Fix crash after a Worker terminates but there are still IDB transactions the server...
authorbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 15 May 2018 19:07:13 +0000 (19:07 +0000)
committerbeidson@apple.com <beidson@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 15 May 2018 19:07:13 +0000 (19:07 +0000)
<rdar://problem/33744241> and https://bugs.webkit.org/show_bug.cgi?id=185653

Reviewed by Andy Estes.

Source/WebCore:

Test: storage/indexeddb/modern/worker-transaction-open-after-worker-stop.html

* Modules/indexeddb/client/IDBConnectionProxy.cpp:
(WebCore::IDBClient::IDBConnectionProxy::didStartTransaction): It's okay to not be able to find a pending TX
  that the server has started. e.g. When it was a WebWorker that asked for the TX but it has since terminated.

LayoutTests:

* storage/indexeddb/modern/resources/worker-transaction-open-after-worker-stop.js: Added.
(const.errorHandler):
(openRequest.onupgradeneeded):
(tx.oncomplete):
(openRequest.onsuccess):
(deleteRequest.onerror.deleteRequest.onblocked.deleteRequest.onsuccess):
* storage/indexeddb/modern/worker-transaction-open-after-worker-stop-expected.txt: Added.
* storage/indexeddb/modern/worker-transaction-open-after-worker-stop.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@231812 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/storage/indexeddb/modern/resources/worker-transaction-open-after-worker-stop.js [new file with mode: 0644]
LayoutTests/storage/indexeddb/modern/worker-transaction-open-after-worker-stop-expected.txt [new file with mode: 0644]
LayoutTests/storage/indexeddb/modern/worker-transaction-open-after-worker-stop.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/Modules/indexeddb/client/IDBConnectionProxy.cpp

index 543aa8b..7cbfb69 100644 (file)
@@ -1,3 +1,19 @@
+2018-05-15  Brady Eidson  <beidson@apple.com>
+
+        Fix crash after a Worker terminates but there are still IDB transactions the server is trying to open for it.
+        <rdar://problem/33744241> and https://bugs.webkit.org/show_bug.cgi?id=185653
+
+        Reviewed by Andy Estes.
+
+        * storage/indexeddb/modern/resources/worker-transaction-open-after-worker-stop.js: Added.
+        (const.errorHandler):
+        (openRequest.onupgradeneeded):
+        (tx.oncomplete):
+        (openRequest.onsuccess):
+        (deleteRequest.onerror.deleteRequest.onblocked.deleteRequest.onsuccess):
+        * storage/indexeddb/modern/worker-transaction-open-after-worker-stop-expected.txt: Added.
+        * storage/indexeddb/modern/worker-transaction-open-after-worker-stop.html: Added.
+
 2018-05-15  Ryan Haddad  <ryanhaddad@apple.com>
 
         Unreviewed, rolling out r231763.
diff --git a/LayoutTests/storage/indexeddb/modern/resources/worker-transaction-open-after-worker-stop.js b/LayoutTests/storage/indexeddb/modern/resources/worker-transaction-open-after-worker-stop.js
new file mode 100644 (file)
index 0000000..99ad76d
--- /dev/null
@@ -0,0 +1,35 @@
+const errorHandler = function (event) {
+  console.error(event.target.error);
+}
+
+console.log('Deleting database...');
+var deleteRequest = indexedDB.deleteDatabase('test');
+deleteRequest.onerror = deleteRequest.onblocked = deleteRequest.onsuccess = function () {
+    console.log('Opening database...');
+    var openRequest = indexedDB.open('test');
+    openRequest.onerror = errorHandler;
+    openRequest.onupgradeneeded = function () {
+        var db = openRequest.result;
+        db.createObjectStore('test', {keyPath: 'a'});
+    }
+    openRequest.onsuccess = function (event) {
+        var db = event.target.result;
+        var hasMessagedBack = false;
+
+        // Queue up many transactions. 
+        // We'll kill the worker from the main thread after the first transaction completes,
+        // meaning there will be many more that would trigger the crash after the worker is gone.
+        for (var i = 0; i < 1000; ++i) {
+            var tx = db.transaction('test', 'readwrite');
+            tx.onerror = errorHandler;
+            tx.onabort = errorHandler;
+            tx.oncomplete = function () {
+                console.log('All done!');
+                if (!hasMessagedBack) {
+                    hasMessagedBack = true;
+                    postMessage('First transaction completed');
+                }
+            };
+        }
+    };
+};
diff --git a/LayoutTests/storage/indexeddb/modern/worker-transaction-open-after-worker-stop-expected.txt b/LayoutTests/storage/indexeddb/modern/worker-transaction-open-after-worker-stop-expected.txt
new file mode 100644 (file)
index 0000000..53049c7
--- /dev/null
@@ -0,0 +1 @@
+If this test completes without crashing, it passed.
diff --git a/LayoutTests/storage/indexeddb/modern/worker-transaction-open-after-worker-stop.html b/LayoutTests/storage/indexeddb/modern/worker-transaction-open-after-worker-stop.html
new file mode 100644 (file)
index 0000000..58e6176
--- /dev/null
@@ -0,0 +1,25 @@
+<script type="text/javascript">
+if (testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+}
+
+function finishTest()
+{      
+    if (testRunner)
+        testRunner.notifyDone();
+}
+
+var w = new Worker('resources/worker-transaction-open-after-worker-stop.js');
+w.onmessage = function() {
+       w.terminate();
+       
+       // Queue up an "open" that will necessarily queue up behind the many 
+       // transactions that the Worker queued up.
+    indexedDB.open('test').onsuccess = function (event) {
+               finishTest();
+    };
+}
+
+</script>
+If this test completes without crashing, it passed.
index 9843060..c483943 100644 (file)
@@ -1,3 +1,16 @@
+2018-05-15  Brady Eidson  <beidson@apple.com>
+
+        Fix crash after a Worker terminates but there are still IDB transactions the server is trying to open for it.
+        <rdar://problem/33744241> and https://bugs.webkit.org/show_bug.cgi?id=185653
+
+        Reviewed by Andy Estes.
+
+        Test: storage/indexeddb/modern/worker-transaction-open-after-worker-stop.html
+
+        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
+        (WebCore::IDBClient::IDBConnectionProxy::didStartTransaction): It's okay to not be able to find a pending TX
+          that the server has started. e.g. When it was a WebWorker that asked for the TX but it has since terminated.
+
 2018-05-15  Thomas Klausner  <tk@giga.or.at>
 
         Add missing header to fix build.
index 742a77a..15ac07e 100644 (file)
@@ -316,7 +316,8 @@ void IDBConnectionProxy::didStartTransaction(const IDBResourceIdentifier& transa
         transaction = m_pendingTransactions.take(transactionIdentifier);
     }
 
-    ASSERT(transaction);
+    if (!transaction)
+        return;
 
     transaction->performCallbackOnOriginThread(*transaction, &IDBTransaction::didStart, error);
 }