[webkit-changes] [219591] trunk/Source/WebCore

[beidson]

Title: [219591] trunk/Source/WebCore

Revision

219591

Author

beid...@apple.com

Date

2017-07-17 17:25:09 -0700 (Mon, 17 Jul 2017)

Log Message

REGRESSION(r219298): imported/w3c/IndexedDB-private-browsing/idbfactory_open.html is crashing occassionaly (UniqueIDBDatabase being taken from the IDBServer set twice).
<rdar://problem/33294987> and https://bugs.webkit.org/show_bug.cgi?id=174354

Reviewed by Alex Christensen.

No new tests (Covered by existing tests).

* Modules/indexeddb/server/IDBServer.cpp:
(WebCore::IDBServer::IDBServer::postDatabaseTaskReply): Remove a now invalid ASSERT

* Modules/indexeddb/server/UniqueIDBDatabase.cpp:
(WebCore::IDBServer::UniqueIDBDatabase::scheduleShutdownForClose): Add a RELEASE_ASSERT.
(WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): Instead of an ad-hoc main thread dispatch, use the "schedule task reply" system
  to keep dispatch ordering in tact.
(WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply): Remove a now invalid ASSERT
(WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete): Only take the owning pointer if the object doesn't already own itself.

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.cpp
• trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
• trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (219590 => 219591)

--- trunk/Source/WebCore/ChangeLog	2017-07-18 00:15:42 UTC (rev 219590)
+++ trunk/Source/WebCore/ChangeLog	2017-07-18 00:25:09 UTC (rev 219591)
@@ -1,3 +1,22 @@
+2017-07-17  Brady Eidson  <beid...@apple.com>
+
+        REGRESSION(r219298): imported/w3c/IndexedDB-private-browsing/idbfactory_open.html is crashing occassionaly (UniqueIDBDatabase being taken from the IDBServer set twice).
+        <rdar://problem/33294987> and https://bugs.webkit.org/show_bug.cgi?id=174354
+
+        Reviewed by Alex Christensen.
+
+        No new tests (Covered by existing tests).
+
+        * Modules/indexeddb/server/IDBServer.cpp:
+        (WebCore::IDBServer::IDBServer::postDatabaseTaskReply): Remove a now invalid ASSERT
+        
+        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
+        (WebCore::IDBServer::UniqueIDBDatabase::scheduleShutdownForClose): Add a RELEASE_ASSERT.
+        (WebCore::IDBServer::UniqueIDBDatabase::didDeleteBackingStore): Instead of an ad-hoc main thread dispatch, use the "schedule task reply" system
+          to keep dispatch ordering in tact.
+        (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply): Remove a now invalid ASSERT
+        (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete): Only take the owning pointer if the object doesn't already own itself.
+
 2017-07-17  Wenson Hsieh  <wenson_hs...@apple.com>
 
         [iOS DnD] Web process uses too much memory when beginning a drag on a very large image

Modified: trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.cpp (219590 => 219591)

--- trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.cpp	2017-07-18 00:15:42 UTC (rev 219590)
+++ trunk/Source/WebCore/Modules/indexeddb/server/IDBServer.cpp	2017-07-18 00:25:09 UTC (rev 219591)
@@ -493,10 +493,8 @@
 
 void IDBServer::postDatabaseTaskReply(CrossThreadTask&& task)
 {
-    ASSERT(!isMainThread());
     m_databaseReplyQueue.append(WTFMove(task));
 
-
     Locker<Lock> locker(m_mainThreadReplyLock);
     if (m_mainThreadReplyScheduled)
         return;

Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp (219590 => 219591)

--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp	2017-07-18 00:15:42 UTC (rev 219590)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp	2017-07-18 00:25:09 UTC (rev 219591)
@@ -274,7 +274,9 @@
 {
     ASSERT(isMainThread());
 
+    RELEASE_ASSERT(!m_owningPointerForClose);
     m_owningPointerForClose = m_server.closeAndTakeUniqueIDBDatabase(*this);
+
     postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::shutdownForClose));
 }
 
@@ -337,8 +339,12 @@
         ASSERT(m_databaseQueue.isEmpty());
         ASSERT(m_databaseReplyQueue.isEmpty());
         m_databaseQueue.kill();
-        m_databaseReplyQueue.kill();
-        callOnMainThread([owningRef = m_server.closeAndTakeUniqueIDBDatabase(*this)]{ });
+
+        RELEASE_ASSERT(!m_owningPointerForClose);
+        m_owningPointerForClose = m_server.closeAndTakeUniqueIDBDatabase(*this);
+        ASSERT(m_owningPointerForClose);
+
+        postDatabaseTaskReply(createCrossThreadTask(*this, &UniqueIDBDatabase::didShutdownForClose));
         return;
     }
 
@@ -1742,8 +1748,6 @@
 
 void UniqueIDBDatabase::postDatabaseTaskReply(CrossThreadTask&& task)
 {
-    ASSERT(!isMainThread());
-
     m_databaseReplyQueue.append(WTFMove(task));
     m_server.postDatabaseTaskReply(createCrossThreadTask(*this, &UniqueIDBDatabase::executeNextDatabaseTaskReply));
 }
@@ -1777,6 +1781,10 @@
 void UniqueIDBDatabase::maybeFinishHardClose()
 {
     if (m_owningPointerForClose && isDoneWithHardClose()) {
+        if (m_owningPointerReleaseScheduled)
+            return;
+        m_owningPointerReleaseScheduled = true;
+
         callOnMainThread([this] {
             ASSERT(isDoneWithHardClose());
             m_owningPointerForClose = nullptr;
@@ -1864,11 +1872,15 @@
     // database connections confirm that they have closed.
     m_hardClosedForUserDelete = true;
 
-    // Remove this UniqueIDBDatabase from the IDBServer's set of open databases, and let it own itself.
-    // It will dispatch back to the main thread later to finalize deleting itself.
+    // If this database already owns itself, it is already closing on the background thread.
+    // After that close completes, the next database thread task will be "delete all currently closed databases"
+    // which will also cover this database.
+    if (m_owningPointerForClose)
+        return;
+
+    // Otherwise, this database is still potentially active.
+    // So we'll have it own itself and then perform a clean unconditional delete on the background thread.
     m_owningPointerForClose = m_server.closeAndTakeUniqueIDBDatabase(*this);
-
-    // Have the database unconditionally delete itself on the database task queue.
     postDatabaseTask(createCrossThreadTask(*this, &UniqueIDBDatabase::performUnconditionalDeleteBackingStore));
 }
 

Modified: trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h (219590 => 219591)

--- trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h	2017-07-18 00:15:42 UTC (rev 219590)
+++ trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h	2017-07-18 00:25:09 UTC (rev 219591)
@@ -266,6 +266,7 @@
     CrossThreadQueue<CrossThreadTask> m_databaseReplyQueue;
 
     bool m_hardClosedForUserDelete { false };
+    bool m_owningPointerReleaseScheduled { false };
     std::unique_ptr<UniqueIDBDatabase> m_owningPointerForClose;
 
     HashSet<IDBResourceIdentifier> m_cursorPrefetches;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes