Changeset 81999 in webkit

Timestamp:

Mar 25, 2011 4:01:00 PM (13 years ago)

Author:

kinuko@chromium.org

Message:

2011-03-25 Kinuko Yasuda <​kinuko@chromium.org>

Reviewed by David Levin.

Data race between ~WorkerFileSystemCallbacksBridge and runTasksOnWorkerThread
​https://bugs.webkit.org/show_bug.cgi?id=56138
Stopped passing the WorkerFileSystemCallbacksBridge's reference to
MainThreadFileSystemCallbacks so that in most cases (in normal cases)
its reference is only maintained by WorkerThread.

• src/WorkerFileSystemCallbacksBridge.cpp: (WebKit::MainThreadFileSystemCallbacks::createLeakedPtr): (WebKit::MainThreadFileSystemCallbacks::MainThreadFileSystemCallbacks): (WebKit::WorkerFileSystemCallbacksBridge::mayPostTaskToWorker):
• src/WorkerFileSystemCallbacksBridge.h:

Location:

trunk/Source/WebKit/chromium

Files:

• ChangeLog (modified) (1 diff)
• src/WorkerFileSystemCallbacksBridge.cpp (modified) (3 diffs)
• src/WorkerFileSystemCallbacksBridge.h (modified) (1 diff)

trunk/Source/WebKit/chromium/ChangeLog

@@ +1 @@
+2011-03-25  Kinuko Yasuda  <kinuko@chromium.org>
+
+        Reviewed by David Levin.
+
+        Data race between ~WorkerFileSystemCallbacksBridge and runTasksOnWorkerThread
+        https://bugs.webkit.org/show_bug.cgi?id=56138
+        Stopped passing the WorkerFileSystemCallbacksBridge's reference to
+        MainThreadFileSystemCallbacks so that in most cases (in normal cases)
+        its reference is only maintained by WorkerThread.
+
+        * src/WorkerFileSystemCallbacksBridge.cpp:
+        (WebKit::MainThreadFileSystemCallbacks::createLeakedPtr):
+        (WebKit::MainThreadFileSystemCallbacks::MainThreadFileSystemCallbacks):
+        (WebKit::WorkerFileSystemCallbacksBridge::mayPostTaskToWorker):
+        * src/WorkerFileSystemCallbacksBridge.h:
+
 2011-03-24  John Abd-El-Malek  <jam@chromium.org>
 

trunk/Source/WebKit/chromium/src/WorkerFileSystemCallbacksBridge.cpp

@@ -87 +87 @@
 public:
     // Callbacks are self-destructed and we always return leaked pointer here.
-    static MainThreadFileSystemCallbacks* createLeakedPtr(PassRefPtr<WorkerFileSystemCallbacksBridge> bridge, const String& mode)
+    static MainThreadFileSystemCallbacks* createLeakedPtr(WorkerFileSystemCallbacksBridge* bridge, const String& mode)
     {
         OwnPtr<MainThreadFileSystemCallbacks> callbacks = adoptPtr(new MainThreadFileSystemCallbacks(bridge, mode));
@@ -128 +128 @@
 
 private:
-    MainThreadFileSystemCallbacks(PassRefPtr<WorkerFileSystemCallbacksBridge> bridge, const String& mode)
+    MainThreadFileSystemCallbacks(WorkerFileSystemCallbacksBridge* bridge, const String& mode)
         : m_bridge(bridge)
         , m_mode(mode)
     {
-        ASSERT(m_bridge.get());
+        ASSERT(m_bridge);
     }
 
     friend class WorkerFileSystemCallbacksBridge;
-    RefPtr<WorkerFileSystemCallbacksBridge> m_bridge;
+    // The bridge pointer is kept by the bridge itself on the WorkerThread.
+    WorkerFileSystemCallbacksBridge* m_bridge;
     const String m_mode;
 };
@@ -382 +383 @@
 {
     ASSERT(isMainThread());
-    { // Let go of the mutex before possibly deleting this due to m_selfRef.clear().
-        MutexLocker locker(m_mutex);
-        if (m_worker)
-            m_worker->postTaskForModeToWorkerContext(createCallbackTask(&runTaskOnWorkerThread, m_selfRef, task), mode);
-    }
-    m_selfRef.clear();
+    MutexLocker locker(m_mutex);
+    if (m_worker)
+        m_worker->postTaskForModeToWorkerContext(createCallbackTask(&runTaskOnWorkerThread, m_selfRef.release(), task), mode);
 }
 

trunk/Source/WebKit/chromium/src/WorkerFileSystemCallbacksBridge.h

@@ -139 +139 @@
     void mayPostTaskToWorker(PassOwnPtr<WebCore::ScriptExecutionContext::Task>, const String& mode);
 
-    // m_selfRef keeps a reference to itself until a task is created for the worker thread (at which point the task holds the reference).
+    // m_selfRef keeps a reference to itself while there's a pending callback on the main thread.
     RefPtr<WorkerFileSystemCallbacksBridge> m_selfRef;