2011-03-25 Kinuko Yasuda <kinuko@chromium.org>

Reviewed by David Levin. Data race between ~WorkerFileSystemCallbacksBridge and runTasksOnWorkerThread https://bugs.webkit.org/show_bug.cgi?id=56138 Stopped passing the WorkerFileSystemCallbacksBridge's reference to MainThreadFileSystemCallbacks so that in most cases (in normal cases) its reference is only maintained by WorkerThread. * src/WorkerFileSystemCallbacksBridge.cpp: (WebKit::MainThreadFileSystemCallbacks::createLeakedPtr): (WebKit::MainThreadFileSystemCallbacks::MainThreadFileSystemCallbacks): (WebKit::WorkerFileSystemCallbacksBridge::mayPostTaskToWorker): * src/WorkerFileSystemCallbacksBridge.h: git-svn-id: svn://svn.chromium.org/blink/trunk@81999 bbb929c8-8fbe-4397-9dbb-9b2b20218538

2011-03-25 Kinuko Yasuda <kinuko@chromium.org>
Reviewed by David Levin. Data race between ~WorkerFileSystemCallbacksBridge and runTasksOnWorkerThread https://bugs.webkit.org/show_bug.cgi?id=56138 Stopped passing the WorkerFileSystemCallbacksBridge's reference to MainThreadFileSystemCallbacks so that in most cases (in normal cases) its reference is only maintained by WorkerThread. * src/WorkerFileSystemCallbacksBridge.cpp: (WebKit::MainThreadFileSystemCallbacks::createLeakedPtr): (WebKit::MainThreadFileSystemCallbacks::MainThreadFileSystemCallbacks): (WebKit::WorkerFileSystemCallbacksBridge::mayPostTaskToWorker): * src/WorkerFileSystemCallbacksBridge.h: git-svn-id: svn://svn.chromium.org/blink/trunk@81999 bbb929c8-8fbe-4397-9dbb-9b2b20218538
af6685e8 · kinuko@chromium.org · 1163b1fc · af6685e8 · af6685e8 · af6685e8
Commit af6685e8 authored Mar 25, 2011 by kinuko@chromium.org
3 changed files
--- a/third_party/WebKit/Source/WebKit/chromium/ChangeLog
+++ b/third_party/WebKit/Source/WebKit/chromium/ChangeLog
+2011-03-25  Kinuko Yasuda  <kinuko@chromium.org>
+        Reviewed by David Levin.
+        Data race between ~WorkerFileSystemCallbacksBridge and runTasksOnWorkerThread
+        https://bugs.webkit.org/show_bug.cgi?id=56138
+        Stopped passing the WorkerFileSystemCallbacksBridge's reference to
+        MainThreadFileSystemCallbacks so that in most cases (in normal cases)
+        its reference is only maintained by WorkerThread.
+        * src/WorkerFileSystemCallbacksBridge.cpp:
+        (WebKit::MainThreadFileSystemCallbacks::createLeakedPtr):
+        (WebKit::MainThreadFileSystemCallbacks::MainThreadFileSystemCallbacks):
+        (WebKit::WorkerFileSystemCallbacksBridge::mayPostTaskToWorker):
+        * src/WorkerFileSystemCallbacksBridge.h:
 2011-03-24  John Abd-El-Malek  <jam@chromium.org>
        Reviewed by Dimitri Glazkov.

--- a/third_party/WebKit/Source/WebKit/chromium/src/WorkerFileSystemCallbacksBridge.cpp
+++ b/third_party/WebKit/Source/WebKit/chromium/src/WorkerFileSystemCallbacksBridge.cpp
@@ -86,7 +86,7 @@ namespace WebKit {
 class MainThreadFileSystemCallbacks : public WebFileSystemCallbacks {
 public:
    // Callbacks are self-destructed and we always return leaked pointer here.
-    static MainThreadFileSystemCallbacks* createLeakedPtr(PassRefPtr<WorkerFileSystemCallbacksBridge> bridge, const String& mode)
+    static MainThreadFileSystemCallbacks* createLeakedPtr(WorkerFileSystemCallbacksBridge* bridge, const String& mode)
    {
        OwnPtr<MainThreadFileSystemCallbacks> callbacks = adoptPtr(new MainThreadFileSystemCallbacks(bridge, mode));
        return callbacks.leakPtr();
@@ -127,15 +127,16 @@ public:
    }
 private:
-    MainThreadFileSystemCallbacks(PassRefPtr<WorkerFileSystemCallbacksBridge> bridge, const String& mode)
+    MainThreadFileSystemCallbacks(WorkerFileSystemCallbacksBridge* bridge, const String& mode)
        : m_bridge(bridge)
        , m_mode(mode)
    {
-        ASSERT(m_bridge.get());
+        ASSERT(m_bridge);
    }
    friend class WorkerFileSystemCallbacksBridge;
-    RefPtr<WorkerFileSystemCallbacksBridge> m_bridge;
+    // The bridge pointer is kept by the bridge itself on the WorkerThread.
+    WorkerFileSystemCallbacksBridge* m_bridge;
    const String m_mode;
 };
@@ -381,12 +382,9 @@ void WorkerFileSystemCallbacksBridge::dispatchTaskToMainThread(PassOwnPtr<WebCor
 void WorkerFileSystemCallbacksBridge::mayPostTaskToWorker(PassOwnPtr<ScriptExecutionContext::Task> task, const String& mode)
 {
    ASSERT(isMainThread());
-    { // Let go of the mutex before possibly deleting this due to m_selfRef.clear().
+    MutexLocker locker(m_mutex);
-        MutexLocker locker(m_mutex);
+    if (m_worker)
-        if (m_worker)
+        m_worker->postTaskForModeToWorkerContext(createCallbackTask(&runTaskOnWorkerThread, m_selfRef.release(), task), mode);
-            m_worker->postTaskForModeToWorkerContext(createCallbackTask(&runTaskOnWorkerThread, m_selfRef, task), mode);
-    }
-    m_selfRef.clear();
 }
 } // namespace WebCore

--- a/third_party/WebKit/Source/WebKit/chromium/src/WorkerFileSystemCallbacksBridge.h
+++ b/third_party/WebKit/Source/WebKit/chromium/src/WorkerFileSystemCallbacksBridge.h
@@ -138,7 +138,7 @@ private:
    void dispatchTaskToMainThread(PassOwnPtr<WebCore::ScriptExecutionContext::Task>);
    void mayPostTaskToWorker(PassOwnPtr<WebCore::ScriptExecutionContext::Task>, const String& mode);
-    // m_selfRef keeps a reference to itself until a task is created for the worker thread (at which point the task holds the reference).
+    // m_selfRef keeps a reference to itself while there's a pending callback on the main thread.
    RefPtr<WorkerFileSystemCallbacksBridge> m_selfRef;
    Mutex m_mutex;