date: Thu Jul 05 19:35:02 2018 [animation-worklet] Allow multiple animation worklet threads Using AW inside frames with different origin causes a new global scope and a new animation thread backing it to be created. This patch removes the assumption that there is always a single animation thread. The main change that we now dispatch a mutate task for each animator to its specific task runner. Test: virtual/threaded/fast/animationworklet/animation-worklet-inside-iframe.html, platform/graphics/compositor_mutator_impl_test.cc Bug: 849396 Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_slimming_paint_v2;master.tryserver.blink:linux_trusty_blink_rel Change-Id: I338f14dbc2f2a444801445339dde59bd4c761327 Reviewed-on: https://chromium-review.googlesource.com/1101308 Commit-Queue: Majid Valipour <majidvp@chromium.org> Reviewed-by: Robert Flack <flackr@chromium.org> Reviewed-by: Stephen McGruer <smcgruer@chromium.org> Reviewed-by: Peter Mayo <petermayo@chromium.org> Cr-Commit-Position: refs/heads/master@{#572841} [add] https://crrev.com/fea34a17e66b9cac82a7c534b04b919099c7ab90/third_party/WebKit/LayoutTests/virtual/threaded/fast/animationworklet/animation-worklet-inside-iframe-expected.txt [add] https://crrev.com/fea34a17e66b9cac82a7c534b04b919099c7ab90/third_party/WebKit/LayoutTests/virtual/threaded/fast/animationworklet/animation-worklet-inside-iframe.html [add] https://crrev.com/fea34a17e66b9cac82a7c534b04b919099c7ab90/third_party/WebKit/LayoutTests/virtual/threaded/fast/animationworklet/resources/animator-iframe.html [modify] https://crrev.com/fea34a17e66b9cac82a7c534b04b919099c7ab90/third_party/blink/renderer/modules/animationworklet/animation_worklet_proxy_client_impl.cc [modify] https://crrev.com/fea34a17e66b9cac82a7c534b04b919099c7ab90/third_party/blink/renderer/platform/graphics/compositor_mutator_impl.cc [modify] https://crrev.com/fea34a17e66b9cac82a7c534b04b919099c7ab90/third_party/blink/renderer/platform/graphics/compositor_mutator_impl.h [modify] https://crrev.com/fea34a17e66b9cac82a7c534b04b919099c7ab90/third_party/blink/renderer/platform/graphics/compositor_mutator_impl_test.cc
,
Oct 5
|
||
►
Sign in to add a comment |
||
Comment 1 by sunxd@chromium.org
, Jun 5 2018