[webkit-changes] [281066] trunk/Source

[ddkilzer]

Title: [281066] trunk/Source

Revision

281066

Author

ddkil...@apple.com

Date

2021-08-15 13:05:28 -0700 (Sun, 15 Aug 2021)

Log Message

Bug 229112: ThreadSanitizer: data races of WTF::String in WebResourceLoadStatisticsStore
<https://webkit.org/b/229112>
<rdar://problem/81940951>

Reviewed by Kate Cheney.

Source/WebCore:

Covered by running layout tests with TSan in:
    http/tests/privateClickMeasurement/

* html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::parsePrivateClickMeasurement const):
- Add WTFMove() for updated SourceSite constructor.  Verified
  that this doesn't create a use-after-move issue.

* loader/PrivateClickMeasurement.h:
(WebCore::PrivateClickMeasurement::SourceSite::SourceSite):
- Change to take rvalue reference for efficiency and to match
  AttributionDestinationSite constructor.
(WebCore::PrivateClickMeasurement::SourceSite::isolatedCopy const): Add.
(WebCore::PrivateClickMeasurement::AttributionDestinationSite::isolatedCopy const): Add.
- Add isolatedCopy() methods to use in multi-threaded scenarios.

Source/WebKit:

* NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:
(WebKit::WebResourceLoadStatisticsStore::attributePrivateClickMeasurement):
- Make isolated copies of sourceSite and destinationSite to fix
  data races.
(WebKit::WebResourceLoadStatisticsStore::privateClickMeasurementToString):
- Make isolated copy of WTF::String to fix data race.

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/html/HTMLAnchorElement.cpp
• trunk/Source/WebCore/loader/PrivateClickMeasurement.h
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (281065 => 281066)

--- trunk/Source/WebCore/ChangeLog	2021-08-15 19:02:34 UTC (rev 281065)
+++ trunk/Source/WebCore/ChangeLog	2021-08-15 20:05:28 UTC (rev 281066)
@@ -1,3 +1,27 @@
+2021-08-15  David Kilzer  <ddkil...@apple.com>
+
+        Bug 229112: ThreadSanitizer: data races of WTF::String in WebResourceLoadStatisticsStore
+        <https://webkit.org/b/229112>
+        <rdar://problem/81940951>
+
+        Reviewed by Kate Cheney.
+
+        Covered by running layout tests with TSan in:
+            http/tests/privateClickMeasurement/
+
+        * html/HTMLAnchorElement.cpp:
+        (WebCore::HTMLAnchorElement::parsePrivateClickMeasurement const):
+        - Add WTFMove() for updated SourceSite constructor.  Verified
+          that this doesn't create a use-after-move issue.
+
+        * loader/PrivateClickMeasurement.h:
+        (WebCore::PrivateClickMeasurement::SourceSite::SourceSite):
+        - Change to take rvalue reference for efficiency and to match
+          AttributionDestinationSite constructor.
+        (WebCore::PrivateClickMeasurement::SourceSite::isolatedCopy const): Add.
+        (WebCore::PrivateClickMeasurement::AttributionDestinationSite::isolatedCopy const): Add.
+        - Add isolatedCopy() methods to use in multi-threaded scenarios.
+
 2021-08-15  Rob Buis  <rb...@igalia.com>
 
         Remove shadow related SVG functionality

Modified: trunk/Source/WebCore/html/HTMLAnchorElement.cpp (281065 => 281066)

--- trunk/Source/WebCore/html/HTMLAnchorElement.cpp	2021-08-15 19:02:34 UTC (rev 281065)
+++ trunk/Source/WebCore/html/HTMLAnchorElement.cpp	2021-08-15 20:05:28 UTC (rev 281066)
@@ -449,7 +449,7 @@
         return std::nullopt;
     }
 
-    auto privateClickMeasurement = PrivateClickMeasurement { SourceID(attributionSourceID.value()), SourceSite(documentRegistrableDomain), AttributionDestinationSite(destinationURL) };
+    auto privateClickMeasurement = PrivateClickMeasurement { SourceID(attributionSourceID.value()), SourceSite(WTFMove(documentRegistrableDomain)), AttributionDestinationSite(destinationURL) };
 
     auto attributionSourceNonceAttr = attributeWithoutSynchronization(attributionsourcenonceAttr);
     if (!attributionSourceNonceAttr.isEmpty()) {

Modified: trunk/Source/WebCore/loader/PrivateClickMeasurement.h (281065 => 281066)

--- trunk/Source/WebCore/loader/PrivateClickMeasurement.h	2021-08-15 19:02:34 UTC (rev 281065)
+++ trunk/Source/WebCore/loader/PrivateClickMeasurement.h	2021-08-15 20:05:28 UTC (rev 281066)
@@ -78,11 +78,13 @@
         {
         }
 
-        explicit SourceSite(const RegistrableDomain& domain)
-            : registrableDomain { domain }
+        explicit SourceSite(RegistrableDomain&& domain)
+            : registrableDomain { WTFMove(domain) }
         {
         }
 
+        SourceSite isolatedCopy() const { return SourceSite { registrableDomain.isolatedCopy() }; }
+
         bool operator==(const SourceSite& other) const
         {
             return registrableDomain == other.registrableDomain;
@@ -121,7 +123,9 @@
             : registrableDomain { WTFMove(domain) }
         {
         }
-        
+
+        AttributionDestinationSite isolatedCopy() const { return AttributionDestinationSite { registrableDomain.isolatedCopy() }; }
+
         bool operator==(const AttributionDestinationSite& other) const
         {
             return registrableDomain == other.registrableDomain;

Modified: trunk/Source/WebKit/ChangeLog (281065 => 281066)

--- trunk/Source/WebKit/ChangeLog	2021-08-15 19:02:34 UTC (rev 281065)
+++ trunk/Source/WebKit/ChangeLog	2021-08-15 20:05:28 UTC (rev 281066)
@@ -1,3 +1,18 @@
+2021-08-15  David Kilzer  <ddkil...@apple.com>
+
+        Bug 229112: ThreadSanitizer: data races of WTF::String in WebResourceLoadStatisticsStore
+        <https://webkit.org/b/229112>
+        <rdar://problem/81940951>
+
+        Reviewed by Kate Cheney.
+
+        * NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp:
+        (WebKit::WebResourceLoadStatisticsStore::attributePrivateClickMeasurement):
+        - Make isolated copies of sourceSite and destinationSite to fix
+          data races.
+        (WebKit::WebResourceLoadStatisticsStore::privateClickMeasurementToString):
+        - Make isolated copy of WTF::String to fix data race.
+
 2021-08-14  Said Abou-Hallawa  <s...@apple.com>
 
         [GPU Process] REGRESSION: WebContent often crashes when opening a Google spreadsheet with charts

Modified: trunk/Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp (281065 => 281066)

--- trunk/Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp	2021-08-15 19:02:34 UTC (rev 281065)
+++ trunk/Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp	2021-08-15 20:05:28 UTC (rev 281066)
@@ -1509,7 +1509,7 @@
         return;
     }
 
-    postTask([this, sourceSite, destinationSite, attributionTriggerData = WTFMove(attributionTriggerData), completionHandler = WTFMove(completionHandler)]() mutable {
+    postTask([this, sourceSite = sourceSite.isolatedCopy(), destinationSite = destinationSite.isolatedCopy(), attributionTriggerData = WTFMove(attributionTriggerData), completionHandler = WTFMove(completionHandler)]() mutable {
         if (!m_statisticsStore) {
             postTaskReply([completionHandler = WTFMove(completionHandler)]() mutable {
                 completionHandler(std::nullopt);
@@ -1611,7 +1611,7 @@
         }
 
         auto result = m_statisticsStore->privateClickMeasurementToString();
-        postTaskReply([result, completionHandler = WTFMove(completionHandler)]() mutable {
+        postTaskReply([result = result.isolatedCopy(), completionHandler = WTFMove(completionHandler)]() mutable {
             completionHandler(result);
         });
     });

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes