Bug 200517

Summary: Regression(r247784) ResourceLoadStatisticsMemoryStore / ResourceLoadStatisticsPersistentStorage may get destroyed on the wrong thread
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: WebKit2Assignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, ggaren, rniwa, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 200071    
Attachments:
Description Flags
Patch none

Description Chris Dumez 2019-08-07 13:38:02 PDT 
ResourceLoadStatisticsMemoryStore / ResourceLoadStatisticsPersistentStorage may get destroyed on the wrong thread after r247784.
Comment 1 Chris Dumez 2019-08-07 13:38:46 PDT 
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef)
    frame #0: 0x000000010d78bbde JavaScriptCore`::WTFCrash() at Assertions.cpp:305:35
  * frame #1: 0x0000000104966cdb WebKit`WTFCrashWithInfo((null)=183, (null)="/Volumes/Data/Development/system/webkit/OpenSource/Source/WebKit/NetworkProcess/Classifier/WebResourceLoadStatisticsStore.cpp", (null)="WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore()", (null)=818) at Assertions.h:568:5
    frame #2: 0x0000000104dbe1f9 WebKit`WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore(this=0x00000001046d8000) at WebResourceLoadStatisticsStore.cpp:183:5
    frame #3: 0x0000000104dbe3a5 WebKit`WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore(this=0x00000001046d8000) at WebResourceLoadStatisticsStore.cpp:181:1
    frame #4: 0x0000000104d7183a WebKit`WTF::ThreadSafeRefCounted<WebKit::WebResourceLoadStatisticsStore, (WTF::DestructionThread)1>::deref(this=0x00007ffeeefb4d60) const::'lambda'()::operator()() const at ThreadSafeRefCounted.h:77:13
    frame #5: 0x0000000104d717a6 WebKit`WTF::ThreadSafeRefCounted<WebKit::WebResourceLoadStatisticsStore, (WTF::DestructionThread)1>::deref(this=0x00000001046d8000) const at ThreadSafeRefCounted.h:95:9
    frame #6: 0x0000000104d7171f WebKit`WTF::Ref<WebKit::WebResourceLoadStatisticsStore, WTF::DumbPtrTraits<WebKit::WebResourceLoadStatisticsStore> >::~Ref(this=0x00000001046f21a0) at Ref.h:60:39
    frame #7: 0x0000000104d4cbb5 WebKit`WTF::Ref<WebKit::WebResourceLoadStatisticsStore, WTF::DumbPtrTraits<WebKit::WebResourceLoadStatisticsStore> >::~Ref(this=0x00000001046f21a0) at Ref.h:54:5
    frame #8: 0x0000000104dca1e5 WebKit`WebKit::ResourceLoadStatisticsStore::updateClientSideCookiesAgeCap(this=0x00000001046f21a0)::$_11::~$_11() at ResourceLoadStatisticsStore.cpp:381:30
    frame #9: 0x0000000104dbbe65 WebKit`WebKit::ResourceLoadStatisticsStore::updateClientSideCookiesAgeCap(this=0x00000001046f21a0)::$_11::~$_11() at ResourceLoadStatisticsStore.cpp:381:30
    frame #10: 0x0000000104ddca71 WebKit`WTF::Detail::CallableWrapper<WebKit::ResourceLoadStatisticsStore::updateClientSideCookiesAgeCap()::$_11, void>::~CallableWrapper(this=0x00000001046f2198) at Function.h:46:7
    frame #11: 0x0000000104ddc995 WebKit`WTF::Detail::CallableWrapper<WebKit::ResourceLoadStatisticsStore::updateClientSideCookiesAgeCap()::$_11, void>::~CallableWrapper(this=0x00000001046f2198) at Function.h:46:7
    frame #12: 0x0000000104ddc9b9 WebKit`WTF::Detail::CallableWrapper<WebKit::ResourceLoadStatisticsStore::updateClientSideCookiesAgeCap()::$_11, void>::~CallableWrapper(this=0x00000001046f2198) at Function.h:46:7
    frame #13: 0x000000010d7a16af JavaScriptCore`std::__1::default_delete<WTF::Detail::CallableWrapperBase<void> >::operator(this=0x00007ffeeefb4f90, __ptr=0x00000001046f2198)(WTF::Detail::CallableWrapperBase<void>*) const at memory:2339:5
    frame #14: 0x000000010d7a162f JavaScriptCore`std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void> > >::reset(this=0x00007ffeeefb4f90, __p=0x0000000000000000) at memory:2652:7
    frame #15: 0x000000010d7a15c9 JavaScriptCore`std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void> > >::~unique_ptr(this=0x00007ffeeefb4f90) at memory:2606:19
    frame #16: 0x000000010d7a15a5 JavaScriptCore`std::__1::unique_ptr<WTF::Detail::CallableWrapperBase<void>, std::__1::default_delete<WTF::Detail::CallableWrapperBase<void> > >::~unique_ptr(this=0x00007ffeeefb4f90) at memory:2606:17
    frame #17: 0x000000010d7a1585 JavaScriptCore`WTF::Function<void ()>::~Function(this=0x00007ffeeefb4f90) at Function.h:59:26
    frame #18: 0x000000010d7a0a25 JavaScriptCore`WTF::Function<void ()>::~Function(this=0x00007ffeeefb4f90) at Function.h:59:26
    frame #19: 0x000000010d81a115 JavaScriptCore`WTF::RunLoop::performWork(this=0x00000001046f9000) at RunLoop.cpp:124:5
    frame #20: 0x000000010d81a99e JavaScriptCore`WTF::RunLoop::performWork(context=0x00000001046f9000) at RunLoopCF.cpp:38:37
    frame #21: 0x00007fff23b7e221 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
    frame #22: 0x00007fff23b7e14c CoreFoundation`__CFRunLoopDoSource0 + 76
    frame #23: 0x00007fff23b7d924 CoreFoundation`__CFRunLoopDoSources0 + 180
    frame #24: 0x00007fff23b7862f CoreFoundation`__CFRunLoopRun + 1263
    frame #25: 0x00007fff23b77e16 CoreFoundation`CFRunLoopRunSpecific + 438
    frame #26: 0x00007fff2575a02f Foundation`-[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 211
    frame #27: 0x00007fff2575a247 Foundation`-[NSRunLoop(NSRunLoop) run] + 76
    frame #28: 0x00007fff52ca3556 libxpc.dylib`_xpc_objc_main + 297
    frame #29: 0x00007fff52ca5bf7 libxpc.dylib`xpc_main + 132
    frame #30: 0x0000000104fbf6a9 WebKit`WebKit::XPCServiceMain((null)=1, (null)=0x00007ffeeefb6070) at XPCServiceMain.mm:147:5
    frame #31: 0x0000000105f39b5b WebKit`::WKXPCServiceMain(argc=1, argv=0x00007ffeeefb6070) at WKMain.mm:33:12
    frame #32: 0x0000000100c48f02 com.apple.WebKit.Networking.Development`main(argc=1, argv=0x00007ffeeefb6070) at AuxiliaryProcessMain.cpp:30:12
    frame #33: 0x00007fff52a7acd5 libdyld.dylib`start + 1
Comment 2 Chris Dumez 2019-08-07 13:46:38 PDT 
Created attachment 375747 [details]
Patch
Comment 3 Geoffrey Garen 2019-08-07 13:49:03 PDT 
Comment on attachment 375747 [details]
Patch

r=me
Comment 4 Geoffrey Garen 2019-08-07 15:14:17 PDT 
<rdar://problem/53935783>
Comment 5 Chris Dumez 2019-08-07 15:29:23 PDT 
Comment on attachment 375747 [details]
Patch

Clearing flags on attachment: 375747

Committed r248393: <https://trac.webkit.org/changeset/248393>
Comment 6 Chris Dumez 2019-08-07 15:29:26 PDT 
All reviewed patches have been landed.  Closing bug.