Bug 36671

Summary:

window.openDatabase() always fails for new databases when using WebKit nightly with Safari 4.0.5

Product:

WebKit

Reporter:

Dumitru Daniliuc <dumi>

Component:

New Bugs

Assignee:

Eric U. <ericu>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, aroben, beidson, commit-queue, dimich, ericu, laszlo.gombos, levin, webkit.review.bot

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Patch	none
Fix the fix.	none
another patch	ap: review+, dumi: commit-queue-

Description Dumitru Daniliuc 2010-03-26 12:29:43 PDT

1. Delete all Safari HTML5 databases.
2. WebKitTools/Scripts/build-webkit --debug (not sure if the --debug flag changes anything, but i haven't tried this in release mode)
3. WebKitTools/Scripts/run-safari --debug
4. Run any code that tries to open a database.

RESULTS: openDatabase() fails (returns NULL)

EXPECTED: openDatabase() succeeds.

PROBLEM: When we try to open a database in a new origin (that is not in the tracker database Databases.db), DatabaseTracker::canEstablishDatabase() makes a call to ScriptExecutionContext::databaseExceededQuota(), which eventually calls WebChromeClient::exceededDatabaseQuota(), which is supposed to give this new origin 5MB of space. That does not happen: WebChromeClient::exceededDatabaseQuota() calls some private delegate, which does not change anything, as far as the database code is concerned.

This problem does not exist in Safari. It only shows up when running Safari using the WebKit library built from the open source tree.

Comment 1 Adam Roben (:aroben) 2010-03-26 12:36:43 PDT

<rdar://problem/7798809>

Comment 2 Brady Eidson 2010-04-02 13:33:11 PDT

Still tracing through code now, but this probably broke in http://trac.webkit.org/changeset/56293

Comment 3 Dmitry Titov 2010-04-02 13:47:27 PDT

Just a data point: this issue does not appear in ToT Webkit + Safari 4.0.4

Comment 4 Brady Eidson 2010-04-02 13:48:22 PDT

I still don't know *for sure* that this was 56293, but am still highly suspicious.

What's happening is that in WebChromeClient::exceededDatabaseQuota(), Safari is asking for the current details for the database using DatabaseTracker::detailsForNameAndOrigin().

Previously, Safari would actually get a valid answer from WebKit.

Now, it's getting nothing back because the "too be created" database isn't found in m_proposedDatabases.

Comment 5 Brady Eidson 2010-04-02 13:49:52 PDT

"to be created", of course.

Comment 6 Brady Eidson 2010-04-02 13:52:25 PDT

(In reply to comment #3)
> Just a data point: this issue does not appear in ToT Webkit + Safari 4.0.4

Yah.  I haven't tracked down exactly what changed in Safari 4.0.5 on Windows quite yet (note it doesn't even affect Safari 4.0.5 on Mac.)

But - as my previous comments show - I think I have the specific WebKit change in behavior narrowed down.

Still working on it.

Comment 7 Eric U. 2010-04-02 14:17:05 PDT

(In reply to comment #4)
> I still don't know *for sure* that this was 56293, but am still highly
> suspicious.
> 
> What's happening is that in WebChromeClient::exceededDatabaseQuota(), Safari is
> asking for the current details for the database using
> DatabaseTracker::detailsForNameAndOrigin().
> 
> Previously, Safari would actually get a valid answer from WebKit.
> 
> Now, it's getting nothing back because the "too be created" database isn't
> found in m_proposedDatabases.

I haven't tried running a fix yet, but I'll bet this is the bug: the search through m_proposed databases uses '==' to compare the SecurityOrigins, but it's stored a threadsafeCopy, so a pointer comparison always fails.  It should be using SecurityOriginHash to compare them.  I'll go get set up to test a fix.

Comment 8 Brady Eidson 2010-04-02 14:21:20 PDT

(In reply to comment #7)
> 
> I haven't tried running a fix yet, but I'll bet this is the bug: the search
> through m_proposed databases uses '==' to compare the SecurityOrigins, but it's
> stored a threadsafeCopy, so a pointer comparison always fails.  It should be
> using SecurityOriginHash to compare them.  I'll go get set up to test a fix.

I had suspected this and just confirmed it stepping through.

Thanks for working on a fix - I'll be ready to strike on the review.

Comment 9 Eric U. 2010-04-02 15:16:08 PDT

Created attachment 52455 [details]
Patch

Comment 10 Eric U. 2010-04-02 15:17:29 PDT

Comment on attachment 52455 [details]
Patch

Brady--I do my webkit dev on a Mac, so I can't verify that this patch fixes the bug.  Would you mind doing a quick test?  I've at least made sure it does no harm.

Comment 11 Brady Eidson 2010-04-02 15:23:52 PDT

Comment on attachment 52455 [details]
Patch

r+

I can't get to testing it on Windows this instant, but I agree with the whole line of thinking about the source of the bug, and there's definitely no harm in this change.

In fact, I can tell you that Safari Mac working and your patch was an accident before, and this makes it work "the old, more correct way"  :)

Go ahead and land it and I'll confirm on Windows later.

Comment 12 Brady Eidson 2010-04-02 15:24:07 PDT

Comment on attachment 52455 [details]
Patch

Actually setting r+ this time.  :)

Comment 13 Eric U. 2010-04-02 15:27:09 PDT

I'm actually not a committer yet; could you please cq+ or commit?

Comment 14 Brady Eidson 2010-04-02 16:18:09 PDT

Done.

Comment 15 WebKit Commit Bot 2010-04-02 17:16:47 PDT

Comment on attachment 52455 [details]
Patch

Clearing flags on attachment: 52455

Committed r57036: <http://trac.webkit.org/changeset/57036>

Comment 16 WebKit Commit Bot 2010-04-02 17:16:54 PDT

All reviewed patches have been landed.  Closing bug.

Comment 17 Adam Roben (:aroben) 2010-04-05 07:04:48 PDT

Comment on attachment 52455 [details]
Patch

>      for (HashSet<ProposedDatabase*>::iterator iter = m_proposedDatabases.begin(); iter != m_proposedDatabases.end(); ++iter)
> -        if ((*iter)->first == origin && (*iter)->second.name() == name)
> +        if ((*iter)->second.name() == name && SecurityOriginHash::hash((*iter)->first) == SecurityOriginHash::hash(origin))
>              return String();

Having identical hash codes does not guarantee equality. I think you should be using SecurityOrigin::equal instead.

Comment 18 Brady Eidson 2010-04-05 08:52:04 PDT

Indeed, Adam is totally correct.  Keen eye, thank you!

Comment 19 Eric U. 2010-04-05 13:11:40 PDT

Created attachment 52562 [details]
Fix the fix.

D'oh!

Here's the right fix.

Comment 20 Brady Eidson 2010-04-05 13:41:32 PDT

Comment on attachment 52562 [details]
Fix the fix.

Yup.

Comment 21 WebKit Commit Bot 2010-04-05 23:33:08 PDT

Comment on attachment 52562 [details]
Fix the fix.

Clearing flags on attachment: 52562

Committed r57128: <http://trac.webkit.org/changeset/57128>

Comment 22 WebKit Commit Bot 2010-04-05 23:33:14 PDT

All reviewed patches have been landed.  Closing bug.

Comment 23 Dumitru Daniliuc 2010-04-09 01:56:07 PDT

This is still an issue in Safari + ToT WebKit on Windows.

Comment 24 Brady Eidson 2010-04-09 09:37:04 PDT

Hopefully Eric U can revisit this asap, because I won't be able to get to it for a bit.

Why on Earth are any layout tests failing?  I checked the windows skipped list and I don't think any of them are skipped.

Comment 25 Eric U. 2010-04-09 12:13:34 PDT

(In reply to comment #24)
> Hopefully Eric U can revisit this asap, because I won't be able to get to it
> for a bit.

What with the webkit meeting and some urgent personal business taking me out of town, I'm afraid I won't be able to look at this until at least 4/22.

> Why on Earth are any layout tests failing?  I checked the windows skipped list
> and I don't think any of them are skipped.

That may be Safari-only code; I'm not sure the layout tests invoke that particular path.

Comment 26 Dumitru Daniliuc 2010-04-09 13:07:40 PDT

I'll see if I can fix this today. Layout tests don't fail because they run in DRT, which correctly allocates 5MB to a new origin.

Comment 27 Adam Roben (:aroben) 2010-04-09 13:13:32 PDT

(In reply to comment #26)
> I'll see if I can fix this today. Layout tests don't fail because they run in
> DRT, which correctly allocates 5MB to a new origin.

Maybe we need to add a way to make DRT act like Safari in this respect, so that we can test this.

Comment 28 Dumitru Daniliuc 2010-04-14 15:34:22 PDT

Created attachment 53376 [details]
another patch

Tested on Windows Vista.

Comment 29 WebKit Review Bot 2010-04-14 15:35:32 PDT

Attachment 53376 [details] did not pass style-queue:

Failed to run "WebKitTools/Scripts/check-webkit-style" exit_code: 1
WebCore/ChangeLog:6:  Line contains tab character.  [whitespace/tab] [5]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 30 Dumitru Daniliuc 2010-04-14 15:37:03 PDT

Will fix the TAB in WebCore/ChangeLog when landing, unless there are other comments.

Comment 31 Alexey Proskuryakov 2010-04-16 13:18:07 PDT

Comment on attachment 53376 [details]
another patch

r=me

Please fix the tab, and also please explain the fix in ChangeLog. It looks like it's changing the same code that the previous patch changed, but it's actually applying the same fix at another location.

Comment 32 Dumitru Daniliuc 2010-04-16 15:12:04 PDT

Second patch landed as r57754.