Bug 210995

Summary: [WTF] allThreads registration is racy with allThreads unregistration
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: Web Template FrameworkAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, cdumez, cmarcelo, ews-watchlist, keith_miller, mark.lam, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch keith_miller: review+

Yusuke Suzuki
Reported 2020-04-24 14:18:13 PDT
...
Attachments
Patch (5.98 KB, patch)
2020-04-24 14:45 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (5.70 KB, patch)
2020-04-24 14:50 PDT, Yusuke Suzuki 		keith_miller: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2020-04-24 14:45:02 PDT
Created attachment 397512 [details] Patch
Yusuke Suzuki
Comment 2 2020-04-24 14:47:02 PDT
<rdar://problem/61609690>
Yusuke Suzuki
Comment 3 2020-04-24 14:50:42 PDT
Created attachment 397513 [details] Patch
Keith Miller
Comment 4 2020-04-24 15:01:12 PDT
Comment on attachment 397513 [details] Patch r=me
Mark Lam
Comment 5 2020-04-24 15:10:00 PDT
Comment on attachment 397513 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=397513&action=review r=me too. > Source/WTF/ChangeLog:15 > + 5. Caller: Register the new thread to allThreads while it already finished its execution. /Register/Registers/ /while/after/ > Source/WTF/wtf/Threading.cpp:200 > + // However, it is also possible that the launched thread has been finished its execution before it is registered in allThreads here! In this case, the thread already /has been finished/has finished/. /thread already/thread has already/ > Source/WTF/wtf/Threading.cpp:201 > + // called Thread::didExit to unregister itself from allThreads. Registering such a thread will register stale thread pointer to allThreads, which will not be removed /register stale/register a stale/ > Source/WTF/wtf/Threading.cpp:202 > + // even after Thread is destroyed. Register a thread only when it did not unregister itself from allThreads yet. /when it did not unregister/when it has not unregistered/ > Source/WTF/wtf/Threading.cpp:232 > + m_didUnregisterFromAllThreads = true; Pity we can't use m_isShuttingDown. So many flags to say the effectively / nearly the same thing: m_isShuttingDown, m_didExit, m_didUnregisterFromAllThreads Maybe we can consider consolidating these later in another patch.
Saam Barati
Comment 6 2020-04-24 15:56:04 PDT
Comment on attachment 397513 [details] Patch crazy condition. LGTM too
Yusuke Suzuki
Comment 7 2020-04-24 15:57:14 PDT
Comment on attachment 397513 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=397513&action=review >> Source/WTF/ChangeLog:15 >> + 5. Caller: Register the new thread to allThreads while it already finished its execution. > > /Register/Registers/ > /while/after/ Fixed. >> Source/WTF/wtf/Threading.cpp:200 >> + // However, it is also possible that the launched thread has been finished its execution before it is registered in allThreads here! In this case, the thread already > > /has been finished/has finished/. > /thread already/thread has already/ Fixed. >> Source/WTF/wtf/Threading.cpp:201 >> + // called Thread::didExit to unregister itself from allThreads. Registering such a thread will register stale thread pointer to allThreads, which will not be removed > > /register stale/register a stale/ Fixed. >> Source/WTF/wtf/Threading.cpp:202 >> + // even after Thread is destroyed. Register a thread only when it did not unregister itself from allThreads yet. > > /when it did not unregister/when it has not unregistered/ Fixed. > Source/WTF/wtf/Threading.h:315 > + bool m_didUnregisterFromAllThreads : 1; For now, I'll make this as separate bool flag since this is guarded bool which can be modified by multiple threads with mutex-guards, while the other bitflags are not guarded by this same mutex.
Yusuke Suzuki
Comment 8 2020-04-24 16:03:12 PDT
Comment on attachment 397513 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=397513&action=review >> Source/WTF/wtf/Threading.cpp:232 >> + m_didUnregisterFromAllThreads = true; > > Pity we can't use m_isShuttingDown. So many flags to say the effectively / nearly the same thing: > m_isShuttingDown, m_didExit, m_didUnregisterFromAllThreads > > Maybe we can consider consolidating these later in another patch. Not sure we can do that. They are because of complex mutex interactions & ThreadGroup unregistrations...
Mark Lam
Comment 9 2020-04-24 16:27:11 PDT
Comment on attachment 397513 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=397513&action=review >>> Source/WTF/wtf/Threading.cpp:232 >>> + m_didUnregisterFromAllThreads = true; >> >> Pity we can't use m_isShuttingDown. So many flags to say the effectively / nearly the same thing: >> m_isShuttingDown, m_didExit, m_didUnregisterFromAllThreads >> >> Maybe we can consider consolidating these later in another patch. > > Not sure we can do that. They are because of complex mutex interactions & ThreadGroup unregistrations... I agree that it may not be possible, or even if possible, may not be desirable. Perhaps the fields can be named something better. It's not super important for now.
Yusuke Suzuki
Comment 10 2020-04-24 16:56:46 PDT
Committed r260682: <https://trac.webkit.org/changeset/260682>
Note You need to log in before you can comment on or make changes to this bug.