Changeset 247219 in webkit

Timestamp:

Jul 8, 2019 11:38:32 AM (5 years ago)

Author:

Chris Dumez

Message:

Fix thread safety issue in Database::scheduleTransactionCallback()
​https://bugs.webkit.org/show_bug.cgi?id=199557

Reviewed by Alex Christensen.

I am working on adding threading assertions to WeakPtr and found a potentially
unsafe call to makeWeakPtr() on a Document from Database::scheduleTransactionCallback()
via Document::postTask(), on a background database thread. Document is a main thread
object and we should therefore not be interacting with it from a background thread.

For clarity, this patch also switches the webdatabase code to use Document instead
of ScriptExecution as type since it is only exposed to Window contexts, not workers.

• Modules/webdatabase/Database.cpp:

(WebCore::Database::Database):
(WebCore::Database::~Database):
(WebCore::Database::runTransaction):
(WebCore::Database::scheduleTransactionCallback):
(WebCore::Database::logErrorMessage):
(WebCore::Database::securityOrigin):
(WebCore::Database::didExceedQuota):

• Modules/webdatabase/Database.h:

(WebCore::Database::document):

• Modules/webdatabase/DatabaseContext.cpp:

(WebCore::DatabaseContext::DatabaseContext):

• Modules/webdatabase/DatabaseContext.h:
• Modules/webdatabase/DatabaseManager.cpp:

(WebCore::DatabaseManager::databaseContext):
(WebCore::logOpenDatabaseError):
(WebCore::DatabaseManager::openDatabaseBackend):
(WebCore::DatabaseManager::tryToOpenDatabaseBackend):
(WebCore::DatabaseManager::openDatabase):
(WebCore::DatabaseManager::hasOpenDatabases):
(WebCore::DatabaseManager::stopDatabases):
(WebCore::DatabaseManager::logErrorMessage):

• Modules/webdatabase/DatabaseManager.h:
• Modules/webdatabase/SQLStatement.cpp:

(WebCore::SQLStatement::SQLStatement):

• Modules/webdatabase/SQLTransaction.cpp:

(WebCore::SQLTransaction::SQLTransaction):

• inspector/InspectorInstrumentation.h:

(WebCore::InspectorInstrumentation::didOpenDatabase):

• inspector/agents/InspectorDatabaseAgent.cpp:

(WebCore::InspectorDatabaseAgent::executeSQL):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• Modules/webdatabase/Database.cpp (modified) (8 diffs)
• Modules/webdatabase/Database.h (modified) (3 diffs)
• Modules/webdatabase/DatabaseContext.cpp (modified) (1 diff)
• Modules/webdatabase/DatabaseContext.h (modified) (2 diffs)
• Modules/webdatabase/DatabaseManager.cpp (modified) (11 diffs)
• Modules/webdatabase/DatabaseManager.h (modified) (4 diffs)
• Modules/webdatabase/SQLStatement.cpp (modified) (2 diffs)
• Modules/webdatabase/SQLTransaction.cpp (modified) (2 diffs)
• inspector/InspectorInstrumentation.h (modified) (1 diff)
• inspector/agents/InspectorDatabaseAgent.cpp (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-07-08  Chris Dumez  <cdumez@apple.com>
+
+        Fix thread safety issue in Database::scheduleTransactionCallback()
+        https://bugs.webkit.org/show_bug.cgi?id=199557
+
+        Reviewed by Alex Christensen.
+
+        I am working on adding threading assertions to WeakPtr and found a potentially
+        unsafe call to makeWeakPtr() on a Document from Database::scheduleTransactionCallback()
+        via Document::postTask(), on a background database thread. Document is a main thread
+        object and we should therefore not be interacting with it from a background thread.
+
+        For clarity, this patch also switches the webdatabase code to use Document instead
+        of ScriptExecution as type since it is only exposed to Window contexts, not workers.
+
+        * Modules/webdatabase/Database.cpp:
+        (WebCore::Database::Database):
+        (WebCore::Database::~Database):
+        (WebCore::Database::runTransaction):
+        (WebCore::Database::scheduleTransactionCallback):
+        (WebCore::Database::logErrorMessage):
+        (WebCore::Database::securityOrigin):
+        (WebCore::Database::didExceedQuota):
+        * Modules/webdatabase/Database.h:
+        (WebCore::Database::document):
+        * Modules/webdatabase/DatabaseContext.cpp:
+        (WebCore::DatabaseContext::DatabaseContext):
+        * Modules/webdatabase/DatabaseContext.h:
+        * Modules/webdatabase/DatabaseManager.cpp:
+        (WebCore::DatabaseManager::databaseContext):
+        (WebCore::logOpenDatabaseError):
+        (WebCore::DatabaseManager::openDatabaseBackend):
+        (WebCore::DatabaseManager::tryToOpenDatabaseBackend):
+        (WebCore::DatabaseManager::openDatabase):
+        (WebCore::DatabaseManager::hasOpenDatabases):
+        (WebCore::DatabaseManager::stopDatabases):
+        (WebCore::DatabaseManager::logErrorMessage):
+        * Modules/webdatabase/DatabaseManager.h:
+        * Modules/webdatabase/SQLStatement.cpp:
+        (WebCore::SQLStatement::SQLStatement):
+        * Modules/webdatabase/SQLTransaction.cpp:
+        (WebCore::SQLTransaction::SQLTransaction):
+        * inspector/InspectorInstrumentation.h:
+        (WebCore::InspectorInstrumentation::didOpenDatabase):
+        * inspector/agents/InspectorDatabaseAgent.cpp:
+        (WebCore::InspectorDatabaseAgent::executeSQL):
+
 2019-07-08  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebCore/Modules/webdatabase/Database.cpp

