Do not unregister MessagePorts on deallocation if it has been disentangled
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 Apr 2018 22:57:29 +0000 (22:57 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 Apr 2018 22:57:29 +0000 (22:57 +0000)
https://bugs.webkit.org/show_bug.cgi?id=184285
<rdar://problem/39256714>

Patch by Tadeu Zagallo <tzagallo@apple.com> on 2018-04-17
Reviewed by Darin Adler.

Source/WebCore:

Test: workers/message-port-gc.html

* dom/MessagePort.cpp:
(WebCore::MessagePort::deref const):

LayoutTests:

Original test provided as part of the bug report by Yann Cabon <ycabon@esri.com>

* workers/message-port-gc-expected.txt: Added.
* workers/message-port-gc.html: Added.
* workers/message-port-gc.js: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230735 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/workers/message-port-gc-expected.txt [new file with mode: 0644]
LayoutTests/workers/message-port-gc.html [new file with mode: 0644]
LayoutTests/workers/message-port-gc.js [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/MessagePort.cpp

index 9cc1ef1..faa13cf 100644 (file)
@@ -1,3 +1,17 @@
+2018-04-17  Tadeu Zagallo  <tzagallo@apple.com>
+
+        Do not unregister MessagePorts on deallocation if it has been disentangled
+        https://bugs.webkit.org/show_bug.cgi?id=184285
+        <rdar://problem/39256714>
+
+        Reviewed by Darin Adler.
+
+        Original test provided as part of the bug report by Yann Cabon <ycabon@esri.com>
+
+        * workers/message-port-gc-expected.txt: Added.
+        * workers/message-port-gc.html: Added.
+        * workers/message-port-gc.js: Added.
+
 2018-04-17  Chris Dumez  <cdumez@apple.com>
 
         REGRESSION (r229831): CMD-clicking an iCloud web app link unexpectedly opens that link in a new tab and the current tab
diff --git a/LayoutTests/workers/message-port-gc-expected.txt b/LayoutTests/workers/message-port-gc-expected.txt
new file mode 100644 (file)
index 0000000..edb112d
--- /dev/null
@@ -0,0 +1,25 @@
+Verify that collecting a transferred port should not interfere with posting messages
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+pong
+pong
+pong
+pong
+pong
+pong
+pong
+pong
+pong
+pong
+pong
+pong
+pong
+pong
+pong
+pong
+
diff --git a/LayoutTests/workers/message-port-gc.html b/LayoutTests/workers/message-port-gc.html
new file mode 100644 (file)
index 0000000..34075de
--- /dev/null
@@ -0,0 +1,27 @@
+<html>
+<body>
+<script src="../resources/js-test.js"></script>
+<script>
+description("Verify that collecting a transferred port should not interfere with posting messages");
+
+if (window.testRunner)
+  window.testRunner.waitUntilDone();
+
+const worker = new Worker("./message-port-gc.js");
+let messageCount = 0;
+
+worker.onmessage = e => {
+  const {port} = e.data;
+  port.postMessage("ping");
+  port.onmessage = e => {
+    debug(e.data);
+    if (++messageCount == 16) {
+      if (window.testRunner)
+        window.testRunner.notifyDone();
+    } else setTimeout(() => port.postMessage("ping"), 50);
+  };
+};
+
+</script>
+</body>
+</html>
diff --git a/LayoutTests/workers/message-port-gc.js b/LayoutTests/workers/message-port-gc.js
new file mode 100644 (file)
index 0000000..eba1435
--- /dev/null
@@ -0,0 +1,9 @@
+(function() {
+  let {port1, port2} = new MessageChannel();
+  self.postMessage({ port: port2 }, [port2]);
+  port1.onmessage = e => {
+    for (let i = 0; i < 1000; i++)
+      new ArrayBuffer(500);
+    setTimeout(() => port1.postMessage("pong"), 50);
+  };
+})();
index e56732a..856aab1 100644 (file)
@@ -1,3 +1,16 @@
+2018-04-17  Tadeu Zagallo  <tzagallo@apple.com>
+
+        Do not unregister MessagePorts on deallocation if it has been disentangled
+        https://bugs.webkit.org/show_bug.cgi?id=184285
+        <rdar://problem/39256714>
+
+        Reviewed by Darin Adler.
+
+        Test: workers/message-port-gc.html
+
+        * dom/MessagePort.cpp:
+        (WebCore::MessagePort::deref const):
+
 2018-04-17  Basuke Suzuki  <Basuke.Suzuki@sony.com>
 
         [Curl] Fix timing of reporting error to the client
index c8b6b8a..cf28976 100644 (file)
@@ -66,7 +66,10 @@ void MessagePort::deref() const
         if (m_refCount)
             return;
 
-        allMessagePorts().remove(m_identifier);
+        auto iterator = allMessagePorts().find(m_identifier);
+        if (iterator != allMessagePorts().end() && iterator->value == this)
+            allMessagePorts().remove(iterator);
+
         delete this;
     }
 }