Merge r270496 - [GLib] Leaked RunLoop objects on worker threads

https://bugs.webkit.org/show_bug.cgi?id=219232 <rdar://problem/71772277> Patch by Zan Dobersek <zdobersek@igalia.com> on 2020-12-07 Reviewed by Geoffrey Garen. Source/WTF: During the thread-local RunLoop::Holder destruction, explicitly clear out the iteration Deque objects on the held RunLoop, destroying any Function objects that never got to execute on this thread. Generally, this allows for any RunLoop reference stored in these objects to be released. Specifically, this would allow for destruction of the RunLoop::Timer object that's queued up in the JSRunLoopTimer::Manager::PerVMData destructor but never gets dispatched because the thread (a JS worker) is shut down before that happens. Destruction of the timer will release the reference of the RunLoop that's held by the RunLoop::Holder, finally enabling the RunLoop object itself be destroyed once the RunLoop::Holder reference is let go. * wtf/RunLoop.cpp: (WTF::RunLoop::Holder::~Holder): (WTF::RunLoop::threadWillExit): * wtf/RunLoop.h: Tools: Add a unit test covering proper RunLoop teardown upon thread destruction even if RunLoop references are stored in the dispatch queues. * TestWebKitAPI/Tests/WTF/RunLoop.cpp: (TestWebKitAPI::TEST):
WebKit · Feb 1, 2021 · 7082b19 · 7082b19
1 parent ad9d2ec
commit 7082b19
Show file tree

Hide file tree

Showing 5 changed files with 70 additions and 0 deletions.
diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog
@@ -1,3 +1,29 @@
+2020-12-07  Zan Dobersek  <zdobersek@igalia.com>
+
+        [GLib] Leaked RunLoop objects on worker threads
+        https://bugs.webkit.org/show_bug.cgi?id=219232
+        <rdar://problem/71772277>
+
+        Reviewed by Geoffrey Garen.
+
+        During the thread-local RunLoop::Holder destruction, explicitly clear out
+        the iteration Deque objects on the held RunLoop, destroying any Function
+        objects that never got to execute on this thread. Generally, this allows
+        for any RunLoop reference stored in these objects to be released.
+
+        Specifically, this would allow for destruction of the RunLoop::Timer
+        object that's queued up in the JSRunLoopTimer::Manager::PerVMData
+        destructor but never gets dispatched because the thread (a JS worker) is
+        shut down before that happens. Destruction of the timer will release the
+        reference of the RunLoop that's held by the RunLoop::Holder, finally
+        enabling the RunLoop object itself be destroyed once the RunLoop::Holder
+        reference is let go.
+
+        * wtf/RunLoop.cpp:
+        (WTF::RunLoop::Holder::~Holder):
+        (WTF::RunLoop::threadWillExit):
+        * wtf/RunLoop.h:
+
 2020-11-03  Stephan Szabo  <stephan.szabo@sony.com>
 
         [WinCairo/PlayStation] ICU 68.1 no longer exposes FALSE and TRUE macros by default

diff --git a/Source/WTF/wtf/RunLoop.cpp b/Source/WTF/wtf/RunLoop.cpp
@@ -46,6 +46,11 @@ class RunLoop::Holder {
     {
     }
 
+    ~Holder()
+    {
+        m_runLoop->threadWillExit();
+    }
+
     RunLoop& runLoop() { return m_runLoop; }
 
 private:
@@ -162,4 +167,10 @@ void RunLoop::suspendFunctionDispatchForCurrentCycle()
     wakeUp();
 }
 
+void RunLoop::threadWillExit()
+{
+    m_currentIteration.clear();
+    m_nextIteration.clear();
+}
+
 } // namespace WTF
diff --git a/Source/WTF/wtf/RunLoop.h b/Source/WTF/wtf/RunLoop.h
@@ -96,6 +96,8 @@ class RunLoop final : public FunctionDispatcher {
     enum class CycleResult { Continue, Stop };
     WTF_EXPORT_PRIVATE CycleResult static cycle(RunLoopMode = DefaultRunLoopMode);
 
+    WTF_EXPORT_PRIVATE void threadWillExit();
+
 #if USE(GLIB_EVENT_LOOP)
     WTF_EXPORT_PRIVATE GMainContext* mainContext() const { return m_mainContext.get(); }
     enum class Event { WillDispatch, DidDispatch };

diff --git a/Tools/ChangeLog b/Tools/ChangeLog
@@ -1,3 +1,17 @@
+2020-12-07  Zan Dobersek  <zdobersek@igalia.com>
+
+        [GLib] Leaked RunLoop objects on worker threads
+        https://bugs.webkit.org/show_bug.cgi?id=219232
+        <rdar://problem/71772277>
+
+        Reviewed by Geoffrey Garen.
+
+        Add a unit test covering proper RunLoop teardown upon thread destruction
+        even if RunLoop references are stored in the dispatch queues.
+
+        * TestWebKitAPI/Tests/WTF/RunLoop.cpp:
+        (TestWebKitAPI::TEST):
+
 2020-11-18  Michael Catanzaro  <mcatanzaro@gnome.org>
 
         [WPE][GTK] Update Outlook user agent quirk

diff --git a/Tools/TestWebKitAPI/Tests/WTF/RunLoop.cpp b/Tools/TestWebKitAPI/Tests/WTF/RunLoop.cpp
@@ -215,4 +215,21 @@ TEST(WTF_RunLoop, ManyTimes)
     })->waitForCompletion();
 }
 
+TEST(WTF_RunLoop, ThreadTerminationSelfReferenceCleanup)
+{
+    RefPtr<RunLoop> runLoop;
+
+    Thread::create("RunLoopThreadTerminationSelfReferenceCleanup", [&] {
+        runLoop = makeRefPtr(RunLoop::current());
+
+        // This stores a RunLoop reference in the dispatch queue that will not be released
+        // via the usual dispatch, but should still be released upon thread termination.
+        // After that, the observing RefPtr should be the only one holding a reference
+        // to the RunLoop object.
+        runLoop->dispatch([ref = runLoop.copyRef()] { });
+    })->waitForCompletion();
+
+    EXPECT_TRUE(runLoop->hasOneRef());
+}
+
 } // namespace TestWebKitAPI