[Webkit-unassigned] [Bug 234188] New: Automatically forbid JS execution when we throw a TerminationException.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Dec 10 17:10:26 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=234188

            Bug ID: 234188
           Summary: Automatically forbid JS execution when we throw a
                    TerminationException.
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

For Worker threads, we throw a TerminationException when Worker.terminate() is called.  Once the TerminationException is thrown, we expect to completely unwind out of any JS frames on the stack, and we also expect the client to never call into JS again.  Previously, WebCore will call VM:setExecutionForbidden() to flag that we should not re-enter the VM anymore.  On JSC side, this executionForbidden() is used to prevent micro-tasks from firing.  On WebCore side, it is used to prevent many things from running, including firing events.

Previously, we reply on WebCore side to catch the TerminationException, determine that it is the TerminationException, and then call VM:setExecutionForbidden().  This is tedious and error prone as there may be places in WebCore that should call VM:setExecutionForbidden() but is missed.  This has been the source of some bugs with the handling of the Worker termination in the past.

In this patch, we change VM to setExecutionForbidden() immediately if when we throw the TerminationException, but only if VM::m_forbidExecutionOnTermination is set.  Currently, we'll only set VM:m_forbidExecutionOnTermination for Workers because for legacy reasons, other clients of JSC has the ability to re-enter the VM after a TerminationException unwinds out (which is ok to do when used under some controlled conditions).  Until we can determine that it is safe to adopt this "forbid execution on termination behavior" universally, we'll adopt it only for workers.

In a subsequent patch, we can also look into removing all the places in WebCore that checks for TerminationException in order to call VM:setExecutionForbidden().  We'll leave those in place for now though they should be redundant after this patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211211/dc49c40f/attachment.htm>

More information about the webkit-unassigned mailing list