v8binding: Fixes wrapper-tracing at ScriptedIdleTaskController::RunCallback.

This might be a similar issue to https://crrev.com/c/824322 . An idle task (callback function) is removed from the target of wrapper-tracing during its use. This might be a cause of crashes at ScriptedIdleTaskController. This patch fixes it to hold the object until the end of its use. Bug: 792604 Change-Id: I2ec7f7a78f13334778575c96708f45a4cf8da3b5 Reviewed-on: https://chromium-review.googlesource.com/824008 Commit-Queue: Yuki Shiino <yukishiino@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Hitoshi Yoshida <peria@chromium.org> Cr-Commit-Position: refs/heads/master@{#525284}

v8binding: Fixes wrapper-tracing at ScriptedIdleTaskController::RunCallback.
This might be a similar issue to https://crrev.com/c/824322 . An idle task (callback function) is removed from the target of wrapper-tracing during its use. This might be a cause of crashes at ScriptedIdleTaskController. This patch fixes it to hold the object until the end of its use. Bug: 792604 Change-Id: I2ec7f7a78f13334778575c96708f45a4cf8da3b5 Reviewed-on: https://chromium-review.googlesource.com/824008 Commit-Queue: Yuki Shiino <yukishiino@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Reviewed-by: Hitoshi Yoshida <peria@chromium.org> Cr-Commit-Position: refs/heads/master@{#525284}
bb08a271 · Yuki Shiino · Commit Bot · 8dac3048 · bb08a271
Commit bb08a271 authored Dec 20, 2017 by Yuki Shiino Committed by Commit Bot Dec 20, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 2 deletions

third_party/WebKit/Source/core/dom/ScriptedIdleTaskController.cpp ...rty/WebKit/Source/core/dom/ScriptedIdleTaskController.cpp +15 -2

No files found.
--- a/third_party/WebKit/Source/core/dom/ScriptedIdleTaskController.cpp
+++ b/third_party/WebKit/Source/core/dom/ScriptedIdleTaskController.cpp
@@ -138,6 +138,8 @@ ScriptedIdleTaskController::CallbackId
 ScriptedIdleTaskController::RegisterCallback(
    IdleTask* idle_task,
    const IdleRequestOptions& options) {
+  DCHECK(idle_task);
+
  CallbackId id = NextCallbackId();
  idle_tasks_.Set(id, idle_task);
  long long timeout_millis = options.timeout();
@@ -208,9 +210,15 @@ void ScriptedIdleTaskController::RunCallback(
    double deadline_seconds,
    IdleDeadline::CallbackType callback_type) {
  DCHECK(!paused_);
-  IdleTask* idle_task = idle_tasks_.Take(id);
-  if (!idle_task)
+
+  // Keep the idle task in |idle_tasks_| so that it's still wrapper-traced.
+  // TODO(https://crbug.com/796145): Remove this hack once on-stack objects
+  // get supported by either of wrapper-tracing or unified GC.
+  auto idle_task_iter = idle_tasks_.find(id);
+  if (idle_task_iter == idle_tasks_.end())
    return;
+  IdleTask* idle_task = idle_task_iter->value;
+  DCHECK(idle_task);

  double allotted_time_millis =
      std::max((deadline_seconds - CurrentTimeTicksInSeconds()) * 1000, 0.0);
@@ -230,6 +238,11 @@ void ScriptedIdleTaskController::RunCallback(
          GetExecutionContext(), id, allotted_time_millis,
          callback_type == IdleDeadline::CallbackType::kCalledByTimeout));
  idle_task->invoke(IdleDeadline::Create(deadline_seconds, callback_type));
+
+  // Finally there is no need to keep the idle task alive.
+  //
+  // Do not use the iterator because the idle task might update |idle_tasks_|.
+  idle_tasks_.erase(id);
 }

 void ScriptedIdleTaskController::ContextDestroyed(ExecutionContext*) {