181381 – SWClientConnection should not keep references to service worker jobs

Bug 181381 - SWClientConnection should not keep references to service worker jobs

Summary: SWClientConnection should not keep references to service worker jobs

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Service Workers (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	youenn fablet

URL:
Keywords:	InRadar

Depends on:	181422
Blocks:
	Show dependency tree / graph

Reported:	2018-01-08 03:53 PST by youenn fablet
Modified:	2018-01-09 04:48 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (33.16 KB, patch) 2018-01-08 03:58 PST, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Patch for landing (40.76 KB, patch) 2018-01-08 05:37 PST, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Patch (32.82 KB, patch) 2018-01-08 06:28 PST, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Patch for landing (33.17 KB, patch) 2018-01-08 13:58 PST, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Patch for landing (32.84 KB, patch) 2018-01-09 04:13 PST, youenn fablet	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description youenn fablet 2018-01-08 03:53:44 PST

ServiceWorkerJob can be destroyed in the wrong thread, as shown in https://build.webkit.org/results/Apple%20El%20Capitan%20Debug%20WK2%20(Tests)/r226473%20(4864)/com.apple.WebKit.WebContent.Development-67744-crash-log.txt
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x0000000114eaaaa4 WTFCrash + 36 (Assertions.cpp:272)
1   com.apple.WebCore             	0x0000000107f6feae WebCore::ServiceWorkerJob::~ServiceWorkerJob() + 110 (ServiceWorkerJob.cpp:51)
2   com.apple.WebCore             	0x0000000107f6ff55 WebCore::ServiceWorkerJob::~ServiceWorkerJob() + 21 (ServiceWorkerJob.cpp:52)
3   com.apple.WebCore             	0x0000000107f6ff79 WebCore::ServiceWorkerJob::~ServiceWorkerJob() + 25 (ServiceWorkerJob.cpp:50)
4   com.apple.WebCore             	0x0000000107f6508f WTF::ThreadSafeRefCounted<WebCore::ServiceWorkerJob>::deref() const + 79 (ThreadSafeRefCounted.h:71)
5   com.apple.WebCore             	0x0000000107f65035 void WTF::derefIfNotNull<WebCore::ServiceWorkerJob>(WebCore::ServiceWorkerJob*) + 53 (RefPtr.h:46)
6   com.apple.WebCore             	0x0000000107f64ff9 WTF::RefPtr<WebCore::ServiceWorkerJob, WTF::DumbPtrTraits<WebCore::ServiceWorkerJob> >::~RefPtr() + 41 (RefPtr.h:70)
7   com.apple.WebCore             	0x0000000107f5bcd5 WTF::RefPtr<WebCore::ServiceWorkerJob, WTF::DumbPtrTraits<WebCore::ServiceWorkerJob> >::~RefPtr() + 21 (RefPtr.h:70)
8   com.apple.WebCore             	0x0000000107f486e9 WebCore::SWClientConnection::registrationJobResolvedInServer(WebCore::ServiceWorkerJobDataIdentifier const&, WebCore::ServiceWorkerRegistrationData&&, WebCore::ShouldNotifyWhenResolved) + 553 (SWClientConnection.cpp:110)

Comment 1 youenn fablet 2018-01-08 03:58:34 PST

Created attachment 330677 [details]
Patch

Comment 2 youenn fablet 2018-01-08 05:37:15 PST

Created attachment 330694 [details]
Patch for landing

Comment 3 youenn fablet 2018-01-08 06:28:29 PST

Created attachment 330699 [details]
Patch

Comment 4 Radar WebKit Bug Importer 2018-01-08 09:11:06 PST

<rdar://problem/36350422>

Comment 5 Chris Dumez 2018-01-08 10:56:45 PST

Comment on attachment 330699 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=330699&action=review

r=me with comments.

> Source/WebCore/workers/service/SWClientConnection.cpp:48
> +void SWClientConnection::scheduleJob(ServiceWorkerJobIdentifier jobIdentifier, DocumentOrWorkerIdentifier contextIdentifier, const ServiceWorkerJobData& jobData)

I do not believe you need the jobIdentifier parameters, you can get it from the jobData, no?

> Source/WebCore/workers/service/SWClientConnection.cpp:115
> +        failedFetchingScript(jobIdentifier, registrationKey, ResourceError { errorDomainWebKitInternal, 0, registrationKey.scope(), ASCIILiteral("Failed to fetch service worker script") });

Seems odd to use the scope here. The URL we tried to fetch is the scriptURL so we should use that URL in the error message.

> Source/WebCore/workers/service/SWClientConnection.cpp:253
>      auto jobs = WTFMove(m_scheduledJobs);

These are no longer jobs but jobSources

> Source/WebCore/workers/service/SWClientConnection.h:107
> +    enum class ShouldTakeJob { No, Yes };

I find this shouldTakeJob a bit confusing. We do not really take the job, we remove a job source from the HashMap of job sources. Maybe this could be a enum class IsJobComplete { No, Yes }; and then we'd remove the source from the map if the job is complete?

> Source/WebCore/workers/service/SWClientConnection.h:110
> +    HashMap<ServiceWorkerJobIdentifier, DocumentOrWorkerIdentifier> m_scheduledJobs;

m_scheduledJobSources? since it no longer contains jobs but source identifiers.

Comment 6 youenn fablet 2018-01-08 11:19:42 PST

Comment on attachment 330699 [details]
Patch

Thanks for the review.

View in context: https://bugs.webkit.org/attachment.cgi?id=330699&action=review

>> Source/WebCore/workers/service/SWClientConnection.cpp:115
>> +        failedFetchingScript(jobIdentifier, registrationKey, ResourceError { errorDomainWebKitInternal, 0, registrationKey.scope(), ASCIILiteral("Failed to fetch service worker script") });
> 
> Seems odd to use the scope here. The URL we tried to fetch is the scriptURL so we should use that URL in the error message.

We no longer have the scriptURL information since we do not have any job/jobData anymore.
We could store the job data or the script URL in the job map but that does not seem appealing just for this purpose.
I will update the ResourceError by passing an empty URL and adding the scope URL in the error message.

Comment 7 youenn fablet 2018-01-08 13:58:38 PST

Created attachment 330734 [details]
Patch for landing

Comment 8 youenn fablet 2018-01-08 13:59:10 PST

(In reply to youenn fablet from comment #7)
> Created attachment 330734 [details]
> Patch for landing

Updated according review.

Comment 9 WebKit Commit Bot 2018-01-08 14:33:26 PST

Comment on attachment 330734 [details]
Patch for landing

Clearing flags on attachment: 330734

Committed r226540: <https://trac.webkit.org/changeset/226540>

Comment 10 WebKit Commit Bot 2018-01-08 14:33:28 PST

All reviewed patches have been landed.  Closing bug.

Comment 11 WebKit Commit Bot 2018-01-08 18:05:31 PST

Re-opened since this is blocked by bug 181422

Comment 12 youenn fablet 2018-01-09 03:30:01 PST

Patch was rolled out because apparently it is breaking basic browsing.
My intuition is that it may be related to SQL SW persistency changes done in https://bugs.webkit.org/show_bug.cgi?id=181385.
I will reland this one as is for now.

Comment 13 youenn fablet 2018-01-09 04:13:25 PST

Created attachment 330808 [details]
Patch for landing

Comment 14 WebKit Commit Bot 2018-01-09 04:48:38 PST

Comment on attachment 330808 [details]
Patch for landing

Clearing flags on attachment: 330808

Committed r226626: <https://trac.webkit.org/changeset/226626>

Comment 15 WebKit Commit Bot 2018-01-09 04:48:40 PST

All reviewed patches have been landed.  Closing bug.