<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Modern IDB: TransactionOperations from a worker thread might be destroyed on main thread"

   href="https://bugs.webkit.org/show_bug.cgi?id=158004">158004</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Modern IDB: TransactionOperations from a worker thread might be destroyed on main thread

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>WebKit Nightly Build

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>WebCore Misc.

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>beidson&#64;apple.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Modern IDB: TransactionOperations from a worker thread might be destroyed on main thread

This bug is spawned from <a class="bz_bug_link 

          bz_status_ASSIGNED "

   title="ASSIGNED - Modern IDB: Some blob tests ASSERT sometimes on the bots"

   href="show_bug.cgi?id=157525">https://bugs.webkit.org/show_bug.cgi?id=157525</a>

An example of this happening on the bots is here: <a href="https://bugs.webkit.org/attachment.cgi?id=278975">https://bugs.webkit.org/attachment.cgi?id=278975</a>

The big problem is in IDBConnectionProxy:

template&lt;typename T, typename... Parameters, typename... Arguments&gt;

void performCallbackOnCorrectThread(T&amp; object, void (T::*method)(Parameters...), Arguments&amp;&amp;... arguments)

{

    ASSERT(isMainThread());

    if (object.originThreadID() == currentThread()) {

        (object.*method)(arguments...);

        return;

    }

    ScriptExecutionContext* context = object.scriptExecutionContext();

    if (!context)

        return;

    context-&gt;postCrossThreadTask(object, method, arguments...);

}

It is possible that the worker thread's context has been stopped by the time a TransactionOperation that was created on the worker thread is completed.

In that case, it falls into the &quot;if (!context) return;&quot; clause.

And when it does that, the operation will be released on the main thread, which is its only option.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>