[wasm] Fix worker termination while compiling

If a web worker terminates while a wasm finisher task is scheduled, we try to cancel that task even though the platform already deleted it. This results in UBSan failures, ASan failures or crashes. This CL fixes this by deregistering the foreground task when it is deleted before being executed. A layout test for this will be added to chromium in https://crrev.com/c/1209602. R=ahaas@chromium.org Bug: chromium:875579 Change-Id: Icae43a9dcc6dc16c872851961894bf8bc0872de8 Reviewed-on: https://chromium-review.googlesource.com/1209344 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#55689}

[wasm] Fix worker termination while compiling
If a web worker terminates while a wasm finisher task is scheduled, we try to cancel that task even though the platform already deleted it. This results in UBSan failures, ASan failures or crashes. This CL fixes this by deregistering the foreground task when it is deleted before being executed. A layout test for this will be added to chromium in https://crrev.com/c/1209602. R=ahaas@chromium.org Bug: chromium:875579 Change-Id: Icae43a9dcc6dc16c872851961894bf8bc0872de8 Reviewed-on: https://chromium-review.googlesource.com/1209344 Commit-Queue: Clemens Hammacher <clemensh@chromium.org> Reviewed-by: Andreas Haas <ahaas@chromium.org> Cr-Commit-Position: refs/heads/master@{#55689}
98bdaf98 · Clemens Hammacher · Commit Bot · fff26af9 · 98bdaf98
Commit 98bdaf98 authored Sep 06, 2018 by Clemens Hammacher Committed by Commit Bot Sep 06, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 3 deletions

module-compiler.cc src/wasm/module-compiler.cc +15 -3

No files found.
--- a/src/wasm/module-compiler.cc
+++ b/src/wasm/module-compiler.cc
@@ -2257,8 +2257,6 @@ class AsyncCompileJob::CompileStep {

  void Run(bool on_foreground) {
    if (on_foreground) {
-      DCHECK_NOT_NULL(job_->pending_foreground_task_);
-      job_->pending_foreground_task_ = nullptr;
      HandleScope scope(job_->isolate_);
      SaveContext saved_context(job_->isolate_);
      job_->isolate_->set_context(*job_->native_context_);
@@ -2286,8 +2284,17 @@ class AsyncCompileJob::CompileTask : public CancelableTask {
        job_(job),
        on_foreground_(on_foreground) {}

+  ~CompileTask() {
+    if (job_ != nullptr && on_foreground_) ResetPendingForegroundTask();
+  }
+
  void RunInternal() final {
-    if (job_) job_->step_->Run(on_foreground_);
+    if (!job_) return;
+    if (on_foreground_) ResetPendingForegroundTask();
+    job_->step_->Run(on_foreground_);
+    // After execution, reset {job_} such that we don't try to reset the pending
+    // foreground task when the task is deleted.
+    job_ = nullptr;
  }

  void Cancel() {
@@ -2299,6 +2306,11 @@ class AsyncCompileJob::CompileTask : public CancelableTask {
  // {job_} will be cleared to cancel a pending task.
  AsyncCompileJob* job_;
  bool on_foreground_;
+
+  void ResetPendingForegroundTask() const {
+    DCHECK_EQ(this, job_->pending_foreground_task_);
+    job_->pending_foreground_task_ = nullptr;
+  }
 };

 void AsyncCompileJob::StartForegroundTask() {