AudioVideoRenderer SharedTimebase ownership and drift reduction
d2af128
WebKit splits media playback across processes: the GPU process hosts the AVSampleBufferRenderSynchronizer whose CMTimebase is the authoritative clock, while WebContent reads currentTime during script and requestAnimationFrame. SharedTimebase bridges them via a lock-free SequenceLocked shared-memory region — the GPU process writes snapshots (currentTime + hostTime + rate) and the reader extrapolates forward.
Source/WebCore/platform/SharedTimebase.cpp
- auto elapsed = std::min(m_clock() - snapshot.hostTime, m_maxExtrapolation);
- calculated = snapshot.currentTime + MediaTime::createWithDouble(rate * elapsed.seconds());
+ auto elapsed = m_clock() - snapshot.hostTime;
+ calculated = (snapshot.currentTime + MediaTime::createWithDouble(rate * elapsed.seconds())).toTimeScale(snapshot.currentTime.timeScale());
This commit moves SharedTimebase ownership from RemoteAudioVideoRendererProxyManager into AudioVideoRendererAVFObjC itself and adds three publishing paths — main-thread state changes, a 100ms periodic dispatch timer on a dedicated serial queue, and a synchronous AVF-thread rate→0 callback — all funneled through a publishSnapshot() helper that applies a high-water-mark floor clamp before writing to shared memory. The maxExtrapolation cap is removed; m_publishedTimeFloor (writer-side, reset only on seek) and m_lastReturnedTime (reader-side forward-monotonicity guard) replace it.
Significance
This directly changes how media currentTime is computed and shared across the GPU/WebContent process boundary, touching cross-process shared-memory semantics, lock discipline, and forward-monotonicity invariants that are security-relevant for timing-based APIs.
Audit directions
Aaa Aaaaaa Aaa Aaaaaaaaaaaa Aaaa Aa Aaaa Aaa a Aaa Aaaaa Aaaaa Aa Aaa Aaaaaaaa Aaaaaa Aaa Aa Aaa Aaa Aaaaaaa Aaaaaa Aa Aaa Aaaaa Aa Aaaaaaaa Aaaaaaaaaa Aaaaaaaaaaaa Aaaaaaaaaaaa Aaaa a Aaaaa Aaaaaaaaa Aaaaaaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaa Aaaaaaa Aaaaaaaa Aaa Aaa Aaaaaa Aaaaaaaaaa Aaaaaaaaaaaaaaaaaaa Aaaaa Aaaaaaaaaaaaaaa Aaa Aaaaaaaaaaaaaaaaaa Aaaaaaaaaaaaa Aaaaaaaaaaaa Aaa Aaaaa Aaaaaaaaaaa Aaaaa Aaaa Aaa Aaaaaaa Aa a Aaaaaa Aaaaa Aaaa Aaaa Aa Aaaaaaa Aaa Aaaa Aaa Aaa Aaaa Aaaaaaaa Aaaaaa Aaaaaaaa Aaaaaaaaaaaaaaaaaaa Aa Aaa Aaaa Aaaaaaa Aaa Aaaaaaaaaaaaaaaaaaaaaa Aaaaa Aaaaa Aaa Aaaaa Aaaaaa a Aaaaa Aaaaaa Aaaaaaa Aaaaaaaaaaaaaaaaa Aaaaaaaa Aaa Aaaaa Aaa Aaa Aaaaaaaaa Aaaaaaaa Aaaaa Aaaaaaaa Aaa Aaaaa Aa Aaa Aaaaaaaa Aaaaa Aaaaaaaa Aaa Aaaa Aaaaaaa Aaa Aaaaaaaa Aaaaaaaaaaaaaaaaaaaa Aaa Aa Aaaaaaaaaa Aaaaa Aaaaaa Aa Aaaaaaaaaa Aaaaaaaaaaaaaaa Aaaaa Aaa Aa Aaaaaaaaaaaaaa Aaa Aa a Aaaaaaaaaaaaaaaa Aaa a Aaaaaa Aaaaaaaaaaaaaaaaaaaaaaaaaaaaa Aaaaaa a Aaaaaaaa Aaaa Aaaa Aaaaaa Aaaaaa Aaaa Aa Aaa Aaaaaaaa Aaaaaa
🔒The instrumentation's custom memory lifecycle and protection-state management introduce several audit-worthy edge cases in the guarded path.
Subscribe to read more