Title: [134838] trunk
- Revision
- 134838
- Author
- [email protected]
- Date
- 2012-11-15 15:17:32 -0800 (Thu, 15 Nov 2012)
Log Message
IndexedDB: Indexing tests are flaky-crashing
https://bugs.webkit.org/show_bug.cgi?id=102283
Reviewed by Tony Chang.
Source/WebCore:
Processing the final task can cause IDBTransactionBackendImpl references to be released
by all holders. Prior to looping over the tasks (or, in an even earlier implementation,
swapping queues) control would fall off the end of the function. The loop termination
check introduced in http://wkrev.com/134529 requires that |this| be kept alive until
the method completes.
Test: storage/indexeddb/transaction-crash-in-tasks.html
* Modules/indexeddb/IDBTransactionBackendImpl.cpp:
(WebCore::IDBTransactionBackendImpl::abort): Rename self => protect.
(WebCore::IDBTransactionBackendImpl::commit): Rename self => protect.
(WebCore::IDBTransactionBackendImpl::taskTimerFired): New self-ref.
LayoutTests:
Reduced repro case, although the behavior is still flaky.
* storage/indexeddb/transaction-crash-in-tasks-expected.txt: Added.
* storage/indexeddb/transaction-crash-in-tasks.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (134837 => 134838)
--- trunk/LayoutTests/ChangeLog 2012-11-15 23:01:37 UTC (rev 134837)
+++ trunk/LayoutTests/ChangeLog 2012-11-15 23:17:32 UTC (rev 134838)
@@ -1,3 +1,15 @@
+2012-11-15 Joshua Bell <[email protected]>
+
+ IndexedDB: Indexing tests are flaky-crashing
+ https://bugs.webkit.org/show_bug.cgi?id=102283
+
+ Reviewed by Tony Chang.
+
+ Reduced repro case, although the behavior is still flaky.
+
+ * storage/indexeddb/transaction-crash-in-tasks-expected.txt: Added.
+ * storage/indexeddb/transaction-crash-in-tasks.html: Added.
+
2012-11-15 Roger Fong <[email protected]>
Unreviewed. HiDPI is not enabled on Windows (as indicated by test result). Adding failing expected result.
Added: trunk/LayoutTests/storage/indexeddb/transaction-crash-in-tasks-expected.txt (0 => 134838)
--- trunk/LayoutTests/storage/indexeddb/transaction-crash-in-tasks-expected.txt (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/transaction-crash-in-tasks-expected.txt 2012-11-15 23:17:32 UTC (rev 134838)
@@ -0,0 +1,14 @@
+Regression test for http://webkit.org/b/102283
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+indexedDB = self.indexedDB || self.webkitIndexedDB || self.mozIndexedDB || self.msIndexedDB || self.OIndexedDB;
+
+dbname = "transaction-crash-in-tasks.html"
+indexedDB.open(dbname, 2)
+indexedDB.open(dbname, 3)
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/storage/indexeddb/transaction-crash-in-tasks.html (0 => 134838)
--- trunk/LayoutTests/storage/indexeddb/transaction-crash-in-tasks.html (rev 0)
+++ trunk/LayoutTests/storage/indexeddb/transaction-crash-in-tasks.html 2012-11-15 23:17:32 UTC (rev 134838)
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<script src=""
+<script src=""
+<script>
+
+description("Regression test for http://webkit.org/b/102283");
+
+test();
+function test() {
+ removeVendorPrefixes();
+ setDBNameFromPath();
+
+ evalAndLog("indexedDB.open(dbname, 2)");
+ evalAndLog("indexedDB.open(dbname, 3)");
+
+ finishJSTest();
+}
+</script>
+<script src=""
Modified: trunk/Source/WebCore/ChangeLog (134837 => 134838)
--- trunk/Source/WebCore/ChangeLog 2012-11-15 23:01:37 UTC (rev 134837)
+++ trunk/Source/WebCore/ChangeLog 2012-11-15 23:17:32 UTC (rev 134838)
@@ -1,3 +1,23 @@
+2012-11-15 Joshua Bell <[email protected]>
+
+ IndexedDB: Indexing tests are flaky-crashing
+ https://bugs.webkit.org/show_bug.cgi?id=102283
+
+ Reviewed by Tony Chang.
+
+ Processing the final task can cause IDBTransactionBackendImpl references to be released
+ by all holders. Prior to looping over the tasks (or, in an even earlier implementation,
+ swapping queues) control would fall off the end of the function. The loop termination
+ check introduced in http://wkrev.com/134529 requires that |this| be kept alive until
+ the method completes.
+
+ Test: storage/indexeddb/transaction-crash-in-tasks.html
+
+ * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
+ (WebCore::IDBTransactionBackendImpl::abort): Rename self => protect.
+ (WebCore::IDBTransactionBackendImpl::commit): Rename self => protect.
+ (WebCore::IDBTransactionBackendImpl::taskTimerFired): New self-ref.
+
2012-11-15 Elliott Sprehn <[email protected]>
MutationObserver wrapper should not be collected while still observing
Modified: trunk/Source/WebCore/Modules/indexeddb/IDBTransactionBackendImpl.cpp (134837 => 134838)
--- trunk/Source/WebCore/Modules/indexeddb/IDBTransactionBackendImpl.cpp 2012-11-15 23:01:37 UTC (rev 134837)
+++ trunk/Source/WebCore/Modules/indexeddb/IDBTransactionBackendImpl.cpp 2012-11-15 23:17:32 UTC (rev 134838)
@@ -111,7 +111,7 @@
// The last reference to this object may be released while performing the
// abort steps below. We therefore take a self reference to keep ourselves
// alive while executing this method.
- RefPtr<IDBTransactionBackendImpl> self(this);
+ RefPtr<IDBTransactionBackendImpl> protect(this);
m_state = Finished;
m_taskTimer.stop();
@@ -203,7 +203,7 @@
// The last reference to this object may be released while performing the
// commit steps below. We therefore take a self reference to keep ourselves
// alive while executing this method.
- RefPtr<IDBTransactionBackendImpl> self(this);
+ RefPtr<IDBTransactionBackendImpl> protect(this);
ASSERT(m_state == Unused || m_state == Running);
ASSERT(isTaskQueueEmpty());
@@ -245,6 +245,11 @@
m_state = Running;
}
+ // The last reference to this object may be released while performing the
+ // tasks. Take take a self reference to keep this object alive so that
+ // the loop termination conditions can be checked.
+ RefPtr<IDBTransactionBackendImpl> protect(this);
+
TaskQueue* taskQueue = m_pendingPreemptiveEvents ? &m_preemptiveTaskQueue : &m_taskQueue;
while (!taskQueue->isEmpty() && m_state != Finished) {
ASSERT(m_state == Running);
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
