RESOLVED FIXED 101341
[CoordinatedGraphics] Access to LayerTreeRenderer::m_renderQueue should be thread safe 
https://bugs.webkit.org/show_bug.cgi?id=101341
Summary [CoordinatedGraphics] Access to LayerTreeRenderer::m_renderQueue should be th...
Balazs Kelemen
Reported 2012-11-06 05:52:24 PST
If I'm not wrong, access to the queue can be a race condition across syncRemoteContent and some methods of LayerTreeCoordinatorProxy that update it from the main thread, like setContentsSize or setVisibleContentsRect. Those are used by public API so we should not take any preassumption about when will they be called.
Attachments
Patch (3.01 KB, patch)
2012-11-06 05:56 PST, Balazs Kelemen 		no flags
DetailsFormatted DiffDiff
Patch (1.53 KB, patch)
2012-11-26 11:07 PST, Rafael Brandao 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Balazs Kelemen
Comment 1 2012-11-06 05:56:37 PST
Created attachment 172562 [details] Patch
Balazs Kelemen
Comment 2 2012-11-06 06:40:35 PST
Comment on attachment 172562 [details] Patch Clearing flags on attachment: 172562 Committed r133599: <http://trac.webkit.org/changeset/133599>
Balazs Kelemen
Comment 3 2012-11-06 06:40:39 PST
All reviewed patches have been landed. Closing bug.
Rafael Brandao
Comment 4 2012-11-26 06:03:02 PST
Comment on attachment 172562 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=172562&action=review > Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:476 > m_renderQueue.clear(); This call here to clear the m_renderQueue should be removed. When we do the swap between a new vector and the m_renderQueue, the resulting queue on m_renderQueue is an empty one. And still you will do that when you have the lock, rather than releasing the lock and doing it afterwards. Should I upload a patch to fix this?
Balazs Kelemen
Comment 5 2012-11-26 10:39:34 PST
(In reply to comment #4) > (From update of attachment 172562 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=172562&action=review > > > Source/WebKit2/UIProcess/CoordinatedGraphics/LayerTreeRenderer.cpp:476 > > m_renderQueue.clear(); > > This call here to clear the m_renderQueue should be removed. When we do the swap between a new vector and the m_renderQueue, the resulting queue on m_renderQueue is an empty one. And still you will do that when you have the lock, rather than releasing the lock and doing it afterwards. Should I upload a patch to fix this? Just removing the clear is enough. There is no need to hold the lock after filling the local vector. It is not a problem if we add new tasks in the main thread, those will be flushed later. Fell free to update the patch.
Rafael Brandao
Comment 6 2012-11-26 11:07:16 PST
Reopening to attach new patch.
Rafael Brandao
Comment 7 2012-11-26 11:07:20 PST
Created attachment 176037 [details] Patch I've decided to keep this follow up patch here in the same bug to give a better context. I'm just removing the unnecessary clear of m_renderQueue with the same reasoning of this bug title.
WebKit Review Bot
Comment 8 2012-11-26 11:46:18 PST
Comment on attachment 176037 [details] Patch Clearing flags on attachment: 176037 Committed r135748: <http://trac.webkit.org/changeset/135748>
WebKit Review Bot
Comment 9 2012-11-26 11:46:22 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.