Skip to site navigation (Press enter)

[webkit-changes] [202821] trunk/Source/WebCore

beidson Tue, 05 Jul 2016 11:04:51 -0700

Title: [202821] trunk/Source/WebCore

Revision: 202821
Author: [email protected]
Date: 2016-07-05 11:04:28 -0700 (Tue, 05 Jul 2016)

Log Message

TransactionOperations can get destroyed on the wrong thread.
https://bugs.webkit.org/show_bug.cgi?id=159103


Reviewed by Alex Christensen.

No new tests (Very racy, not feasible to write a dedicated test for, caught on bots occasionally as-is).

* Modules/indexeddb/IDBActiveDOMObject.h:
(WebCore::IDBActiveDOMObject::callFunctionOnOriginThread):

* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::completeOperation): Pass the last ref to the operation to its
  origin thread to be deleted there.

* Modules/indexeddb/client/TransactionOperation.h:
(WebCore::IDBClient::TransactionOperation::performCompleteOnOriginThread):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/Modules/indexeddb/IDBActiveDOMObject.h
trunk/Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp
trunk/Source/WebCore/Modules/indexeddb/client/TransactionOperation.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (202820 => 202821)


--- trunk/Source/WebCore/ChangeLog	2016-07-05 16:57:51 UTC (rev 202820)
+++ trunk/Source/WebCore/ChangeLog	2016-07-05 18:04:28 UTC (rev 202821)
@@ -1,3 +1,22 @@
+2016-07-05  Brady Eidson  <[email protected]>
+
+        TransactionOperations can get destroyed on the wrong thread.
+        https://bugs.webkit.org/show_bug.cgi?id=159103
+
+        Reviewed by Alex Christensen.
+
+        No new tests (Very racy, not feasible to write a dedicated test for, caught on bots occasionally as-is).
+
+        * Modules/indexeddb/IDBActiveDOMObject.h:
+        (WebCore::IDBActiveDOMObject::callFunctionOnOriginThread):
+        
+        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
+        (WebCore::IDBClient::IDBConnectionProxy::completeOperation): Pass the last ref to the operation to its
+          origin thread to be deleted there.
+        
+        * Modules/indexeddb/client/TransactionOperation.h:
+        (WebCore::IDBClient::TransactionOperation::performCompleteOnOriginThread):
+
 2016-07-05  Youenn Fablet  <[email protected]>
 
         Remove CredentialRequest ResourceLoaderOptions

Modified: trunk/Source/WebCore/Modules/indexeddb/IDBActiveDOMObject.h (202820 => 202821)


--- trunk/Source/WebCore/Modules/indexeddb/IDBActiveDOMObject.h	2016-07-05 16:57:51 UTC (rev 202820)
+++ trunk/Source/WebCore/Modules/indexeddb/IDBActiveDOMObject.h	2016-07-05 18:04:28 UTC (rev 202821)
@@ -63,6 +63,22 @@
         context->postCrossThreadTask(object, method, arguments...);
     }
 
+    void callFunctionOnOriginThread(Function<void ()>&& function)
+    {
+        if (originThreadID() == currentThread()) {
+            function();
+            return;
+        }
+
+        Locker<Lock> lock(m_scriptExecutionContextLock);
+
+        ScriptExecutionContext* context = scriptExecutionContext();
+        if (!context)
+            return;
+
+        context->postTask(WTFMove(function));
+    }
+
 protected:
     IDBActiveDOMObject(ScriptExecutionContext* context)
         : ActiveDOMObject(context)

Modified: trunk/Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp (202820 => 202821)


--- trunk/Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp	2016-07-05 16:57:51 UTC (rev 202820)
+++ trunk/Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp	2016-07-05 18:04:28 UTC (rev 202821)
@@ -223,7 +223,7 @@
     if (!operation)
         return;
 
-    operation->performCompleteOnOriginThread(resultData);
+    operation->performCompleteOnOriginThread(resultData, WTFMove(operation));
 }
 
 void IDBConnectionProxy::abortOpenAndUpgradeNeeded(uint64_t databaseConnectionIdentifier, const IDBResourceIdentifier& transactionIdentifier)

Modified: trunk/Source/WebCore/Modules/indexeddb/client/TransactionOperation.h (202820 => 202821)


--- trunk/Source/WebCore/Modules/indexeddb/client/TransactionOperation.h	2016-07-05 16:57:51 UTC (rev 202820)
+++ trunk/Source/WebCore/Modules/indexeddb/client/TransactionOperation.h	2016-07-05 18:04:28 UTC (rev 202821)
@@ -62,14 +62,17 @@
         m_performFunction = { };
     }
 
-    void performCompleteOnOriginThread(const IDBResultData& data)
+    void performCompleteOnOriginThread(const IDBResultData& data, RefPtr<TransactionOperation>&& lastRef)
     {
         ASSERT(isMainThread());
 
         if (m_originThreadID == currentThread())
             completed(data);
-        else
+        else {
             m_transaction->performCallbackOnOriginThread(*this, &TransactionOperation::completed, data);
+            m_transaction->callFunctionOnOriginThread([lastRef = WTFMove(lastRef)]() {
+            });
+        }
     }
 
     void completed(const IDBResultData& data)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes