WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
108285
Crashed while ref'ing DatabaseContext in DatabaseManager::interruptAllDatabasesForContext()
https://bugs.webkit.org/show_bug.cgi?id=108285
Summary
Crashed while ref'ing DatabaseContext in DatabaseManager::interruptAllDatabas...
Keishi Hattori
Reported
2013-01-29 19:35:11 PST
crash log for DumpRenderTree (pid 3449): STDOUT: <empty> STDERR: ASSERTION FAILED: m_verifier.isSafeToUse() STDERR: ../../third_party/WebKit/Source/WTF/wtf/RefCounted.h(58) : void WTF::RefCountedBase::ref() STDERR: 1 0x362f91e7 WTF::RefCountedBase::ref() STDERR: 2 0x388a3ee1 WebCore::DatabaseManager::existingDatabaseContextFor(WebCore::ScriptExecutionContext*) STDERR: 3 0x388a5303 WebCore::DatabaseManager::interruptAllDatabasesForContext(WebCore::ScriptExecutionContext*) STDERR: 4 0x394bdaa1 WebCore::WorkerThread::stop() STDERR: 5 0x394af01c WebCore::WorkerMessagingProxy::terminateWorkerContext() STDERR: 6 0x36550752 WebKit::WebWorkerClientImpl::terminateWorkerContext() STDERR: 7 0x3949c9c4 WebCore::Worker::terminate() STDERR: 8 0x3949ca5b WebCore::Worker::stop() STDERR: 9 0x372267aa WebCore::ScriptExecutionContext::stopActiveDOMObjects() STDERR: 10 0x3704cb73 WebCore::Document::detach() STDERR: 11 0x3704d231 WebCore::Document::prepareForDestruction() STDERR: 12 0x39361aa0 WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) STDERR: 13 0x393653e6 WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) STDERR: 14 0x36474b49 WebKit::WebFrameImpl::createFrameView() STDERR: 15 0x363a48ce WebKit::FrameLoaderClientImpl::makeDocumentView() STDERR: 16 0x363aa3db WebKit::FrameLoaderClientImpl::transitionToCommittedForNewPage() STDERR: 17 0x391db843 WebCore::FrameLoader::transitionToCommitted(WTF::PassRefPtr<WebCore::CachedPage>) STDERR: 18 0x391daa22 WebCore::FrameLoader::commitProvisionalLoad() STDERR: 19 0x391917fd WebCore::DocumentLoader::commitIfReady() STDERR: 20 0x39191f73 WebCore::DocumentLoader::commitLoad(char const*, int) STDERR: 21 0x3919274d WebCore::DocumentLoader::receivedData(char const*, int) STDERR: 22 0x39201008 WebCore::MainResourceLoader::dataReceived(WebCore::CachedResource*, char const*, int) STDERR: 23 0x3926d121 WebCore::CachedRawResource::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) STDERR: 24 0x3922fbed WebCore::SubresourceLoader::sendDataToResource(char const*, int) STDERR: 25 0x3922ff47 WebCore::SubresourceLoader::didReceiveData(char const*, int, long long, bool) STDERR: 26 0x39228257 WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) STDERR: 27 0x36bae7c2 WebCore::ResourceHandleInternal::didReceiveData(WebKit::WebURLLoader*, char const*, int, int) STDERR: 28 0x317d49dc webkit_glue::WebURLLoaderImpl::Context::OnReceivedData(char const*, int, int) STDERR: 29 0x3102a54f (anonymous namespace)::RequestProxy::NotifyReceivedData(int) STDERR: 30 0x3102ac02 base::internal::RunnableAdapter<void ((anonymous namespace)::RequestProxy::*)(int)>::Run((anonymous namespace)::RequestProxy*, int const&) STDERR: 31 0x3102ab2f base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void ((anonymous namespace)::RequestProxy::*)(int)>, void ()((anonymous namespace)::RequestProxy* const&, int const&)>::MakeItSo(base::internal::RunnableAdapter<void ((anonymous namespace)::RequestProxy::*)(int)>, (anonymous namespace)::RequestProxy* const&, int const&) STDERR: Received signal 11 SEGV_MAPERR 0000bbadbeef STDERR: [0x000034c5601f] STDERR: [0x000034c55fbb] STDERR: [0x000034c55c4b] STDERR: [0x000097bb505b] STDERR: [0x0000ffffffff] STDERR: [0x0000388a3ee1] STDERR: [0x0000388a5303] STDERR: [0x0000394bdaa1] STDERR: [0x0000394af01c] STDERR: [0x000036550752] STDERR: [0x00003949c9c4] STDERR: [0x00003949ca5b] STDERR: [0x0000372267aa] STDERR: [0x00003704cb73] STDERR: [0x00003704d231] STDERR: [0x000039361aa0] STDERR: [0x0000393653e6] STDERR: [0x000036474b49] STDERR: [0x0000363a48ce] STDERR: [0x0000363aa3db] STDERR: [0x0000391db843] STDERR: [0x0000391daa22] STDERR: [0x0000391917fd] STDERR: [0x000039191f73] STDERR: [0x00003919274d] STDERR: [0x000039201008] STDERR: [0x00003926d121] STDERR: [0x00003922fbed] STDERR: [0x00003922ff47] STDERR: [0x000039228257] STDERR: [0x000036bae7c2] STDERR: [0x0000317d49dc] STDERR: [0x00003102a54f] STDERR: [0x00003102ac02] STDERR: [0x00003102ab2f] STDERR: [0x00003102aaa4] STDERR: [0x000034c41c1b] STDERR: [0x000034cd372b] STDERR: [0x000034cd3bf2] STDERR: [0x000034cd3df2] STDERR: [0x000034c1d7eb] STDERR: [0x000034c1cfa2] STDERR: [0x000098caa42b] STDERR: [0x000098ca7eef] STDERR: [0x000098ca73c4] STDERR: [0x000098ca71f1] STDERR: [0x000096fe5e04] STDERR: [0x000096fe5bb9] STDERR: [0x000096fe5a3e] STDERR: [0x000093429595] STDERR: [0x000093428dd6] STDERR: [0x0000933eb1f3] STDERR: [0x000034c1e71e] STDERR: [0x000034c1d558] STDERR: [0x000034cd2f72] STDERR: [0x000034cd2e2b] STDERR: [0x000034d3fe88] STDERR: [0x000034cd2226] STDERR: [0x00003105d6b7] STDERR: [0x000030efe9e9] STDERR: [0x000030ee9f87] STDERR: [0x000030eb6258] STDERR: ax: bbadbeef, bx: 0, cx: e022b7cb, dx: e022b7cb STDERR: di: 3957cd2c, si: 3957cfbe, bp: bfffc648, sp: bfffc610, ss: 23, flags: 10282 STDERR: ip: 362f91f1, cs: 1b, ds: 23, es: 23, fs: 0, gs: f
Attachments
The fix.
(4.63 KB, patch)
2013-01-30 14:12 PST
,
Mark Lam
ap
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Mark Lam
Comment 1
2013-01-30 09:36:43 PST
WebCore::DatabaseManager::interruptAllDatabasesForContext() is the only API that can access another thread's DatabaseContext. Since DatabaseContext is ref counted and can be ref'ed by another thread (in the interrupt case), it should extend ThreadSafeRefCounted instead of the RefCounted. Investigating the fix right now.
Mark Lam
Comment 2
2013-01-30 14:12:30 PST
Created
attachment 185565
[details]
The fix.
Mark Lam
Comment 3
2013-01-30 14:14:06 PST
Comment on
attachment 185565
[details]
The fix. View in context:
https://bugs.webkit.org/attachment.cgi?id=185565&action=review
> Source/WebCore/ChangeLog:14 > + This reflects the contract that another thread (calling doing the
Typo in comment. Will remove "calling".
Alexey Proskuryakov
Comment 4
2013-01-30 14:34:29 PST
Comment on
attachment 185565
[details]
The fix. View in context:
https://bugs.webkit.org/attachment.cgi?id=185565&action=review
r=me on ThreadSafeRefCounted part.
> Source/WebCore/Modules/webdatabase/DatabaseManager.cpp:353 > -void DatabaseManager::interruptAllDatabasesForContext(ScriptExecutionContext* context) > +void DatabaseManager::interruptAllDatabasesForContext(const ScriptExecutionContext* context)
I do not think that we should be using "const ScriptExecutionContext*" here, or anywhere. These are huge "world" objects that are never actually immutable, and saying that they are constant for the purposes of a particular function does not have any semantic meaning that I could catch. For example, you are passing context as constant here. But interrupting all databases for context modifies the context in a very noticeable way!
Mark Lam
Comment 5
2013-01-30 14:47:55 PST
Removed "const" changes. Landed in
r141320
: <
http://trac.webkit.org/changeset/141320
>.
Alan Cutter
Comment 6
2013-01-30 23:07:45 PST
Thanks Mark, the Chromium debug tests are happily passing again. Chromium expectations updated on:
http://trac.webkit.org/changeset/141365
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug