Title: [202736] trunk/Source/WTF
- Revision
- 202736
- Author
- [email protected]
- Date
- 2016-07-01 08:40:39 -0700 (Fri, 01 Jul 2016)
Log Message
Deadlock inside -[WebCoreNSURLSession dealloc]
https://bugs.webkit.org/show_bug.cgi?id=159331
<rdar://problem/27122716>
Reviewed by Alex Christensen.
A Function<> object can wrap any callable type, including a C++ lambda.
dispatchFunctionsFromMainThread() holds a lock while iterating over the functions in
functionQueue(), and during ths iteration, the previous callable object is destroyed by
assigning the result of functionQueue().takeFirst(). Because lambdas (and other callables,
like functors) can own objects, destroying this callable can have side effects, and if one
of those side effects is to call callOnMainThread(), this can deadlock.
Move this side-effect-having call outside the locked block by clearing the function object
immediately after calling it.
* wtf/MainThread.cpp:
(WTF::dispatchFunctionsFromMainThread):
Modified Paths
Diff
Modified: trunk/Source/WTF/ChangeLog (202735 => 202736)
--- trunk/Source/WTF/ChangeLog 2016-07-01 15:29:09 UTC (rev 202735)
+++ trunk/Source/WTF/ChangeLog 2016-07-01 15:40:39 UTC (rev 202736)
@@ -1,3 +1,25 @@
+2016-07-01 Jer Noble <[email protected]>
+
+ Deadlock inside -[WebCoreNSURLSession dealloc]
+ https://bugs.webkit.org/show_bug.cgi?id=159331
+ <rdar://problem/27122716>
+
+ Reviewed by Alex Christensen.
+
+ A Function<> object can wrap any callable type, including a C++ lambda.
+
+ dispatchFunctionsFromMainThread() holds a lock while iterating over the functions in
+ functionQueue(), and during ths iteration, the previous callable object is destroyed by
+ assigning the result of functionQueue().takeFirst(). Because lambdas (and other callables,
+ like functors) can own objects, destroying this callable can have side effects, and if one
+ of those side effects is to call callOnMainThread(), this can deadlock.
+
+ Move this side-effect-having call outside the locked block by clearing the function object
+ immediately after calling it.
+
+ * wtf/MainThread.cpp:
+ (WTF::dispatchFunctionsFromMainThread):
+
2016-06-29 Jer Noble <[email protected]>
Adopt MediaRemote.
Modified: trunk/Source/WTF/wtf/MainThread.cpp (202735 => 202736)
--- trunk/Source/WTF/wtf/MainThread.cpp 2016-07-01 15:29:09 UTC (rev 202735)
+++ trunk/Source/WTF/wtf/MainThread.cpp 2016-07-01 15:40:39 UTC (rev 202736)
@@ -133,6 +133,9 @@
function();
+ // Clearing the function can have side effects, so do so outside of the lock above.
+ function = nullptr;
+
// If we are running accumulated functions for too long so UI may become unresponsive, we need to
// yield so the user input can be processed. Otherwise user may not be able to even close the window.
// This code has effect only in case the scheduleDispatchFunctionsOnMainThread() is implemented in a way that
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
