Modified: trunk/Source/WebCore/ChangeLog (111088 => 111089)
--- trunk/Source/WebCore/ChangeLog 2012-03-16 23:47:05 UTC (rev 111088)
+++ trunk/Source/WebCore/ChangeLog 2012-03-16 23:49:29 UTC (rev 111089)
@@ -1,3 +1,27 @@
+2012-03-16 Dmitry Lomov <dslo...@google.com>
+
+ REGRESSION: DOMURL::revokeObjectURL accesses memoryCache on worker thread.
+ https://bugs.webkit.org/show_bug.cgi?id=80889
+ On worker threads, post a task to main thread to evict from cache.
+ ASSERT that MemoryCache is only accessed from main thread.
+
+ Reviewed by David Levin.
+
+ * html/DOMURL.cpp:
+ (WebCore::DOMURL::revokeObjectURL):
+ * loader/cache/MemoryCache.cpp:
+ (WebCore::memoryCache):
+ (WebCore::MemoryCache::add):
+ (WebCore::MemoryCache::revalidationFailed):
+ (WebCore::MemoryCache::resourceForURL):
+ (WebCore::MemoryCache::evict):
+ (WebCore):
+ (WebCore::MemoryCache::removeUrlFromCache):
+ (WebCore::MemoryCache::removeUrlFromCacheImpl):
+ * loader/cache/MemoryCache.h:
+ (WebCore):
+ (MemoryCache):
+
2012-03-16 Jacky Jiang <zhaji...@rim.com>
[BlackBerry] Upstream ScriptControllerBlackBerry.cpp
Modified: trunk/Source/WebCore/html/DOMURL.cpp (111088 => 111089)
--- trunk/Source/WebCore/html/DOMURL.cpp 2012-03-16 23:47:05 UTC (rev 111088)
+++ trunk/Source/WebCore/html/DOMURL.cpp 2012-03-16 23:49:29 UTC (rev 111089)
@@ -89,10 +89,9 @@
if (!scriptExecutionContext)
return;
- KURL url(KURL(), urlString);
- if (CachedResource* resource = memoryCache()->resourceForURL(url))
- memoryCache()->remove(resource);
+ MemoryCache::removeUrlFromCache(scriptExecutionContext, urlString);
+ KURL url(KURL(), urlString);
HashSet<String>& blobURLs = scriptExecutionContext->publicURLManager().blobURLs();
if (blobURLs.contains(url.string())) {
ThreadableBlobRegistry::unregisterBlobURL(url);
Modified: trunk/Source/WebCore/loader/cache/MemoryCache.cpp (111088 => 111089)
--- trunk/Source/WebCore/loader/cache/MemoryCache.cpp 2012-03-16 23:47:05 UTC (rev 111088)
+++ trunk/Source/WebCore/loader/cache/MemoryCache.cpp 2012-03-16 23:49:29 UTC (rev 111089)
@@ -29,6 +29,7 @@
#include "CachedScript.h"
#include "CachedXSLStyleSheet.h"
#include "CachedResourceLoader.h"
+#include "CrossThreadTask.h"
#include "Document.h"
#include "FrameLoader.h"
#include "FrameLoaderTypes.h"
@@ -38,6 +39,9 @@
#include "ResourceHandle.h"
#include "SecurityOrigin.h"
#include "SecurityOriginHash.h"
+#include "WorkerContext.h"
+#include "WorkerLoaderProxy.h"
+#include "WorkerThread.h"
#include <stdio.h>
#include <wtf/CurrentTime.h>
#include <wtf/text/CString.h>
@@ -54,6 +58,7 @@
MemoryCache* memoryCache()
{
static MemoryCache* staticCache = new MemoryCache;
+ ASSERT(WTF::isMainThread());
return staticCache;
}
@@ -88,6 +93,7 @@
{
if (disabled())
return false;
+ ASSERT(WTF::isMainThread());
m_resources.set(resource->url(), resource);
resource->setInCache(true);
@@ -132,6 +138,7 @@
void MemoryCache::revalidationFailed(CachedResource* revalidatingResource)
{
+ ASSERT(WTF::isMainThread());
LOG(ResourceLoading, "Revalidation failed for %p", revalidatingResource);
ASSERT(revalidatingResource->resourceToRevalidate());
revalidatingResource->clearResourceToRevalidate();
@@ -139,6 +146,7 @@
CachedResource* MemoryCache::resourceForURL(const KURL& resourceURL)
{
+ ASSERT(WTF::isMainThread());
KURL url = ""
CachedResource* resource = m_resources.get(url);
bool wasPurgeable = MemoryCache::shouldMakeResourcePurgeableOnEviction() && resource && resource->isPurgeable();
@@ -369,6 +377,7 @@
void MemoryCache::evict(CachedResource* resource)
{
+ ASSERT(WTF::isMainThread());
LOG(ResourceLoading, "Evicting resource %p for '%s' from cache", resource, resource->url().string().latin1().data());
// The resource may have already been removed by someone other than our caller,
// who needed a fresh copy for a reload. See <http://bugs.webkit.org/show_bug.cgi?id=12479#c6>.
@@ -636,6 +645,28 @@
}
}
+
+void MemoryCache::removeUrlFromCache(ScriptExecutionContext* context, const String& urlString)
+{
+#if ENABLE(WORKERS)
+ if (context->isWorkerContext()) {
+ WorkerContext* workerContext = static_cast<WorkerContext*>(context);
+ workerContext->thread()->workerLoaderProxy().postTaskToLoader(
+ createCallbackTask(&removeUrlFromCacheImpl, urlString));
+ return;
+ }
+#endif
+ removeUrlFromCacheImpl(context, urlString);
+}
+
+void MemoryCache::removeUrlFromCacheImpl(ScriptExecutionContext*, const String& urlString)
+{
+ KURL url(KURL(), urlString);
+
+ if (CachedResource* resource = memoryCache()->resourceForURL(url))
+ memoryCache()->remove(resource);
+}
+
void MemoryCache::TypeStatistic::addResource(CachedResource* o)
{
bool purged = o->wasPurged();
Modified: trunk/Source/WebCore/loader/cache/MemoryCache.h (111088 => 111089)
--- trunk/Source/WebCore/loader/cache/MemoryCache.h 2012-03-16 23:47:05 UTC (rev 111088)
+++ trunk/Source/WebCore/loader/cache/MemoryCache.h 2012-03-16 23:49:29 UTC (rev 111089)
@@ -39,6 +39,7 @@
class CachedResource;
class CachedResourceLoader;
class KURL;
+class ScriptExecutionContext;
class SecurityOrigin;
struct SecurityOriginHash;
@@ -153,6 +154,8 @@
static bool shouldMakeResourcePurgeableOnEviction();
+ static void removeUrlFromCache(ScriptExecutionContext*, const String& urlString);
+
// Function to collect cache statistics for the caches window in the Safari Debug menu.
Statistics getStatistics();
@@ -193,6 +196,8 @@
bool makeResourcePurgeable(CachedResource*);
void evict(CachedResource*);
+ static void removeUrlFromCacheImpl(ScriptExecutionContext*, const String& urlString);
+
bool m_disabled; // Whether or not the cache is enabled.
bool m_pruneEnabled;
bool m_inPruneDeadResources;