Bug 143789

Summary:

Ensure that all the smart pointer types in WTF clear their pointer before deref

Product:

WebKit

Reporter:

Oliver Hunt <oliver>

Component:

New Bugs

Assignee:

Oliver Hunt <oliver>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ap, benjamin, buildbot, cmarcelo, commit-queue, kling, rniwa

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Archive of layout-test-results from ews103 for mac-mavericks	none
Archive of layout-test-results from ews107 for mac-mavericks-wk2	none
Patch	none
Archive of layout-test-results from ews105 for mac-mavericks-wk2	none
Archive of layout-test-results from ews103 for mac-mavericks	none
Patch	none
Archive of layout-test-results from ews102 for mac-mavericks	none
just a test to run against other bots	none

Oliver Hunt

Reported 2015-04-15 11:24:30 PDT

Ensure that all the smart pointer types in WTF clear their pointer before deref

Attachments
Patch (8.26 KB, patch) 2015-04-15 11:59 PDT, Oliver Hunt	no flags	Details Formatted Diff Diff
Patch (8.26 KB, patch) 2015-04-15 12:02 PDT, Oliver Hunt	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews103 for mac-mavericks (788.96 KB, application/zip) 2015-04-15 12:59 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews107 for mac-mavericks-wk2 (802.85 KB, application/zip) 2015-04-15 13:28 PDT, Build Bot	no flags	Details
Patch (8.41 KB, patch) 2015-04-30 16:07 PDT, Oliver Hunt	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews105 for mac-mavericks-wk2 (411.98 KB, application/zip) 2015-04-30 17:03 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews103 for mac-mavericks (303.27 KB, application/zip) 2015-04-30 17:08 PDT, Build Bot	no flags	Details
Patch (8.39 KB, patch) 2015-05-01 15:42 PDT, Oliver Hunt	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews102 for mac-mavericks (251.55 KB, application/zip) 2015-05-01 16:34 PDT, Build Bot	no flags	Details
just a test to run against other bots (7.17 KB, patch) 2015-05-11 11:44 PDT, Oliver Hunt	no flags	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Oliver Hunt

Comment 1 2015-04-15 11:59:09 PDT

Created attachment 250828 [details] Patch

Oliver Hunt

Comment 2 2015-04-15 12:02:11 PDT

Created attachment 250829 [details] Patch

Build Bot

Comment 3 2015-04-15 12:59:04 PDT

Comment on attachment 250829 [details] Patch Attachment 250829 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/4594815194890240 Number of test failures exceeded the failure limit.

Build Bot

Comment 4 2015-04-15 12:59:07 PDT

Created attachment 250838 [details] Archive of layout-test-results from ews103 for mac-mavericks The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-mavericks Platform: Mac OS X 10.9.5

Build Bot

Comment 5 2015-04-15 13:28:54 PDT

Comment on attachment 250829 [details] Patch Attachment 250829 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/4723881109618688 Number of test failures exceeded the failure limit.

Build Bot

Comment 6 2015-04-15 13:28:57 PDT

Created attachment 250845 [details] Archive of layout-test-results from ews107 for mac-mavericks-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-mavericks-wk2 Platform: Mac OS X 10.9.5

Darin Adler

Comment 7 2015-04-16 12:34:53 PDT

Comment on attachment 250829 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=250829&action=review Good idea. I almost said review+ but there are a few questions worth answering first. Since deref is a hot function, I presume this could have performance impact. What did we do to measure it? Looks like some tests are crashing. Should look into that. > Source/WTF/wtf/PassRefPtr.h:62 > + ALWAYS_INLINE ~PassRefPtr() { > + T* ptr = m_ptr; > + m_ptr = nullptr; > + derefIfNotNull(ptr); > + } If it’s going to become multi-line like this I prefer that this function’s body be moved outside of the class definition. > Source/WTF/wtf/Ref.h:77 > + T* ptr = std::exchange(m_ptr, nullptr); > m_ptr = &object; Why first set to nullptr, then to &object? Seems that we either should simply set it to &object in the first place, or leave it as nullptr during the deref and then set to &object only after the deref. > Source/WTF/wtf/RefPtr.h:62 > - ALWAYS_INLINE ~RefPtr() { derefIfNotNull(m_ptr); } > + ALWAYS_INLINE ~RefPtr() > + { > + derefIfNotNull(std::exchange(m_ptr, nullptr)); > + } If it’s going to become multi-line like this I prefer that this function’s body be moved outside of the class definition. > Source/WTF/wtf/RetainPtr.h:78 > + ~RetainPtr() > + { > + if (StorageType ptr = std::exchange(m_ptr, nullptr)) > + CFRelease(ptr); > + } If it’s going to become multi-line like this I prefer that this function’s body be moved outside of the class definition.

Oliver Hunt

Comment 8 2015-04-16 12:59:18 PDT

Another r- because it is somehow causing millions of tests to fail ;) I hadn't run tests yet when i pushed it up as i assumed it would Just Work (hahahahaha), and wanted to make sure everything built on other platforms. --Oliver (In reply to comment #7) > Comment on attachment 250829 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=250829&action=review > > Good idea. I almost said review+ but there are a few questions worth > answering first. > > Since deref is a hot function, I presume this could have performance impact. > What did we do to measure it? > > Looks like some tests are crashing. Should look into that. > > > Source/WTF/wtf/PassRefPtr.h:62 > > + ALWAYS_INLINE ~PassRefPtr() { > > + T* ptr = m_ptr; > > + m_ptr = nullptr; > > + derefIfNotNull(ptr); > > + } > > If it’s going to become multi-line like this I prefer that this function’s > body be moved outside of the class definition. > > > Source/WTF/wtf/Ref.h:77 > > + T* ptr = std::exchange(m_ptr, nullptr); > > m_ptr = &object; > > Why first set to nullptr, then to &object? Seems that we either should > simply set it to &object in the first place, or leave it as nullptr during > the deref and then set to &object only after the deref. > > > Source/WTF/wtf/RefPtr.h:62 > > - ALWAYS_INLINE ~RefPtr() { derefIfNotNull(m_ptr); } > > + ALWAYS_INLINE ~RefPtr() > > + { > > + derefIfNotNull(std::exchange(m_ptr, nullptr)); > > + } > > If it’s going to become multi-line like this I prefer that this function’s > body be moved outside of the class definition. > > > Source/WTF/wtf/RetainPtr.h:78 > > + ~RetainPtr() > > + { > > + if (StorageType ptr = std::exchange(m_ptr, nullptr)) > > + CFRelease(ptr); > > + } > > If it’s going to become multi-line like this I prefer that this function’s > body be moved outside of the class definition.

Oliver Hunt

Comment 9 2015-04-30 16:07:05 PDT

Created attachment 252101 [details] Patch

Build Bot

Comment 10 2015-04-30 17:03:13 PDT

Comment on attachment 252101 [details] Patch Attachment 252101 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/6709304367251456 Number of test failures exceeded the failure limit.

Build Bot

Comment 11 2015-04-30 17:03:22 PDT

Created attachment 252116 [details] Archive of layout-test-results from ews105 for mac-mavericks-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews105 Port: mac-mavericks-wk2 Platform: Mac OS X 10.9.5

Build Bot

Comment 12 2015-04-30 17:08:36 PDT

Comment on attachment 252101 [details] Patch Attachment 252101 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/6428580472946688 Number of test failures exceeded the failure limit.

Build Bot

Comment 13 2015-04-30 17:08:39 PDT

Created attachment 252117 [details] Archive of layout-test-results from ews103 for mac-mavericks The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews103 Port: mac-mavericks Platform: Mac OS X 10.9.5

Oliver Hunt

Comment 14 2015-05-01 15:42:32 PDT

Created attachment 252180 [details] Patch

Build Bot

Comment 15 2015-05-01 16:34:24 PDT

Comment on attachment 252180 [details] Patch Attachment 252180 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/5818393932333056 Number of test failures exceeded the failure limit.

Build Bot

Comment 16 2015-05-01 16:34:28 PDT

Created attachment 252194 [details] Archive of layout-test-results from ews102 for mac-mavericks The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews102 Port: mac-mavericks Platform: Mac OS X 10.9.5

Darin Adler

Comment 17 2015-05-01 16:38:16 PDT

Comment on attachment 252180 [details] Patch Can you do one pointer type at a time? Doing them all at once will make it harder for us to regress later if any of these changes causes a bug.

Darin Adler

Comment 18 2015-05-01 16:40:55 PDT

Comment on attachment 252180 [details] Patch There are 25 or 30 crashes caused by this in run-webkit-tests test cases. Should land these one at a time and investigate and solve problems caused by code that depends on the old behavior.

Oliver Hunt

Comment 19 2015-05-11 11:44:07 PDT

Created attachment 252876 [details] just a test to run against other bots

Ryosuke Niwa

Comment 20 2015-05-13 15:32:50 PDT

Comment on attachment 252876 [details] just a test to run against other bots Hopefully no perf regressions...

WebKit Commit Bot

Comment 21 2015-05-13 16:20:24 PDT

Comment on attachment 252876 [details] just a test to run against other bots Clearing flags on attachment: 252876 Committed r184316: <http://trac.webkit.org/changeset/184316>

WebKit Commit Bot

Comment 22 2015-05-13 16:20:29 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.