Title: [266793] trunk/Source/WebCore
- Revision
- 266793
- Author
- [email protected]
- Date
- 2020-09-09 11:41:01 -0700 (Wed, 09 Sep 2020)
Log Message
ASSERTION FAILED: m_finishedNodes.isEmpty() in AudioContext destructor
https://bugs.webkit.org/show_bug.cgi?id=105870
Reviewed by Darin Adler.
This assertion indicates that BaseAudioContext::derefFinishedSourceNodes() was not
called before the BaseAudioContext destructor. Normally, derefFinishedSourceNodes()
gets called from BaseAudioContext::handlePostRenderTasks() at the end of rending.
However, BaseAudioContext::handlePostRenderTasks() only calls derefFinishedSourceNodes()
if tryLock() succeeds. Therefore, in case of lock contention, it was possible we would
end up destroying the BaseAudioContext without derefFinishedSourceNodes() having been
called at the end of the rendering.
To address the issue, we now call derefFinishedSourceNodes() after the audio thread is
gone and before the BaseAudioContext gets destroyed, in BaseAudioContext::uninitialize().
No new tests, covered by existing tests that are flaky crashing.
* Modules/webaudio/BaseAudioContext.cpp:
(WebCore::BaseAudioContext::uninitialize):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (266792 => 266793)
--- trunk/Source/WebCore/ChangeLog 2020-09-09 18:23:27 UTC (rev 266792)
+++ trunk/Source/WebCore/ChangeLog 2020-09-09 18:41:01 UTC (rev 266793)
@@ -1,3 +1,26 @@
+2020-09-09 Chris Dumez <[email protected]>
+
+ ASSERTION FAILED: m_finishedNodes.isEmpty() in AudioContext destructor
+ https://bugs.webkit.org/show_bug.cgi?id=105870
+
+ Reviewed by Darin Adler.
+
+ This assertion indicates that BaseAudioContext::derefFinishedSourceNodes() was not
+ called before the BaseAudioContext destructor. Normally, derefFinishedSourceNodes()
+ gets called from BaseAudioContext::handlePostRenderTasks() at the end of rending.
+ However, BaseAudioContext::handlePostRenderTasks() only calls derefFinishedSourceNodes()
+ if tryLock() succeeds. Therefore, in case of lock contention, it was possible we would
+ end up destroying the BaseAudioContext without derefFinishedSourceNodes() having been
+ called at the end of the rendering.
+
+ To address the issue, we now call derefFinishedSourceNodes() after the audio thread is
+ gone and before the BaseAudioContext gets destroyed, in BaseAudioContext::uninitialize().
+
+ No new tests, covered by existing tests that are flaky crashing.
+
+ * Modules/webaudio/BaseAudioContext.cpp:
+ (WebCore::BaseAudioContext::uninitialize):
+
2020-09-09 Antoine Quint <[email protected]>
REGRESSION (r264856): updating easing on accelerated animation results in incorrect playback
Modified: trunk/Source/WebCore/Modules/webaudio/BaseAudioContext.cpp (266792 => 266793)
--- trunk/Source/WebCore/Modules/webaudio/BaseAudioContext.cpp 2020-09-09 18:23:27 UTC (rev 266792)
+++ trunk/Source/WebCore/Modules/webaudio/BaseAudioContext.cpp 2020-09-09 18:41:01 UTC (rev 266793)
@@ -267,6 +267,15 @@
setState(State::Closed);
}
+ {
+ AutoLocker locker(*this);
+ // This should have been called from handlePostRenderTasks() at the end of rendering.
+ // However, in case of lock contention, the tryLock() call could have failed in handlePostRenderTasks(),
+ // leaving nodes in m_finishedNodes. Now that the audio thread is gone, make sure we deref those nodes
+ // before the BaseAudioContext gets destroyed.
+ derefFinishedSourceNodes();
+ }
+
// Get rid of the sources which may still be playing.
derefUnfinishedSourceNodes();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
