RESOLVED FIXED 167683
Web Inspector: Do not use RunLoop when dispatching inspector GC event 
https://bugs.webkit.org/show_bug.cgi?id=167683
Summary Web Inspector: Do not use RunLoop when dispatching inspector GC event
Joseph Pecoraro
Reported 2017-01-31 21:04:55 PST
Summary: Use guaranteed RunLoop instead of RunLoop::current for dispatching inspector message Crashes seen under InspectorHeapAgent::didGarbageCollect attempting to dispatch RunLoop::Timer: * Crash Details Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000008 Termination Signal: Segmentation fault: 11 Termination Reason: Namespace SIGNAL, Code 0xb Terminating Process: exc handler [0] Triggered by Thread: 12 Thread 12 name: WTF::AutomaticThread Thread 12 Crashed: 0 CFRunLoopAddTimer + 96 1 WTF::RunLoop::TimerBase::start(double, bool) + 188 2 WTF::RunLoop::TimerBase::start(double, bool) + 188 3 Inspector::InspectorHeapAgent::didGarbageCollect(JSC::CollectionScope) + 348 4 JSC::Heap::didFinishCollection(double) + 396 5 JSC::Heap::collectInThread() + 1276 6 JSC::Heap::Thread::work() + 16 In this case the RunLoop::current existed but then went away. Lets just use the RunLoop::main, this is for dispatching a very small JSON message.
Attachments
[PATCH] Proposed Fix (2.70 KB, patch)
2017-01-31 21:07 PST, Joseph Pecoraro 		no flags
DetailsFormatted DiffDiff
[PATCH] Proposed Fix (7.71 KB, patch)
2017-02-04 15:41 PST, Joseph Pecoraro 		joepeck: review-
buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews100 for mac-elcapitan (1.15 MB, application/zip)
2017-02-04 16:37 PST, Build Bot 		no flags
Details
Archive of layout-test-results from ews115 for mac-elcapitan (2.66 MB, application/zip)
2017-02-04 16:47 PST, Build Bot 		no flags
Details
[PATCH] Proposed Fix (60.79 KB, patch)
2017-02-06 14:46 PST, Joseph Pecoraro 		no flags
DetailsFormatted DiffDiff
[PATCH] Proposed Fix (60.83 KB, patch)
2017-02-06 16:47 PST, Joseph Pecoraro 		no flags
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
Joseph Pecoraro
Comment 1 2017-01-31 21:05:09 PST
<rdar://problem/30167791>
Joseph Pecoraro
Comment 2 2017-01-31 21:07:02 PST
Created attachment 300296 [details] [PATCH] Proposed Fix
WebKit Commit Bot
Comment 3 2017-02-01 09:35:29 PST
Comment on attachment 300296 [details] [PATCH] Proposed Fix Clearing flags on attachment: 300296 Committed r211486: <http://trac.webkit.org/changeset/211486>
WebKit Commit Bot
Comment 4 2017-02-01 09:35:34 PST
All reviewed patches have been landed. Closing bug.
Joseph Pecoraro
Comment 5 2017-02-03 21:22:18 PST
Rolled this change out in: https://trac.webkit.org/changeset/211666 This caused some follow-up issues. It doesn't make sense to call RunLoop::initializeMainRunLoop here. JSC's initialize threading can be called on non-main thread on Mac.
Joseph Pecoraro
Comment 6 2017-02-03 22:05:21 PST
So it seems we can't be guaranteed that RunLoop::main exists in JavaScriptCore. Having a guaranteed RunLoop is only needed by the JSContext inspector path. So currently that only affects Mac, but I've seen patches bringing it up on other ports. A hacky solution would be adding RunLoop::initializeMainFromAnyThread for this path, but I really don't want to do that. Perhaps a better solution to this problem is to move off of RunLoops entirely, since we have no guaranteed run loop and probably don't want to keep one around. We are just trying to send garbage collection messages to the frontend at some convenient future time.
Joseph Pecoraro
Comment 7 2017-02-03 23:01:29 PST
> Perhaps a better solution to this problem is to move off of RunLoops > entirely, since we have no guaranteed run loop and probably don't want to > keep one around. We are just trying to send garbage collection messages to > the frontend at some convenient future time. Ultimately I think this is the right approach. The idea of "send the collection messages a little bit later" is itself working around a case where sending a message immediately was had issues with the Sweeper. If that is the case, we just need to find the right time where it is safe to send the message, instead of the hacky Timer.
Joseph Pecoraro
Comment 8 2017-02-04 15:25:15 PST
I'm unable to reproduce the original issue that caused us to need to delay the event anyways. I'll do a little more testing, but it seems we can just eliminate all of this complexity! I'm guessing this is much better with the concurrent GC.
Joseph Pecoraro
Comment 9 2017-02-04 15:41:49 PST
Created attachment 300641 [details] [PATCH] Proposed Fix
Build Bot
Comment 10 2017-02-04 16:37:09 PST
Comment on attachment 300641 [details] [PATCH] Proposed Fix Attachment 300641 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/3005754 Number of test failures exceeded the failure limit.
Build Bot
Comment 11 2017-02-04 16:37:13 PST
Created attachment 300645 [details] Archive of layout-test-results from ews100 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews100 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Build Bot
Comment 12 2017-02-04 16:47:54 PST
Comment on attachment 300641 [details] [PATCH] Proposed Fix Attachment 300641 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/3005708 Number of test failures exceeded the failure limit.
Build Bot
Comment 13 2017-02-04 16:47:58 PST
Created attachment 300648 [details] Archive of layout-test-results from ews115 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Joseph Pecoraro
Comment 14 2017-02-04 17:05:56 PST
Comment on attachment 300641 [details] [PATCH] Proposed Fix Oh, that makes sense. WebKit1 will need some kind of "wait a beat".
Joseph Pecoraro
Comment 15 2017-02-06 14:46:56 PST
Created attachment 300758 [details] [PATCH] Proposed Fix
WebKit Commit Bot
Comment 16 2017-02-06 14:50:03 PST
Attachment 300758 [details] did not pass style-queue: ERROR: Source/WebCore/inspector/WebHeapAgent.h:28: Alphabetical sorting problem. [build/include_order] [4] Total errors found: 1 in 12 files If any of these errors are false positives, please file a bug against check-webkit-style.
Joseph Pecoraro
Comment 17 2017-02-06 16:47:27 PST
Created attachment 300768 [details] [PATCH] Proposed Fix
Blaze Burg
Comment 18 2017-02-06 16:53:01 PST
Comment on attachment 300768 [details] [PATCH] Proposed Fix r=me
WebKit Commit Bot
Comment 19 2017-02-06 20:28:37 PST
Comment on attachment 300768 [details] [PATCH] Proposed Fix Clearing flags on attachment: 300768 Committed r211771: <http://trac.webkit.org/changeset/211771>
WebKit Commit Bot
Comment 20 2017-02-06 20:28:43 PST
All reviewed patches have been landed. Closing bug.
Ryan Haddad
Comment 21 2017-02-07 10:09:02 PST
(In reply to comment #19) > Comment on attachment 300768 [details] > [PATCH] Proposed Fix > > Clearing flags on attachment: 300768 > > Committed r211771: <http://trac.webkit.org/changeset/211771> This change appears to have caused two API tests to assert on ios-simulator: https://build.webkit.org/builders/Apple%20iOS%2010%20Simulator%20Debug%20WK2%20%28Tests%29/builds/3257
Joseph Pecoraro
Comment 22 2017-02-07 10:59:12 PST
(In reply to comment #21) > (In reply to comment #19) > > Comment on attachment 300768 [details] > > [PATCH] Proposed Fix > > > > Clearing flags on attachment: 300768 > > > > Committed r211771: <http://trac.webkit.org/changeset/211771> > > This change appears to have caused two API tests to assert on ios-simulator: > https://build.webkit.org/builders/ > Apple%20iOS%2010%20Simulator%20Debug%20WK2%20%28Tests%29/builds/3257 These tests now have to initialize the main run loop. I'll update the tests.
Joseph Pecoraro
Comment 23 2017-02-07 13:30:58 PST
Actually, I think its better here to update iOS WebKit initialization. Since that would solve all tests that use WebKitLegacy APIs. I'm actually surprised this wasn't done previously. See bug 167953
Note You need to log in before you can comment on or make changes to this bug.