Changeset 239353 in webkit

Timestamp:

Dec 18, 2018 2:03:07 PM (5 years ago)

Author:

rniwa@webkit.org

Message:

Some iOS app crash in FrameLoader::checkCompleted
​https://bugs.webkit.org/show_bug.cgi?id=192804
<rdar://problem/44240573>

Reviewed by Tim Horton.

It's possible for the main thread to call into WebCore / UIWebView selectors while Web thread
is trying to send a delegate message. Disable the release assertion while this is happening
so that iOS app would not crash.

Unfortunately no new test as there is no way to easily test UIWebView in iOS,
and this requires a race between the web thread & the main thread.

• dom/ScriptDisallowedScope.h:

(WebCore::ScriptDisallowedScope::InMainThread::isScriptAllowed):

• platform/ios/wak/WebCoreThread.h:
• platform/ios/wak/WebCoreThread.mm:

(WebThreadDelegateMessageScope::WebThreadDelegateMessageScope):
(WebThreadDelegateMessageScope::~WebThreadDelegateMessageScope):
(SendDelegateMessage):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• dom/ScriptDisallowedScope.h (modified) (2 diffs)
• platform/ios/wak/WebCoreThread.h (modified) (1 diff)
• platform/ios/wak/WebCoreThread.mm (modified) (3 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2018-12-18  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Some iOS app crash in FrameLoader::checkCompleted
+        https://bugs.webkit.org/show_bug.cgi?id=192804
+        <rdar://problem/44240573>
+
+        Reviewed by Tim Horton.
+
+        It's possible for the main thread to call into WebCore / UIWebView selectors while Web thread
+        is trying to send a delegate message. Disable the release assertion while this is happening
+        so that iOS app would not crash.
+
+        Unfortunately no new test as there is no way to easily test UIWebView in iOS,
+        and this requires a race between the web thread & the main thread.
+
+        * dom/ScriptDisallowedScope.h:
+        (WebCore::ScriptDisallowedScope::InMainThread::isScriptAllowed):
+        * platform/ios/wak/WebCoreThread.h:
+        * platform/ios/wak/WebCoreThread.mm:
+        (WebThreadDelegateMessageScope::WebThreadDelegateMessageScope):
+        (WebThreadDelegateMessageScope::~WebThreadDelegateMessageScope):
+        (SendDelegateMessage):
+
 2018-12-18  David Kilzer  <ddkilzer@apple.com>
 

trunk/Source/WebCore/dom/ScriptDisallowedScope.h

@@ -26 +26 @@
 #include "ContainerNode.h"
 #include <wtf/MainThread.h>
+
+#if PLATFORM(IOS_FAMILY)
+#include "WebCoreThread.h"
+#endif
 
 namespace WebCore {
@@ -87 +91 @@
         {
             ASSERT(isMainThread());
+#if PLATFORM(IOS_FAMILY)
+            return !s_count || webThreadDelegateMessageScopeCount;
+#else
             return !s_count;
+#endif
         }
     };

trunk/Source/WebCore/platform/ios/wak/WebCoreThread.h

@@ -45 +45 @@
     
 extern volatile bool webThreadShouldYield;
+extern volatile unsigned webThreadDelegateMessageScopeCount;
 
 #ifdef __OBJC__

trunk/Source/WebCore/platform/ios/wak/WebCoreThread.mm

@@ -133 +133 @@
 static NSMutableArray* sAsyncDelegates = nil;
 
+WEBCORE_EXPORT volatile unsigned webThreadDelegateMessageScopeCount = 0;
+
 static inline void SendMessage(NSInvocation* invocation)
 {
@@ -172 +174 @@
 }
 
+class WebThreadDelegateMessageScope {
+public:
+    WebThreadDelegateMessageScope() { ++webThreadDelegateMessageScopeCount; }
+    ~WebThreadDelegateMessageScope()
+    {
+        ASSERT(webThreadDelegateMessageScopeCount);
+        --webThreadDelegateMessageScopeCount;
+    }
+};
+
 static void SendDelegateMessage(NSInvocation* invocation)
 {
@@ -195 +207 @@
 
     {
+        WebThreadDelegateMessageScope delegateScope;
         // Code block created to scope JSC::JSLock::DropAllLocks outside of WebThreadLock()
         JSC::JSLock::DropAllLocks dropAllLocks(WebCore::commonVM());