JDK-8189159 : HTMLEditor inside FXCanvas crashes JVM
  • Type: Bug
  • Component: javafx
  • Sub-Component: web
  • Affected Version: 8u131,9,10
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • OS: linux
  • CPU: x86_64
  • Submitted: 2017-10-10
  • Updated: 2017-12-05
  • Resolved: 2017-12-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 10
10Resolved
Related Reports
Blocks :  
JDK-8187483 - Update to 605.1 version of WebKit
Duplicate :  
JDK-8187483 - Update to 605.1 version of WebKit
Description
FULL PRODUCT VERSION :
1.8.0_152
1.8.0_144
1.8.0_121

ADDITIONAL OS VERSION INFORMATION :
Ubuntu 16.04.3 LTS (Linux 4.4.0-87-generic #110-Ubuntu SMP x86_64 x86_64 x86_64 GNU/Linux)
Red Hat 6
Red Hat 7

A DESCRIPTION OF THE PROBLEM :
We are developing a (Eclipse 3)-SWT Application, where we use FXCanvas to embedd a JavaFX HTMLEditor. We are experiencing JVM crashes and after debugging we found out that they are related to the HTMLEditor:

The HTMLEditor constructs a toolbar and makes native calls to the WebKit libraries. There it queries
if certain actions (e.g. cut, copy) are enabled. For some reason due to timing issues, the native
call sometimes crash (see actual result).

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1) Create a SWT Java Application (see source code)
2) add swt.jar to the class path (http://download.eclipse.org/eclipse/downloads/)
3) add jfxswt.jar from the jre to the class path
4) Run Application

The provided source code is not the only way to run into this bug, however it's the only way to reproduce it in a simple reliable way. In fact, in our application we are only embedding ONE HTMLEditor instance and it crashes. 

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Dialog appears and shows 5 HTMLEditor Instances, in a vertical layout
ACTUAL -
JVM Crashes

ERROR MESSAGES/STACK TRACES THAT OCCUR :
pure virtual method called
terminate called without an active exception

------------------------

Debugging the core Dump Shows the following Backtrace:
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/home/dominic/programs/jdk/jre1.8.0_152/bin/java -Dfile.encoding=ANSI_X3.4-1968'.
Program terminated with signal SIGABRT, Aborted.
#0  0x00007f83158cb428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54	../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
[Current thread is 1 (Thread 0x7f8316488700 (LWP 18481))]
(gdb) bt
#0  0x00007f83158cb428 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007f83158cd02a in __GI_abort () at abort.c:89
#2  0x00007f83151ee4b5 in os::abort(bool) () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/server/libjvm.so
#3  0x00007f831538c4b3 in VMError::report_and_die() () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/server/libjvm.so
#4  0x00007f83151f43ff in JVM_handle_linux_signal () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/server/libjvm.so
#5  0x00007f83151ea483 in signalHandler(int, siginfo*, void*) () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/server/libjvm.so
#6  <signal handler called>
#7  0x0000000000000000 in ?? ()
#8  0x00007f82961700d2 in WebCore::Editor::dispatchCPPEvent(WTF::AtomicString const&, WebCore::DataTransferAccessPolicy) ()
   from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/libjfxwebkit.so
#9  0x00007f82961701f7 in WebCore::Editor::canDHTMLCopy() () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/libjfxwebkit.so
#10 0x00007f829617e490 in WebCore::enabledCopy(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource) ()
   from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/libjfxwebkit.so
#11 0x00007f8296aeee28 in Java_com_sun_webkit_WebPage_twkQueryCommandEnabled () from /home/dominic/programs/jdk/jre1.8.0_152/lib/amd64/libjfxwebkit.so
#12 0x00007f8300390774 in ?? ()
#13 0x00007f8316482188 in ?? ()
#14 0x00007f83003807d0 in ?? ()
#15 0x00007f83003807d0 in ?? ()
#16 0x000000076f044fa0 in ?? ()
#17 0x000000076f1020d8 in ?? ()
#18 0x00007f8316482148 in ?? ()
#19 0x0000000000000000 in ?? ()


