[webkit-dev] WTF::callOnMainThread() and re-entrancy

Drew Wilson atwilson at google.com
Mon Mar 8 11:21:41 PST 2010 

Hi all,

This weekend I spent some time trying to track down a regression caused by
r55593. In particular:

http://trac.webkit.org/changeset/55593/trunk/WebCore/dom/Document.cpp

This was a change to Document.postTask() to always use callOnMainThread()
(previously, calls to postTask() on the main thread were using one-shot
timers).

We've since reverted r55593, but I've been playing around locally with that
same change to Document.postTask(), and I noticed that it *appeared* that
tasks posted via callOnMainThread() were still being executed even though
the main thread was displaying a javascript alert. The end result is that if
a worker thread was sending messages to the main thread via a message port,
the event handlers for incoming messages would still be invoked (so we'd run
javascript even though the javascript execution context should be blocked on
the alert()). In my test, I ended up trying to display nested alert()
dialogs, which resulted in a failed assertion.

So, my question is: does it surprise anyone that tasks posted via
callOnMainThread() are getting executed even though there's a modal dialog
shown? And is there anything I should be doing in my task handler to make
sure we aren't re-entering JS execution inappropriately in these cases? I'm
just concerned that the way we're posting tasks from worker threads to the
main thread may cause reentrancy problems.

Here's the stack from my nested call to alert():

#0  0x03ff073d in WebCore::DOMTimer::suspend (this=0x15c8a5b0) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/DOMTimer.cpp:181
#1  0x046b2945 in WebCore::ScriptExecutionContext::suspendActiveDOMObjects
(this=0x81d8434) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/ScriptExecutionContext.cpp:206
#2  0x04538ae5 in WebCore::PageGroupLoadDeferrer::PageGroupLoadDeferrer
(this=0xbfffc6bc, page=0xc97940, deferSelf=true) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/PageGroupLoadDeferrer.cpp:47
#3  0x03e0d977 in WebCore::Chrome::runJavaScriptAlert (this=0xc8ddb0,
frame=0x805a600, message=@0xbfffc790) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/Chrome.cpp:264
#4  0x03ff6c2c in WebCore::DOMWindow::alert (this=0x147e23f0,
message=@0xbfffc790) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/DOMWindow.cpp:795
#5  0x04266617 in WebCore::jsDOMWindowPrototypeFunctionAlert
(exec=0x14f0c1b0, thisValue={u = {asEncodedJSValue = -8455721472, asDouble =
-nan(0xffffe07ffee00), asBits = {payload = 134213120, tag = -2}}},
args=@0xbfffc7bc) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSDOMWindow.cpp:8320
#6  0x00d8b166 in ?? ()
#7  0x0070bd6b in JSC::JITCode::execute (this=0x147a7690,
registerFile=0x1473a7fc, callFrame=0x14f0c150, globalData=0x818e800,
exception=0x818f60c) at JITCode.h:77
#8  0x006f542f in JSC::Interpreter::execute (this=0x1473a7f0,
functionExecutable=0x147a7680, callFrame=0x81ed664, function=0x7fd5400,
thisObj=0x7fd5200, args=@0xbfffca64, scopeChain=0x147a8920,
exception=0x818f60c) at
/Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/interpreter/Interpreter.cpp:687
#9  0x0074d767 in JSC::JSFunction::call (this=0x7fd5400, exec=0x81ed664,
thisValue={u = {asEncodedJSValue = -8455892480, asDouble =
-nan(0xffffe07fd5200), asBits = {payload = 134042112, tag = -2}}},
args=@0xbfffca64) at
/Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/runtime/JSFunction.cpp:122
#10 0x0069d481 in JSC::call (exec=0x81ed664, functionObject={u =
{asEncodedJSValue = -8455891968, asDouble = -nan(0xffffe07fd5400), asBits =
{payload = 134042624, tag = -2}}}, callType=JSC::CallTypeJS,
callData=@0xbfffca34, thisValue={u = {asEncodedJSValue = -8455892480,
asDouble = -nan(0xffffe07fd5200), asBits = {payload = 134042112, tag =
-2}}}, args=@0xbfffca64) at
/Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/runtime/CallData.cpp:39
#11 0x0429f5bb in WebCore::JSEventListener::handleEvent (this=0x15c31ef0,
scriptExecutionContext=0x81d8434, event=0xc34d40) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/bindings/js/JSEventListener.cpp:115
#12 0x04037da0 in WebCore::EventTarget::fireEventListeners (this=0x15c9c400,
event=0xc34d40) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/EventTarget.cpp:297
#13 0x04037e88 in WebCore::EventTarget::dispatchEvent (this=0x15c9c400,
event=@0xbfffcbac) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/EventTarget.cpp:262
#14 0x0403769a in WebCore::EventTarget::dispatchEvent (this=0x15c9c400,
event=@0xbfffcc2c, ec=@0xbfffcbfc) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/EventTarget.cpp:254
#15 0x044eeaa8 in WebCore::MessagePort::dispatchMessages (this=0x15c9c400)
at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/MessagePort.cpp:177
#16 0x046b3173 in WebCore::ScriptExecutionContext::dispatchMessagePortEvents
(this=0x81d8434) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/ScriptExecutionContext.cpp:162
#17 0x046b7a63 in WebCore::ProcessMessagesSoonTask::performTask
(this=0x147d36f0, context=0x81d8434) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/ScriptExecutionContext.cpp:56
#18 0x03f4781a in WebCore::performTask (ctx=0x15d12cd0) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/Document.cpp:4726
#19 0x00776c1e in WTF::dispatchFunctionsFromMainThread () at
/Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/wtf/MainThread.cpp:96
#20 0x0077766f in -[WTFMainThreadCaller call] (self=0xc1b2e0, _cmd=0x848956)
at
/Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/wtf/mac/MainThreadMac.mm:44
#21 0x904549ac in __NSThreadPerformPerform ()
#22 0x973903c5 in CFRunLoopRunSpecific ()
#23 0x97390aa8 in CFRunLoopRunInMode ()
#24 0x90c982ac in RunCurrentEventLoopInMode ()
#25 0x90c97ffe in ReceiveNextEventCommon ()
#26 0x90c97f39 in BlockUntilNextEventMatchingListInMode ()
#27 0x960b76d5 in _DPSNextEvent ()
#28 0x960b6f88 in -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#29 0x0000c045 in ?? ()
#30 0x962f438d in -[NSApplication _realDoModalLoop:peek:] ()
