[webkit-changes] [233879] trunk/Source/WebCore

Mon, 16 Jul 2018 19:50:27 -0700

Title: [233879] trunk/Source/WebCore
Revision
233879
Author
rn...@webkit.org
Date
2018-07-16 19:50:11 -0700 (Mon, 16 Jul 2018)

Log Message

Release assert in ~TimerBase is getting hit in WK1 apps which uses JSC API directly
https://bugs.webkit.org/show_bug.cgi?id=187713
<rdar://problem/41759548>

Reviewed by Simon Fraser.

Turn this into a debug assertion in WebKit1 on iOS since JSC API doesn't grab the web thread lock,
which means that Timer can get destroyed without the web thread lock in the main thread.

* platform/Timer.cpp:
(WebCore::TimerBase::~TimerBase):
(WebCore::TimerBase::setNextFireTime):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (233878 => 233879)


--- trunk/Source/WebCore/ChangeLog	2018-07-17 02:17:38 UTC (rev 233878)
+++ trunk/Source/WebCore/ChangeLog	2018-07-17 02:50:11 UTC (rev 233879)
@@ -1,3 +1,18 @@
+2018-07-16  Ryosuke Niwa  <rn...@webkit.org>
+
+        Release assert in ~TimerBase is getting hit in WK1 apps which uses JSC API directly
+        https://bugs.webkit.org/show_bug.cgi?id=187713
+        <rdar://problem/41759548>
+
+        Reviewed by Simon Fraser.
+
+        Turn this into a debug assertion in WebKit1 on iOS since JSC API doesn't grab the web thread lock,
+        which means that Timer can get destroyed without the web thread lock in the main thread.
+
+        * platform/Timer.cpp:
+        (WebCore::TimerBase::~TimerBase):
+        (WebCore::TimerBase::setNextFireTime):
+
 2018-07-16  Simon Fraser  <simon.fra...@apple.com>
 
         Add color filter for transforming colors in Dark Mode

Modified: trunk/Source/WebCore/platform/Timer.cpp (233878 => 233879)


--- trunk/Source/WebCore/platform/Timer.cpp	2018-07-17 02:17:38 UTC (rev 233878)
+++ trunk/Source/WebCore/platform/Timer.cpp	2018-07-17 02:50:11 UTC (rev 233879)
@@ -190,7 +190,12 @@
 
 TimerBase::~TimerBase()
 {
-    RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(canAccessThreadLocalDataForThread(m_thread.get()));
+#if USE(WEB_THREAD)
+    ASSERT(canAccessThreadLocalDataForThread(m_thread.get()));
+    RELEASE_ASSERT(WebThreadIsEnabled() || canAccessThreadLocalDataForThread(m_thread.get()));
+#else
+    RELEASE_ASSERT(canAccessThreadLocalDataForThread(m_thread.get()));
+#endif
     stop();
     ASSERT(!inHeap());
     m_wasDeleted = true;
@@ -357,7 +362,12 @@
 
 void TimerBase::setNextFireTime(MonotonicTime newTime)
 {
+#if USE(WEB_THREAD)
+    ASSERT(canAccessThreadLocalDataForThread(m_thread.get()));
+    RELEASE_ASSERT(WebThreadIsEnabled() || canAccessThreadLocalDataForThread(m_thread.get()));
+#else
     RELEASE_ASSERT(canAccessThreadLocalDataForThread(m_thread.get()));
+#endif
     RELEASE_ASSERT_WITH_SECURITY_IMPLICATION(!m_wasDeleted);
 
     if (m_unalignedNextFireTime != newTime)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to