New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 696905 link

Starred by 1 user
Status: Fixed
Owner:
hajimehoshi@chromium.org
Closed: Oct 2017
Cc:
kinuko@chromium.org
nhiroki@chromium.org
tzik@chromium.org
yuryu@chromium.org
altimin@chromium.org
haraken@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug

Blocking:
issue 694914



Sign in to add a comment

TaskRunnerHelper must be used on a given context's thread

Project Member Reported by nhiroki@chromium.org, Feb 28 2017 
TaskRunnerHelper must not used from non-main threads because it traversals GC'ed objects on the main thread (Document, Frame) and uses current thread's default task runner when a null frame is specified. This would be dangerous.

Unfortunately, this restriction hasn't been well-documented and some components already has used it from non-main threads (e.g., CanvasAsyncBlobCreator[1]). We should fix such usage and add thread check assertions into TaskRunnerHelper.

[1] https://chromium.googlesource.com/chromium/src/+/5ce8692f118a0f554fa98574be0c5446b8f0b8fe/third_party/WebKit/Source/core/html/canvas/CanvasAsyncBlobCreator.cpp#237

Comment 1 by nhiroki@chromium.org, Feb 28 2017

Blocking: 694914

Comment 2 by yuryu@chromium.org, Mar 13 2017

Cc: yuryu@chromium.org

Comment 3 by nhiroki@chromium.org, Apr 20 2017

Owner: nhiroki@chromium.org
Status: Started (was: Available)
Summary: TaskRunnerHelper must be used on a given context's thread (was: TaskRunnerHelper must be used on the main thread)
After  issue 694914  TaskRunnerHelper becomes available for worker contexts, but it's still necessary to call it on a given context's thread ("given context" is the 2nd arg of TaskRunnerHelper::Get) as follows:

  // This must be called on the main thread
  TaskRunnerHelper::Get(type, frame)

  // This must be called on the main thread
  TaskRunnerHelper::Get(type, document)

  // This must be called on the worker thread
  TaskRunnerHelper::Get(type, worker_global_scope)

I'm now checking how many callsites violate the rule by adding DCHECKs:
https://codereview.chromium.org/2829683006/

Comment 4 by nhiroki@chromium.org, Oct 26 2017

Cc: nhiroki@chromium.org
Owner: hajimehoshi@chromium.org
Status: Assigned (was: Started)
hajimehoshi@ is now working on refactoring TaskRunnerHelper.

Comment 5 by hajimehoshi@chromium.org, Oct 26 2017

Cc: altimin@chromium.org

Comment 6 by hajimehoshi@chromium.org, Oct 27 2017 

>   TaskRunnerHelper::Get(type, worker_global_scope)

I think it's now Get(TaskType, WorkerOrWorkletGlobalScope*), and this already has DCHECK(IsContextThread());

Comment 7 by hajimehoshi@chromium.org, Oct 27 2017 

Fix for Document
https://chromium-review.googlesource.com/c/chromium/src/+/741428

Note that we found that |Context()->GetExecutionContext()| is also not thread-safe (SuspendableObject::GetExecutionContext should be called from the main thread).
Project Member

Comment 8 by bugdroid1@chromium.org, Oct 27 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0d0c1a51c94302df6ddaef1df81bce83ef520077

commit 0d0c1a51c94302df6ddaef1df81bce83ef520077
Author: Hajime Hoshi <hajimehoshi@chromium.org>
Date: Fri Oct 27 13:39:37 2017

Add DCHECK(IsMainThread()) at Document::GetTaskRunner()

Bug:  696905 
Change-Id: Ie6f81336a9119f0cd8d3e3ad6e9074a11f662b8d
Reviewed-on: https://chromium-review.googlesource.com/741428
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Hajime Hoshi <hajimehoshi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#512170}
[modify] https://crrev.com/0d0c1a51c94302df6ddaef1df81bce83ef520077/third_party/WebKit/Source/core/dom/Document.cpp
[modify] https://crrev.com/0d0c1a51c94302df6ddaef1df81bce83ef520077/third_party/WebKit/Source/modules/webaudio/AudioScheduledSourceNode.cpp
[modify] https://crrev.com/0d0c1a51c94302df6ddaef1df81bce83ef520077/third_party/WebKit/Source/modules/webaudio/AudioScheduledSourceNode.h
[modify] https://crrev.com/0d0c1a51c94302df6ddaef1df81bce83ef520077/third_party/WebKit/Source/modules/webaudio/MediaElementAudioSourceNode.cpp
[modify] https://crrev.com/0d0c1a51c94302df6ddaef1df81bce83ef520077/third_party/WebKit/Source/modules/webaudio/MediaElementAudioSourceNode.h
[modify] https://crrev.com/0d0c1a51c94302df6ddaef1df81bce83ef520077/third_party/WebKit/Source/modules/webaudio/OfflineAudioDestinationNode.cpp
[modify] https://crrev.com/0d0c1a51c94302df6ddaef1df81bce83ef520077/third_party/WebKit/Source/modules/webaudio/OfflineAudioDestinationNode.h
[modify] https://crrev.com/0d0c1a51c94302df6ddaef1df81bce83ef520077/third_party/WebKit/Source/modules/webaudio/ScriptProcessorNode.cpp
[modify] https://crrev.com/0d0c1a51c94302df6ddaef1df81bce83ef520077/third_party/WebKit/Source/modules/webaudio/ScriptProcessorNode.h
Project Member

Comment 9 by bugdroid1@chromium.org, Oct 30 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/3e1e063396152e6992d6aa114e604bfc10f296fb

commit 3e1e063396152e6992d6aa114e604bfc10f296fb
Author: Hajime Hoshi <hajimehoshi@chromium.org>
Date: Mon Oct 30 08:25:10 2017

Add DCHECK(IsMainThread()) to LocalFrame::GetTaskRunner()

Bug:  696905 
Change-Id: I12008dc1431d370e45df3fcd6d38184457133bd9
Reviewed-on: https://chromium-review.googlesource.com/741661
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Hajime Hoshi <hajimehoshi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#512455}
[modify] https://crrev.com/3e1e063396152e6992d6aa114e604bfc10f296fb/third_party/WebKit/Source/core/frame/LocalFrame.cpp

Comment 10 by nhiroki@chromium.org, Oct 30 2017

Status: Started (was: Assigned)
> Note that we found that |Context()->GetExecutionContext()| is also not thread-safe (SuspendableObject::GetExecutionContext should be called from the main thread).

It'd be nice if we can have a thread check in GetExecutionContext(). IMHO, ExecutionContext shouldn't be touched from threads other than its context thread.
Project Member

Comment 11 by bugdroid1@chromium.org, Oct 31 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a989f82576b212a93932904916dbc2c103dc071a

commit a989f82576b212a93932904916dbc2c103dc071a
Author: Hajime Hoshi <hajimehoshi@chromium.org>
Date: Tue Oct 31 17:01:28 2017

Avoid calling Context()->GetExecutionContext() on non-main threads in webaudio

Checking the existence of execution context is not thread safe. Instead,
let's check it on the handler sides (main thread).

Bug:  696905 
Change-Id: I68a05ef9e32837f74ef1772d66631bfd104c7d5e
Reviewed-on: https://chromium-review.googlesource.com/746721
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Reviewed-by: Hongchan Choi <hongchan@chromium.org>
Reviewed-by: Raymond Toy <rtoy@chromium.org>
Commit-Queue: Hajime Hoshi <hajimehoshi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#512850}
[modify] https://crrev.com/a989f82576b212a93932904916dbc2c103dc071a/third_party/WebKit/Source/modules/webaudio/AudioScheduledSourceNode.cpp
[modify] https://crrev.com/a989f82576b212a93932904916dbc2c103dc071a/third_party/WebKit/Source/modules/webaudio/MediaElementAudioSourceNode.cpp
[modify] https://crrev.com/a989f82576b212a93932904916dbc2c103dc071a/third_party/WebKit/Source/modules/webaudio/OfflineAudioDestinationNode.cpp
[modify] https://crrev.com/a989f82576b212a93932904916dbc2c103dc071a/third_party/WebKit/Source/modules/webaudio/ScriptProcessorNode.cpp

Comment 12 by hajimehoshi@chromium.org, Oct 31 2017

Status: Fixed (was: Started)
> It'd be nice if we can have a thread check in GetExecutionContext(). IMHO, ExecutionContext shouldn't be touched from threads other than its context thread.

True, I'll add DCHECK later. I'll close this issue as the focused problem was fixed.

Sign in to add a comment