Bug 1741869 Comment 2 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by
on 
So [`TopLevelWorkerFinishedRunnable`](https://searchfox.org/mozilla-central/rev/bc5e79f3ae0f42cb4a6ebd05fc32f48a3829059d/dom/workers/WorkerPrivate.cpp#308) clears the `WorkerPrivate` self reference which makes it go away.

But we have [`WorkerGlobalScopeBase.mWorkerPrivate`](https://searchfox.org/mozilla-central/rev/bc5e79f3ae0f42cb4a6ebd05fc32f48a3829059d/dom/workers/WorkerScope.h#160) and for reasons I ignore the `ServiceWorkerGlobalScope` this is part of is cycle collected only later and there we have a [custom traverse function](https://searchfox.org/mozilla-central/rev/bc5e79f3ae0f42cb4a6ebd05fc32f48a3829059d/dom/workers/WorkerScope.cpp#181-188) that triggers [WorkerPrivate::TraverseTimeouts](https://searchfox.org/mozilla-central/rev/bc5e79f3ae0f42cb4a6ebd05fc32f48a3829059d/dom/workers/WorkerPrivate.cpp#3793) on the already freed `WorkerPrivate` memory.

A naive approach could be to make [`WorkerGlobalScopeBase.mWorkerPrivate`](https://searchfox.org/mozilla-central/rev/bc5e79f3ae0f42cb4a6ebd05fc32f48a3829059d/dom/workers/WorkerScope.h#160) become a `RefPtr`, but `WorkerPrivate` is not thread safe for refcounting. I assume the solution might be part of a more general overhaul of `WorkerPrivate`?
Revision 1 by
on 
So [`TopLevelWorkerFinishedRunnable`](https://searchfox.org/mozilla-central/rev/bc5e79f3ae0f42cb4a6ebd05fc32f48a3829059d/dom/workers/WorkerPrivate.cpp#308) clears the `WorkerPrivate` self reference which makes it go away.

But we have [`WorkerGlobalScopeBase.mWorkerPrivate`](https://searchfox.org/mozilla-central/rev/bc5e79f3ae0f42cb4a6ebd05fc32f48a3829059d/dom/workers/WorkerScope.h#160) and for reasons I ignore the `ServiceWorkerGlobalScope` this is part of is cycle collected only later and there we have a [custom traverse function](https://searchfox.org/mozilla-central/rev/bc5e79f3ae0f42cb4a6ebd05fc32f48a3829059d/dom/workers/WorkerScope.cpp#181-188) that triggers [`WorkerPrivate::TraverseTimeouts`](https://searchfox.org/mozilla-central/rev/bc5e79f3ae0f42cb4a6ebd05fc32f48a3829059d/dom/workers/WorkerPrivate.cpp#3793) on the already freed `WorkerPrivate` memory.

A naive approach could be to make [`WorkerGlobalScopeBase.mWorkerPrivate`](https://searchfox.org/mozilla-central/rev/bc5e79f3ae0f42cb4a6ebd05fc32f48a3829059d/dom/workers/WorkerScope.h#160) become a `RefPtr`, but `WorkerPrivate` is not thread safe for refcounting. I assume the solution might be part of a more general overhaul of `WorkerPrivate`?

Back to Bug 1741869 Comment 2