IndexedDB 2.0: Fix flaky crashes in IDB GC-related code During GC sweeps we're sometimes seeing: 1 0x10ef2cc5d WTFCrash 2 0x10ea882c5 void WTF::HashTable<void*, void*, WTF::IdentityExtractor, WTF::PtrHash<void*>, WTF::HashTraits<void*>, WTF::HashTraits<void*> >::checkKey<WTF::IdentityHashTranslator<WTF::HashTraits<void*>, WTF::PtrHash<void*> >, void*>(void* const&) 3 0x10ed110ef WTF::HashTableAddResult<WTF::HashTableIterator<void*, void*, WTF::IdentityExtractor, WTF::PtrHash<void*>, WTF::HashTraits<void*>, WTF::HashTraits<void*> > > WTF::HashTable<void*, void*, WTF::IdentityExtractor, WTF::PtrHash<void*>, WTF::HashTraits<void*>, WTF::HashTraits<void*> >::add<WTF::IdentityHashTranslator<WTF::HashTraits<void*>, WTF::PtrHash<void*> >, void* const&, void* const&>(void* const&&&, void* const&&&) 4 0x10ed110a3 WTF::HashTable<void*, void*, WTF::IdentityExtractor, WTF::PtrHash<void*>, WTF::HashTraits<void*>, WTF::HashTraits<void*> >::add(void* const&) 5 0x10ed0fa94 WTF::HashSet<void*, WTF::PtrHash<void*>, WTF::HashTraits<void*> >::add(void* const&) 6 0x10ed0fb2f JSC::OpaqueRootSet::add(void*) 7 0x10ed0fa5d JSC::SlotVisitor::addOpaqueRoot(void*) 8 0x11731e651 WebCore::IDBTransaction::visitReferencedObjectStores(JSC::SlotVisitor&) const 9 0x116d081d5 WebCore::JSIDBTransaction::visitAdditionalChildren(JSC::SlotVisitor&) 10 0x117a7ca32 WebCore::JSIDBTransaction::visitChildren(JSC::JSCell*, JSC::SlotVisitor&) 11 0x10ed0f450 JSC::SlotVisitor::visitChildren(JSC::JSCell const*) 12 0x10ed0f1f0 JSC::SlotVisitor::drain() ... And the reason is because in stack frame 8, we're passing a null pointer as an opaque root. Same thing happens in IDBObjectStore. The reason is that when transactions abort, we sometimes WTFMove the pointer out of the m_deletedObjects map, but leave the entry in the map, which causes this null ptr problem later. Simple solution is to remove the entry in the map, as well.
Created attachment 294378 [details] Patch
https://trac.webkit.org/changeset/208545