[webkit-changes] [252897] trunk/Source/WebCore

[youenn]

Title: [252897] trunk/Source/WebCore

Revision

252897

Author

you...@apple.com

Date

2019-11-27 00:55:48 -0800 (Wed, 27 Nov 2019)

Log Message

Protect ServiceWorkerThreadProxy while being stopped
https://bugs.webkit.org/show_bug.cgi?id=204610
<rdar://problem/57476332>

Reviewed by Chris Dumez.

Reuse stop implementation in terminateWorker for stopAllServiceWorkers.
Move the worker map value from RefPtr to Ref.
Covered by existing tests no longer crashing.

* workers/service/context/SWContextManager.cpp:
(WebCore::SWContextManager::terminateWorker):
(WebCore::SWContextManager::stopWorker):
(WebCore::SWContextManager::forEachServiceWorkerThread):
(WebCore::SWContextManager::stopAllServiceWorkers):
* workers/service/context/SWContextManager.h:

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/workers/service/context/SWContextManager.cpp
• trunk/Source/WebCore/workers/service/context/SWContextManager.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (252896 => 252897)

--- trunk/Source/WebCore/ChangeLog	2019-11-27 04:57:33 UTC (rev 252896)
+++ trunk/Source/WebCore/ChangeLog	2019-11-27 08:55:48 UTC (rev 252897)
@@ -1,3 +1,22 @@
+2019-11-27  youenn fablet  <you...@apple.com>
+
+        Protect ServiceWorkerThreadProxy while being stopped
+        https://bugs.webkit.org/show_bug.cgi?id=204610
+        <rdar://problem/57476332>
+
+        Reviewed by Chris Dumez.
+
+        Reuse stop implementation in terminateWorker for stopAllServiceWorkers.
+        Move the worker map value from RefPtr to Ref.
+        Covered by existing tests no longer crashing.
+
+        * workers/service/context/SWContextManager.cpp:
+        (WebCore::SWContextManager::terminateWorker):
+        (WebCore::SWContextManager::stopWorker):
+        (WebCore::SWContextManager::forEachServiceWorkerThread):
+        (WebCore::SWContextManager::stopAllServiceWorkers):
+        * workers/service/context/SWContextManager.h:
+
 2019-11-26  Chris Dumez  <cdu...@apple.com>
 
         Drop ActiveDOMObject::shouldPreventEnteringBackForwardCache_DEPRECATED()

Modified: trunk/Source/WebCore/workers/service/context/SWContextManager.cpp (252896 => 252897)

--- trunk/Source/WebCore/workers/service/context/SWContextManager.cpp	2019-11-27 04:57:33 UTC (rev 252896)
+++ trunk/Source/WebCore/workers/service/context/SWContextManager.cpp	2019-11-27 08:55:48 UTC (rev 252897)
@@ -125,13 +125,18 @@
             completionHandler();
         return;
     }
+    stopWorker(*serviceWorker, timeout, WTFMove(completionHandler));
+}
 
-    serviceWorker->setAsTerminatingOrTerminated();
+void SWContextManager::stopWorker(ServiceWorkerThreadProxy& serviceWorker, Seconds timeout, Function<void()>&& completionHandler)
+{
+    auto identifier = serviceWorker.identifier();
+    serviceWorker.setAsTerminatingOrTerminated();
 
     m_pendingServiceWorkerTerminationRequests.add(identifier, makeUnique<ServiceWorkerTerminationRequest>(*this, identifier, timeout));
 
-    auto& thread = serviceWorker->thread();
-    thread.stop([this, identifier, serviceWorker = WTFMove(serviceWorker), completionHandler = WTFMove(completionHandler)]() mutable {
+    auto& thread = serviceWorker.thread();
+    thread.stop([this, identifier, serviceWorker = makeRef(serviceWorker), completionHandler = WTFMove(completionHandler)]() mutable {
         m_pendingServiceWorkerTerminationRequests.remove(identifier);
 
         if (auto* connection = SWContextManager::singleton().connection())
@@ -149,7 +154,7 @@
 void SWContextManager::forEachServiceWorkerThread(const WTF::Function<void(ServiceWorkerThreadProxy&)>& apply)
 {
     for (auto& workerThread : m_workerMap.values())
-        apply(*workerThread);
+        apply(workerThread);
 }
 
 bool SWContextManager::postTaskToServiceWorker(ServiceWorkerIdentifier identifier, WTF::Function<void(ServiceWorkerGlobalScope&)>&& task)
@@ -180,11 +185,8 @@
 void SWContextManager::stopAllServiceWorkers()
 {
     auto serviceWorkers = WTFMove(m_workerMap);
-    for (auto& serviceWorker : serviceWorkers.values()) {
-        serviceWorker->setAsTerminatingOrTerminated();
-        m_pendingServiceWorkerTerminationRequests.add(serviceWorker->identifier(), makeUnique<ServiceWorkerTerminationRequest>(*this, serviceWorker->identifier(), workerTerminationTimeout));
-        serviceWorker->thread().stop([] { });
-    }
+    for (auto& serviceWorker : serviceWorkers.values())
+        stopWorker(serviceWorker, workerTerminationTimeout, [] { });
 }
 
 } // namespace WebCore

Modified: trunk/Source/WebCore/workers/service/context/SWContextManager.h (252896 => 252897)

--- trunk/Source/WebCore/workers/service/context/SWContextManager.h	2019-11-27 04:57:33 UTC (rev 252896)
+++ trunk/Source/WebCore/workers/service/context/SWContextManager.h	2019-11-27 08:55:48 UTC (rev 252897)
@@ -106,7 +106,9 @@
     void startedServiceWorker(Optional<ServiceWorkerJobDataIdentifier>, ServiceWorkerIdentifier, const String& exceptionMessage, bool doesHandleFetch);
     NO_RETURN_DUE_TO_CRASH void serviceWorkerFailedToTerminate(ServiceWorkerIdentifier);
 
-    HashMap<ServiceWorkerIdentifier, RefPtr<ServiceWorkerThreadProxy>> m_workerMap;
+    void stopWorker(ServiceWorkerThreadProxy&, Seconds, Function<void()>&&);
+
+    HashMap<ServiceWorkerIdentifier, Ref<ServiceWorkerThreadProxy>> m_workerMap;
     std::unique_ptr<Connection> m_connection;
     ServiceWorkerCreationCallback* m_serviceWorkerCreationCallback { nullptr };
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes