Panic on attempting to get BC info for dis-similar origin iframe #27146
Description
This happens in of intermittents tests, and I think it's worth highlight separately.
Appears to be some race condition related to the "remote window proxies", aka dis-similar origin windows, where the iframe is in one script-thread, and the actual BC/Window "inside" the iframe is in another script-thread. In such a case the constellation is used sometimes to coordinate between the two script-threads.
Since the sequence of the crash is:
- handle a message from the constellation, via
ScriptThread::handle_msg_from_constellation - crash on
ScriptThread::remote_window_proxy.
I'm almost certain the message is ConstellationControlMsg::PostMessage. So it appears the "other window" is messaging with the script-thread that is crashing, probably because the "other window" has already gone away by the time the message has been received and the other script-thread is trying to handle it?
There is actually a FIXME in the relevant code, see
servo/components/script/script_thread.rs
Line 2614 in 8713954
I can't guarantee this FIXME is actually about this problem, but it could be related. In any case, that would be a good place to start looking.
Relevant intermittent tests are at:
crash is
▶ CRASH [expected TIMEOUT] /html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_nonescaping-2.html
│
│ error: XDG_RUNTIME_DIR not set in the environment.
│ libEGL warning: No hardware driver found, falling back to software rendering
│ [2020-07-02T03:21:17Z ERROR servo::browser] Multiple top level browsing contexts not supported yet.
│ Failed to get browsing context info from constellation.: Disconnected (thread ScriptThread PipelineId { namespace_id: PipelineNamespaceId(2), index: PipelineIndex(3) }, at components/script/script_thread.rs:3050)
│ 0: servo::backtrace::print
│ 1: servo::main::{{closure}}
│ 2: std::panicking::rust_panic_with_hook
│ at /rustc/0ca7f74dbd23a3e8ec491cd3438f490a3ac22741/src/libstd/panicking.rs:524
│ 3: rust_begin_unwind
│ at /rustc/0ca7f74dbd23a3e8ec491cd3438f490a3ac22741/src/libstd/panicking.rs:431
│ 4: core::panicking::panic_fmt
│ at /rustc/0ca7f74dbd23a3e8ec491cd3438f490a3ac22741/src/libcore/panicking.rs:85
│ 5: core::option::expect_none_failed
│ at /rustc/0ca7f74dbd23a3e8ec491cd3438f490a3ac22741/src/libcore/option.rs:1269
│ 6: script::script_thread::ScriptThread::remote_window_proxy
│ 7: script::script_thread::ScriptThread::handle_msg_from_constellation
│ 8: script::script_thread::ScriptThread::handle_msgs
│ 9: script::script_thread::ScriptThread::start
│ 10: profile_traits::mem::ProfilerChan::run_with_memory_reporting
│ 11: std::sys_common::backtrace::__rust_begin_short_backtrace
│ 12: core::ops::function::FnOnce::call_once{{vtable.shim}}
│ 13: <alloc::boxed::Box<F> as core::ops::function::FnOnce<A>>::call_once
│ at /rustc/0ca7f74dbd23a3e8ec491cd3438f490a3ac22741/src/liballoc/boxed.rs:1078
│ <alloc::boxed::Box<F> as core::ops::function::FnOnce<A>>::call_once
│ at /rustc/0ca7f74dbd23a3e8ec491cd3438f490a3ac22741/src/liballoc/boxed.rs:1078
│ std::sys::unix::thread::Thread::new::thread_start