182494 – Avoid unnecessarily constructing RunLoops for GC AutomaticThreads in Connection::sendMessage() after r228001

Bug 182494 - Avoid unnecessarily constructing RunLoops for GC AutomaticThreads in Connection::sendMessage() after r228001

Summary: Avoid unnecessarily constructing RunLoops for GC AutomaticThreads in Connecti...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Service Workers (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-02-05 10:17 PST by Chris Dumez
Modified:	2018-02-05 22:50 PST (History)
CC List:	9 users (show)

See Also:	182104

Attachments
Patch (2.60 KB, patch) 2018-02-05 10:27 PST, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (2.30 KB, patch) 2018-02-05 10:45 PST, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (2.34 KB, patch) 2018-02-05 10:48 PST, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Archive of layout-test-results from ews123 for ios-simulator-wk2 (2.66 MB, application/zip) 2018-02-05 16:57 PST, EWS Watchlist	no flags	Details
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2018-02-05 10:17:32 PST

Thread[20] EXC_BREAKPOINT (SIGTRAP) (0x0000000000000002, 0x0000000000000000)
[  0] 0x0000000104a6f1a3 JavaScriptCore`WTF::RunLoop::current() + 163

     0x0000000104a6f19f:     popq %rbp
     0x0000000104a6f1a0:     retq 
     0x0000000104a6f1a1:     int3 
     0x0000000104a6f1a2:     int3 
 ->  0x0000000104a6f1a3:     nopw %cs:(%rax,%rax)

