RESOLVED FIXED183619
MessagePort is not always destroyed on the right thread 
https://bugs.webkit.org/show_bug.cgi?id=183619
Summary MessagePort is not always destroyed on the right thread
youenn fablet
Reported 2018-03-13 17:04:14 PDT
Since we ref MessagePort from a worker thread, and pass this ref to the main thread, a MessagePort might sometimes be destroyed on the main thread.
Attachments
Patch (5.31 KB, patch)
2018-03-13 17:06 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (10.46 KB, patch)
2018-03-14 17:10 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Version without postTaskTo (12.01 KB, patch)
2018-03-14 17:46 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Fixing log (12.16 KB, patch)
2018-03-14 21:19 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (12.14 KB, patch)
2018-03-15 10:03 PDT, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2018-03-13 17:04:32 PDT
<rdar://problem/38204711>
youenn fablet
Comment 2 2018-03-13 17:06:18 PDT
Created attachment 335748 [details] Patch
youenn fablet
Comment 3 2018-03-14 17:10:08 PDT
Created attachment 335812 [details] Patch
youenn fablet
Comment 4 2018-03-14 17:10:51 PDT
I wonder whether we should not add this same thread for construction and destruction to all ActiveDOMObjects.
youenn fablet
Comment 5 2018-03-14 17:46:16 PDT
Created attachment 335816 [details] Version without postTaskTo
youenn fablet
Comment 6 2018-03-14 21:19:45 PDT
Created attachment 335829 [details] Fixing log
Chris Dumez
Comment 7 2018-03-15 09:33:22 PDT
Comment on attachment 335829 [details] Fixing log View in context: https://bugs.webkit.org/attachment.cgi?id=335829&action=review > Source/WebCore/dom/MessagePort.cpp:279 > innerHandler(WTFMove(messages)); Could you please ASSERT(isMainThread()); in here? > Source/WebCore/dom/MessagePort.cpp:333 > + if (weakThis) Could you please ASSERT(isMainThread()); in here? > Source/WebCore/dom/MessagePort.h:113 > + WeakPtr<MessagePort> createWeakPtr() { return m_weakFactory.createWeakPtr(*this); } My understanding is that the modern way is to not have this method and use makeWeakPtr() to constructor your WeakPtr. You already have the weakPtrFactory() getter above so it should work fine.
youenn fablet
Comment 8 2018-03-15 09:59:22 PDT
Thanks for the review. (In reply to Chris Dumez from comment #7) > Comment on attachment 335829 [details] > Fixing log > > View in context: > https://bugs.webkit.org/attachment.cgi?id=335829&action=review > > > Source/WebCore/dom/MessagePort.cpp:279 > > innerHandler(WTFMove(messages)); > > Could you please ASSERT(isMainThread()); in here? It might be best to add it upfront in the callback. Since we are refing workerThread, we really want the callback to be destroyed in the main thread whether workerThread is null or not. > > Source/WebCore/dom/MessagePort.cpp:333 > > + if (weakThis) > > Could you please ASSERT(isMainThread()); in here? Ditto. > > Source/WebCore/dom/MessagePort.h:113 > > + WeakPtr<MessagePort> createWeakPtr() { return m_weakFactory.createWeakPtr(*this); } > > My understanding is that the modern way is to not have this method and use > makeWeakPtr() to constructor your WeakPtr. You already have the > weakPtrFactory() getter above so it should work fine. OK
youenn fablet
Comment 9 2018-03-15 10:03:27 PDT
Created attachment 335856 [details] Patch for landing
WebKit Commit Bot
Comment 10 2018-03-15 11:21:16 PDT
Comment on attachment 335856 [details] Patch for landing Clearing flags on attachment: 335856 Committed r229628: <https://trac.webkit.org/changeset/229628>
WebKit Commit Bot
Comment 11 2018-03-15 11:21:18 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.