Extending the lifetime of a NetworkProcessProxy / StorageProcessProxy may cause it...
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 25 Sep 2018 18:31:21 +0000 (18:31 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 25 Sep 2018 18:31:21 +0000 (18:31 +0000)
commit2f23210ee6c77939afa74fd59f9247a01c25c26d
treee4b9f6a31e5759335af03f01b21d89f81a696341
parente0bb071f50816a13d91ff32c0267b3048cae041b
Extending the lifetime of a NetworkProcessProxy / StorageProcessProxy may cause it to have a stale WebProcessPool pointer
https://bugs.webkit.org/show_bug.cgi?id=189851
<rdar://problem/44696263>

Reviewed by Alex Christensen.

Extending the lifetime of a NetworkProcessProxy / StorageProcessProxy may cause it to have a stale WebProcessPool pointer:
- NetworkProcessProxy::m_processPool
- StorageProcessProxy::m_processPool

Those data members are C++ references because it is expected that the WebProcessPool owns the NetworkProcessProxy and
StorageProcessProxy. However, since NetworkProcessProxy / StorageProcessProxy are refcounted, it has happened that code
extends the lifetime of those past their process pool, leading to stale prrocess pool usage. The fix for these crashes
so far as been to ref the WebProcessPool instead of the NetworkProcessProxy / StorageProcessProxy. However, it is very
tempting for people to simply ref the NetworkProcessProxy / StorageProcessProxy given that they are refcounted.
For this reason, this patch updates NetworkProcessProxy / StorageProcessProxy so that they are no longer RefCounted
and so that the WebProcessPool truly owns them via std::unique_ptr<>.

* UIProcess/ChildProcessProxy.h:
* UIProcess/Network/NetworkProcessProxy.cpp:
(WebKit::NetworkProcessProxy::networkProcessCrashed):
(WebKit::NetworkProcessProxy::didClose):
(WebKit::NetworkProcessProxy::create): Deleted.
* UIProcess/Network/NetworkProcessProxy.h:
(WebKit::NetworkProcessProxy::throttler): Deleted.
(WebKit::NetworkProcessProxy::processPool): Deleted.
* UIProcess/Plugins/PluginProcessProxy.h:
(WebKit::PluginProcessProxy::pluginProcessAttributes const): Deleted.
(WebKit::PluginProcessProxy::pluginProcessToken const): Deleted.
(WebKit::PluginProcessProxy::isValid const): Deleted.
* UIProcess/Storage/StorageProcessProxy.cpp:
(WebKit::StorageProcessProxy::create): Deleted.
* UIProcess/Storage/StorageProcessProxy.h:
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::ensureNetworkProcess):
(WebKit::WebProcessPool::ensureStorageProcessAndWebsiteDataStore):
(WebKit::WebProcessPool::establishWorkerContextConnectionToStorageProcess):
* UIProcess/WebProcessPool.h:
* UIProcess/WebProcessProxy.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236464 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit/ChangeLog
Source/WebKit/UIProcess/ChildProcessProxy.h
Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
Source/WebKit/UIProcess/Network/NetworkProcessProxy.h
Source/WebKit/UIProcess/Plugins/PluginProcessProxy.h
Source/WebKit/UIProcess/Storage/StorageProcessProxy.cpp
Source/WebKit/UIProcess/Storage/StorageProcessProxy.h
Source/WebKit/UIProcess/WebProcessPool.cpp
Source/WebKit/UIProcess/WebProcessPool.h
Source/WebKit/UIProcess/WebProcessProxy.h