Closed Bug 175888 Opened 22 years ago Closed 22 years ago

Calling nsGlobalHistory::CloseDB() must be safe

Categories

(Core Graveyard :: History: Global, defect, P1)

Product:
Core Graveyard
Component:
History: Global
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla1.0.2

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

(Keywords: topembed+, Whiteboard: [adt2] [ETA 11/15])

Attachments

(1 file, 1 obsolete file)

Patch v2
1.15 KB, patch
timeless
: review+
alecf
: superreview+
Details | Diff | Splinter Review 
Because of bug 175320, in the future the profile shutdown events will be seen on
application shutdown. We must make sure that nsGlobalService does not run into
trouble when because of those events, CloseDB will get called twice.

I tried to guess whether calling CloseDB() twice is already safe, but I'm having
trouble making the decision.

The following code is inside CloseDB:
  ExpireEntries(PR_FALSE /* don't notify */);
  err = Commit(kSessionCommit);

  // order is important here - logically smallest objects first
  mMetaRow = nsnull;
  
  if (mTable)
    mTable->Release();

  if (mStore)
    mStore->Release();

  if (mEnv)
    mEnv->Release();

  mTable = nsnull; mEnv = nsnull; mStore = nsnull;

Is it ok to execute that twice?

Could we possibly check whether mStore is null, and prevent cleanup in that
case? I suggest, because OpenDB is returning success if mStore is already set.
On the other, CloseDB seems to treat mStore just like one of many objects to
clean up.
Blocks: 175320
Keywords: nsbeta1, topembed
Alec, Blake, do you know the answer?

hmm.. I would imagine its safe. if mStore is null, then ExpireEntries and Commit
should be no-ops.
Bug 175320 topembed+/nsbeta1+, and is blocked by this bug, so I am marking this
one as nsbeta1+/topembed+.
Severity: normal → major
Keywords: nsbeta1, topembednsbeta1+, topembed+
Priority: -- → P1
Whiteboard: [adt2] [ETA Needed]
Target Milestone: --- → mozilla1.0.2
Oops. I notice that ExpireEntries is not a no-op.

Actually, it will call OpenDB!

CloseDB() -> ExpireEntries() -> RemoveMatchingRows() -> OpenDB()

oh! that's bad. I guess we need the check at the start of CloseDB...well, I'll
review any patches :)
Attached patch Patch v1 (obsolete) — Splinter Review 
I don't really dare a patch that makes assumptions about the existing code, and
I don't want to use any existing state variable to make a decision.

I'm attaching a patch that tries to be as safe as possible.
The idea of the patch is to avoid executing the code in CloseDB multiple times,
if no calls to OpenDB were seen in between.
However, as soon as a call to OpenDB was seen, we allow the call to CloseDB, as
parts of its action might have become necessary.

I'm choosing this approach, because I don't know what could happen between the
profile-before-change notification and the actual destruction.
-> me, since it looks I'm writing the patch :)
Assignee: blaker → kaie
Comment on attachment 103670 [details] [diff] [review]
Patch v1

Kai - that is why we have the reviewer system - to catch assumptions like that.
This allows you to attempt to write simpler code (i.e. instead of what is
written here) and ask your reviewers if you are making too many assumptions.

As a reviewer and coauthor of this code, I can vouch for the fact that mStore
indicates that the store is open. This code is in fact broken, because nothing
ever resets mAvoidMultipleCloseDB, so that once the DB is closed, it will never
be closed again. (for example, if you switch profiles once, all future profile
switches will leave the DB open)

Please just check mStore and return early if mStore is null.
Attachment #103670 - Flags: needs-work+
> nothing ever resets mAvoidMultipleCloseDB, so that once the DB is closed, 
> it will never be closed again. (for example, if you switch profiles once, 
> all future profile switches will leave the DB open)

? The reset is happening at the beginning of OpenDB. The avoid flag will get set
to false, the check in CloseDB will fail and the rest of the close function will
get executed.

But I'll attach the simpler patch.
Attached patch Patch v2Splinter Review 
Simpler patch as suggested
Attachment #103670 - Attachment is obsolete: true
Comment on attachment 103728 [details] [diff] [review]
Patch v2

looks great. sr=alecf
Attachment #103728 - Flags: superreview+
Chris, Blake, could one of you please review this small patch?

i think the checkin of this patch can wait until someone urgently needs the
changes to land on the 1.0 branch. setting ETA to 11/15 for now.
Whiteboard: [adt2] [ETA Needed] → [adt2] [ETA 11/15]
I need help finding additional reviewers. I pinged both waterson and blaker by
private mail 2 weeks ago, but they did not respond.

as a former owner of history, I hope that my sr= could help count towards a
module-owner review. this is pretty basic stuff, so I'd like to say that any
reviewer should do..

(that said, waterson is off on other projects, and is probably a bad candidate
for reviews)
Attachment #103728 - Flags: review+
fixed on trunk
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
rs vrfy.
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: