[webkit-dev] WTF::callOnMainThread() and re-entrancy

James Robinson jamesr at google.com
Mon Mar 8 11:33:16 PST 2010 

I saw a very similar bug recently regarding modal dialogs and focus/blur
events: https://bugs.webkit.org/show_bug.cgi?id=33962.  I think you will see
the crash from that stacktrace with or without r55593 in place.  For
example, currently some mouse event handlers can fire underneath a
window.alert on GMail.  It's simple enough to check for
page()->defersLoading() and suppress the task, but I am not sure how to
re-enqueue the event to fire later.  Maybe the PageLoadDeferrer should
maintain a queue of things to do once it stops deferring (i.e. once the
modal dialog is dismissed).

- James

On Mon, Mar 8, 2010 at 11:21 AM, Drew Wilson <atwilson at google.com> wrote:

> Hi all,
>
> This weekend I spent some time trying to track down a regression caused by
> r55593. In particular:
>
> http://trac.webkit.org/changeset/55593/trunk/WebCore/dom/Document.cpp
>
> This was a change to Document.postTask() to always use callOnMainThread()
> (previously, calls to postTask() on the main thread were using one-shot
> timers).
>
> We've since reverted r55593, but I've been playing around locally with that
> same change to Document.postTask(), and I noticed that it *appeared* that
> tasks posted via callOnMainThread() were still being executed even though
> the main thread was displaying a javascript alert. The end result is that if
> a worker thread was sending messages to the main thread via a message port,
> the event handlers for incoming messages would still be invoked (so we'd run
> javascript even though the javascript execution context should be blocked on
> the alert()). In my test, I ended up trying to display nested alert()
> dialogs, which resulted in a failed assertion.
>
> So, my question is: does it surprise anyone that tasks posted via
> callOnMainThread() are getting executed even though there's a modal dialog
> shown? And is there anything I should be doing in my task handler to make
> sure we aren't re-entering JS execution inappropriately in these cases? I'm
> just concerned that the way we're posting tasks from worker threads to the
> main thread may cause reentrancy problems.
>
> Here's the stack from my nested call to alert():
>
> #0  0x03ff073d in WebCore::DOMTimer::suspend (this=0x15c8a5b0) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/DOMTimer.cpp:181
> #1  0x046b2945 in WebCore::ScriptExecutionContext::suspendActiveDOMObjects
> (this=0x81d8434) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/ScriptExecutionContext.cpp:206
> #2  0x04538ae5 in WebCore::PageGroupLoadDeferrer::PageGroupLoadDeferrer
> (this=0xbfffc6bc, page=0xc97940, deferSelf=true) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/PageGroupLoadDeferrer.cpp:47
> #3  0x03e0d977 in WebCore::Chrome::runJavaScriptAlert (this=0xc8ddb0,
> frame=0x805a600, message=@0xbfffc790) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/Chrome.cpp:264
> #4  0x03ff6c2c in WebCore::DOMWindow::alert (this=0x147e23f0,
> message=@0xbfffc790) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/DOMWindow.cpp:795
> #5  0x04266617 in WebCore::jsDOMWindowPrototypeFunctionAlert
> (exec=0x14f0c1b0, thisValue={u = {asEncodedJSValue = -8455721472, asDouble =
> -nan(0xffffe07ffee00), asBits = {payload = 134213120, tag = -2}}},
> args=@0xbfffc7bc) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSDOMWindow.cpp:8320
> #6  0x00d8b166 in ?? ()
> #7  0x0070bd6b in JSC::JITCode::execute (this=0x147a7690,
> registerFile=0x1473a7fc, callFrame=0x14f0c150, globalData=0x818e800,
> exception=0x818f60c) at JITCode.h:77
> #8  0x006f542f in JSC::Interpreter::execute (this=0x1473a7f0,
> functionExecutable=0x147a7680, callFrame=0x81ed664, function=0x7fd5400,
> thisObj=0x7fd5200, args=@0xbfffca64, scopeChain=0x147a8920,
> exception=0x818f60c) at
> /Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/interpreter/Interpreter.cpp:687
> #9  0x0074d767 in JSC::JSFunction::call (this=0x7fd5400, exec=0x81ed664,
> thisValue={u = {asEncodedJSValue = -8455892480, asDouble =
> -nan(0xffffe07fd5200), asBits = {payload = 134042112, tag = -2}}},
> args=@0xbfffca64) at
> /Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/runtime/JSFunction.cpp:122
> #10 0x0069d481 in JSC::call (exec=0x81ed664, functionObject={u =
> {asEncodedJSValue = -8455891968, asDouble = -nan(0xffffe07fd5400), asBits =
> {payload = 134042624, tag = -2}}}, callType=JSC::CallTypeJS,
> callData=@0xbfffca34, thisValue={u = {asEncodedJSValue = -8455892480,
> asDouble = -nan(0xffffe07fd5200), asBits = {payload = 134042112, tag =
> -2}}}, args=@0xbfffca64) at
> /Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/runtime/CallData.cpp:39
> #11 0x0429f5bb in WebCore::JSEventListener::handleEvent (this=0x15c31ef0,
> scriptExecutionContext=0x81d8434, event=0xc34d40) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/bindings/js/JSEventListener.cpp:115
> #12 0x04037da0 in WebCore::EventTarget::fireEventListeners
> (this=0x15c9c400, event=0xc34d40) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/EventTarget.cpp:297
> #13 0x04037e88 in WebCore::EventTarget::dispatchEvent (this=0x15c9c400,
> event=@0xbfffcbac) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/EventTarget.cpp:262
> #14 0x0403769a in WebCore::EventTarget::dispatchEvent (this=0x15c9c400,
> event=@0xbfffcc2c, ec=@0xbfffcbfc) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/EventTarget.cpp:254
> #15 0x044eeaa8 in WebCore::MessagePort::dispatchMessages (this=0x15c9c400)
> at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/MessagePort.cpp:177
> #16 0x046b3173 in
> WebCore::ScriptExecutionContext::dispatchMessagePortEvents (this=0x81d8434)
> at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/ScriptExecutionContext.cpp:162
> #17 0x046b7a63 in WebCore::ProcessMessagesSoonTask::performTask
> (this=0x147d36f0, context=0x81d8434) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/ScriptExecutionContext.cpp:56
> #18 0x03f4781a in WebCore::performTask (ctx=0x15d12cd0) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/Document.cpp:4726
> #19 0x00776c1e in WTF::dispatchFunctionsFromMainThread () at
> /Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/wtf/MainThread.cpp:96
> #20 0x0077766f in -[WTFMainThreadCaller call] (self=0xc1b2e0,
> _cmd=0x848956) at
> /Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/wtf/mac/MainThreadMac.mm:44
> #21 0x904549ac in __NSThreadPerformPerform ()
> #22 0x973903c5 in CFRunLoopRunSpecific ()
> #23 0x97390aa8 in CFRunLoopRunInMode ()
> #24 0x90c982ac in RunCurrentEventLoopInMode ()
> #25 0x90c97ffe in ReceiveNextEventCommon ()
> #26 0x90c97f39 in BlockUntilNextEventMatchingListInMode ()
> #27 0x960b76d5 in _DPSNextEvent ()
> #28 0x960b6f88 in -[NSApplication
> nextEventMatchingMask:untilDate:inMode:dequeue:] ()
> #29 0x0000c045 in ?? ()
> #30 0x962f438d in -[NSApplication _realDoModalLoop:peek:] ()
> #31 0x962eeacb in -[NSApplication runModalForWindow:] ()
> #32 0x00113e5d in ?? ()
> #33 0x00113cf4 in ?? ()
> #34 0x000c7118 in ?? ()
> #35 0x000c7044 in ?? ()
> #36 0x00303030 in CallDelegate (self=0xc93db0, delegate=0xc93db0,
> selector=0x3d0268, object1=0x15c15868, object2=0xc99770) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebKit/mac/WebView/WebDelegateImplementationCaching.mm:131
> #37 0x003030b9 in CallUIDelegate (self=0xc93db0, selector=0x3d0268,
> object1=0x15c15868, object2=0xc99770) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebKit/mac/WebView/WebDelegateImplementationCaching.mm:440
> #38 0x002f6e60 in WebChromeClient::runJavaScriptAlert (this=0xc59020,
> frame=0x805a600, message=@0xbfffdfbc) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebKit/mac/WebCoreSupport/WebChromeClient.mm:368
> #39 0x03e0d9fb in WebCore::Chrome::runJavaScriptAlert (this=0xc8ddb0,
> frame=0x805a600, message=@0xbfffe040) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/Chrome.cpp:267
> #40 0x03ff6c2c in WebCore::DOMWindow::alert (this=0x147e23f0,
> message=@0xbfffe040) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/page/DOMWindow.cpp:795
> #41 0x04266617 in WebCore::jsDOMWindowPrototypeFunctionAlert
> (exec=0x14f0c0a8, thisValue={u = {asEncodedJSValue = -8455721472, asDouble =
> -nan(0xffffe07ffee00), asBits = {payload = 134213120, tag = -2}}},
> args=@0xbfffe06c) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebKitBuild/Debug/DerivedSources/WebCore/JSDOMWindow.cpp:8320
> #42 0x00d8b166 in ?? ()
> #43 0x0070bd6b in JSC::JITCode::execute (this=0x147067f0,
> registerFile=0x1473a7fc, callFrame=0x14f0c050, globalData=0x818e800,
> exception=0x818f60c) at JITCode.h:77
> #44 0x006f542f in JSC::Interpreter::execute (this=0x1473a7f0,
> functionExecutable=0x147067e0, callFrame=0x81ed664, function=0x7fc2440,
> thisObj=0x7fc22c0, args=@0xbfffe314, scopeChain=0x147bc080,
> exception=0x818f60c) at
> /Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/interpreter/Interpreter.cpp:687
> #45 0x0074d767 in JSC::JSFunction::call (this=0x7fc2440, exec=0x81ed664,
> thisValue={u = {asEncodedJSValue = -8455970112, asDouble =
> -nan(0xffffe07fc22c0), asBits = {payload = 133964480, tag = -2}}},
> args=@0xbfffe314) at
> /Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/runtime/JSFunction.cpp:122
> #46 0x0069d481 in JSC::call (exec=0x81ed664, functionObject={u =
> {asEncodedJSValue = -8455969728, asDouble = -nan(0xffffe07fc2440), asBits =
> {payload = 133964864, tag = -2}}}, callType=JSC::CallTypeJS,
> callData=@0xbfffe2e4, thisValue={u = {asEncodedJSValue = -8455970112,
> asDouble = -nan(0xffffe07fc22c0), asBits = {payload = 133964480, tag =
> -2}}}, args=@0xbfffe314) at
> /Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/runtime/CallData.cpp:39
> #47 0x0429f5bb in WebCore::JSEventListener::handleEvent (this=0xcb2aa0,
> scriptExecutionContext=0x81d8434, event=0x15d08b90) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/bindings/js/JSEventListener.cpp:115
> #48 0x04037da0 in WebCore::EventTarget::fireEventListeners
> (this=0x1478c1e4, event=0x15d08b90) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/EventTarget.cpp:297
> #49 0x04037e88 in WebCore::EventTarget::dispatchEvent (this=0x1478c1e4,
> event=@0xbfffe470) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/EventTarget.cpp:262
> #50 0x04878a40 in WebCore::MessageWorkerTask::performTask (this=0x1470bb20,
> scriptContext=0x81d8434) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/workers/WorkerMessagingProxy.cpp:97
> #51 0x03f4781a in WebCore::performTask (ctx=0x15d12cb0) at
> /Volumes/source/chrome.git/src/third_party/WebKit/WebCore/dom/Document.cpp:4726
> #52 0x00776c1e in WTF::dispatchFunctionsFromMainThread () at
> /Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/wtf/MainThread.cpp:96
> #53 0x0077766f in -[WTFMainThreadCaller call] (self=0xc1b2e0,
> _cmd=0x848956) at
> /Volumes/source/chrome.git/src/third_party/WebKit/JavaScriptCore/wtf/mac/MainThreadMac.mm:44
> #54 0x904549ac in __NSThreadPerformPerform ()
> #55 0x973903c5 in CFRunLoopRunSpecific ()
> #56 0x97390aa8 in CFRunLoopRunInMode ()
> #57 0x90c982ac in RunCurrentEventLoopInMode ()
> #58 0x90c980c5 in ReceiveNextEventCommon ()
> #59 0x90c97f39 in BlockUntilNextEventMatchingListInMode ()
> #60 0x960b76d5 in _DPSNextEvent ()
> #61 0x960b6f88 in -[NSApplication
> nextEventMatchingMask:untilDate:inMode:dequeue:] ()
> #62 0x0000c045 in ?? ()
> #63 0x960aff9f in -[NSApplication run] ()
> #64 0x9607d1d8 in NSApplicationMain ()
> #65 0x000029d2 in ?? ()
> Current language:  auto; currently c++
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20100308/d08425f0/attachment.html>

More information about the webkit-dev mailing list