#31 0x962eeacb in -[NSApplication runModalForWindow:] ()
#32 0x00113e5d in ?? ()
#33 0x00113cf4 in ?? ()
#34 0x000c7118 in ?? ()
#35 0x000c7044 in ?? ()
#36 0x00303030 in CallDelegate (self=0xc93db0, delegate=0xc93db0,
selector=0x3d0268, object1=0x15c15868, object2=0xc99770) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebKit/mac/WebView/WebDelegateImplementationCaching.mm:131
#37 0x003030b9 in CallUIDelegate (self=0xc93db0, selector=0x3d0268,
object1=0x15c15868, object2=0xc99770) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebKit/mac/WebView/WebDelegateImplementationCaching.mm:440
#38 0x002f6e60 in WebChromeClient::runJavaScriptAlert (this=0xc59020,
frame=0x805a600, message=@0xbfffdfbc) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebKit/mac/WebCoreSupport/WebChromeClient.mm:368
#39 0x03e0d9fb in WebCore::Chrome::runJavaScriptAlert (this=0xc8ddb0,
frame=0x805a600, message=@0xbfffe040) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/Chrome.cpp:267
#40 0x03ff6c2c in WebCore::DOMWindow::alert (this=0x147e23f0,
message=@0xbfffe040) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/DOMWindow.cpp:795
#41 0x04266617 in WebCore::jsDOMWindowPrototypeFunctionAlert
(exec=0x14f0c0a8, thisValue={u = {asEncodedJSValue = -8455721472, asDouble =
-nan(0xffffe07ffee00), asBits = {payload = 134213120, tag = -2}}},
args=@0xbfffe06c) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSDOMWindow.cpp:8320
#42 0x00d8b166 in ?? ()
#43 0x0070bd6b in JSC::JITCode::execute (this=0x147067f0,
registerFile=0x1473a7fc, callFrame=0x14f0c050, globalData=0x818e800,
exception=0x818f60c) at JITCode.h:77
#44 0x006f542f in JSC::Interpreter::execute (this=0x1473a7f0,
functionExecutable=0x147067e0, callFrame=0x81ed664, function=0x7fc2440,
thisObj=0x7fc22c0, args=@0xbfffe314, scopeChain=0x147bc080,
exception=0x818f60c) at
/Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/interpreter/Interpreter.cpp:687
#45 0x0074d767 in JSC::JSFunction::call (this=0x7fc2440, exec=0x81ed664,
thisValue={u = {asEncodedJSValue = -8455970112, asDouble =
-nan(0xffffe07fc22c0), asBits = {payload = 133964480, tag = -2}}},
args=@0xbfffe314) at
/Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/runtime/JSFunction.cpp:122
#46 0x0069d481 in JSC::call (exec=0x81ed664, functionObject={u =
{asEncodedJSValue = -8455969728, asDouble = -nan(0xffffe07fc2440), asBits =
{payload = 133964864, tag = -2}}}, callType=JSC::CallTypeJS,
callData=@0xbfffe2e4, thisValue={u = {asEncodedJSValue = -8455970112,
asDouble = -nan(0xffffe07fc22c0), asBits = {payload = 133964480, tag =
-2}}}, args=@0xbfffe314) at
/Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/runtime/CallData.cpp:39
#47 0x0429f5bb in WebCore::JSEventListener::handleEvent (this=0xcb2aa0,
scriptExecutionContext=0x81d8434, event=0x15d08b90) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/bindings/js/JSEventListener.cpp:115
#48 0x04037da0 in WebCore::EventTarget::fireEventListeners (this=0x1478c1e4,
event=0x15d08b90) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/EventTarget.cpp:297
#49 0x04037e88 in WebCore::EventTarget::dispatchEvent (this=0x1478c1e4,
event=@0xbfffe470) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/EventTarget.cpp:262
#50 0x04878a40 in WebCore::MessageWorkerTask::performTask (this=0x1470bb20,
scriptContext=0x81d8434) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/workers/WorkerMessagingProxy.cpp:97
#51 0x03f4781a in WebCore::performTask (ctx=0x15d12cb0) at
/Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/Document.cpp:4726
#52 0x00776c1e in WTF::dispatchFunctionsFromMainThread () at
/Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/wtf/MainThread.cpp:96
#53 0x0077766f in -[WTFMainThreadCaller call] (self=0xc1b2e0, _cmd=0x848956)
at
/Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/wtf/mac/MainThreadMac.mm:44
#54 0x904549ac in __NSThreadPerformPerform ()
#55 0x973903c5 in CFRunLoopRunSpecific ()
#56 0x97390aa8 in CFRunLoopRunInMode ()
#57 0x90c982ac in RunCurrentEventLoopInMode ()
#58 0x90c980c5 in ReceiveNextEventCommon ()
#59 0x90c97f39 in BlockUntilNextEventMatchingListInMode ()
#60 0x960b76d5 in _DPSNextEvent ()
#61 0x960b6f88 in -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#62 0x0000c045 in ?? ()
#63 0x960aff9f in -[NSApplication run] ()
#64 0x9607d1d8 in NSApplicationMain ()
#65 0x000029d2 in ?? ()
Current language:  auto; currently c++
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20100308/e3d6ca1c/attachment.html>

More information about the webkit-dev mailing list