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import org.eclipse.swt.SWT;
import org.eclipse.swt.layout.FillLayout;
import org.eclipse.swt.widgets.Display;
import org.eclipse.swt.widgets.Shell;

import javafx.embed.swt.FXCanvas;
import javafx.scene.Scene;
import javafx.scene.layout.VBox;
import javafx.scene.web.HTMLEditor;

public class HTMLEditorCrash {
	public static void main(String[] args) {
		// Create SWT Shell
		Shell shell = new Shell(new Display());
		shell.setLayout(new FillLayout());

		// Create FXCanvas with scene
		new FXCanvas(shell, SWT.NONE).setScene(createScene());

		// Open Shell
		shell.open();
		while (!shell.isDisposed()) {
			if (!shell.getDisplay()
					.readAndDispatch()) {
				shell.getDisplay()
						.sleep();
			}
		}
		shell.getDisplay()
				.dispose();
	}

	public static Scene createScene() {
		VBox box = new VBox();

		// Crashes the VM
		box.getChildren()
				.add(new HTMLEditor());
		box.getChildren()
				.add(new HTMLEditor());
		box.getChildren()
				.add(new HTMLEditor());
		box.getChildren()
				.add(new HTMLEditor());
		box.getChildren()
				.add(new HTMLEditor());

		return new Scene(box, 500, 500);
	}
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Instead of adding the HTMLEditor directly:
box.getChildren()	.add(new HTMLEditor());

Do the following:
HTMLEditor editor = new HTMLEditor();
Platform.runLater(() -> box.getChildren().add(editor));

Explaination:
new HTMLEditor() will implicitly create an instance of HTMLEditorSkin. This will execute the HTMLEditorSkin constructor, which will call HTMLEditorSkin::enableToolbar(true) (HTMLEditorSkin.java:452).
Adding the HTMLEditor instance to box.getChildren()	 will trigger the layout method, which results in calling HTMLEditorSkin::populateToolbars().
This is where the timing issues occur. There are two possibilities:
1) if populateToolbars is called before enableToolbar, the enableToolBar method will call HTMLEditorSkin::isCommandEnabled(...) which will call WebPage, resulting in calls of WebKit C Libraries.
2) if enableToolbar is called before populateToolbars, the command enablement will not be checked due to a garding condition (HTMLEditorSkin.java:1000).