[  1] 0x0000000104a6f1d1 JavaScriptCore`WTF::RunLoop::isMain() + 17 at RunLoop.cpp:74:30
[  2] 0x00000001005ece7c WebKit`IPC::Connection::sendMessage(std::__1::unique_ptr<IPC::Encoder, std::__1::default_delete<IPC::Encoder> >, WTF::OptionSet<IPC::SendOption>) + 44 at Connection.cpp:382:9
[  3] 0x00000001007abc96 WebKit`bool IPC::Connection::send<Messages::WebProcessProxy::CheckRemotePortForActivity>(Messages::WebProcessProxy::CheckRemotePortForActivity&&, unsigned long long, WTF::OptionSet<IPC::SendOption>) + 106 at Connection.h:361:12
[  4] 0x00000001007abc08 WebKit`WebKit::WebMessagePortChannelProvider::checkRemotePortForActivity(WebCore::MessagePortIdentifier const&, WTF::CompletionHandler<void (WebCore::MessagePortChannelProvider::HasActivity)>&&) + 460 at WebMessagePortChannelProvider.cpp:146:56
[  5] 0x0000000101f051d5 WebCore`WebCore::MessagePort::hasPendingActivity() const + 149 at MessagePort.cpp:304:49
[  6] 0x00000001012b36cc WebCore`WebCore::JSMessagePortOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void*, JSC::SlotVisitor&) + 28 at JSMessagePort.cpp:270:34
[  7] 0x00000001045eb7bb JavaScriptCore`void JSC::WeakBlock::specializedVisit<JSC::MarkedBlock>(JSC::MarkedBlock&, JSC::SlotVisitor&) + 123 at WeakBlock.cpp:117:31
[  8] 0x00000001045df88a JavaScriptCore`JSC::MarkedSpace::visitWeakSets(JSC::SlotVisitor&) [inlined] JSC::WeakSet::visit(JSC::SlotVisitor&) + 18 at WeakSet.h:113:16
[  8] 0x00000001045df878 JavaScriptCore`JSC::MarkedSpace::visitWeakSets(JSC::SlotVisitor&) [inlined] JSC::MarkedSpace::visitWeakSets(JSC::SlotVisitor&)::$_10::operator()(JSC::WeakSet*) const at MarkedSpace.cpp:278
[  8] 0x00000001045df878 JavaScriptCore`JSC::MarkedSpace::visitWeakSets(JSC::SlotVisitor&) [inlined] void WTF::SentinelLinkedList<JSC::WeakSet, WTF::BasicRawSentinelNode<JSC::WeakSet> >::forEach<JSC::MarkedSpace::visitWeakSets(JSC::SlotVisitor&)::$_10>(JSC::MarkedSpace::visitWeakSets(JSC::SlotVisitor&)::$_10 const&) + 36 at SentinelLinkedList.h:110
[  8] 0x00000001045df854 JavaScriptCore`JSC::MarkedSpace::visitWeakSets(JSC::SlotVisitor&) + 20 at MarkedSpace.cpp:281
[  9] 0x00000001045e1fdd JavaScriptCore`JSC::MarkingConstraintSolver::runExecutionThread(JSC::SlotVisitor&, JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<std::optional<unsigned int> ()>) [inlined] JSC::MarkingConstraint::execute(JSC::SlotVisitor&) + 16 at MarkingConstraint.cpp:57:5
[  9] 0x00000001045e1fcd JavaScriptCore`JSC::MarkingConstraintSolver::runExecutionThread(JSC::SlotVisitor&, JSC::MarkingConstraintSolver::SchedulerPreference, WTF::ScopedLambda<std::optional<unsigned int> ()>) + 1053 at MarkingConstraintSolver.cpp:238
[ 10] 0x00000001045e7fd3 JavaScriptCore`JSC::SlotVisitor::drainFromShared(JSC::SlotVisitor::SharedDrainMode, WTF::MonotonicTime) + 883 at SlotVisitor.cpp:657:24
[ 11] 0x00000001045cc67b JavaScriptCore`WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_14>::run() [inlined] JSC::Heap::runBeginPhase(JSC::GCConductor)::$_14::operator()() const + 136 at Heap.cpp:1260:30
[ 11] 0x00000001045cc5f3 JavaScriptCore`WTF::SharedTaskFunctor<void (), JSC::Heap::runBeginPhase(JSC::GCConductor)::$_14>::run() + 19 at SharedTask.h:92
[ 12] 0x0000000104a6a54b JavaScriptCore`WTF::ParallelHelperClient::runTask(WTF::RefPtr<WTF::SharedTask<void ()>, WTF::DumbPtrTraits<WTF::SharedTask<void ()> > >) + 43 at ParallelHelperPool.cpp:112:11
[ 13] 0x0000000104a6afbf JavaScriptCore`WTF::ParallelHelperPool::Thread::work() + 47 at ParallelHelperPool.cpp:194:19
[ 14] 0x0000000104a514d7 JavaScriptCore`WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() [inlined] WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0::operator()() const + 274 at AutomaticThread.cpp:222:37
[ 14] 0x0000000104a513c5 JavaScriptCore`WTF::Function<void ()>::CallableWrapper<WTF::AutomaticThread::start(WTF::AbstractLocker const&)::$_0>::call() + 21 at Function.h:101
[ 15] 0x0000000104a7cc83 JavaScriptCore`WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) [inlined] WTF::Function<void ()>::operator()() const + 8 at Function.h:56:35
[ 15] 0x0000000104a7cc7b JavaScriptCore`WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) + 219 at Threading.cpp:129
[ 16] 0x0000000103e7ebe8 JavaScriptCore`WTF::wtfThreadEntryPoint(void*) + 8 at ThreadingPthreads.cpp:223:5
[ 17] 0x00007fff794866c0 libsystem_pthread.dylib`_pthread_body + 339 at pthread.c:740:17
[ 18] 0x00007fff7948656c libsystem_pthread.dylib`_pthread_start + 376 at pthread.c:799:2
[ 19] 0x00007fff79485c5c libsystem_pthread.dylib`thread_start + 12

Comment 1 Chris Dumez 2018-02-05 10:17:50 PST

<rdar://problem/37147632>

Comment 2 Chris Dumez 2018-02-05 10:27:20 PST

Created attachment 333092 [details]
Patch

Comment 3 mitz 2018-02-05 10:30:41 PST

Comment on attachment 333092 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=333092&action=review

> Source/WebKit/ChangeLog:24
> +        Looking at the code, the most likely one is when constructing the ThreadSpecific:
> +        """
> +        int error = pthread_key_create(&m_key, destroy);
> +        if (error)
> +            CRASH();
> +        """

I don’t think that’s correct. When I hit this crash, it looked like what was failing was RELEASE_ASSERT(canBeGCThread == CanBeGCThread::True || !mayBeGCThread()) in the ThreadSpecific constructor.

Comment 4 Chris Dumez 2018-02-05 10:35:11 PST

(In reply to mitz from comment #3)
> Comment on attachment 333092 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=333092&action=review
> 
> > Source/WebKit/ChangeLog:24
> > +        Looking at the code, the most likely one is when constructing the ThreadSpecific:
> > +        """
> > +        int error = pthread_key_create(&m_key, destroy);
> > +        if (error)
> > +            CRASH();
> > +        """
> 
> I don’t think that’s correct. When I hit this crash, it looked like what was
> failing was RELEASE_ASSERT(canBeGCThread == CanBeGCThread::True ||
> !mayBeGCThread()) in the ThreadSpecific constructor.

That is interesting. RunLoop::current() is implemented like so:
RunLoop& RunLoop::current()
{
    static NeverDestroyed<ThreadSpecific<Holder, CanBeGCThread::True>> runLoopHolder;
    return runLoopHolder.get()->runLoop();
}

So this assertion should have been disabled due to CanBeGCThread::True. Either way, switching to isMainThread() will bypass this code path entirely.

Comment 5 Chris Dumez 2018-02-05 10:41:47 PST

(In reply to Chris Dumez from comment #4)
> (In reply to mitz from comment #3)
> > Comment on attachment 333092 [details]
> > Patch
> > 
> > View in context:
> > https://bugs.webkit.org/attachment.cgi?id=333092&action=review
> > 
> > > Source/WebKit/ChangeLog:24
> > > +        Looking at the code, the most likely one is when constructing the ThreadSpecific:
> > > +        """
> > > +        int error = pthread_key_create(&m_key, destroy);
> > > +        if (error)
> > > +            CRASH();
> > > +        """
> > 
> > I don’t think that’s correct. When I hit this crash, it looked like what was
> > failing was RELEASE_ASSERT(canBeGCThread == CanBeGCThread::True ||
> > !mayBeGCThread()) in the ThreadSpecific constructor.
> 
> That is interesting. RunLoop::current() is implemented like so:
> RunLoop& RunLoop::current()
> {
>     static NeverDestroyed<ThreadSpecific<Holder, CanBeGCThread::True>>
> runLoopHolder;
>     return runLoopHolder.get()->runLoop();
> }
> 
> So this assertion should have been disabled due to CanBeGCThread::True.
> Either way, switching to isMainThread() will bypass this code path entirely.

Found it, somebody made this change very recently:
https://bugs.webkit.org/show_bug.cgi?id=182104

Previously, it was not allowed to call this method from a GC thread.

Comment 6 Chris Dumez 2018-02-05 10:45:33 PST

Created attachment 333096 [details]
Patch

Comment 7 mitz 2018-02-05 10:46:00 PST

So this crash is a duplicate of bug 182104, and is already fixed. Perhaps the idea of changing Connection::sendMessage() should be tracked separately (or this bug retitled and separated from the Radar).

Comment 8 Chris Dumez 2018-02-05 10:47:02 PST

(In reply to mitz from comment #7)
> So this crash is a duplicate of bug 182104, and is already fixed. Perhaps
> the idea of changing Connection::sendMessage() should be tracked separately
> (or this bug retitled and separated from the Radar).

Well, there is "fixed" and "fixed". We keep constructing RunLoops for AutomaticThreads for no reason now.

Comment 9 Chris Dumez 2018-02-05 10:48:56 PST

Created attachment 333097 [details]
Patch

Comment 10 Radar WebKit Bug Importer 2018-02-05 10:50:53 PST

<rdar://problem/37242864>

Comment 11 EWS Watchlist 2018-02-05 16:57:38 PST

Comment on attachment 333097 [details]
Patch

Attachment 333097 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: http://webkit-queues.webkit.org/results/6372965

New failing tests:
fast/scrolling/scroll-to-focused-element-asynchronously.html

Comment 12 EWS Watchlist 2018-02-05 16:57:39 PST

Created attachment 333132 [details]
Archive of layout-test-results from ews123 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews123  Port: ios-simulator-wk2  Platform: Mac OS X 10.12.6

Comment 13 WebKit Commit Bot 2018-02-05 22:50:29 PST

Comment on attachment 333097 [details]
Patch

Clearing flags on attachment: 333097

Committed r228152: <https://trac.webkit.org/changeset/228152>

Comment 14 WebKit Commit Bot 2018-02-05 22:50:31 PST

All reviewed patches have been landed.  Closing bug.