[webkit-changes] [WebKit/WebKit] 1116cd: Regression(262252 at main) Flaky crash under ~CanMake...

Chris Dumez noreply at github.com
Wed May 3 22:21:05 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1116cdd2710a182d19d7b473b5ffe7aca5791df7
      https://github.com/WebKit/WebKit/commit/1116cdd2710a182d19d7b473b5ffe7aca5791df7
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-05-03 (Wed, 03 May 2023)

  Changed paths:
    M Source/WebCore/bindings/js/ScriptModuleLoader.cpp
    M Source/WebCore/bindings/js/ScriptModuleLoader.h
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp

  Log Message:
  -----------
  Regression(262252 at main) Flaky crash under ~CanMakeCheckedPtrBase() for ScriptExecutionContext
https://bugs.webkit.org/show_bug.cgi?id=256290

Reviewed by Ryosuke Niwa and Alex Christensen.

ScriptModuleLoader has a CheckedRef to its ScriptExecutionContext. In general, a
ScriptModuleLoader cannot outlive its ScriptExecutionContext. This is the case
for the ScriptModuleLoader owned by Document and WorkerOrWorkletGlobalScope.
Document and WorkerOrWorkletGlobalScope are scriptExecutionContexts and own a
ScriptModuleLoader, so the ownership is clear in this case.

However, ShadowRealmGlobalScope::moduleLoader() calls
ScriptModuleLoader::shadowRealmLoader() which constructs a new ScriptModuleLoader
using another ScriptModuleLoader's scriptExecutionContext. ShadowRealmGlobalScope
is not a ScriptExecutionContext and the lifetime of the ShadowRealmGlobalScope
seems to be tied to its JS wrapper.

To address the issue, I am now using a WeakPtr<> instead of a CheckedRef. I am
also adding null checks.

* Source/WebCore/bindings/js/ScriptModuleLoader.cpp:
(WebCore::ScriptModuleLoader::ScriptModuleLoader):
(WebCore::ScriptModuleLoader::shadowRealmLoader const):
(WebCore::ScriptModuleLoader::resolve):
(WebCore::ScriptModuleLoader::fetch):
(WebCore::ScriptModuleLoader::moduleURL):
(WebCore::ScriptModuleLoader::responseURLFromRequestURL):
(WebCore::ScriptModuleLoader::evaluate):
(WebCore::ScriptModuleLoader::importModule):
(WebCore::ScriptModuleLoader::notifyFinished):
* Source/WebCore/bindings/js/ScriptModuleLoader.h:
* Source/WebCore/dom/Document.cpp:
* Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp:
(WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope):

Canonical link: https://commits.webkit.org/263662@main

More information about the webkit-changes mailing list