@@ -194 +194 @@
 
 Database::Database(DatabaseContext& context, const String& name, const String& expectedVersion, const String& displayName, unsigned long long estimatedSize)
-    : m_scriptExecutionContext(*context.scriptExecutionContext())
-    , m_contextThreadSecurityOrigin(m_scriptExecutionContext->securityOrigin()->isolatedCopy())
-    , m_databaseThreadSecurityOrigin(m_scriptExecutionContext->securityOrigin()->isolatedCopy())
+    : m_document(*context.document())
+    , m_contextThreadSecurityOrigin(m_document->securityOrigin().isolatedCopy())
+    , m_databaseThreadSecurityOrigin(m_document->securityOrigin().isolatedCopy())
     , m_databaseContext(context)
     , m_name((name.isNull() ? emptyString() : name).isolatedCopy())
@@ -202 +202 @@
     , m_displayName(displayName.isolatedCopy())
     , m_estimatedSize(estimatedSize)
-    , m_filename(DatabaseManager::singleton().fullPathForDatabase(*m_scriptExecutionContext->securityOrigin(), m_name))
+    , m_filename(DatabaseManager::singleton().fullPathForDatabase(m_document->securityOrigin(), m_name))
     , m_databaseAuthorizer(DatabaseAuthorizer::create(unqualifiedInfoTableName))
 {
@@ -227 +227 @@
 Database::~Database()
 {
-    // The reference to the ScriptExecutionContext needs to be cleared on the JavaScript thread.  If we're on that thread already, we can just let the RefPtr's destruction do the dereffing.
-    if (!m_scriptExecutionContext->isContextThread()) {
-        auto passedContext = WTFMove(m_scriptExecutionContext);
-        auto& contextRef = passedContext.get();
-        contextRef.postTask({ScriptExecutionContext::Task::CleanupTask, [passedContext = WTFMove(passedContext), databaseContext = WTFMove(m_databaseContext)] (ScriptExecutionContext& context) {
-            ASSERT_UNUSED(context, &context == passedContext.ptr());
-        }});
-    }
+    // The reference to the Document needs to be cleared on the JavaScript thread. If we're on that thread already, we can just let the RefPtr's destruction do the dereffing.
+    if (!isMainThread())
+        callOnMainThread([document = WTFMove(m_document), databaseContext = WTFMove(m_databaseContext)] { });
 
     // SQLite is "multi-thread safe", but each database handle can only be used
@@ -693 +688 @@
     if (!m_isTransactionQueueEnabled) {
         if (errorCallback) {
-            RefPtr<SQLTransactionErrorCallback> errorCallbackProtector = WTFMove(errorCallback);
-            m_scriptExecutionContext->postTask([errorCallbackProtector](ScriptExecutionContext&) {
-                errorCallbackProtector->handleEvent(SQLError::create(SQLError::UNKNOWN_ERR, "database has been closed"));
+            callOnMainThread([errorCallback = makeRef(*errorCallback)]() {
+                errorCallback->handleEvent(SQLError::create(SQLError::UNKNOWN_ERR, "database has been closed"));
             });
         }
@@ -708 +702 @@
 void Database::scheduleTransactionCallback(SQLTransaction* transaction)
 {
-    RefPtr<SQLTransaction> transactionProtector(transaction);
-    m_scriptExecutionContext->postTask([transactionProtector] (ScriptExecutionContext&) {
-        transactionProtector->performPendingCallback();
+    callOnMainThread([transaction = makeRefPtr(transaction)] {
+        transaction->performPendingCallback();
     });
 }
@@ -758 +751 @@
 void Database::logErrorMessage(const String& message)
 {
-    m_scriptExecutionContext->addConsoleMessage(MessageSource::Storage, MessageLevel::Error, message);
+    m_document->addConsoleMessage(MessageSource::Storage, MessageLevel::Error, message);
 }
 
@@ -780 +773 @@
 SecurityOriginData Database::securityOrigin()
 {
-    if (m_scriptExecutionContext->isContextThread())
+    if (isMainThread())
         return m_contextThreadSecurityOrigin->data();
     if (databaseThread().getThread() == &Thread::current())
@@ -799 +792 @@
 bool Database::didExceedQuota()
 {
-    ASSERT(databaseContext().scriptExecutionContext()->isContextThread());
+    ASSERT(isMainThread());
     auto& tracker = DatabaseTracker::singleton();
     auto oldQuota = tracker.quota(securityOrigin());

trunk/Source/WebCore/Modules/webdatabase/Database.h

@@ -40 +40 @@
 class DatabaseDetails;
 class DatabaseThread;
-class ScriptExecutionContext;
+class Document;
 class SecurityOrigin;
 class SQLTransaction;
@@ -106 +106 @@
     DatabaseContext& databaseContext() { return m_databaseContext; }
     DatabaseThread& databaseThread();
-    ScriptExecutionContext& scriptExecutionContext() { return m_scriptExecutionContext; }
+    Document& document() { return m_document; }
     void logErrorMessage(const String& message);
 
@@ -148 +148 @@
 #endif
 
-    Ref<ScriptExecutionContext> m_scriptExecutionContext;
+    Ref<Document> m_document;
     Ref<SecurityOrigin> m_contextThreadSecurityOrigin;
     Ref<SecurityOrigin> m_databaseThreadSecurityOrigin;

trunk/Source/WebCore/Modules/webdatabase/DatabaseContext.cpp

@@ -95 +95 @@
 
 
-DatabaseContext::DatabaseContext(ScriptExecutionContext& context)
-    : ActiveDOMObject(&context)
+DatabaseContext::DatabaseContext(Document& document)
+    : ActiveDOMObject(document)
 {
     // ActiveDOMObject expects this to be called to set internal flags.
     suspendIfNeeded();
 
-    ASSERT(!context.databaseContext());
-    context.setDatabaseContext(this);
+    ASSERT(!document.databaseContext());
+    document.setDatabaseContext(this);
 }
 

trunk/Source/WebCore/Modules/webdatabase/DatabaseContext.h

@@ -61 +61 @@
     void databaseExceededQuota(const String& name, DatabaseDetails);
 
-    using ActiveDOMObject::scriptExecutionContext;
+    Document* document() const { return downcast<Document>(ActiveDOMObject::scriptExecutionContext()); }
     const SecurityOriginData& securityOrigin() const;
 
@@ -67 +67 @@
 
 private:
-    explicit DatabaseContext(ScriptExecutionContext&);
+    explicit DatabaseContext(Document&);
 
     void stopDatabases() { stopDatabases(nullptr); }

trunk/Source/WebCore/Modules/webdatabase/DatabaseManager.cpp

@@ -32 +32 @@
 #include "DatabaseTask.h"
 #include "DatabaseTracker.h"
+#include "Document.h"
 #include "InspectorInstrumentation.h"
 #include "Logging.h"
 #include "PlatformStrategies.h"
 #include "ScriptController.h"
-#include "ScriptExecutionContext.h"
 #include "SecurityOrigin.h"
 #include "SecurityOriginData.h"
@@ -98 +98 @@
 }
 
-Ref<DatabaseContext> DatabaseManager::databaseContext(ScriptExecutionContext& context)
-{
-    if (auto databaseContext = context.databaseContext())
+Ref<DatabaseContext> DatabaseManager::databaseContext(Document& document)
+{
+    if (auto databaseContext = document.databaseContext())
         return *databaseContext;
-    return adoptRef(*new DatabaseContext(context));
+    return adoptRef(*new DatabaseContext(document));
 }
 
 #if LOG_DISABLED
 
-static inline void logOpenDatabaseError(ScriptExecutionContext&, const String&)
+static inline void logOpenDatabaseError(Document&, const String&)
 {
 }
@@ -113 +113 @@
 #else
 
-static void logOpenDatabaseError(ScriptExecutionContext& context, const String& name)
-{
-    LOG(StorageAPI, "Database %s for origin %s not allowed to be established", name.utf8().data(), context.securityOrigin()->toString().utf8().data());
+static void logOpenDatabaseError(Document& document, const String& name)
+{
+    LOG(StorageAPI, "Database %s for origin %s not allowed to be established", name.utf8().data(), document.securityOrigin().toString().utf8().data());
 }
 
 #endif
 
-ExceptionOr<Ref<Database>> DatabaseManager::openDatabaseBackend(ScriptExecutionContext& context, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase)
-{
-    auto backend = tryToOpenDatabaseBackend(context, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase, FirstTryToOpenDatabase);
+ExceptionOr<Ref<Database>> DatabaseManager::openDatabaseBackend(Document& document, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase)
+{
+    auto backend = tryToOpenDatabaseBackend(document, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase, FirstTryToOpenDatabase);
 
     if (backend.hasException()) {
@@ -130 +130 @@
             // one more try after if that is the case.
             {
-                // FIXME: What guarantees context.securityOrigin() is non-null?
-                ProposedDatabase proposedDatabase { *this, *context.securityOrigin(), name, displayName, estimatedSize };
-                this->databaseContext(context)->databaseExceededQuota(name, proposedDatabase.details());
+                ProposedDatabase proposedDatabase { *this, document.securityOrigin(), name, displayName, estimatedSize };
+                this->databaseContext(document)->databaseExceededQuota(name, proposedDatabase.details());
             }
-            backend = tryToOpenDatabaseBackend(context, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase, RetryOpenDatabase);
+            backend = tryToOpenDatabaseBackend(document, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase, RetryOpenDatabase);
         }
     }
@@ -140 +139 @@
     if (backend.hasException()) {
         if (backend.exception().code() == InvalidStateError)
-            logErrorMessage(context, backend.exception().message());
+            logErrorMessage(document, backend.exception().message());
         else
-            logOpenDatabaseError(context, name);
+            logOpenDatabaseError(document, name);
     }
 
@@ -148 +147 @@
 }
 
-ExceptionOr<Ref<Database>> DatabaseManager::tryToOpenDatabaseBackend(ScriptExecutionContext& scriptContext, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase,
+ExceptionOr<Ref<Database>> DatabaseManager::tryToOpenDatabaseBackend(Document& document, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase,
     OpenAttempt attempt)
 {
-    if (is<Document>(&scriptContext)) {
-        auto* page = downcast<Document>(scriptContext).page();
-        if (!page || page->usesEphemeralSession())
-            return Exception { SecurityError };
-    }
-
-    if (scriptContext.isWorkerGlobalScope()) {
-        ASSERT_NOT_REACHED();
+    auto* page = document.page();
+    if (!page || page->usesEphemeralSession())
         return Exception { SecurityError };
-    }
-
-    auto backendContext = this->databaseContext(scriptContext);
+
+    auto backendContext = this->databaseContext(document);
 
     ExceptionOr<void> preflightResult;
@@ -199 +191 @@
 }
 
-ExceptionOr<Ref<Database>> DatabaseManager::openDatabase(ScriptExecutionContext& context, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, RefPtr<DatabaseCallback>&& creationCallback)
+ExceptionOr<Ref<Database>> DatabaseManager::openDatabase(Document& document, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, RefPtr<DatabaseCallback>&& creationCallback)
 {
     ScriptController::initializeThreading();
 
     bool setVersionInNewDatabase = !creationCallback;
-    auto openResult = openDatabaseBackend(context, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase);
+    auto openResult = openDatabaseBackend(document, name, expectedVersion, displayName, estimatedSize, setVersionInNewDatabase);
     if (openResult.hasException())
         return openResult.releaseException();
@@ -210 +202 @@
     RefPtr<Database> database = openResult.releaseReturnValue();
 
-    auto databaseContext = this->databaseContext(context);
+    auto databaseContext = this->databaseContext(document);
     databaseContext->setHasOpenDatabases();
     InspectorInstrumentation::didOpenDatabase(*database);
@@ -217 +209 @@
         LOG(StorageAPI, "Scheduling DatabaseCreationCallbackTask for database %p\n", database.get());
         database->setHasPendingCreationEvent(true);
-        database->m_scriptExecutionContext->postTask([creationCallback, database] (ScriptExecutionContext&) {
+        database->m_document->postTask([creationCallback, database] (ScriptExecutionContext&) {
             creationCallback->handleEvent(*database);
             database->setHasPendingCreationEvent(false);
@@ -226 +218 @@
 }
 
-bool DatabaseManager::hasOpenDatabases(ScriptExecutionContext& context)
-{
-    auto databaseContext = context.databaseContext();
+bool DatabaseManager::hasOpenDatabases(Document& document)
+{
+    auto databaseContext = document.databaseContext();
     return databaseContext && databaseContext->hasOpenDatabases();
 }
 
-void DatabaseManager::stopDatabases(ScriptExecutionContext& context, DatabaseTaskSynchronizer* synchronizer)
-{
-    auto databaseContext = context.databaseContext();
+void DatabaseManager::stopDatabases(Document& document, DatabaseTaskSynchronizer* synchronizer)
+{
+    auto databaseContext = document.databaseContext();
     if (!databaseContext || !databaseContext->stopDatabases(synchronizer)) {
         if (synchronizer)
@@ -268 +260 @@
 }
 
-void DatabaseManager::logErrorMessage(ScriptExecutionContext& context, const String& message)
-{
-    context.addConsoleMessage(MessageSource::Storage, MessageLevel::Error, message);
+void DatabaseManager::logErrorMessage(Document& document, const String& message)
+{
+    document.addConsoleMessage(MessageSource::Storage, MessageLevel::Error, message);
 }
 

trunk/Source/WebCore/Modules/webdatabase/DatabaseManager.h

@@ -39 +39 @@
 class DatabaseManagerClient;
 class DatabaseTaskSynchronizer;
+class Document;
 class Exception;
 class SecurityOrigin;
-class ScriptExecutionContext;
 struct SecurityOriginData;
 
@@ -56 +56 @@
     WEBCORE_EXPORT void setIsAvailable(bool);
 
-    // This gets a DatabaseContext for the specified ScriptExecutionContext.
+    // This gets a DatabaseContext for the specified Document.
     // If one doesn't already exist, it will create a new one.
-    Ref<DatabaseContext> databaseContext(ScriptExecutionContext&);
+    Ref<DatabaseContext> databaseContext(Document&);
 
-    ExceptionOr<Ref<Database>> openDatabase(ScriptExecutionContext&, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, RefPtr<DatabaseCallback>&&);
+    ExceptionOr<Ref<Database>> openDatabase(Document&, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, RefPtr<DatabaseCallback>&&);
 
-    WEBCORE_EXPORT bool hasOpenDatabases(ScriptExecutionContext&);
-    void stopDatabases(ScriptExecutionContext&, DatabaseTaskSynchronizer*);
+    WEBCORE_EXPORT bool hasOpenDatabases(Document&);
+    void stopDatabases(Document&, DatabaseTaskSynchronizer*);
 
     WEBCORE_EXPORT String fullPathForDatabase(SecurityOrigin&, const String& name, bool createIfDoesNotExist = true);
@@ -76 +76 @@
 
     enum OpenAttempt { FirstTryToOpenDatabase, RetryOpenDatabase };
-    ExceptionOr<Ref<Database>> openDatabaseBackend(ScriptExecutionContext&, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase);
-    ExceptionOr<Ref<Database>> tryToOpenDatabaseBackend(ScriptExecutionContext&, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase, OpenAttempt);
+    ExceptionOr<Ref<Database>> openDatabaseBackend(Document&, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase);
+    ExceptionOr<Ref<Database>> tryToOpenDatabaseBackend(Document&, const String& name, const String& expectedVersion, const String& displayName, unsigned estimatedSize, bool setVersionInNewDatabase, OpenAttempt);
 
     class ProposedDatabase;
@@ -83 +83 @@
     void removeProposedDatabase(ProposedDatabase&);
 
-    static void logErrorMessage(ScriptExecutionContext&, const String& message);
+    static void logErrorMessage(Document&, const String& message);
 
     DatabaseManagerClient* m_client { nullptr };

trunk/Source/WebCore/Modules/webdatabase/SQLStatement.cpp

@@ -30 +30 @@
 
 #include "Database.h"
+#include "Document.h"
 #include "Logging.h"
 #include "SQLError.h"
@@ -78 +79 @@
     : m_statement(statement.isolatedCopy())
     , m_arguments(WTFMove(arguments))
-    , m_statementCallbackWrapper(WTFMove(callback), &database.scriptExecutionContext())
-    , m_statementErrorCallbackWrapper(WTFMove(errorCallback), &database.scriptExecutionContext())
+    , m_statementCallbackWrapper(WTFMove(callback), &database.document())
+    , m_statementErrorCallbackWrapper(WTFMove(errorCallback), &database.document())
     , m_permissions(permissions)
 {

trunk/Source/WebCore/Modules/webdatabase/SQLTransaction.cpp

@@ -35 +35 @@
 #include "DatabaseThread.h"
 #include "DatabaseTracker.h"
+#include "Document.h"
 #include "Logging.h"
 #include "OriginLock.h"
@@ -60 +61 @@
 SQLTransaction::SQLTransaction(Ref<Database>&& database, RefPtr<SQLTransactionCallback>&& callback, RefPtr<VoidCallback>&& successCallback, RefPtr<SQLTransactionErrorCallback>&& errorCallback, RefPtr<SQLTransactionWrapper>&& wrapper, bool readOnly)
     : m_database(WTFMove(database))
-    , m_callbackWrapper(WTFMove(callback), &m_database->scriptExecutionContext())
-    , m_successCallbackWrapper(WTFMove(successCallback), &m_database->scriptExecutionContext())
-    , m_errorCallbackWrapper(WTFMove(errorCallback), &m_database->scriptExecutionContext())
+    , m_callbackWrapper(WTFMove(callback), &m_database->document())
+    , m_successCallbackWrapper(WTFMove(successCallback), &m_database->document())
+    , m_errorCallbackWrapper(WTFMove(errorCallback), &m_database->document())
     , m_wrapper(WTFMove(wrapper))
     , m_nextStep(&SQLTransaction::acquireLock)

trunk/Source/WebCore/inspector/InspectorInstrumentation.h

@@ -1202 +1202 @@
 {
     FAST_RETURN_IF_NO_FRONTENDS(void());
-    if (auto* instrumentingAgents = instrumentingAgentsForContext(database.scriptExecutionContext()))
+    if (auto* instrumentingAgents = instrumentingAgentsForContext(database.document()))
         didOpenDatabaseImpl(*instrumentingAgents, database);
 }

trunk/Source/WebCore/inspector/agents/InspectorDatabaseAgent.cpp

@@ -279 +279 @@
     }
 
-    database->transaction(TransactionCallback::create(&database->scriptExecutionContext(), query, requestCallback.copyRef()),
-        TransactionErrorCallback::create(&database->scriptExecutionContext(), requestCallback.copyRef()),
-        TransactionSuccessCallback::create(&database->scriptExecutionContext()));
+    database->transaction(TransactionCallback::create(&database->document(), query, requestCallback.copyRef()),
+        TransactionErrorCallback::create(&database->document(), requestCallback.copyRef()),
+        TransactionSuccessCallback::create(&database->document()));
 }