RESOLVED FIXED 188480
[macOS] Multiple third party apps crash due to the thread safety check in TimerBase::setNextFireTime 
https://bugs.webkit.org/show_bug.cgi?id=188480
Summary [macOS] Multiple third party apps crash due to the thread safety check in Tim...
Ryosuke Niwa
Reported 2018-08-10 15:33:06 PDT
Multiple third party applications are crashing inside TimerBase::setNextFireTime due to the thread-safety release assert introduced in http://trac.webkit.org/r233821 to diagnose shared timer heap corruption caused by thread safety issues. We did catch & fix multiple bugs thanks to this release assert but this release assertion is hit by third party apps invoking WebView APIs in non-main threads on macOS. <rdar://problem/43158535>
Attachments
Diable release assert in WebKit1 (2.51 KB, patch)
2018-08-10 15:36 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
Updated per review comment (4.44 KB, patch)
2018-08-10 17:19 PDT, Ryosuke Niwa 		simon.fraser: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2018-08-10 15:36:51 PDT
Created attachment 346935 [details] Diable release assert in WebKit1
Ryosuke Niwa
Comment 2 2018-08-10 15:38:48 PDT
We initially planned to add a linked-on-or-after check but Jon Lee pointed out that then third party app developers may not realize the crash is caused by their misuse of the API because it'd be crashing deep down in WebKit framework. I think we should add a thread-safety check in our public API instead but that should probably be done in a separate patch.
Jon Lee
Comment 3 2018-08-10 15:42:49 PDT
Comment on attachment 346935 [details] Diable release assert in WebKit1 View in context: https://bugs.webkit.org/attachment.cgi?id=346935&action=review > Source/WebCore/ChangeLog:9 > + Supress the release assert in WebKit1 on macOS (isInWebProcess is always true in non-Cocoa platforms). Suppress* > Source/WebCore/ChangeLog:11 > + In the future, we should consider throwing Objective-C exceptions when thrid party apps call WebKit1 third*
Ryosuke Niwa
Comment 4 2018-08-10 15:42:53 PDT
Comment on attachment 346935 [details] Diable release assert in WebKit1 View in context: https://bugs.webkit.org/attachment.cgi?id=346935&action=review > Source/WebCore/platform/Timer.cpp:198 > - RELEASE_ASSERT(WebThreadIsEnabled() || canAccessThreadLocalDataForThread(m_thread.get())); > + RELEASE_ASSERT(canAccessThreadLocalDataForThread(m_thread.get()) || WebThreadIsEnabled()); I'm changing the order for consistency & reduce the runtime cost. After this, we'd only check WebThreadIsEnabled() when the assertion failed.
Simon Fraser (smfr)
Comment 5 2018-08-10 16:04:29 PDT
Comment on attachment 346935 [details] Diable release assert in WebKit1 View in context: https://bugs.webkit.org/attachment.cgi?id=346935&action=review > Source/WebCore/platform/Timer.cpp:200 > + RELEASE_ASSERT(canAccessThreadLocalDataForThread(m_thread.get()) || !isInWebProcess()); Why don't we use a linked-on-or-after check for this? We want people to fix their apps when the re-compile.
Alexey Proskuryakov
Comment 6 2018-08-10 16:18:14 PDT
Comment on attachment 346935 [details] Diable release assert in WebKit1 View in context: https://bugs.webkit.org/attachment.cgi?id=346935&action=review >> Source/WebCore/ChangeLog:9 >> + Supress the release assert in WebKit1 on macOS (isInWebProcess is always true in non-Cocoa platforms). > > Suppress* It is possible that this will replace one common crash signature with many random ones - WebKit is quite likely to break when on a background thread. What evidence do we have that this patch reduces crash count?
David Kilzer (:ddkilzer)
Comment 7 2018-08-10 16:32:31 PDT
Comment on attachment 346935 [details] Diable release assert in WebKit1 r- to add linked-on-or-after check and logging for developer to tell them how to fix the issue.
Ryosuke Niwa
Comment 8 2018-08-10 17:13:07 PDT
Turns out that are a lot of crashes that don't go through [WebView loadRequest:] so I guess we'd just add a linked-on-or-after check and not add a logging.
Ryosuke Niwa
Comment 9 2018-08-10 17:19:15 PDT
Created attachment 346944 [details] Updated per review comment
Ryosuke Niwa
Comment 10 2018-08-10 17:20:24 PDT
(In reply to Alexey Proskuryakov from comment #6) > Comment on attachment 346935 [details] > Diable release assert in WebKit1 > > View in context: > https://bugs.webkit.org/attachment.cgi?id=346935&action=review > > >> Source/WebCore/ChangeLog:9 > >> + Supress the release assert in WebKit1 on macOS (isInWebProcess is always true in non-Cocoa platforms). > > > > Suppress* > > It is possible that this will replace one common crash signature with many > random ones - WebKit is quite likely to break when on a background thread. > What evidence do we have that this patch reduces crash count? That's true but we have some reports saying that the apps that used not to crash are now crashing with a much higher frequency in Mojave with this stack trace.
Ryosuke Niwa
Comment 11 2018-08-10 19:01:26 PDT
Committed r234778: <https://trac.webkit.org/changeset/234778>
Radar WebKit Bug Importer
Comment 12 2018-08-10 19:03:28 PDT
<rdar://problem/43166861>
Yusuke Suzuki
Comment 13 2019-06-19 20:12:51 PDT
@Ryosuke We fixed the root cause of this at r246578. So, at some point, we can revert this suppression.
Note You need to log in before you can comment on or make changes to this bug.