Bug 190748

Summary:

[Win] Assertion fails while destructing local static AtomicString of FontCache::lastResortFallbackFont

Product:

WebKit

Reporter:

Fujii Hironori <Hironori.Fujii>

Component:

New Bugs

Assignee:

Fujii Hironori <Hironori.Fujii>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, bfulgham, don.olmstead, ews-watchlist, mmaxfield, pvollan, rniwa, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
WIP patch	none
Patch	none
Patch	none

Description Fujii Hironori 2018-10-19 01:04:19 PDT

[WinCairo] Assertion failure "The string being removed is atomic in the string table of an other thread!"

WinCairo, WK1, Debug build, trunk@237282

1. Start MiniBrowser
2. Go to https://webkit.org/
3. Close Window
4. Assertion fails

Callstack:

> WTF.dll!WTFCrash() Line 255	C++
> WTF.dll!WTF::AtomicStringImpl::remove(WTF::AtomicStringImpl * string) Line 489	C++
> WTF.dll!WTF::StringImpl::~StringImpl() Line 119	C++
> [External Code]	
> WTF.dll!WTF::StringImpl::destroy(WTF::StringImpl * stringImpl) Line 151	C++
> WebKit2.dll!WTF::StringImpl::deref() Line 1058	C++
> WebKit2.dll!WTF::derefIfNotNull<WTF::StringImpl>(WTF::StringImpl * ptr) Line 45	C++
> WebKit2.dll!WTF::RefPtr<WTF::StringImpl,WTF::DumbPtrTraits<WTF::StringImpl> >::~RefPtr<WTF::StringImpl,WTF::DumbPtrTraits<WTF::StringImpl> >() Line 69	C++
> WebKit2.dll!WTF::String::~String() Line 377	C++
> [External Code]	
> WebKit2.dll!WebKit::callExit(IPC::Connection * __formal) Line 163	C++
> WebKit2.dll!IPC::Connection::connectionDidClose() Line 824	C++
> WebKit2.dll!IPC::Connection::readEventHandler() Line 159	C++
> WebKit2.dll!IPC::Connection::invokeReadEventHandler::__l2::<lambda>() Line 238	C++
> WebKit2.dll!WTF::Function<void __cdecl(void)>::CallableWrapper<void <lambda>(void) >::call() Line 101	C++
> WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 57	C++
> WTF.dll!WTF::WorkQueue::performWorkOnRegisteredWorkThread() Line 62	C++
> WTF.dll!WTF::WorkQueue::workThreadCallback(void * context) Line 44	C++
> [External Code]	


The following assertion failed.

> ASSERT_WITH_MESSAGE(iterator != atomicStringTable.end(), "The string being removed is atomic in the string table of an other thread!");

But, atomicStringTable was null.
I guess the real problem is String's dtor was called in _exit.

Comment 1 Fujii Hironori 2018-10-19 02:14:39 PDT

(In reply to Fujii Hironori from comment #0)
> WinCairo, WK1, Debug build, trunk@237282

Oops. I tested with WK2.

Comment 2 Fujii Hironori 2018-10-19 02:16:20 PDT

The string was "Lucida Sans Unicode".
It is  https://github.com/WebKit/webkit/blob/53d0b766f0692da943a7b01af78940a41581b702/Source/WebCore/platform/graphics/win/FontCacheWin.cpp#L358

Comment 3 Fujii Hironori 2018-10-19 02:20:22 PDT

Created attachment 352775 [details]
WIP patch

Comment 4 Fujii Hironori 2018-10-19 04:10:55 PDT

Created attachment 352780 [details]
Patch

Comment 5 Don Olmstead 2018-10-22 13:22:09 PDT

Comment on attachment 352780 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=352780&action=review

> Source/WebCore/platform/graphics/win/FontCacheWin.cpp:354
> -    static AtomicString fallbackFonts[] = {
> -        AtomicString("Times New Roman", AtomicString::ConstructFromLiteral),
> -        AtomicString("Microsoft Sans Serif", AtomicString::ConstructFromLiteral),
> -        AtomicString("Tahoma", AtomicString::ConstructFromLiteral),
> -        AtomicString("Lucida Sans Unicode", AtomicString::ConstructFromLiteral),
> -        AtomicString("Arial", AtomicString::ConstructFromLiteral)
> +    const auto fallbackFontNames = {

Does NeverDestroyed not work in this context?

Comment 6 Fujii Hironori 2018-10-22 17:59:20 PDT

Comment on attachment 352780 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=352780&action=review

Thank you very much for reviewing my patch.

>> Source/WebCore/platform/graphics/win/FontCacheWin.cpp:354
>> +    const auto fallbackFontNames = {
> 
> Does NeverDestroyed not work in this context?

I don't use NeverDestroyed because this code path is executed just only once. I think NeverDestroyed should be use only for instances which are used all the time.

Comment 7 Fujii Hironori 2018-10-22 20:51:53 PDT

Review, please.

Comment 8 Myles C. Maxfield 2018-10-23 04:24:59 PDT

Comment on attachment 352780 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=352780&action=review

>>> Source/WebCore/platform/graphics/win/FontCacheWin.cpp:354
>>> +    const auto fallbackFontNames = {
>> 
>> Does NeverDestroyed not work in this context?
> 
> I don't use NeverDestroyed because this code path is executed just only once. I think NeverDestroyed should be use only for instances which are used all the time.

Using string literals still makes them live forever, so I'm not sure why one is preferable over the other. We should be using NeverDestroyed instead.

Comment 9 Fujii Hironori 2018-10-23 20:17:03 PDT

Created attachment 353019 [details]
Patch

You are right. Applied the review feedback.

Comment 10 Fujii Hironori 2018-10-23 21:59:13 PDT

Comment on attachment 353019 [details]
Patch

Clearing flags on attachment: 353019

Committed r237375: <https://trac.webkit.org/changeset/237375>

Comment 11 Fujii Hironori 2018-10-23 21:59:15 PDT

All reviewed patches have been landed.  Closing bug.

Comment 12 Radar WebKit Bug Importer 2018-10-23 22:00:49 PDT

<rdar://problem/45510349>