Changeset 246901 in webkit

Timestamp:

Jun 27, 2019 1:46:23 PM (5 years ago)

Author:

sihui_liu@apple.com

Message:

Regression(r246526): StorageManager thread hangs
​https://bugs.webkit.org/show_bug.cgi?id=199278
<rdar://problem/52202948>

Reviewed by Geoffrey Garen.

r246526 adds a lock m_localStorageNamespacesMutex to protect m_localStorageNamespaces, because
m_localStorageNamespaces is destroyed at main thread while accesses to m_localStorageNamespaces happen in the
background thread.
After r246526, getOrCreateLocalStorageNamespace acquires lock m_localStorageNamespacesMutex when
m_localStorageNamespacesMutex is already acquired in cloneSessionStorageNamespace, so the StorageManager thread
hangs.
To solve this issue, we can remove the lock in getOrCreateLocalStorageNamespace, or we can remove the
m_localStorageNamespacesMutex. waitUntilWritesFinished() before ~StorageManager() already guarantees nothing
will be running in the background thread, so it is unlikely we the access to m_localStorageNamespaces in the
background thread would collide with the destruction of m_localStorageNamespaces. Also, we don't need
didDestroyStorageArea as LocalStorageNamespace can hold the last reference of StorageArea after r245881.

• NetworkProcess/WebStorage/StorageManager.cpp:

(WebKit::StorageManager::StorageArea::StorageArea):
(WebKit::StorageManager::StorageArea::~StorageArea):
(WebKit::StorageManager::LocalStorageNamespace::LocalStorageNamespace):
(WebKit::StorageManager::cloneSessionStorageNamespace):
(WebKit::StorageManager::getLocalStorageOrigins):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigin):
(WebKit::StorageManager::deleteLocalStorageOriginsModifiedSince):
(WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):
(WebKit::StorageManager::getOrCreateLocalStorageNamespace):
(WebKit::StorageManager::LocalStorageNamespace::didDestroyStorageArea): Deleted.

• NetworkProcess/WebStorage/StorageManager.h:

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• NetworkProcess/WebStorage/StorageManager.cpp (modified) (14 diffs)
• NetworkProcess/WebStorage/StorageManager.h (modified) (1 diff)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-06-27  Sihui Liu  <sihui_liu@apple.com>
+
+        Regression(r246526): StorageManager thread hangs
+        https://bugs.webkit.org/show_bug.cgi?id=199278
+        <rdar://problem/52202948>
+
+        Reviewed by Geoffrey Garen.
+
+        r246526 adds a lock m_localStorageNamespacesMutex to protect m_localStorageNamespaces, because 
+        m_localStorageNamespaces is destroyed at main thread while accesses to m_localStorageNamespaces happen in the 
+        background thread.
+        After r246526, getOrCreateLocalStorageNamespace acquires lock m_localStorageNamespacesMutex when 
+        m_localStorageNamespacesMutex is already acquired in cloneSessionStorageNamespace, so the StorageManager thread
+        hangs.
+        To solve this issue, we can remove the lock in getOrCreateLocalStorageNamespace, or we can remove the 
+        m_localStorageNamespacesMutex. waitUntilWritesFinished() before ~StorageManager() already guarantees nothing 
+        will be running in the background thread, so it is unlikely we the access to m_localStorageNamespaces in the 
+        background thread would collide with the destruction of m_localStorageNamespaces. Also, we don't need 
+        didDestroyStorageArea as LocalStorageNamespace can hold the last reference of StorageArea after r245881.
+
+        * NetworkProcess/WebStorage/StorageManager.cpp:
+        (WebKit::StorageManager::StorageArea::StorageArea):
+        (WebKit::StorageManager::StorageArea::~StorageArea):
+        (WebKit::StorageManager::LocalStorageNamespace::LocalStorageNamespace):
+        (WebKit::StorageManager::cloneSessionStorageNamespace):
+        (WebKit::StorageManager::getLocalStorageOrigins):
+        (WebKit::StorageManager::deleteLocalStorageEntriesForOrigin):
+        (WebKit::StorageManager::deleteLocalStorageOriginsModifiedSince):
+        (WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):
+        (WebKit::StorageManager::getOrCreateLocalStorageNamespace):
+        (WebKit::StorageManager::LocalStorageNamespace::didDestroyStorageArea): Deleted.
+        * NetworkProcess/WebStorage/StorageManager.h:
+
 2019-06-27  Carlos Garcia Campos  <cgarcia@igalia.com>
 

trunk/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp

@@ -74 +74 @@
 
     // Will be null if the storage area belongs to a session storage namespace or the storage area is in an ephemeral session.
-    LocalStorageNamespace* m_localStorageNamespace;
+    WeakPtr<LocalStorageNamespace> m_localStorageNamespace;
     mutable RefPtr<LocalStorageDatabase> m_localStorageDatabase;
     mutable bool m_didImportItemsFromDatabase { false };
@@ -85 +85 @@
 };
 
-class StorageManager::LocalStorageNamespace : public ThreadSafeRefCounted<LocalStorageNamespace> {
+class StorageManager::LocalStorageNamespace : public ThreadSafeRefCounted<LocalStorageNamespace>, public CanMakeWeakPtr<LocalStorageNamespace> {
 public:
     static Ref<LocalStorageNamespace> create(StorageManager&, uint64_t storageManagerID);
@@ -94 +94 @@
     enum class IsEphemeral : bool { No, Yes };
     Ref<StorageArea> getOrCreateStorageArea(SecurityOriginData&&, IsEphemeral);
-    void didDestroyStorageArea(StorageArea*);
 
     void clearStorageAreasMatchingOrigin(const SecurityOriginData&);
@@ -106 +105 @@
 
     StorageManager& m_storageManager;
-    uint64_t m_storageNamespaceID;
     unsigned m_quotaInBytes;
 
@@ -174 +172 @@
 
 StorageManager::StorageArea::StorageArea(LocalStorageNamespace* localStorageNamespace, const SecurityOriginData& securityOrigin, unsigned quotaInBytes)
-    : m_localStorageNamespace(localStorageNamespace)
+    : m_localStorageNamespace(localStorageNamespace ? makeWeakPtr(*localStorageNamespace) : nullptr)
     , m_securityOrigin(securityOrigin)
     , m_quotaInBytes(quotaInBytes)
@@ -184 +182 @@
 {
     ASSERT(m_eventListeners.isEmpty());
+    ASSERT(!m_localStorageNamespace);
 
     if (m_localStorageDatabase)
         m_localStorageDatabase->close();
-
-    if (m_localStorageNamespace)
-        m_localStorageNamespace->didDestroyStorageArea(this);
 }
 
@@ -351 +347 @@
 StorageManager::LocalStorageNamespace::LocalStorageNamespace(StorageManager& storageManager, uint64_t storageNamespaceID)
     : m_storageManager(storageManager)
-    , m_storageNamespaceID(storageNamespaceID)
     , m_quotaInBytes(localStorageDatabaseQuotaInBytes)
 {
@@ -367 +362 @@
         return protectedStorageArea.get();
     }).iterator->value;
-}
-
-void StorageManager::LocalStorageNamespace::didDestroyStorageArea(StorageArea* storageArea)
-{
-    ASSERT(m_storageAreaMap.contains(storageArea->securityOrigin()));
-
-    m_storageAreaMap.remove(storageArea->securityOrigin());
-    if (!m_storageAreaMap.isEmpty())
-        return;
-
-    std::lock_guard<Lock> lock(m_storageManager.m_localStorageNamespacesMutex);
-    ASSERT(m_storageManager.m_localStorageNamespaces.contains(m_storageNamespaceID));
-    m_storageManager.m_localStorageNamespaces.remove(m_storageNamespaceID);
 }
 
@@ -574 +556 @@
 
         if (!m_localStorageDatabaseTracker) {
-            std::lock_guard<Lock> lock(m_localStorageNamespacesMutex);
             if (auto* localStorageNamespace = m_localStorageNamespaces.get(storageNamespaceID)) {
                 LocalStorageNamespace* newlocalStorageNamespace = getOrCreateLocalStorageNamespace(newStorageNamespaceID);
@@ -665 +646 @@
                 origins.add(origin);
         } else {
-            std::lock_guard<Lock> lock(m_localStorageNamespacesMutex);
             for (const auto& localStorageNameSpace : m_localStorageNamespaces.values()) {
                 for (auto& origin : localStorageNameSpace->ephemeralOrigins())
@@ -699 +679 @@
 {
     m_queue->dispatch([this, protectedThis = makeRef(*this), copiedOrigin = securityOrigin.isolatedCopy()]() mutable {
-        {
-            std::lock_guard<Lock> lock(m_localStorageNamespacesMutex);
-            for (auto& localStorageNamespace : m_localStorageNamespaces.values())
-                localStorageNamespace->clearStorageAreasMatchingOrigin(copiedOrigin);
-        }
+        for (auto& localStorageNamespace : m_localStorageNamespaces.values())
+            localStorageNamespace->clearStorageAreasMatchingOrigin(copiedOrigin);
 
         for (auto& transientLocalStorageNamespace : m_transientLocalStorageNamespaces.values())
@@ -723 +700 @@
 
             for (const auto& origin : originsToDelete) {
-                {
-                    std::lock_guard<Lock> lock(m_localStorageNamespacesMutex);
-                    for (auto& localStorageNamespace : m_localStorageNamespaces.values())
-                        localStorageNamespace->clearStorageAreasMatchingOrigin(origin);
-                }
+                for (auto& localStorageNamespace : m_localStorageNamespaces.values())
+                    localStorageNamespace->clearStorageAreasMatchingOrigin(origin);
                 
                 m_localStorageDatabaseTracker->deleteDatabaseWithOrigin(origin);
             }
         } else {
-            std::lock_guard<Lock> lock(m_localStorageNamespacesMutex);
             for (auto& localStorageNamespace : m_localStorageNamespaces.values())
                 localStorageNamespace->clearAllStorageAreas();
@@ -751 +724 @@
     m_queue->dispatch([this, protectedThis = makeRef(*this), copiedOrigins = WTFMove(copiedOrigins), completionHandler = WTFMove(completionHandler)]() mutable {
         for (auto& origin : copiedOrigins) {
-            {
-                std::lock_guard<Lock> lock(m_localStorageNamespacesMutex);
-                for (auto& localStorageNamespace : m_localStorageNamespaces.values())
-                    localStorageNamespace->clearStorageAreasMatchingOrigin(origin);
-            }
+            for (auto& localStorageNamespace : m_localStorageNamespaces.values())
+                localStorageNamespace->clearStorageAreasMatchingOrigin(origin);
 
             for (auto& transientLocalStorageNamespace : m_transientLocalStorageNamespaces.values())
@@ -1013 +983 @@
 StorageManager::LocalStorageNamespace* StorageManager::getOrCreateLocalStorageNamespace(uint64_t storageNamespaceID)
 {
-    std::lock_guard<Lock> lock(m_localStorageNamespacesMutex);
     if (!m_localStorageNamespaces.isValidKey(storageNamespaceID))
         return nullptr;

trunk/Source/WebKit/NetworkProcess/WebStorage/StorageManager.h

@@ -106 +106 @@
     RefPtr<LocalStorageDatabaseTracker> m_localStorageDatabaseTracker;
     HashMap<uint64_t, RefPtr<LocalStorageNamespace>> m_localStorageNamespaces;
-    Lock m_localStorageNamespacesMutex;
 
     HashMap<std::pair<uint64_t, WebCore::SecurityOriginData>, RefPtr<TransientLocalStorageNamespace>> m_transientLocalStorageNamespaces;