Title: [225316] trunk/Source/WebCore
- Revision
- 225316
- Author
- cdu...@apple.com
- Date
- 2017-11-29 22:13:40 -0800 (Wed, 29 Nov 2017)
Log Message
ServiceWorker WebProcess sometimes crashes in JSVMClientData::~JSVMClientData()
https://bugs.webkit.org/show_bug.cgi?id=180173
Reviewed by Alex Christensen.
The leak was caused by EventListeners remaining when destroying the VM, because
JSEventListener refs the DOMWrapperWorld. To address the issue, we now call
removeAllEventListeners() in the stop() method of ServiceWorkerContainer,
ServiceWorkerRegistration and ServiceWorker. Those event listeners are no
longer needed after ActiveDOMObject::stop() is called since the script
execution context is about to be destroyed.
This is the same pattern used in IDBDatabase::stop(), IDBRequest::stop().
No new tests, already covered by existing test.
* workers/service/ServiceWorker.cpp:
(WebCore::ServiceWorker::stop):
* workers/service/ServiceWorkerContainer.cpp:
(WebCore::ServiceWorkerContainer::stop):
* workers/service/ServiceWorkerContainer.h:
* workers/service/ServiceWorkerRegistration.cpp:
(WebCore::ServiceWorkerRegistration::stop):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (225315 => 225316)
--- trunk/Source/WebCore/ChangeLog 2017-11-30 04:48:52 UTC (rev 225315)
+++ trunk/Source/WebCore/ChangeLog 2017-11-30 06:13:40 UTC (rev 225316)
@@ -1,3 +1,29 @@
+2017-11-29 Chris Dumez <cdu...@apple.com>
+
+ ServiceWorker WebProcess sometimes crashes in JSVMClientData::~JSVMClientData()
+ https://bugs.webkit.org/show_bug.cgi?id=180173
+
+ Reviewed by Alex Christensen.
+
+ The leak was caused by EventListeners remaining when destroying the VM, because
+ JSEventListener refs the DOMWrapperWorld. To address the issue, we now call
+ removeAllEventListeners() in the stop() method of ServiceWorkerContainer,
+ ServiceWorkerRegistration and ServiceWorker. Those event listeners are no
+ longer needed after ActiveDOMObject::stop() is called since the script
+ execution context is about to be destroyed.
+
+ This is the same pattern used in IDBDatabase::stop(), IDBRequest::stop().
+
+ No new tests, already covered by existing test.
+
+ * workers/service/ServiceWorker.cpp:
+ (WebCore::ServiceWorker::stop):
+ * workers/service/ServiceWorkerContainer.cpp:
+ (WebCore::ServiceWorkerContainer::stop):
+ * workers/service/ServiceWorkerContainer.h:
+ * workers/service/ServiceWorkerRegistration.cpp:
+ (WebCore::ServiceWorkerRegistration::stop):
+
2017-11-29 Filip Pizlo <fpi...@apple.com>
GC should support isoheaps
Modified: trunk/Source/WebCore/workers/service/ServiceWorker.cpp (225315 => 225316)
--- trunk/Source/WebCore/workers/service/ServiceWorker.cpp 2017-11-30 04:48:52 UTC (rev 225315)
+++ trunk/Source/WebCore/workers/service/ServiceWorker.cpp 2017-11-30 06:13:40 UTC (rev 225316)
@@ -149,6 +149,7 @@
void ServiceWorker::stop()
{
m_isStopped = true;
+ removeAllEventListeners();
scriptExecutionContext()->unregisterServiceWorker(*this);
updatePendingActivityForEventDispatch();
}
Modified: trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp (225315 => 225316)
--- trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp 2017-11-30 04:48:52 UTC (rev 225315)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp 2017-11-30 06:13:40 UTC (rev 225316)
@@ -445,6 +445,12 @@
});
}
+void ServiceWorkerContainer::stop()
+{
+ m_isStopped = true;
+ removeAllEventListeners();
+}
+
} // namespace WebCore
#endif // ENABLE(SERVICE_WORKER)
Modified: trunk/Source/WebCore/workers/service/ServiceWorkerContainer.h (225315 => 225316)
--- trunk/Source/WebCore/workers/service/ServiceWorkerContainer.h 2017-11-30 04:48:52 UTC (rev 225315)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerContainer.h 2017-11-30 06:13:40 UTC (rev 225316)
@@ -105,7 +105,7 @@
EventTargetInterface eventTargetInterface() const final { return ServiceWorkerContainerEventTargetInterfaceType; }
void refEventTarget() final;
void derefEventTarget() final;
- void stop() final { m_isStopped = true; }
+ void stop() final;
ReadyPromise m_readyPromise;
Modified: trunk/Source/WebCore/workers/service/ServiceWorkerRegistration.cpp (225315 => 225316)
--- trunk/Source/WebCore/workers/service/ServiceWorkerRegistration.cpp 2017-11-30 04:48:52 UTC (rev 225315)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerRegistration.cpp 2017-11-30 06:13:40 UTC (rev 225316)
@@ -221,6 +221,7 @@
void ServiceWorkerRegistration::stop()
{
m_isStopped = true;
+ removeAllEventListeners();
updatePendingActivityForEventDispatch();
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes