Modified: trunk/Source/WebKit/chromium/public/WebCommonWorkerClient.h (109947 => 109948)
--- trunk/Source/WebKit/chromium/public/WebCommonWorkerClient.h 2012-03-06 20:14:12 UTC (rev 109947)
+++ trunk/Source/WebKit/chromium/public/WebCommonWorkerClient.h 2012-03-06 20:16:45 UTC (rev 109948)
@@ -47,13 +47,28 @@
class WebCommonWorkerClient {
public:
// Called on the main webkit thread before opening a web database.
- virtual bool allowDatabase(WebFrame*, const WebString& name, const WebString& displayName, unsigned long estimatedSize) = 0;
+ virtual bool allowDatabase(WebFrame*, const WebString& name, const WebString& displayName, unsigned long estimatedSize)
+ {
+ return true;
+ }
// Called on the main webkit thread before opening a file system.
- virtual bool allowFileSystem() = 0;
+ virtual bool allowFileSystem()
+ {
+ return true;
+ }
// Called on the main webkit thread before opening a file system.
- virtual void openFileSystem(WebFileSystem::Type, long long size, bool create, WebFileSystemCallbacks*) = 0;
+ virtual void openFileSystem(WebFileSystem::Type, long long size, bool create, WebFileSystemCallbacks*)
+ {
+ WEBKIT_ASSERT_NOT_REACHED();
+ }
+
+ // Called on the main webkit thread before opening an indexed database.
+ virtual bool allowIndexedDB(const WebString& name)
+ {
+ return true;
+ }
};
Modified: trunk/Source/WebKit/chromium/public/WebSharedWorkerClient.h (109947 => 109948)
--- trunk/Source/WebKit/chromium/public/WebSharedWorkerClient.h 2012-03-06 20:14:12 UTC (rev 109947)
+++ trunk/Source/WebKit/chromium/public/WebSharedWorkerClient.h 2012-03-06 20:16:45 UTC (rev 109948)
@@ -79,21 +79,6 @@
// Called on the main webkit thread in the worker process during initialization.
virtual WebApplicationCacheHost* createApplicationCacheHost(WebApplicationCacheHostClient*) = 0;
- // Called on the main webkit thread before opening a web database.
- virtual bool allowDatabase(WebFrame*, const WebString& name, const WebString& displayName, unsigned long estimatedSize) = 0;
-
- // Called on the main webkit thread before opening a file system.
- virtual bool allowFileSystem()
- {
- return true;
- }
-
- // Called on the main webkit thread before opening a file system.
- virtual void openFileSystem(WebFileSystem::Type, long long size, bool create, WebFileSystemCallbacks*)
- {
- WEBKIT_ASSERT_NOT_REACHED();
- }
-
virtual void dispatchDevToolsMessage(const WebString&) { }
virtual void saveDevToolsAgentState(const WebString&) { }
Modified: trunk/Source/WebKit/chromium/src/IDBFactoryBackendProxy.cpp (109947 => 109948)
--- trunk/Source/WebKit/chromium/src/IDBFactoryBackendProxy.cpp 2012-03-06 20:14:12 UTC (rev 109947)
+++ trunk/Source/WebKit/chromium/src/IDBFactoryBackendProxy.cpp 2012-03-06 20:16:45 UTC (rev 109948)
@@ -90,16 +90,16 @@
class AllowIndexedDBMainThreadBridge : public ThreadSafeRefCounted<AllowIndexedDBMainThreadBridge> {
public:
- static PassRefPtr<AllowIndexedDBMainThreadBridge> create(WebWorkerClientImpl* webWorkerClientImpl, const String& mode, const String& name)
+ static PassRefPtr<AllowIndexedDBMainThreadBridge> create(WebWorkerBase* webWorkerBase, const String& mode, const String& name)
{
- return adoptRef(new AllowIndexedDBMainThreadBridge(webWorkerClientImpl, mode, name));
+ return adoptRef(new AllowIndexedDBMainThreadBridge(webWorkerBase, mode, name));
}
// These methods are invoked on the worker context.
void cancel()
{
MutexLocker locker(m_mutex);
- m_webWorkerClientImpl = 0;
+ m_webWorkerBase = 0;
}
bool result()
@@ -111,31 +111,28 @@
void signalCompleted(bool result, const String& mode)
{
MutexLocker locker(m_mutex);
- if (m_webWorkerClientImpl)
- m_webWorkerClientImpl->postTaskForModeToWorkerContext(createCallbackTask(&didComplete, this, result), mode);
+ if (m_webWorkerBase)
+ m_webWorkerBase->postTaskForModeToWorkerContext(createCallbackTask(&didComplete, this, result), mode);
}
private:
- AllowIndexedDBMainThreadBridge(WebWorkerClientImpl* webWorkerClientImpl, const String& mode, const String& name)
+ AllowIndexedDBMainThreadBridge(WebWorkerBase* webWorkerBase, const String& mode, const String& name)
: m_result(false)
- , m_webWorkerClientImpl(webWorkerClientImpl)
+ , m_webWorkerBase(webWorkerBase)
{
- WebFrameImpl* webFrame = static_cast<WebFrameImpl*>(webWorkerClientImpl->view()->mainFrame());
- // webFrame is not deleted as long as the process is alive, relying on
- // it to exist on the main thread should be ok.
+ WebCommonWorkerClient* commonClient = webWorkerBase->commonClient();
+ // See note about thread-safety below.
WebWorkerBase::dispatchTaskToMainThread(
- createCallbackTask(&allowIndexedDBTask, this, WebCore::AllowCrossThreadAccess(webFrame), name, mode));
+ createCallbackTask(&allowIndexedDBTask, this, WebCore::AllowCrossThreadAccess(commonClient), name, mode));
}
- static void allowIndexedDBTask(ScriptExecutionContext*, PassRefPtr<AllowIndexedDBMainThreadBridge> bridge, PassRefPtr<WebFrameImpl> prpWebFrame, const String& name, const String& mode)
+ static void allowIndexedDBTask(ScriptExecutionContext*, PassRefPtr<AllowIndexedDBMainThreadBridge> bridge, WebCommonWorkerClient* commonClient, const String& name, const String& mode)
{
- RefPtr<WebFrameImpl> webFrame = prpWebFrame;
- WebViewImpl* webView = webFrame->viewImpl();
- if (!webView) {
+ if (!commonClient) {
bridge->signalCompleted(false, mode);
return;
}
- bool allowed = !webView->permissionClient() || webView->permissionClient()->allowIndexedDB(webFrame.get(), name, WebSecurityOrigin());
+ bool allowed = commonClient->allowIndexedDB(name);
bridge->signalCompleted(allowed, mode);
}
@@ -146,29 +143,33 @@
bool m_result;
Mutex m_mutex;
- // WebWorkerClientImpl is never deleted as long as the renderer process
- // is alive. We use it on the main thread to notify the worker thread that
- // the permission result has been set. The underlying message proxy object
- // is valid as long as the worker run loop hasn't returned
- // MessageQueueTerminated, in which case we don't use the
- // WebWorkerClientImpl.
- WebWorkerClientImpl* m_webWorkerClientImpl;
+ // AllowIndexedDBMainThreadBridge uses two non-threadsafe classes across
+ // threads: WebWorkerBase and WebCommonWorkerClient.
+ // In the dedicated worker case, these are both the same object of type
+ // WebWorkerClientImpl, which isn't deleted for the life of the renderer
+ // process so we don't have to worry about use-after-frees.
+ // In the shared worker case, these are of type WebSharedWorkerImpl and
+ // chromium's WebSharedWorkerClientProxy, respectively. These are both
+ // deleted on the main thread in response to a request on the worker thread,
+ // but only after the worker run loop stops processing tasks. So even in
+ // the most interleaved case, we have:
+ // W AllowIndexedDBMainThreadBridge schedules allowIndexedDBTask
+ // M workerRunLoop marked as killed
+ // W runLoop stops and schedules object deletion on main thread
+ // M allowIndexedDBTask calls commonClient->allowIndexedDB()
+ // M WebWorkerBase and WebCommonWorkerClient are deleted
+ WebWorkerBase* m_webWorkerBase;
};
bool IDBFactoryBackendProxy::allowIDBFromWorkerThread(WorkerContext* workerContext, const String& name, const WebSecurityOrigin&)
{
- // FIXME: Bypass checking for permission so as not to block shared worker
- // testing until a permissions check is implemented. This has to be fixed
- // before m19 goes to beta. http://crbug.com/112855
- if (workerContext->isSharedWorkerContext())
- return true;
- WebWorkerClientImpl* webWorkerClientImpl = static_cast<WebWorkerClientImpl*>(&workerContext->thread()->workerLoaderProxy());
+ WebWorkerBase* webWorkerBase = static_cast<WebWorkerBase*>(&workerContext->thread()->workerLoaderProxy());
WorkerRunLoop& runLoop = workerContext->thread()->runLoop();
String mode = allowIndexedDBMode;
mode.append(String::number(runLoop.createUniqueId()));
- RefPtr<AllowIndexedDBMainThreadBridge> bridge = AllowIndexedDBMainThreadBridge::create(webWorkerClientImpl, mode, name);
+ RefPtr<AllowIndexedDBMainThreadBridge> bridge = AllowIndexedDBMainThreadBridge::create(webWorkerBase, mode, name);
// Either the bridge returns, or the queue gets terminated.
if (runLoop.runInMode(workerContext, mode) == MessageQueueTerminated) {
Modified: trunk/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp (109947 => 109948)
--- trunk/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp 2012-03-06 20:14:12 UTC (rev 109947)
+++ trunk/Source/WebKit/chromium/src/WebWorkerClientImpl.cpp 2012-03-06 20:16:45 UTC (rev 109948)
@@ -214,6 +214,16 @@
return false;
return !webView->permissionClient() || webView->permissionClient()->allowDatabase(m_webFrame, name, displayName, estimatedSize);
}
+
+bool WebWorkerClientImpl::allowIndexedDB(const WebString& name)
+{
+ if (m_proxy->askedToTerminate())
+ return false;
+ WebKit::WebViewImpl* webView = m_webFrame->viewImpl();
+ if (!webView)
+ return false;
+ return !webView->permissionClient() || webView->permissionClient()->allowIndexedDB(m_webFrame, name, WebSecurityOrigin());
+}
WebView* WebWorkerClientImpl::view() const
{
Modified: trunk/Source/WebKit/chromium/src/WebWorkerClientImpl.h (109947 => 109948)
--- trunk/Source/WebKit/chromium/src/WebWorkerClientImpl.h 2012-03-06 20:14:12 UTC (rev 109947)
+++ trunk/Source/WebKit/chromium/src/WebWorkerClientImpl.h 2012-03-06 20:16:45 UTC (rev 109948)
@@ -104,6 +104,7 @@
virtual bool allowFileSystem();
virtual void openFileSystem(WebFileSystem::Type, long long size, bool create,
WebFileSystemCallbacks*);
+ virtual bool allowIndexedDB(const WebString& name);
// WebCommentWorkerBase methods:
virtual WebCommonWorkerClient* commonClient() { return this; }
