Issue 2560463002: aw: Fix race between first frame draw and view detach causing deadlock.

Issue 2560463002: aw: Fix race between first frame draw and view detach causing deadlock. (Closed)

Created:
4 years ago by Tobias Sargeant

Modified:
4 years ago

Reviewers:
boliu

CC:
chromium-reviews, android-webview-reviews_chromium.org

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

aw: Fix race between first frame draw and view detach causing deadlock. If a AwContents.onDetachedFromWindow occurs at simulaneously with RenderThreadManager::DrawGL, then the following sequence of events can occur: * RenderThreadManager::DrawGL creates hardware_renderer_ because a frame is ready to be committed to the HardwareRenderer. * BrowserViewRenderer::OnDetachedFromWindow calls the uncommitted frame to be returned to the child compositor. * RenderThreadManager tries to commit the frame that is just returned, leaving it in a state where neither the RenderThreadManager, nor its HardwareRenderer has a frame. Then subsequently when deleting native objects, DeleteHardwareRendererOnUI does no work, meaning that hardware_renderer_ remains set at the time that the RenderThreadManager destructor is called, leading to a DCHECK, or deadlock. In order to avoid this, we consider RenderThreadManager to have a frame (and thus need to run the synchronous RenderThread cleanup in DeleteHardwareRendererOnUI) if it has ever received a frame (stored in has_received_frame_), rather than if it or hardware_renderer_ currently has a frame. In order that BrowserViewRenderer receives the right signal post deletion of hardware_renderer_, we reset has_received_frame_ when RenderThreadManager deletes hardware_renderer_, if RenderThreadManager does not currently have a frame to commit to a new HardwareRenderer instance. BUG=668692 Committed: https://crrev.com/ff08fc807243b2317ef1c8b42f3f423496d12a76 Cr-Commit-Position: refs/heads/master@{#436672}

Patch Set 1 #

Total comments: 7

Patch Set 2 : Address review comments #

Total comments: 2

Patch Set 3 : unconditionally set has_received_frame_ to false in DeleteHardwareRendererOnUI #

Created: 4 years ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+24 lines, -14 lines)			Patch
M	android_webview/browser/browser_view_renderer.h	View	1	1 chunk	+5 lines, -1 line	0 comments	Download
M	android_webview/browser/render_thread_manager.h	View		2 chunks	+3 lines, -1 line	0 comments	Download
M	android_webview/browser/render_thread_manager.cc	View	1 2	7 chunks	+16 lines, -12 lines	0 comments	Download

Messages

Total messages: 20 (8 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

Tobias Sargeant

I had another thought on how we could fix this, which would be to add ...

4 years ago (2016-12-06 15:50:52 UTC) #2

boliu

https://codereview.chromium.org/2560463002/diff/1/android_webview/browser/render_thread_manager.cc File android_webview/browser/render_thread_manager.cc (right): https://codereview.chromium.org/2560463002/diff/1/android_webview/browser/render_thread_manager.cc#newcode187 android_webview/browser/render_thread_manager.cc:187: has_received_frame_ = true; maybe add a TODO here, this ...

4 years ago (2016-12-06 16:15:35 UTC) #5

Tobias Sargeant

https://codereview.chromium.org/2560463002/diff/1/android_webview/browser/render_thread_manager.cc File android_webview/browser/render_thread_manager.cc (right): https://codereview.chromium.org/2560463002/diff/1/android_webview/browser/render_thread_manager.cc#newcode342 android_webview/browser/render_thread_manager.cc:342: has_received_frame_ = HasFrameForHardwareRendererOnRT(); On 2016/12/06 16:15:35, boliu wrote: > ...

4 years ago (2016-12-06 16:29:27 UTC) #8

boliu

https://codereview.chromium.org/2560463002/diff/1/android_webview/browser/render_thread_manager.cc File android_webview/browser/render_thread_manager.cc (right): https://codereview.chromium.org/2560463002/diff/1/android_webview/browser/render_thread_manager.cc#newcode342 android_webview/browser/render_thread_manager.cc:342: has_received_frame_ = HasFrameForHardwareRendererOnRT(); On 2016/12/06 16:29:27, Tobias Sargeant wrote: ...

4 years ago (2016-12-06 16:34:10 UTC) #9

Tobias Sargeant

https://codereview.chromium.org/2560463002/diff/1/android_webview/browser/render_thread_manager.cc File android_webview/browser/render_thread_manager.cc (right): https://codereview.chromium.org/2560463002/diff/1/android_webview/browser/render_thread_manager.cc#newcode342 android_webview/browser/render_thread_manager.cc:342: has_received_frame_ = HasFrameForHardwareRendererOnRT(); On 2016/12/06 16:34:10, boliu wrote: > ...

