Changeset 202736 in webkit


Ignore:
Timestamp:
Jul 1, 2016 8:40:39 AM (8 years ago)
Author:
jer.noble@apple.com
Message:

Deadlock inside -[WebCoreNSURLSession dealloc]
https://bugs.webkit.org/show_bug.cgi?id=159331
<rdar://problem/27122716>

Reviewed by Alex Christensen.

A Function<> object can wrap any callable type, including a C++ lambda.

dispatchFunctionsFromMainThread() holds a lock while iterating over the functions in
functionQueue(), and during ths iteration, the previous callable object is destroyed by
assigning the result of functionQueue().takeFirst(). Because lambdas (and other callables,
like functors) can own objects, destroying this callable can have side effects, and if one
of those side effects is to call callOnMainThread(), this can deadlock.

Move this side-effect-having call outside the locked block by clearing the function object
immediately after calling it.

  • wtf/MainThread.cpp:

(WTF::dispatchFunctionsFromMainThread):

Location:
trunk/Source/WTF
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WTF/ChangeLog

    r202642 r202736  
     12016-07-01  Jer Noble  <jer.noble@apple.com>
     2
     3        Deadlock inside -[WebCoreNSURLSession dealloc]
     4        https://bugs.webkit.org/show_bug.cgi?id=159331
     5        <rdar://problem/27122716>
     6
     7        Reviewed by Alex Christensen.
     8
     9        A Function<> object can wrap any callable type, including a C++ lambda.
     10
     11        dispatchFunctionsFromMainThread() holds a lock while iterating over the functions in
     12        functionQueue(), and during ths iteration, the previous callable object is destroyed by
     13        assigning the result of functionQueue().takeFirst(). Because lambdas (and other callables,
     14        like functors) can own objects, destroying this callable can have side effects, and if one
     15        of those side effects is to call callOnMainThread(), this can deadlock.
     16
     17        Move this side-effect-having call outside the locked block by clearing the function object
     18        immediately after calling it.
     19
     20        * wtf/MainThread.cpp:
     21        (WTF::dispatchFunctionsFromMainThread):
     22
    1232016-06-29  Jer Noble  <jer.noble@apple.com>
    224

  • trunk/Source/WTF/wtf/MainThread.cpp

    r202439 r202736  
    134134        function();
    135135
     136        // Clearing the function can have side effects, so do so outside of the lock above.
     137        function = nullptr;
     138
    136139        // If we are running accumulated functions for too long so UI may become unresponsive, we need to
    137140        // yield so the user input can be processed. Otherwise user may not be able to even close the window.
Note: See TracChangeset for help on using the changeset viewer.