[Webkit-unassigned] [Bug 30954] New: Possibly race condition in Database.cpp

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 30 07:02:31 PDT 2009 

https://bugs.webkit.org/show_bug.cgi?id=30954

           Summary: Possibly race condition in Database.cpp
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: xan.lopez at gmail.com


While debugging some ASSERTions happening randomly in the storage code in the
GTK port, I found the following with valgrind/helgrind:

==7268== Possible data race during write of size 1 at 0xa5c20a9 by thread #1
==7268==    at 0x47D4983: WebCore::Database::stop() (Database.cpp:361)
==7268==    by 0x4357DAD: WebCore::Document::stopDatabases()
(Document.cpp:4406)
==7268==    by 0x455316C:
WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy,
WebCore::DatabasePolicy) (FrameLoader.cpp:554)
==7268==    by 0x455331F: WebCore::FrameLoader::closeURL()
(FrameLoader.cpp:585)
==7268==    by 0x455BDC0:
WebCore::FrameLoader::transitionToCommitted(WTF::PassRefPtr<WebCore::CachedPage>)
(FrameLoader.cpp:2465)
==7268==    by 0x455B86F:
WebCore::FrameLoader::commitProvisionalLoad(WTF::PassRefPtr<WebCore::CachedPage>)
(FrameLoader.cpp:2391)
==7268==    by 0x453EAD1: WebCore::DocumentLoader::commitIfReady()
(DocumentLoader.cpp:320)
==7268==    by 0x453EB0A: WebCore::DocumentLoader::finishedLoading()
(DocumentLoader.cpp:327)
==7268==    by 0x455CA6D: WebCore::FrameLoader::finishedLoading()
(FrameLoader.cpp:2697)
==7268==    by 0x456CEA1: WebCore::MainResourceLoader::didFinishLoading()
(MainResourceLoader.cpp:393)
==7268==    by 0x456C660:
WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction,
WebCore::ResourceResponse const&) (MainResourceLoader.cpp:264)
==7268==    by 0x456C777:
WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction)
(MainResourceLoader.cpp:278)
==7268==  This conflicts with a previous read of size 1 by thread #3
==7268==    at 0x47F7BC4: WebCore::Database::stopped() const (Database.h:110)
==7268==    by 0x47F5E71:
WebCore::SQLTransaction::checkAndHandleClosedDatabase()
(SQLTransaction.cpp:151)
==7268==    by 0x47F60CD: WebCore::SQLTransaction::performNextStep()
(SQLTransaction.cpp:182)
==7268==    by 0x47DE215: WebCore::DatabaseTransactionTask::doPerformTask()
(DatabaseTask.cpp:145)
==7268==    by 0x47DDC7B: WebCore::DatabaseTask::performTask()
(DatabaseTask.cpp:56)
==7268==    by 0x47DEDB5: WebCore::DatabaseThread::databaseThread()
(DatabaseThread.cpp:99)
==7268==    by 0x47DED02: WebCore::DatabaseThread::databaseThreadStart(void*)
(DatabaseThread.cpp:82)
==7268==    by 0x41044B5: WTF::threadEntryPoint(void*) (Threading.cpp:64)

Basically there's the possibility of the main thread being busy stopping all
current transactions, while the database thread wants to check if they are
stopped to do something else. This all happens without any kind of lock, so
there's a real possibility of things going the wrong way I think. Not sure what
would be the best fix here though, since I'm not very familiar with the code.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list