Closed Bug 1166412 Opened 10 years ago Closed 5 years ago

Stop calling off-main-thread browser parser callbacks in JS_ShutDown()

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: mccr8, Unassigned)

Details

(Keywords: sec-other)

Off main thread parsing holds strong references to main thread objects like documents. In functions like OffThreadScriptReceiverCallback() these are dealt with by sending a runnable back to the main thread using NS_DispatchToMainThread(). However, if we're late in shutdown, like at the point where JS_ShutDown() is called, then NS_DispatchToMainThread() fails and we end up trying to release stuff on the parser thread. This does happen in practice, as can be seen in bug 1117977 and bug 1155328. We can hack around it in the browser callbacks by detecting that we're late in shutdown and not releasing things (that's what was done in bug 1117977), but it seems a little cleaner to me to just kill off any off main thread parses that are in progress at some earlier point in shutdown.
Keywords: sec-other
Jason was arguing in IRC that maybe we should just fix this in the callback itself, rather than complicate the JS engine parsing threading stuff, which I think is reasonable. We're likely not going to have a proliferation of these callbacks. So maybe this is WONTFIX. But I thought I'd file a bug in case it was something easy to do.
The JS engine API is atm very error prone, as the bugs have shown, so I'd prefer if it was made less error prone, like killing any off main thread parsing when it is still safe and possible.
Group: core-security → javascript-core-security

NS_DispatchToMainThread now leaks when it fails, instead of releasing runnables on the wrong thread.

Group: javascript-core-security
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.