Use ChildThreadImpl::thread_safe_sender in font proxy if available

Use ChildThreadImpl::thread_safe_sender in font proxy if available

This changes the logic that the font proxy uses to get the IPC
sender. It will now try to get a sender in the initialization code,
and use that one if available. This allows it to get the sender
while it is still running on the main thread in the plugin, so that
it can use it for IPCs later when called from a different thread.
This is a threading violation, but it will allow the proxy to work
when called by Flash from a background thread.

BUG=631254
Committed: https://crrev.com/ddaf9994ab75ff143da0c2f5c44499e49db1815f
Cr-Commit-Position: refs/heads/master@{#408551}

[Ilya Kulshin, 2016-07-27 22:03:12]

The CQ bit was checked by kulshin@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-27 22:03:32]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-27 22:05:12]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-27 22:05:13]

Dry run: Try jobs failed on following builders:
  ios-device on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device/builds...)
  ios-device-gn on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device-gn/bui...)
  ios-simulator on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/bui...)
  ios-simulator-gn on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator-gn/...)

[Ilya Kulshin, 2016-07-27 22:07:42]

Description was changed from

==========
Revert "Switch to using ChildThread::Get() to get the IPC sender"

This reverts commit 0a6c181cc466a4b4f8ade9b1e633992378df4276.

BUG=
==========

to

==========
Revert "Switch to using ChildThread::Get() to get the IPC sender"

This allows the font proxy to use different logic to obtain the IPC
sender, depending on whether it is running in the renderer or the
plugin process. When running in the renderer, it will use
ChildThread::Get, as before. When running in the plugin, it will now
use PluginGlobals::GetBrowserSender(). This is a threading violation,
but it will allow the proxy to work when called by Flash from a
background thread.

This reverts commit 0a6c181cc466a4b4f8ade9b1e633992378df4276.

BUG=631254
==========

[Ilya Kulshin, 2016-07-27 22:18:06]

The CQ bit was checked by kulshin@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-27 22:18:22]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[Ilya Kulshin, 2016-07-27 22:21:56]

kulshin@chromium.org changed reviewers:
+ forshaw@chromium.org, jam@chromium.org, wfh@chromium.org

[Ilya Kulshin, 2016-07-27 22:21:57]

ptal.

[commit-bot: I haz the power, 2016-07-27 22:49:20]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-27 22:49:20]

Dry run: Try jobs failed on following builders:
  win_chromium_compile_dbg_ng on master.tryserver.chromium.win (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_comp...)

[Ilya Kulshin, 2016-07-27 23:34:39]

The CQ bit was checked by kulshin@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-27 23:35:11]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-28 00:12:15]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-28 00:12:16]

Dry run: This issue passed the CQ dry run.

[Ilya Kulshin, 2016-07-28 00:19:17]

ping. Can I get a review so this can make it into tomorrow's canary?

[Will Harris, 2016-07-28 00:20:13]

I'm sorry I do not know the impact of this change, jam@ reviewed the original CL
so perhaps he is best placed to know what this would do...?

[Ken Rockot(use gerrit already), 2016-07-28 15:28:30]

rockot@chromium.org changed reviewers:
+ rockot@chromium.org

[Ken Rockot(use gerrit already), 2016-07-28 15:28:31]

While I could understand if we want to just land this revert as-is since it's at
least more stable the current situation, it doesn't seem like it would be very
challenging implement a one-off IPC::Sender in ppapi_plugin_main which does an
intermediate PostTask to the correct thread. Is there some subtle reason not to
do this?

[forshaw, 2016-07-28 15:58:47]

On 2016/07/28 15:28:31, Ken Rockot wrote:
> While I could understand if we want to just land this revert as-is since it's
at
> least more stable the current situation, it doesn't seem like it would be very
> challenging implement a one-off IPC::Sender in ppapi_plugin_main which does an
> intermediate PostTask to the correct thread. Is there some subtle reason not
to
> do this?

It lgtm as a quick fix, of course it would be nice to fix it properly somewhere
down the line.

