Bug 166645

Summary: WorkQueueGeneric's platformInvalidate() can deadlock when called on the RunLoop's thread
Product: WebKit Reporter: Zan Dobersek <zan>
Component: Web Template FrameworkAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, bugs-noreply, cdumez, cgarcia, cmarcelo, commit-queue, dbates, mcatanzaro, ysuzuki
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=1405791
Attachments:
Description Flags
Patch
none
Patch none

Zan Dobersek
Reported 2017-01-03 02:30:03 PST
It's possible that a WorkQueue object is destroyed on its own thread. In case of the WorkQueueGeneric implementation, that is the thread of the underlying RunLoop object. When that occurs, platformInvalidate() in WorkQueueGeneric.cpp stops the RunLoop and then waits for a signal on the m_terminateRunLoopCondition indefinitely. That doesn't occur because the signal is supposed to be launched on the same thread after the RunLoop is stopped. https://trac.webkit.org/browser/trunk/Source/WTF/wtf/generic/WorkQueueGeneric.cpp#L68 One solution is to not wait on m_terminateRunLoopCondition if we detect that we're on the RunLoop's thread. Another solution is to remove both m_terminateRunLoopCondition and the accompanying mutex. First reported at https://github.com/Metrological/WebKitForWayland/pull/170
Attachments
Patch (5.04 KB, patch)
2017-01-03 13:35 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (4.97 KB, patch)
2017-01-03 13:37 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2017-01-03 02:34:17 PST
I think we can get rid of the terminate condition/mutex. It's ok to detach a running thread, and platformInvalidate is called from the destructor, so we don't need to protect the m_runLoop. Tasks take their own reference so it's not possible to have pending tasks at the point either.
Michael Catanzaro
Comment 2 2017-01-03 05:22:57 PST
I think Yusuke wrote this code; let's see what he thinks.
Yusuke Suzuki
Comment 3 2017-01-03 13:12:11 PST
I think we do not need to wait thread stop. Calling the detach thread ensures that the resources will be destroyed when the thread finishes.
Yusuke Suzuki
Comment 4 2017-01-03 13:35:42 PST
Created attachment 297944 [details] Patch
Yusuke Suzuki
Comment 5 2017-01-03 13:37:15 PST
Created attachment 297945 [details] Patch
Carlos Garcia Campos
Comment 6 2017-01-03 22:58:35 PST
Comment on attachment 297945 [details] Patch Thanks!
Yusuke Suzuki
Comment 7 2017-01-03 23:28:10 PST
Comment on attachment 297945 [details] Patch Thanks :)
WebKit Commit Bot
Comment 8 2017-01-03 23:53:01 PST
Comment on attachment 297945 [details] Patch Clearing flags on attachment: 297945 Committed r210271: <http://trac.webkit.org/changeset/210271>
WebKit Commit Bot
Comment 9 2017-01-03 23:53:07 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.