The provided workaround leads to always calling enableToolbar at first, hence the erorr does not appear.
Comments
Ignoring the crash due to SWT 4.x. Crash from WebView is reproducible (3 / 10 times) by running with latest 10-dev on Linux. Which either creates a hs_err_pidxxxxx.log file or core dump. call stack from Core dump and hs_err_pidxxxxx.log (~ to hs_err_pid6544.log) are same i.e top of stack points to WebCore::Editor::dispatchCPPEvent(WTF::AtomicString const&, WebCore::DataTransferAccessPolicy)+0xb3. Initial analysis : Test application creates 5 HTMLEditor and checks for "copy" and "cut" from webEngine.queryCommandEnabled(). Crash occurs during these step.
12-10-2017
I can also reproduce it as far back as 8u131 (I didn't try with earlier versions), so it isn't specific to the 604.1 WebKit. I don't get an hs_err file with JDK 8u131, as also happens on JDK 9.
11-10-2017
One thing to note is that on Linux, SWT 4.x versions use GTK 3 by default, which is unsupported by JDK 8 (you won't even get past FX runtime initialization if GTK 3 has already been loaded). You either need to use GTK 3.x or set the following env variable before running the program: export SWT_GTK3=0 See JDK-8089584 for more details. Note that the hs_err_pid26951.log file shows the GTK 2 / GTK 3 mismatch problem, so is not a valid indication of this problem.
11-10-2017
I can also reproduce it in JDK 10 (which uses the 604.1 WebKit) and I get a similar stack trace in 10.
11-10-2017
Attached hs_err_pid6544.log which was generated using SWT 3.x (which uses GTK 2).
11-10-2017
I ran it several more times and I do get occasional crashes on both JDK 8u152 and JDK 9. It happens about 1/3 of the time. I note that with JDK 9 I don't get a stack trace or hs_err file, so it may be easier to debug on 8u.
11-10-2017
Tested on Linux Physical instance (rather than VM). May be this crash is not reproducible on Virtual Box.
11-10-2017
Raising the priority to P3 since we get a consistent crash (it is Linux-specific so not P2). This could be related to a mismatch in GTK versions, which is a known problem in JDK 8, which only supports GTK 2. If so, then this is fixed in 9 and has a known workaround in 8. I will test it.
11-10-2017
It is invalid to use jfxswt.jar from JDK 8 to run with JDK 9. Rather, you need to do the following to run an swt app on JDK 9: java --module-path $JAVA_HOME/lib/javafx-swt.jar --add-modules javafx.swt -cp .:../swt.jar HTMLEditorCrash
11-10-2017
1.8.0_162-ea-b01 : Could reproduce the crash "hs_err_pid26951.log" 9ea181 : (used jfxswt.jar from 8u162 got the below exception) java -cp .:./swt.jar:./jfxswt.jar HTMLEditorCrash Exception in thread "JavaFX Application Thread" java.lang.NoSuchMethodError: com.sun.javafx.embed.EmbeddedSceneInterface.setPixelScaleFactor(F)V at javafx.embed.swt.FXCanvas$HostContainer.setEmbeddedScene(FXCanvas.java:1037) at javafx.graphics/com.sun.javafx.tk.quantum.EmbeddedScene.setStage(EmbeddedScene.java:122) at javafx.graphics/com.sun.javafx.tk.quantum.GlassStage.setScene(GlassStage.java:135) at javafx.graphics/com.sun.javafx.tk.quantum.EmbeddedStage.setScene(EmbeddedStage.java:62) at javafx.graphics/javafx.stage.Window$SceneModel.updatePeerScene(Window.java:848) at javafx.graphics/javafx.stage.Window$SceneModel.invalidated(Window.java:817) at javafx.base/javafx.beans.property.ObjectPropertyBase.markInvalid(ObjectPropertyBase.java:112) at javafx.base/javafx.beans.property.ObjectPropertyBase.set(ObjectPropertyBase.java:147) at javafx.graphics/javafx.stage.Window.setScene(Window.java:782) at javafx.graphics/com.sun.javafx.stage.EmbeddedWindow.setScene(EmbeddedWindow.java:64) at javafx.embed.swt.FXCanvas.setScene(FXCanvas.java:375) at HTMLEditorCrash.main(HTMLEditorCrash.java:18) 9ea182 used jdk-9/lib/javafx-swt.jar : javac -cp ./swt.jar:./javafx-swt.jar HTMLEditorCrash.java java -cp .:./swt.jar:./javafx-swt.jar HTMLEditorCrash // Got the crash with core dump. pure virtual method called terminate called without an active exception Aborted (core dumped)
11-10-2017
Checked in Windows 10 Pro(version 1607) and Ubuntu 16.04.3 LTS, but could not reproduce the crash using 8u121, 8u144, 8u152 and 9-ea+181. Steps to reproduce in Ubuntu: javac -cp .:/../../8u144/jdk1.8.0_144/jre/lib/jfxswt.jar:swt.jar HTMLEditorCrash.java java -cp .:/../../8u144/jdk1.8.0_144/jre/lib/jfxswt.jar:swt.jar HTMLEditorCrash PFA reproducible test case (HTMLEditorCrash.java) and swt jar for linux(swt.jar) Attached screenshot - HtmlEditor.png
11-10-2017
If we cannot reproduce this, we will probably need to close it as such.
11-10-2017