[jam, 2016-07-28 16:34:31]

https://codereview.chromium.org/2182213004/diff/60001/content/child/dwrite_fo...
File content/child/dwrite_font_proxy/dwrite_font_proxy_win.cc (left):

https://codereview.chromium.org/2182213004/diff/60001/content/child/dwrite_fo...
content/child/dwrite_font_proxy/dwrite_font_proxy_win.cc:351: return
sender_override_ ? sender_override_ : ChildThread::Get();
you can fix this by changing

ChildThread::Get()
to
ChildThreadImpl::current()->thread_safe_sender()

[Ilya Kulshin, 2016-07-28 19:00:28]

Patchset #5 (id:80001) has been deleted

[Ilya Kulshin, 2016-07-28 19:01:13]

https://codereview.chromium.org/2182213004/diff/60001/content/child/dwrite_fo...
File content/child/dwrite_font_proxy/dwrite_font_proxy_win.cc (left):

https://codereview.chromium.org/2182213004/diff/60001/content/child/dwrite_fo...
content/child/dwrite_font_proxy/dwrite_font_proxy_win.cc:351: return
sender_override_ ? sender_override_ : ChildThread::Get();
On 2016/07/28 16:34:31, jam wrote:
> you can fix this by changing
> 
> ChildThread::Get()
> to
> ChildThreadImpl::current()->thread_safe_sender()

thread_safe_sender still needs to be called from the main thread, since it
obtains the sender from tls. At the point where I know this code is running from
the main thread (initialization) the IPC system is not yet fully functional, so
I cannot get the sender at that time. By the time the code gets here, it can no
longer be relied to be on the main thread, so thread_safe_sender will not work.

[Ken Rockot(use gerrit already), 2016-07-28 19:11:41]

On 2016/07/28 at 19:01:13, kulshin wrote:
>
https://codereview.chromium.org/2182213004/diff/60001/content/child/dwrite_fo...
> File content/child/dwrite_font_proxy/dwrite_font_proxy_win.cc (left):
> 
>
https://codereview.chromium.org/2182213004/diff/60001/content/child/dwrite_fo...
> content/child/dwrite_font_proxy/dwrite_font_proxy_win.cc:351: return
sender_override_ ? sender_override_ : ChildThread::Get();
> On 2016/07/28 16:34:31, jam wrote:
> > you can fix this by changing
> > 
> > ChildThread::Get()
> > to
> > ChildThreadImpl::current()->thread_safe_sender()
> 
> thread_safe_sender still needs to be called from the main thread, since it
obtains the sender from tls. At the point where I know this code is running from
the main thread (initialization) the IPC system is not yet fully functional, so
I cannot get the sender at that time. By the time the code gets here, it can no
longer be relied to be on the main thread, so thread_safe_sender will not work.

By the time InitializeDWriteFontProxy is called in PpapiPluginMain,
ChildThreadImpl::current()->thread_safe_sender() is definitely valid - it's
initialized from ChildThreadImpl::Init which runs when constructing the
PpapiThread. This pointer can be held onto and used later from any thread.

[Ilya Kulshin, 2016-07-28 19:49:06]

Description was changed from

==========
Revert "Switch to using ChildThread::Get() to get the IPC sender"

This allows the font proxy to use different logic to obtain the IPC
sender, depending on whether it is running in the renderer or the
plugin process. When running in the renderer, it will use
ChildThread::Get, as before. When running in the plugin, it will now
use PluginGlobals::GetBrowserSender(). This is a threading violation,
but it will allow the proxy to work when called by Flash from a
background thread.

This reverts commit 0a6c181cc466a4b4f8ade9b1e633992378df4276.

BUG=631254
==========

to

==========
Use ChildThreadImpl::thread_safe_sender in font proxy if available

This changes the logic that the font proxy uses to get the IPC
sender. It will now try to get a sender in the initialization code,
and use that one if available. This allows it to get the sender
while it is still running on the main thread in the plugin, so that
it can use it for IPCs later when called from a different thread.
This is a threading violation, but it will allow the proxy to work
when called by Flash from a background thread.


BUG=631254
==========

[Ilya Kulshin, 2016-07-28 19:50:19]

On 2016/07/28 19:11:41, Ken Rockot wrote:
> On 2016/07/28 at 19:01:13, kulshin wrote:
> >
>
https://codereview.chromium.org/2182213004/diff/60001/content/child/dwrite_fo...
> > File content/child/dwrite_font_proxy/dwrite_font_proxy_win.cc (left):
> > 
> >
>
https://codereview.chromium.org/2182213004/diff/60001/content/child/dwrite_fo...
> > content/child/dwrite_font_proxy/dwrite_font_proxy_win.cc:351: return
> sender_override_ ? sender_override_ : ChildThread::Get();
> > On 2016/07/28 16:34:31, jam wrote:
> > > you can fix this by changing
> > > 
> > > ChildThread::Get()
> > > to
> > > ChildThreadImpl::current()->thread_safe_sender()
> > 
> > thread_safe_sender still needs to be called from the main thread, since it
> obtains the sender from tls. At the point where I know this code is running
from
> the main thread (initialization) the IPC system is not yet fully functional,
so
> I cannot get the sender at that time. By the time the code gets here, it can
no
> longer be relied to be on the main thread, so thread_safe_sender will not
work.
> 
> By the time InitializeDWriteFontProxy is called in PpapiPluginMain,
> ChildThreadImpl::current()->thread_safe_sender() is definitely valid - it's
> initialized from ChildThreadImpl::Init which runs when constructing the
> PpapiThread. This pointer can be held onto and used later from any thread.

Hmm, indeed it is, it seems the fonts are initialized later during startup in
the plugin than in the renderer.

[Ilya Kulshin, 2016-07-28 19:51:02]

ptal. I refactored the change to use ChildThreadImpl::thread_safe_sender,
which also allowed me to remove most of the code and keep the changes just
in the init logic.

[Ilya Kulshin, 2016-07-28 19:51:14]

The CQ bit was checked by kulshin@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-07-28 19:51:34]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-28 20:35:03]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-07-28 20:35:04]

Dry run: This issue passed the CQ dry run.

[jam, 2016-07-28 22:04:43]

https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
File content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc (right):

https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc:81: // Hack for
crbug.com/631254: set the sender if we can get one, so that when
nit: saying hack makes it sound like this should be fixed properly. using
thread-safe sender is a standard pattern.

I would just get rid of this comment since it's documenting what the code is
doing.

https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc:84: if (!sender &&
ChildThreadImpl::current())
are you sure you need the ChildThreadImpl::current() check?

[Ilya Kulshin, 2016-07-28 22:10:41]

https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
File content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc (right):

https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc:81: // Hack for
crbug.com/631254: set the sender if we can get one, so that when
On 2016/07/28 22:04:43, jam wrote:
> nit: saying hack makes it sound like this should be fixed properly. using
> thread-safe sender is a standard pattern.
> 
> I would just get rid of this comment since it's documenting what the code is
> doing.

This should be fixed properly. One possible fix we are talking about is to
detect when the pepper font api is being called from the wrong thread, and
marshal the call to the appropriate thread.

https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc:84: if (!sender &&
ChildThreadImpl::current())
On 2016/07/28 22:04:43, jam wrote:
> are you sure you need the ChildThreadImpl::current() check?

Yes, otherwise it crashes in the renderer because ChildThreadImpl::current()
returns null at the time this code is initialized.

[ananta, 2016-07-29 01:40:38]

ananta@chromium.org changed reviewers:
+ ananta@chromium.org

[ananta, 2016-07-29 01:40:38]

lgtm

[Ilya Kulshin, 2016-07-29 01:44:04]

The CQ bit was checked by kulshin@chromium.org

[Ilya Kulshin, 2016-07-29 01:44:05]

The patchset sent to the CQ was uploaded after l-g-t-m from forshaw@chromium.org
Link to the patchset: https://codereview.chromium.org/2182213004/#ps120001
(title: "Set thread_safe_sender in font proxy init, if available.")

[commit-bot: I haz the power, 2016-07-29 01:44:27]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-29 01:47:42]

Description was changed from

==========
Use ChildThreadImpl::thread_safe_sender in font proxy if available

This changes the logic that the font proxy uses to get the IPC
sender. It will now try to get a sender in the initialization code,
and use that one if available. This allows it to get the sender
while it is still running on the main thread in the plugin, so that
it can use it for IPCs later when called from a different thread.
This is a threading violation, but it will allow the proxy to work
when called by Flash from a background thread.


BUG=631254
==========

to

==========
Use ChildThreadImpl::thread_safe_sender in font proxy if available

This changes the logic that the font proxy uses to get the IPC
sender. It will now try to get a sender in the initialization code,
and use that one if available. This allows it to get the sender
while it is still running on the main thread in the plugin, so that
it can use it for IPCs later when called from a different thread.
This is a threading violation, but it will allow the proxy to work
when called by Flash from a background thread.


BUG=631254
==========

[commit-bot: I haz the power, 2016-07-29 01:47:44]

Committed patchset #6 (id:120001)

[commit-bot: I haz the power, 2016-07-29 01:49:30]

Description was changed from

==========
Use ChildThreadImpl::thread_safe_sender in font proxy if available

This changes the logic that the font proxy uses to get the IPC
sender. It will now try to get a sender in the initialization code,
and use that one if available. This allows it to get the sender
while it is still running on the main thread in the plugin, so that
it can use it for IPCs later when called from a different thread.
This is a threading violation, but it will allow the proxy to work
when called by Flash from a background thread.


