[webkit-changes] [239353] trunk/Source/WebCore

[rniwa]

Title: [239353] trunk/Source/WebCore

Revision

239353

Author

rn...@webkit.org

Date

2018-12-18 14:03:07 -0800 (Tue, 18 Dec 2018)

Log Message

Some iOS app crash in FrameLoader::checkCompleted
https://bugs.webkit.org/show_bug.cgi?id=192804
<rdar://problem/44240573>

Reviewed by Tim Horton.

It's possible for the main thread to call into WebCore / UIWebView selectors while Web thread
is trying to send a delegate message. Disable the release assertion while this is happening
so that iOS app would not crash.

Unfortunately no new test as there is no way to easily test UIWebView in iOS,
and this requires a race between the web thread & the main thread.

* dom/ScriptDisallowedScope.h:
(WebCore::ScriptDisallowedScope::InMainThread::isScriptAllowed):
* platform/ios/wak/WebCoreThread.h:
* platform/ios/wak/WebCoreThread.mm:
(WebThreadDelegateMessageScope::WebThreadDelegateMessageScope):
(WebThreadDelegateMessageScope::~WebThreadDelegateMessageScope):
(SendDelegateMessage):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/dom/ScriptDisallowedScope.h
• trunk/Source/WebCore/platform/ios/wak/WebCoreThread.h
• trunk/Source/WebCore/platform/ios/wak/WebCoreThread.mm

Diff

Modified: trunk/Source/WebCore/ChangeLog (239352 => 239353)

--- trunk/Source/WebCore/ChangeLog	2018-12-18 21:54:24 UTC (rev 239352)
+++ trunk/Source/WebCore/ChangeLog	2018-12-18 22:03:07 UTC (rev 239353)
@@ -1,3 +1,26 @@
+2018-12-18  Ryosuke Niwa  <rn...@webkit.org>
+
+        Some iOS app crash in FrameLoader::checkCompleted
+        https://bugs.webkit.org/show_bug.cgi?id=192804
+        <rdar://problem/44240573>
+
+        Reviewed by Tim Horton.
+
+        It's possible for the main thread to call into WebCore / UIWebView selectors while Web thread
+        is trying to send a delegate message. Disable the release assertion while this is happening
+        so that iOS app would not crash.
+
+        Unfortunately no new test as there is no way to easily test UIWebView in iOS,
+        and this requires a race between the web thread & the main thread.
+
+        * dom/ScriptDisallowedScope.h:
+        (WebCore::ScriptDisallowedScope::InMainThread::isScriptAllowed):
+        * platform/ios/wak/WebCoreThread.h:
+        * platform/ios/wak/WebCoreThread.mm:
+        (WebThreadDelegateMessageScope::WebThreadDelegateMessageScope):
+        (WebThreadDelegateMessageScope::~WebThreadDelegateMessageScope):
+        (SendDelegateMessage):
+
 2018-12-18  David Kilzer  <ddkil...@apple.com>
 
         clang-tidy: Use const reference for MediaTime parameter to prevent object copy

Modified: trunk/Source/WebCore/dom/ScriptDisallowedScope.h (239352 => 239353)

--- trunk/Source/WebCore/dom/ScriptDisallowedScope.h	2018-12-18 21:54:24 UTC (rev 239352)
+++ trunk/Source/WebCore/dom/ScriptDisallowedScope.h	2018-12-18 22:03:07 UTC (rev 239353)
@@ -26,6 +26,10 @@
 #include "ContainerNode.h"
 #include <wtf/MainThread.h>
 
+#if PLATFORM(IOS_FAMILY)
+#include "WebCoreThread.h"
+#endif
+
 namespace WebCore {
 
 class ScriptDisallowedScope {
@@ -86,7 +90,11 @@
         static bool isScriptAllowed()
         {
             ASSERT(isMainThread());
+#if PLATFORM(IOS_FAMILY)
+            return !s_count || webThreadDelegateMessageScopeCount;
+#else
             return !s_count;
+#endif
         }
     };
     

Modified: trunk/Source/WebCore/platform/ios/wak/WebCoreThread.h (239352 => 239353)

--- trunk/Source/WebCore/platform/ios/wak/WebCoreThread.h	2018-12-18 21:54:24 UTC (rev 239352)
+++ trunk/Source/WebCore/platform/ios/wak/WebCoreThread.h	2018-12-18 22:03:07 UTC (rev 239353)
@@ -44,6 +44,7 @@
 } WebThreadContext;
     
 extern volatile bool webThreadShouldYield;
+extern volatile unsigned webThreadDelegateMessageScopeCount;
 
 #ifdef __OBJC__
 @class NSRunLoop;

Modified: trunk/Source/WebCore/platform/ios/wak/WebCoreThread.mm (239352 => 239353)

--- trunk/Source/WebCore/platform/ios/wak/WebCoreThread.mm	2018-12-18 21:54:24 UTC (rev 239352)
+++ trunk/Source/WebCore/platform/ios/wak/WebCoreThread.mm	2018-12-18 22:03:07 UTC (rev 239353)
@@ -132,6 +132,8 @@
 
 static NSMutableArray* sAsyncDelegates = nil;
 
+WEBCORE_EXPORT volatile unsigned webThreadDelegateMessageScopeCount = 0;
+
 static inline void SendMessage(NSInvocation* invocation)
 {
     [invocation invoke];
@@ -171,6 +173,16 @@
 #endif
 }
 
+class WebThreadDelegateMessageScope {
+public:
+    WebThreadDelegateMessageScope() { ++webThreadDelegateMessageScopeCount; }
+    ~WebThreadDelegateMessageScope()
+    {
+        ASSERT(webThreadDelegateMessageScopeCount);
+        --webThreadDelegateMessageScopeCount;
+    }
+};
+
 static void SendDelegateMessage(NSInvocation* invocation)
 {
     if (!WebThreadIsCurrent()) {
@@ -194,6 +206,7 @@
 #endif
 
     {
+        WebThreadDelegateMessageScope delegateScope;
         // Code block created to scope JSC::JSLock::DropAllLocks outside of WebThreadLock()
         JSC::JSLock::DropAllLocks dropAllLocks(WebCore::commonVM());
         _WebThreadUnlock();

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes