Bug 181274

Summary: REGRESSION (r212929): WKSnapshotConfiguration may leak an NSNumber when deallocated
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: WebKit2Assignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, jbedard, joepeck, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 161450    
Bug Blocks:    
Attachments:
Description Flags
Patch v1 none

David Kilzer (:ddkilzer)
Reported 2018-01-03 20:19:40 PST
Source/WebKit/UIProcess/API/Cocoa/WKSnapshotConfiguration.mm:31:1: warning: 'WKSnapshotConfiguration' lacks a 'dealloc' instance method but must release '_snapshotWidth' @implementation WKSnapshotConfiguration ^ 1 warning generated. Regressed with: Bug 161450: No reliable way to get a snapshot of WKWebView <https://bugs.webkit.org/show_bug.cgi?id=161450> Found by building WebKit project with clang static analyzer.
Attachments
Patch v1 (1.29 KB, patch)
2018-01-03 20:35 PST, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2018-01-03 20:35:31 PST
Created attachment 330439 [details] Patch v1
David Kilzer (:ddkilzer)
Comment 2 2018-01-03 20:39:22 PST
If the NSNumber object isn't set, or if it's a tagged pointer, there's probably no leak in practice, but there isn't a guarantee that a tagged pointer will always be used.
Joseph Pecoraro
Comment 3 2018-01-03 21:02:23 PST
Comment on attachment 330439 [details] Patch v1 r=me! Nice
WebKit Commit Bot
Comment 4 2018-01-03 21:23:58 PST
Comment on attachment 330439 [details] Patch v1 Clearing flags on attachment: 330439 Committed r226391: <https://trac.webkit.org/changeset/226391>
WebKit Commit Bot
Comment 5 2018-01-03 21:23:59 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 6 2018-01-03 21:24:54 PST
<rdar://problem/36290876>
Jonathan Bedard
Comment 7 2018-01-04 07:43:15 PST
Did our leak checker not identify this?
David Kilzer (:ddkilzer)
Comment 8 2018-01-04 09:41:36 PST
(In reply to Jonathan Bedard from comment #7) > Did our leak checker not identify this? This bug was not a leak, it was an over-released object, so the leak checker wouldn't have caught it. Our internal static analysis bot would have caught it, but it's using a build of macOS prior to 10.13.2, so this particular code would not have been compiled or analyzed.
Joseph Pecoraro
Comment 9 2018-01-04 10:39:35 PST
(In reply to David Kilzer (:ddkilzer) from comment #8) > (In reply to Jonathan Bedard from comment #7) > > Did our leak checker not identify this? > > This bug was not a leak, it was an over-released object, so the leak checker > wouldn't have caught it. Hmm, I think this was a leak and not an over-released object. ddkilzer has been a strong proponent of having the static analyzer catch these kinds of issues, and I think the ability to 'detect leaks of strong/copy/retain properties not released in dealloc' was added to the analyzer a couple years ago: https://reviews.llvm.org/D17511
David Kilzer (:ddkilzer)
Comment 10 2018-01-04 11:49:40 PST
(In reply to Joseph Pecoraro from comment #9) > (In reply to David Kilzer (:ddkilzer) from comment #8) > > (In reply to Jonathan Bedard from comment #7) > > > Did our leak checker not identify this? > > > > This bug was not a leak, it was an over-released object, so the leak checker > > wouldn't have caught it. > > Hmm, I think this was a leak and not an over-released object. > > ddkilzer has been a strong proponent of having the static analyzer catch > these kinds of issues, and I think the ability to 'detect leaks of > strong/copy/retain properties not released in dealloc' was added to the > analyzer a couple years ago: > https://reviews.llvm.org/D17511 Oops! Sorry, I was thinking of a different bug (Bug 181272) that was an over-release. This was a leak! However, this leak may not have been caught by the leaks bot if this code path was not exercised in our (layout) tests, or if the NSNumber was a tagged pointer (I think). As Joseph mentioned, though, the clang static analyzer should have caught this (assuming it runs the Objective-C dealloc checker).
Jonathan Bedard
Comment 11 2018-01-04 12:29:30 PST
(In reply to David Kilzer (:ddkilzer) from comment #10) > .... > > However, this leak may not have been caught by the leaks bot if this code > path was not exercised in our (layout) tests, or if the NSNumber was a > tagged pointer (I think). > > As Joseph mentioned, though, the clang static analyzer should have caught > this (assuming it runs the Objective-C dealloc checker). I have the answer to my own question. We DO use this when running layout tests, added here: <https://trac.webkit.org/changeset/216462/webkit>. But, this code path is only used when running WebKit2 tests (which we don't run leak checking on) and is only used when we have a real IOSURFACE, meaning on-device testing (which we also don't run leak checking on)
Note You need to log in before you can comment on or make changes to this bug.