BUG=631254
==========

to

==========
Use ChildThreadImpl::thread_safe_sender in font proxy if available

This changes the logic that the font proxy uses to get the IPC
sender. It will now try to get a sender in the initialization code,
and use that one if available. This allows it to get the sender
while it is still running on the main thread in the plugin, so that
it can use it for IPCs later when called from a different thread.
This is a threading violation, but it will allow the proxy to work
when called by Flash from a background thread.

BUG=631254

Committed: https://crrev.com/ddaf9994ab75ff143da0c2f5c44499e49db1815f
Cr-Commit-Position: refs/heads/master@{#408551}
==========

[commit-bot: I haz the power, 2016-07-29 01:49:32]

Patchset 6 (id:??) landed as
https://crrev.com/ddaf9994ab75ff143da0c2f5c44499e49db1815f
Cr-Commit-Position: refs/heads/master@{#408551}

[jam, 2016-07-29 22:34:58]

https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
File content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc (right):

https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc:81: // Hack for
crbug.com/631254: set the sender if we can get one, so that when
On 2016/07/28 22:10:41, Ilya Kulshin wrote:
> On 2016/07/28 22:04:43, jam wrote:
> > nit: saying hack makes it sound like this should be fixed properly. using
> > thread-safe sender is a standard pattern.
> > 
> > I would just get rid of this comment since it's documenting what the code is
> > doing.
> 
> This should be fixed properly. One possible fix we are talking about is to
> detect when the pepper font api is being called from the wrong thread, and
> marshal the call to the appropriate thread.

I don't understand this comment. That's what the SafeSender is doing internally?

[Ilya Kulshin, 2016-07-29 22:38:29]

On 2016/07/29 22:34:58, jam wrote:
>
https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
> File content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc (right):
> 
>
https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
> content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc:81: // Hack for
> crbug.com/631254: set the sender if we can get one, so that when
> On 2016/07/28 22:10:41, Ilya Kulshin wrote:
> > On 2016/07/28 22:04:43, jam wrote:
> > > nit: saying hack makes it sound like this should be fixed properly. using
> > > thread-safe sender is a standard pattern.
> > > 
> > > I would just get rid of this comment since it's documenting what the code
is
> > > doing.
> > 
> > This should be fixed properly. One possible fix we are talking about is to
> > detect when the pepper font api is being called from the wrong thread, and
> > marshal the call to the appropriate thread.
> 
> I don't understand this comment. That's what the SafeSender is doing
internally?

The SafeSender will make sure the IPC runs from the right thread, correct? The
problem is that there's a bunch of non-IPC code that runs before it even gets to
the point where it knows it needs to send an IPC, and that code also is not
being called from the right thread. That is the code that I'm talking about
needing to move to a different thread (but not in this patch).

[jam, 2016-07-29 23:14:08]

On 2016/07/29 22:38:29, Ilya Kulshin wrote:
> On 2016/07/29 22:34:58, jam wrote:
> >
>
https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
> > File content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc (right):
> > 
> >
>
https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
> > content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc:81: // Hack
for
> > crbug.com/631254: set the sender if we can get one, so that when
> > On 2016/07/28 22:10:41, Ilya Kulshin wrote:
> > > On 2016/07/28 22:04:43, jam wrote:
> > > > nit: saying hack makes it sound like this should be fixed properly.
using
> > > > thread-safe sender is a standard pattern.
> > > > 
> > > > I would just get rid of this comment since it's documenting what the
code
> is
> > > > doing.
> > > 
> > > This should be fixed properly. One possible fix we are talking about is to
> > > detect when the pepper font api is being called from the wrong thread, and
> > > marshal the call to the appropriate thread.
> > 
> > I don't understand this comment. That's what the SafeSender is doing
> internally?
> 
> The SafeSender will make sure the IPC runs from the right thread, correct? 

Correct>

> The
> problem is that there's a bunch of non-IPC code that runs before it even gets
to
> the point where it knows it needs to send an IPC, and that code also is not
> being called from the right thread.

I don't know what code you're talking about. But generally the pattern is on
startup we save a pointer to safe sender and then call it later on different
threads. Can't that be done here as well?

> That is the code that I'm talking about
> needing to move to a different thread (but not in this patch).

[Ilya Kulshin, 2016-07-30 00:25:20]

On 2016/07/29 23:14:08, jam wrote:
> On 2016/07/29 22:38:29, Ilya Kulshin wrote:
> > On 2016/07/29 22:34:58, jam wrote:
> > >
> >
>
https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
> > > File content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc
(right):
> > > 
> > >
> >
>
https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
> > > content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc:81: // Hack
> for
> > > crbug.com/631254: set the sender if we can get one, so that when
> > > On 2016/07/28 22:10:41, Ilya Kulshin wrote:
> > > > On 2016/07/28 22:04:43, jam wrote:
> > > > > nit: saying hack makes it sound like this should be fixed properly.
> using
> > > > > thread-safe sender is a standard pattern.
> > > > > 
> > > > > I would just get rid of this comment since it's documenting what the
> code
> > is
> > > > > doing.
> > > > 
> > > > This should be fixed properly. One possible fix we are talking about is
to
> > > > detect when the pepper font api is being called from the wrong thread,
and
> > > > marshal the call to the appropriate thread.
> > > 
> > > I don't understand this comment. That's what the SafeSender is doing
> > internally?
> > 
> > The SafeSender will make sure the IPC runs from the right thread, correct? 
> 
> Correct>
> 
> > The
> > problem is that there's a bunch of non-IPC code that runs before it even
gets
> to
> > the point where it knows it needs to send an IPC, and that code also is not
> > being called from the right thread.
> 
> I don't know what code you're talking about. But generally the pattern is on
> startup we save a pointer to safe sender and then call it later on different
> threads. Can't that be done here as well?
> 
Consider the callstack in
https://bugs.chromium.org/p/chromium/issues/detail?id=631254#c3. This is
happening during process runtime, and happens to be not on the main thread. At
the top of the stack is DWriteFontCollectionProxy, which actually calls the IPC
code. Before that there is Skia code, and before that there is blink code.
Although the code was crashing because the font proxy was unable to obtain a
sender, the blink code is also triggering DCHECKs because it is being called on
the wrong thread. The blink code is the code that I want to marshal to a
different thread (and therefore also the Skia and font proxy code that blink
will call). That marshaling will need to happen in
content::BrowserFontResource_Trusted::Describe as well as any other similar
functions that are called by the plugin code.

As far as saving a pointer to the safe sender and then calling it later on
different threads, that is exactly what this patch implements. It is still not
sufficient, because by the time it gets to the point where it needs the sender,
we are already running code on the wrong thread.

[jam, 2016-08-01 22:23:28]

On 2016/07/30 00:25:20, Ilya Kulshin wrote:
> On 2016/07/29 23:14:08, jam wrote:
> > On 2016/07/29 22:38:29, Ilya Kulshin wrote:
> > > On 2016/07/29 22:34:58, jam wrote:
> > > >
> > >
> >
>
https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
> > > > File content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc
> (right):
> > > > 
> > > >
> > >
> >
>
https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
> > > > content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc:81: //
Hack
> > for
> > > > crbug.com/631254: set the sender if we can get one, so that when
> > > > On 2016/07/28 22:10:41, Ilya Kulshin wrote:
> > > > > On 2016/07/28 22:04:43, jam wrote:
> > > > > > nit: saying hack makes it sound like this should be fixed properly.
> > using
> > > > > > thread-safe sender is a standard pattern.
> > > > > > 
> > > > > > I would just get rid of this comment since it's documenting what the
> > code
> > > is
> > > > > > doing.
> > > > > 
> > > > > This should be fixed properly. One possible fix we are talking about
is
> to
> > > > > detect when the pepper font api is being called from the wrong thread,
> and
> > > > > marshal the call to the appropriate thread.
> > > > 
> > > > I don't understand this comment. That's what the SafeSender is doing
> > > internally?
> > > 
> > > The SafeSender will make sure the IPC runs from the right thread, correct?

