Summary: | Add iterator checking to ListHashSet | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Darin Adler <darin> | ||||||||
Component: | New Bugs | Assignee: | Darin Adler <darin> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | andersca, benjamin, cdumez, cmarcelo, ews-watchlist, webkit-bug-importer, ysuzuki | ||||||||
Priority: | P2 | Keywords: | InRadar | ||||||||
Version: | WebKit Nightly Build | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=211733 | ||||||||||
Attachments: |
|
Description
Darin Adler
2020-05-09 12:37:03 PDT
Created attachment 398934 [details]
Patch
Comment on attachment 398934 [details]
Patch
Is WeakPtr thread safe?
(In reply to Anders Carlsson from comment #2) > Is WeakPtr thread safe? It uses ThreadSafeRefCounted, so I think yes. Committed r261440: <https://trac.webkit.org/changeset/261440> All reviewed patches have been landed. Closing bug and clearing flags on attachment 398934 [details]. (In reply to Darin Adler from comment #3) > (In reply to Anders Carlsson from comment #2) > > Is WeakPtr thread safe? > > It uses ThreadSafeRefCounted, so I think yes. WeakPtr<T>::get returns weird results in multi-threaded environment. This is slightly different from `std::weak_ptr<T>::lock()`. So, in general, it is not encouraged that we use WeakPtr<T> in multi-threading use because it does not work as expected. However, in this use case, it is OK. 1. T inherits CanMakeWeakPtr<T> and ThreadSafeRefCounted<T>. 2. In thread A, we create Ref<T>. 3. In thread A, we create WeakPtr<T> from Ref<T> 4. We pass WeakPtr<T> to another thread B. 5. B thread is attempting to call WeakPtr<T>::get(). 6. At the same time, in thread A, we start destroying Ref<T>. 7. Before (6) calls WeakPtrImpl::clear(), (5) gets a non nullptr T*. 8. Just after (5) gets non nullptr T*, (7) destroys Ref<T> completely. WeakPtr<T>::get can return a non-nullptr even if the obtained T* is half-destroyed right now. So, it is possible that we could miss some cases that T* is already destroyed while WeakPtr<T>::get returns non-nullptr. But since this is for assertion, false-negative is OK. Reverted r261440 for reason: Caused 6 TestWTF.WTF failures Committed r261486: <https://trac.webkit.org/changeset/261486> Created attachment 399092 [details]
Patch
This new patch fixes the TestWTF.WTF failures. Would appreciate review since more has changed now. Created attachment 399100 [details]
Patch
Committed r261818: <https://trac.webkit.org/changeset/261818> All reviewed patches have been landed. Closing bug and clearing flags on attachment 399100 [details]. |