Bug 187356 - Regression(r232886): WebsiteDataStore objects may get destroyed on a background thread
Summary: Regression(r232886): WebsiteDataStore objects may get destroyed on a backgrou...
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
Keywords: InRadar
Depends on:
Blocks: 186682
  Show dependency treegraph
Reported: 2018-07-05 12:37 PDT by Chris Dumez
Modified: 2018-07-05 13:41 PDT (History)
5 users (show)

See Also:

Patch (6.08 KB, patch)
2018-07-05 12:41 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2018-07-05 12:37:21 PDT
As of r232886, CallbackAggregators in WebsiteDataStore hold a Ref<> to their WebsiteDataStore. This is an issue because CallbackAggregator objects can get destroyed on a background thread and may be the last ones holding a ref to the data store. When this happens, the WebsiteDataStore would get destroyed on a background store and potentially cause crashes. Note that even if the callback aggregator would not be the last one to hold a ref to the store, it still would not be safe to deref the store on the background thread since WebsiteDataStore is not ThreadSafeRefCounted.
Comment 1 Chris Dumez 2018-07-05 12:37:37 PDT
Comment 2 Chris Dumez 2018-07-05 12:41:32 PDT
Created attachment 344353 [details]
Comment 3 Chris Dumez 2018-07-05 12:41:57 PDT
Comment on attachment 344353 [details]

View in context: https://bugs.webkit.org/attachment.cgi?id=344353&action=review

> Source/WebKit/ChangeLog:17
> +        store member on the main thread. Note that we could also have WebsiteDataStore subclass

Let me know if you think I should do this instead.
Comment 4 Geoffrey Garen 2018-07-05 13:14:15 PDT
Comment on attachment 344353 [details]


I think this is the best design for now because we generally require our API objects to be used only on the main thread.

If we ever want to reconsider that requirement, we can reconsider this change too.
Comment 5 WebKit Commit Bot 2018-07-05 13:41:54 PDT
Comment on attachment 344353 [details]

Clearing flags on attachment: 344353

Committed r233538: <https://trac.webkit.org/changeset/233538>
Comment 6 WebKit Commit Bot 2018-07-05 13:41:56 PDT
All reviewed patches have been landed.  Closing bug.