> > 
> > Correct>
> > 
> > > The
> > > problem is that there's a bunch of non-IPC code that runs before it even
> gets
> > to
> > > the point where it knows it needs to send an IPC, and that code also is
not
> > > being called from the right thread.
> > 
> > I don't know what code you're talking about. But generally the pattern is on
> > startup we save a pointer to safe sender and then call it later on different
> > threads. Can't that be done here as well?
> > 
> Consider the callstack in
> https://bugs.chromium.org/p/chromium/issues/detail?id=631254#c3. This is
> happening during process runtime, and happens to be not on the main thread. At
> the top of the stack is DWriteFontCollectionProxy, which actually calls the
IPC
> code. Before that there is Skia code, and before that there is blink code.
> Although the code was crashing because the font proxy was unable to obtain a
> sender, the blink code is also triggering DCHECKs because it is being called
on
> the wrong thread. The blink code is the code that I want to marshal to a
> different thread (and therefore also the Skia and font proxy code that blink
> will call). That marshaling will need to happen in
> content::BrowserFontResource_Trusted::Describe as well as any other similar
> functions that are called by the plugin code.
> 
> As far as saving a pointer to the safe sender and then calling it later on
> different threads, that is exactly what this patch implements. It is still not
> sufficient, because by the time it gets to the point where it needs the
sender,
> we are already running code on the wrong thread.

Why can't some of the blink or pepper code in that callstack have some context
that (indirectly or directly) holds onto the safe sender pointer? i.e.
InitializeDWriteFontProxy is called before blink code is running.

[Ilya Kulshin, 2016-08-01 22:30:18]

On 2016/08/01 22:23:28, jam wrote:
> On 2016/07/30 00:25:20, Ilya Kulshin wrote:
> > On 2016/07/29 23:14:08, jam wrote:
> > > On 2016/07/29 22:38:29, Ilya Kulshin wrote:
> > > > On 2016/07/29 22:34:58, jam wrote:
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
> > > > > File content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc
> > (right):
> > > > > 
> > > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/2182213004/diff/120001/content/child/dwrite_f...
> > > > > content/child/dwrite_font_proxy/dwrite_font_proxy_init_win.cc:81: //
> Hack
> > > for
> > > > > crbug.com/631254: set the sender if we can get one, so that when
> > > > > On 2016/07/28 22:10:41, Ilya Kulshin wrote:
> > > > > > On 2016/07/28 22:04:43, jam wrote:
> > > > > > > nit: saying hack makes it sound like this should be fixed
properly.
> > > using
> > > > > > > thread-safe sender is a standard pattern.
> > > > > > > 
> > > > > > > I would just get rid of this comment since it's documenting what
the
> > > code
> > > > is
> > > > > > > doing.
> > > > > > 
> > > > > > This should be fixed properly. One possible fix we are talking about
> is
> > to
> > > > > > detect when the pepper font api is being called from the wrong
thread,
> > and
> > > > > > marshal the call to the appropriate thread.
> > > > > 
> > > > > I don't understand this comment. That's what the SafeSender is doing
> > > > internally?
> > > > 
> > > > The SafeSender will make sure the IPC runs from the right thread,
correct?
> 
> > > 
> > > Correct>
> > > 
> > > > The
> > > > problem is that there's a bunch of non-IPC code that runs before it even
> > gets
> > > to
> > > > the point where it knows it needs to send an IPC, and that code also is
> not
> > > > being called from the right thread.
> > > 
> > > I don't know what code you're talking about. But generally the pattern is
on
> > > startup we save a pointer to safe sender and then call it later on
different
> > > threads. Can't that be done here as well?
> > > 
> > Consider the callstack in
> > https://bugs.chromium.org/p/chromium/issues/detail?id=631254#c3. This is
> > happening during process runtime, and happens to be not on the main thread.
At
> > the top of the stack is DWriteFontCollectionProxy, which actually calls the
> IPC
> > code. Before that there is Skia code, and before that there is blink code.
> > Although the code was crashing because the font proxy was unable to obtain a
> > sender, the blink code is also triggering DCHECKs because it is being called
> on
> > the wrong thread. The blink code is the code that I want to marshal to a
> > different thread (and therefore also the Skia and font proxy code that blink
> > will call). That marshaling will need to happen in
> > content::BrowserFontResource_Trusted::Describe as well as any other similar
> > functions that are called by the plugin code.
> > 
> > As far as saving a pointer to the safe sender and then calling it later on
> > different threads, that is exactly what this patch implements. It is still
not
> > sufficient, because by the time it gets to the point where it needs the
> sender,
> > we are already running code on the wrong thread.
> 
> Why can't some of the blink or pepper code in that callstack have some context
> that (indirectly or directly) holds onto the safe sender pointer? i.e.
> InitializeDWriteFontProxy is called before blink code is running.

Blink uses the DirectWrite API to talk to the font proxy, and that doesn't have
any way to pass context, other than being object-oriented. I'm also not sure I
understand your question, since the lack of context isn't an issue - the IPC
sender is saved as a member of the object, so there's no difficulty in
retrieving the saved value once inside the font proxy code.