RESOLVED FIXED 181381
SWClientConnection should not keep references to service worker jobs 
https://bugs.webkit.org/show_bug.cgi?id=181381
Summary SWClientConnection should not keep references to service worker jobs
youenn fablet
Reported 2018-01-08 03:53:44 PST
ServiceWorkerJob can be destroyed in the wrong thread, as shown in https://build.webkit.org/results/Apple%20El%20Capitan%20Debug%20WK2%20(Tests)/r226473%20(4864)/com.apple.WebKit.WebContent.Development-67744-crash-log.txt Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000114eaaaa4 WTFCrash + 36 (Assertions.cpp:272) 1 com.apple.WebCore 0x0000000107f6feae WebCore::ServiceWorkerJob::~ServiceWorkerJob() + 110 (ServiceWorkerJob.cpp:51) 2 com.apple.WebCore 0x0000000107f6ff55 WebCore::ServiceWorkerJob::~ServiceWorkerJob() + 21 (ServiceWorkerJob.cpp:52) 3 com.apple.WebCore 0x0000000107f6ff79 WebCore::ServiceWorkerJob::~ServiceWorkerJob() + 25 (ServiceWorkerJob.cpp:50) 4 com.apple.WebCore 0x0000000107f6508f WTF::ThreadSafeRefCounted<WebCore::ServiceWorkerJob>::deref() const + 79 (ThreadSafeRefCounted.h:71) 5 com.apple.WebCore 0x0000000107f65035 void WTF::derefIfNotNull<WebCore::ServiceWorkerJob>(WebCore::ServiceWorkerJob*) + 53 (RefPtr.h:46) 6 com.apple.WebCore 0x0000000107f64ff9 WTF::RefPtr<WebCore::ServiceWorkerJob, WTF::DumbPtrTraits<WebCore::ServiceWorkerJob> >::~RefPtr() + 41 (RefPtr.h:70) 7 com.apple.WebCore 0x0000000107f5bcd5 WTF::RefPtr<WebCore::ServiceWorkerJob, WTF::DumbPtrTraits<WebCore::ServiceWorkerJob> >::~RefPtr() + 21 (RefPtr.h:70) 8 com.apple.WebCore 0x0000000107f486e9 WebCore::SWClientConnection::registrationJobResolvedInServer(WebCore::ServiceWorkerJobDataIdentifier const&, WebCore::ServiceWorkerRegistrationData&&, WebCore::ShouldNotifyWhenResolved) + 553 (SWClientConnection.cpp:110)
Attachments
Patch (33.16 KB, patch)
2018-01-08 03:58 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (40.76 KB, patch)
2018-01-08 05:37 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (32.82 KB, patch)
2018-01-08 06:28 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (33.17 KB, patch)
2018-01-08 13:58 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (32.84 KB, patch)
2018-01-09 04:13 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2018-01-08 03:58:34 PST
Created attachment 330677 [details] Patch
youenn fablet
Comment 2 2018-01-08 05:37:15 PST
Created attachment 330694 [details] Patch for landing
youenn fablet
Comment 3 2018-01-08 06:28:29 PST
Created attachment 330699 [details] Patch
Radar WebKit Bug Importer
Comment 4 2018-01-08 09:11:06 PST
<rdar://problem/36350422>
Chris Dumez
Comment 5 2018-01-08 10:56:45 PST
Comment on attachment 330699 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=330699&action=review r=me with comments. > Source/WebCore/workers/service/SWClientConnection.cpp:48 > +void SWClientConnection::scheduleJob(ServiceWorkerJobIdentifier jobIdentifier, DocumentOrWorkerIdentifier contextIdentifier, const ServiceWorkerJobData& jobData) I do not believe you need the jobIdentifier parameters, you can get it from the jobData, no? > Source/WebCore/workers/service/SWClientConnection.cpp:115 > + failedFetchingScript(jobIdentifier, registrationKey, ResourceError { errorDomainWebKitInternal, 0, registrationKey.scope(), ASCIILiteral("Failed to fetch service worker script") }); Seems odd to use the scope here. The URL we tried to fetch is the scriptURL so we should use that URL in the error message. > Source/WebCore/workers/service/SWClientConnection.cpp:253 > auto jobs = WTFMove(m_scheduledJobs); These are no longer jobs but jobSources > Source/WebCore/workers/service/SWClientConnection.h:107 > + enum class ShouldTakeJob { No, Yes }; I find this shouldTakeJob a bit confusing. We do not really take the job, we remove a job source from the HashMap of job sources. Maybe this could be a enum class IsJobComplete { No, Yes }; and then we'd remove the source from the map if the job is complete? > Source/WebCore/workers/service/SWClientConnection.h:110 > + HashMap<ServiceWorkerJobIdentifier, DocumentOrWorkerIdentifier> m_scheduledJobs; m_scheduledJobSources? since it no longer contains jobs but source identifiers.
youenn fablet
Comment 6 2018-01-08 11:19:42 PST
Comment on attachment 330699 [details] Patch Thanks for the review. View in context: https://bugs.webkit.org/attachment.cgi?id=330699&action=review >> Source/WebCore/workers/service/SWClientConnection.cpp:115 >> + failedFetchingScript(jobIdentifier, registrationKey, ResourceError { errorDomainWebKitInternal, 0, registrationKey.scope(), ASCIILiteral("Failed to fetch service worker script") }); > > Seems odd to use the scope here. The URL we tried to fetch is the scriptURL so we should use that URL in the error message. We no longer have the scriptURL information since we do not have any job/jobData anymore. We could store the job data or the script URL in the job map but that does not seem appealing just for this purpose. I will update the ResourceError by passing an empty URL and adding the scope URL in the error message.
youenn fablet
Comment 7 2018-01-08 13:58:38 PST
Created attachment 330734 [details] Patch for landing
youenn fablet
Comment 8 2018-01-08 13:59:10 PST
(In reply to youenn fablet from comment #7) > Created attachment 330734 [details] > Patch for landing Updated according review.
WebKit Commit Bot
Comment 9 2018-01-08 14:33:26 PST
Comment on attachment 330734 [details] Patch for landing Clearing flags on attachment: 330734 Committed r226540: <https://trac.webkit.org/changeset/226540>
WebKit Commit Bot
Comment 10 2018-01-08 14:33:28 PST
All reviewed patches have been landed. Closing bug.
WebKit Commit Bot
Comment 11 2018-01-08 18:05:31 PST
Re-opened since this is blocked by bug 181422
youenn fablet
Comment 12 2018-01-09 03:30:01 PST
Patch was rolled out because apparently it is breaking basic browsing. My intuition is that it may be related to SQL SW persistency changes done in https://bugs.webkit.org/show_bug.cgi?id=181385. I will reland this one as is for now.
youenn fablet
Comment 13 2018-01-09 04:13:25 PST
Created attachment 330808 [details] Patch for landing
WebKit Commit Bot
Comment 14 2018-01-09 04:48:38 PST
Comment on attachment 330808 [details] Patch for landing Clearing flags on attachment: 330808 Committed r226626: <https://trac.webkit.org/changeset/226626>
WebKit Commit Bot
Comment 15 2018-01-09 04:48:40 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.