Changeset 218516 in webkit
- Timestamp:
- Jun 19, 2017 4:19:11 PM (7 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 3 edited
-
ChangeLog (modified) (1 diff)
-
Modules/indexeddb/server/UniqueIDBDatabase.cpp (modified) (4 diffs)
-
Modules/indexeddb/server/UniqueIDBDatabase.h (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r218511 r218516 1 2017-06-19 Brady Eidson <beidson@apple.com> 2 3 Various IndexedDB crashes as an after effect of previous test. 4 <rdar://problem/31418761> and https://bugs.webkit.org/show_bug.cgi?id=170436 5 6 Reviewed by Chris Dumez. 7 8 No new test (No consistent test possible, in practice covered by all existing IDB tests) 9 10 This is timing related, where a UniqueIDBDatabase can be destroyed on the main thread while 11 it still has one task left to try to execute on the IDBServer thread. 12 13 The background thread tasks don't Ref<> the UniqueIDBDatabase, so even though task execution 14 took a Ref<> protector, there was still a small window for a race. 15 16 Should be closed up by making the background thread tasks themselves protect this. 17 18 * Modules/indexeddb/server/UniqueIDBDatabase.cpp: 19 (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTask): 20 (WebCore::IDBServer::UniqueIDBDatabase::postDatabaseTaskReply): 21 (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): 22 (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply): 23 * Modules/indexeddb/server/UniqueIDBDatabase.h: 24 1 25 2017-06-19 Sam Weinig <sam@webkit.org> 2 26 -
trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
r218048 r218516 1707 1707 void UniqueIDBDatabase::postDatabaseTask(CrossThreadTask&& task) 1708 1708 { 1709 m_databaseQueue.append(WTFMove(task)); 1709 m_databaseQueue.append([protectedThis = makeRef(*this), task = WTFMove(task)]() mutable { 1710 task.performTask(); 1711 }); 1710 1712 ++m_queuedTaskCount; 1711 1713 … … 1716 1718 { 1717 1719 ASSERT(!isMainThread()); 1718 m_databaseReplyQueue.append(WTFMove(task)); 1720 1721 m_databaseReplyQueue.append([protectedThis = makeRef(*this), task = WTFMove(task)]() mutable { 1722 task.performTask(); 1723 }); 1719 1724 ++m_queuedTaskCount; 1720 1725 … … 1730 1735 ASSERT(task); 1731 1736 1732 // Performing the task might end up removing the last reference to this. 1733 Ref<UniqueIDBDatabase> protectedThis(*this); 1734 1735 task->performTask(); 1737 (*task)(); 1736 1738 --m_queuedTaskCount; 1737 1739 1738 // Release the ref in the main thread to ensure it's deleted there as expected in case of being the last reference. 1739 callOnMainThread([protectedThis = WTFMove(protectedThis)] { 1740 // Release the task on the main thread in case it holds the last reference to this, 1741 // as UniqueIDBDatabase objects must be deleted on the main thread. 1742 callOnMainThread([task = WTFMove(task)] { 1740 1743 }); 1741 1744 } … … 1749 1752 ASSERT(task); 1750 1753 1751 // Performing the task might end up removing the last reference to this. 1752 Ref<UniqueIDBDatabase> protectedThis(*this); 1753 1754 task->performTask(); 1754 (*task)(); 1755 1755 --m_queuedTaskCount; 1756 1756 -
trunk/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.h
r218048 r218516 267 267 bool m_deleteBackingStoreInProgress { false }; 268 268 269 CrossThreadQueue< CrossThreadTask> m_databaseQueue;270 CrossThreadQueue< CrossThreadTask> m_databaseReplyQueue;269 CrossThreadQueue<Function<void ()>> m_databaseQueue; 270 CrossThreadQueue<Function<void ()>> m_databaseReplyQueue; 271 271 std::atomic<uint64_t> m_queuedTaskCount { 0 }; 272 272
Note: See TracChangeset
for help on using the changeset viewer.
