Fix nested message loop handling

Bug #1536797 reported by Chris Coulson on 2016-01-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Oxide
Medium
Chris Coulson

Bug Description

I've reviewed the behaviour of Oxide if Qt or an application executes a nested QEventLoop on the main thread. This is needed to ensure we can safely handle drag and drop:

- Scenario 1: QEventLoop executed with no Chromium code on the stack.
In this case, the nested loop will pump the Chromium event queue as normal, and this is fine because there are no nested Chromium tasks.

- Scenario 2: QEventLoop executed from a non-nested Chromium task.
In this case, the nested loop will pump the Chromium event queue by re-entering oxide::qt::MessagePump::RunOneTask()
  - It doesn't look like there's any re-entrancy issues here.
  - MessageLoop::DoWork() will not run any tasks because the MessageLoop is in a task and nestable tasks haven't been explicitly allowed (MessageLoop::nestable_tasks_allowed_ is set to false in RunTask).
  - MessageLoop::DoDelayedWork() - same as DoWork()
  - MessageLoop::DoIdleWork() will process tasks from the deferred non-nestable work queue. This is a bug, as DoIdleWork() should not run tasks in a nested loop.

The last point seems like an edge case - tasks are only added to this work queue via nested calls to DoWork() and DoDelayedWork() when nestable tasks are allowed but the task isn't nestable. We don't do this anywhere in Oxide, although that doesn't mean it couldn't happen elsewhere in Chromium.

- Scenario 3: QEventLoop executed from a nested Chromium task (via RunLoop::Run)
As 2, above. Nested tasks are still blocked in DoIdle() and DoDelayedWork() because RunTask clears MessageLoop::nestable_tasks_allowed_ before running the nested task. However, DoIdleWork() will behave correctly here because the RunLoop::run_depth_ check in MessageLoop::ProcessNextDelayedNonNestableTask() will work.

- Scenario 4: QEventLoop executed from a non-nested Chromium task with nestable tasks enabled (via MessageLoop::ScopedNestableTaskAllower)
In this case, the nested loop will pump the Chromium event queue by re-entering oxide::qt::MessagePump::RunOneTask().
  - MessageLoop::DoWork() will run any task. It's a bug that it will run non-nestable tasks too.
  - MessageLoop::DoDelayedWork() - same as DoWork().
  - MessageLoop::DoIdleWork() will process tasks from the deferred non-nestable work queue. As mentioned in 2, above - this is a bug.

- Scenario 5: QEventLoop executed from a nested Chromium task (via RunLoop::Run) with nestable tasks enabled (via MessageLoop::ScopedNestableTaskAllower)
  - MessageLoop::DoWork() will run nestable tasks. Non-nestable tasks will be correctly blocked.
  - MessageLoop::DoDelayedWork() - same as DoWork().
  - MessageLoop::DoIdleWork() won't process any tasks, as expected.

It seems like we should detect re-entrancy from a nested QEventLoop in oxide::qt::MessagePump::RunOneTask() and increase the RunLoop depth. We could do this by adding an extra bit to RunState, that we set when calling in to MessageLoop.
- If we re-enter from a nested QEventLoop, the extra bit on the current RunState will be set. In this case, we should create a new RunLoop instance before calling in to MessageLoop.
- A nested RunLoop creates a new RunState in our MessagePump. In this case, we won't trigger the re-entrancy detection (and we don't need to because we already have the correct RunLoop depth)

After this is fixed, a nested QEventLoop created outside of Oxide will process Qt events but won't run any Oxide or Chromium tasks unless the call out of Oxide enables nestable tasks with MessageLoop::ScopedNestableTaskAllower.

Looking at the broken cases above:
- MessageLoop::DoIdleWork() will behave correctly because the RunLoop::run_depth_ check in MessageLoop::ProcessNextDelayedNonNestableTask() will always work.
- In scenario 4 (which will most likely happen with drag and drop), MessageLoop::DoWork() and MessageLoop::DoDelayedWork() won't run non-nestable tasks because the RunLoop::run_depth_ check in MessageLoop::DeferOrRunPendingTask() will always work.

Changed in oxide:
importance: Undecided → Medium
status: New → Triaged
description: updated
description: updated
Changed in oxide:
assignee: nobody → Chris Coulson (chrisccoulson)
milestone: none → branch-1.13
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers