[webkit-changes] [225316] trunk/Source/WebCore

[cdumez]

Title: [225316] trunk/Source/WebCore

Revision

225316

Author

cdu...@apple.com

Date

2017-11-29 22:13:40 -0800 (Wed, 29 Nov 2017)

Log Message

ServiceWorker WebProcess sometimes crashes in JSVMClientData::~JSVMClientData()
https://bugs.webkit.org/show_bug.cgi?id=180173

Reviewed by Alex Christensen.

The leak was caused by EventListeners remaining when destroying the VM, because
JSEventListener refs the DOMWrapperWorld. To address the issue, we now call
removeAllEventListeners() in the stop() method of ServiceWorkerContainer,
ServiceWorkerRegistration and ServiceWorker. Those event listeners are no
longer needed after ActiveDOMObject::stop() is called since the script
execution context is about to be destroyed.

This is the same pattern used in IDBDatabase::stop(), IDBRequest::stop().

No new tests, already covered by existing test.

* workers/service/ServiceWorker.cpp:
(WebCore::ServiceWorker::stop):
* workers/service/ServiceWorkerContainer.cpp:
(WebCore::ServiceWorkerContainer::stop):
* workers/service/ServiceWorkerContainer.h:
* workers/service/ServiceWorkerRegistration.cpp:
(WebCore::ServiceWorkerRegistration::stop):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/workers/service/ServiceWorker.cpp
• trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp
• trunk/Source/WebCore/workers/service/ServiceWorkerContainer.h
• trunk/Source/WebCore/workers/service/ServiceWorkerRegistration.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (225315 => 225316)

--- trunk/Source/WebCore/ChangeLog	2017-11-30 04:48:52 UTC (rev 225315)
+++ trunk/Source/WebCore/ChangeLog	2017-11-30 06:13:40 UTC (rev 225316)
@@ -1,3 +1,29 @@
+2017-11-29  Chris Dumez  <cdu...@apple.com>
+
+        ServiceWorker WebProcess sometimes crashes in JSVMClientData::~JSVMClientData()
+        https://bugs.webkit.org/show_bug.cgi?id=180173
+
+        Reviewed by Alex Christensen.
+
+        The leak was caused by EventListeners remaining when destroying the VM, because
+        JSEventListener refs the DOMWrapperWorld. To address the issue, we now call
+        removeAllEventListeners() in the stop() method of ServiceWorkerContainer,
+        ServiceWorkerRegistration and ServiceWorker. Those event listeners are no
+        longer needed after ActiveDOMObject::stop() is called since the script
+        execution context is about to be destroyed.
+
+        This is the same pattern used in IDBDatabase::stop(), IDBRequest::stop().
+
+        No new tests, already covered by existing test.
+
+        * workers/service/ServiceWorker.cpp:
+        (WebCore::ServiceWorker::stop):
+        * workers/service/ServiceWorkerContainer.cpp:
+        (WebCore::ServiceWorkerContainer::stop):
+        * workers/service/ServiceWorkerContainer.h:
+        * workers/service/ServiceWorkerRegistration.cpp:
+        (WebCore::ServiceWorkerRegistration::stop):
+
 2017-11-29  Filip Pizlo  <fpi...@apple.com>
 
         GC should support isoheaps

Modified: trunk/Source/WebCore/workers/service/ServiceWorker.cpp (225315 => 225316)

--- trunk/Source/WebCore/workers/service/ServiceWorker.cpp	2017-11-30 04:48:52 UTC (rev 225315)
+++ trunk/Source/WebCore/workers/service/ServiceWorker.cpp	2017-11-30 06:13:40 UTC (rev 225316)
@@ -149,6 +149,7 @@
 void ServiceWorker::stop()
 {
     m_isStopped = true;
+    removeAllEventListeners();
     scriptExecutionContext()->unregisterServiceWorker(*this);
     updatePendingActivityForEventDispatch();
 }

Modified: trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp (225315 => 225316)

--- trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp	2017-11-30 04:48:52 UTC (rev 225315)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp	2017-11-30 06:13:40 UTC (rev 225316)
@@ -445,6 +445,12 @@
     });
 }
 
+void ServiceWorkerContainer::stop()
+{
+    m_isStopped = true;
+    removeAllEventListeners();
+}
+
 } // namespace WebCore
 
 #endif // ENABLE(SERVICE_WORKER)

Modified: trunk/Source/WebCore/workers/service/ServiceWorkerContainer.h (225315 => 225316)

--- trunk/Source/WebCore/workers/service/ServiceWorkerContainer.h	2017-11-30 04:48:52 UTC (rev 225315)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerContainer.h	2017-11-30 06:13:40 UTC (rev 225316)
@@ -105,7 +105,7 @@
     EventTargetInterface eventTargetInterface() const final { return ServiceWorkerContainerEventTargetInterfaceType; }
     void refEventTarget() final;
     void derefEventTarget() final;
-    void stop() final { m_isStopped = true; }
+    void stop() final;
 
     ReadyPromise m_readyPromise;
 

Modified: trunk/Source/WebCore/workers/service/ServiceWorkerRegistration.cpp (225315 => 225316)

--- trunk/Source/WebCore/workers/service/ServiceWorkerRegistration.cpp	2017-11-30 04:48:52 UTC (rev 225315)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerRegistration.cpp	2017-11-30 06:13:40 UTC (rev 225316)
@@ -221,6 +221,7 @@
 void ServiceWorkerRegistration::stop()
 {
     m_isStopped = true;
+    removeAllEventListeners();
     updatePendingActivityForEventDispatch();
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes