Overview¶
Applications on macOS that use the Chromium Embedded Framework may crash when launched through Squish for Mac. Other Squish editions are unaffected. This may happen regardless of whether or not the user is interacting with a CEF-based browser view in the AUT. The fact that CEF has been initialized is enough to cause problems. This isn't due to a bug in CEF nor Squish, but rather an incompatibility between Squish's and CEF's memory management efforts. (Ref SQUISH-18611)
Workaround¶
It is possible to work around this problem by creating a custom build of CEF+Chromium with the memory sanitizer disabled. This is done by removing or modifying the call to ObjcEvilDoers::ZombieEnable(true, is_browser ? 10000 : 1000); in
chrome_main_delegate.cc
.
The CEF documentation contains a guide on how to perform the build: https://bitbucket.org/chromiumembedded/cef/wiki/BranchesAndBuilding
Technical Background¶
While attached to an AUT, Squish stores references to many objects belonging to the GUI of the AUT. Naturally, Squish will need to remove references to GUI objects as soon as they get deallocated. In order to avoid dangling pointers in its caches, Squish hooks the destructor (dealloc) of Objective-C classes.
Chromium modifies the destructor in a similar fashion which causes Squish's cache invalidation to be bypassed. Chromium does this in order to implement its memory sanitizer "which can help expose use-after-free errors where messages are sent to freed Objective-C objects in production builds." ( source )
This memory sanitizer is enabled by default in the CEF binary packages. At the time of writing there is no known way to turn it off at runtime.