4 years ago (2016-12-06 16:36:38 UTC) #10

Tobias Sargeant

4 years ago (2016-12-06 18:11:26 UTC) #11

boliu

https://codereview.chromium.org/2560463002/diff/20001/android_webview/browser/render_thread_manager.cc File android_webview/browser/render_thread_manager.cc (right): https://codereview.chromium.org/2560463002/diff/20001/android_webview/browser/render_thread_manager.cc#newcode392 android_webview/browser/render_thread_manager.cc:392: has_received_frame_ = !child_frames_.empty(); the RequestInvokeGL below has nothing to ...

4 years ago (2016-12-06 18:15:03 UTC) #12

Tobias Sargeant

4 years ago (2016-12-06 18:22:55 UTC) #13

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2560463002/40001

4 years ago (2016-12-06 18:30:24 UTC) #16

commit-bot: I haz the power

Description was changed from ========== aw: Fix race between first frame draw and view detach ...

4 years ago (2016-12-06 19:07:13 UTC) #19

Message was sent while issue was closed.

Description was changed from

==========
aw: Fix race between first frame draw and view detach causing deadlock.

If a AwContents.onDetachedFromWindow occurs at simulaneously with
RenderThreadManager::DrawGL, then the following sequence of events can
occur:

* RenderThreadManager::DrawGL creates hardware_renderer_ because a frame
  is ready to be committed to the HardwareRenderer.
* BrowserViewRenderer::OnDetachedFromWindow calls the uncommitted frame
  to be returned to the child compositor.
* RenderThreadManager tries to commit the frame that is just returned,
  leaving it in a state where neither the RenderThreadManager, nor its
  HardwareRenderer has a frame.

Then subsequently when deleting native objects, DeleteHardwareRendererOnUI
does no work, meaning that hardware_renderer_ remains set at the time
that the RenderThreadManager destructor is called, leading to a DCHECK,
or deadlock.

In order to avoid this, we consider RenderThreadManager to have a
frame (and thus need to run the synchronous RenderThread cleanup in
DeleteHardwareRendererOnUI) if it has ever received a frame (stored in
has_received_frame_), rather than if it or hardware_renderer_ currently
has a frame.

In order that BrowserViewRenderer receives the right signal post
deletion of hardware_renderer_, we reset has_received_frame_ when
RenderThreadManager deletes hardware_renderer_, if RenderThreadManager
does not currently have a frame to commit to a new HardwareRenderer
instance.

BUG=668692
==========

to

==========
aw: Fix race between first frame draw and view detach causing deadlock.

If a AwContents.onDetachedFromWindow occurs at simulaneously with
RenderThreadManager::DrawGL, then the following sequence of events can
occur:

* RenderThreadManager::DrawGL creates hardware_renderer_ because a frame
  is ready to be committed to the HardwareRenderer.
* BrowserViewRenderer::OnDetachedFromWindow calls the uncommitted frame
  to be returned to the child compositor.
* RenderThreadManager tries to commit the frame that is just returned,
  leaving it in a state where neither the RenderThreadManager, nor its
  HardwareRenderer has a frame.

Then subsequently when deleting native objects, DeleteHardwareRendererOnUI
does no work, meaning that hardware_renderer_ remains set at the time
that the RenderThreadManager destructor is called, leading to a DCHECK,
or deadlock.

In order to avoid this, we consider RenderThreadManager to have a
frame (and thus need to run the synchronous RenderThread cleanup in
DeleteHardwareRendererOnUI) if it has ever received a frame (stored in
has_received_frame_), rather than if it or hardware_renderer_ currently
has a frame.

In order that BrowserViewRenderer receives the right signal post
deletion of hardware_renderer_, we reset has_received_frame_ when
RenderThreadManager deletes hardware_renderer_, if RenderThreadManager
does not currently have a frame to commit to a new HardwareRenderer
instance.

BUG=668692

Committed: https://crrev.com/ff08fc807243b2317ef1c8b42f3f423496d12a76
Cr-Commit-Position: refs/heads/master@{#436672}
==========

commit-bot: I haz the power

4 years ago (2016-12-06 19:07:14 UTC) #20

Message was sent while issue was closed.

Patchset 3 (id:??) landed as
https://crrev.com/ff08fc807243b2317ef1c8b42f3f423496d12a76
Cr-Commit-Position: refs/heads/master@{#436672}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages