RESOLVED FIXED 106965
NodeRareData doesn't need to have a vtable pointer 
https://bugs.webkit.org/show_bug.cgi?id=106965
Summary NodeRareData doesn't need to have a vtable pointer
Ryosuke Niwa
Reported 2013-01-15 17:58:18 PST
We have a vtable pointer in NodeRareData just so that its destructor and reportMemoryUsage can use them. That's silly because the only place wee delete NodeRareData is Node::clearRareData and we already explicitly calls delete.
Attachments
Removes the vtable pointer (5.88 KB, patch)
2013-01-15 18:20 PST, Ryosuke Niwa 		benjamin: review+
benjamin: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Elliott Sprehn
Comment 1 2013-01-15 18:09:59 PST
I have a patch for this from a few months ago but it made the code a little confusing so I had decided against it. I can just upload it now though... You can't just naively rely on us calling delete since deleting ElementRareData from a base class ptr with a non virtual destructor produces undefined behavior.
Ryosuke Niwa
Comment 2 2013-01-15 18:20:03 PST
Created attachment 182891 [details] Removes the vtable pointer
Elliott Sprehn
Comment 3 2013-01-15 19:24:51 PST
Comment on attachment 182891 [details] Removes the vtable pointer View in context: https://bugs.webkit.org/attachment.cgi?id=182891&action=review Can we devirtualize createRareData() as well so people can't return subclasses anymore? There's no reason to support generic subclasses of rare data with virtual createRareData() since they wouldn't have their destructors handled properly. > Source/WebCore/dom/ElementRareData.cpp:39 > +struct SameSizeAsElementRareData { Why not just inherit NodeRareData ?
Ryosuke Niwa
Comment 4 2013-01-15 19:35:17 PST
(In reply to comment #3) > (From update of attachment 182891 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=182891&action=review > > Can we devirtualize createRareData() as well so people can't return subclasses anymore? There's no reason to support generic subclasses of rare data with virtual createRareData() since they wouldn't have their destructors handled properly. Let's do that in a separate patch. There are few cleanups we can do there.
Benjamin Poulain
Comment 5 2013-01-15 20:23:23 PST
> > Source/WebCore/dom/ElementRareData.cpp:39 > > +struct SameSizeAsElementRareData { > > Why not just inherit NodeRareData ? That would defeat the purpose.
Ryosuke Niwa
Comment 6 2013-01-15 20:37:33 PST
(In reply to comment #5) > > > Source/WebCore/dom/ElementRareData.cpp:39 > > > +struct SameSizeAsElementRareData { > > > > Why not just inherit NodeRareData ? > > That would defeat the purpose. It's same thing since I'm including NodeRareData as a member variable. I'm simply ensuring that the size of NodeRareData is not zero, in which case sizeof(SameSizeAsElementRareData) > sizeof(ElementRareData), among other things.
Elliott Sprehn
Comment 7 2013-01-15 20:45:52 PST
(In reply to comment #6) > (In reply to comment #5) > > > > Source/WebCore/dom/ElementRareData.cpp:39 > > > > +struct SameSizeAsElementRareData { > > > > > > Why not just inherit NodeRareData ? > > > > That would defeat the purpose. > > It's same thing since I'm including NodeRareData as a member variable. I'm simply ensuring that the size of NodeRareData is not zero, in which case sizeof(SameSizeAsElementRareData) > sizeof(ElementRareData), among other things. I don't understand this comment. Why would this make the struct bigger than the subclass? In general in WebCore we just inherit, ex. SameSizeAsRenderText, ShadowRoot, CSSRule, CSSRuleBase etc. I don't see anyone doing it like this.
Benjamin Poulain
Comment 8 2013-01-15 20:47:08 PST
> I don't understand this comment. Why would this make the struct bigger than the subclass? In general in WebCore we just inherit, ex. SameSizeAsRenderText, ShadowRoot, CSSRule, CSSRuleBase etc. I don't see anyone doing it like this. I thought you were commenting on SameSizeAsNodeRareData. I should probably read the patch :)
Ryosuke Niwa
Comment 9 2013-01-15 20:48:43 PST
(In reply to comment #7) > I don't understand this comment. Why would this make the struct bigger than the subclass? In general in WebCore we just inherit, ex. SameSizeAsRenderText, ShadowRoot, CSSRule, CSSRuleBase etc. I don't see anyone doing it like this. struct A { }; struct B { A a; int b; } struct C : A { int c; } Then sizeof(B) > sizeof(C) in most implementations.
Benjamin Poulain
Comment 10 2013-01-15 21:04:12 PST
Comment on attachment 182891 [details] Removes the vtable pointer View in context: https://bugs.webkit.org/attachment.cgi?id=182891&action=review Looks good to me. I like both Elliott's ideas. > Source/WebCore/dom/ElementRareData.cpp:44 > + void* pointers[7]; > + LayoutSize sizeForResizing; Please move sizeForResizing before pointers.
Elliott Sprehn
Comment 11 2013-01-15 21:04:30 PST
(In reply to comment #9) > (In reply to comment #7) > > I don't understand this comment. Why would this make the struct bigger than the subclass? In general in WebCore we just inherit, ex. SameSizeAsRenderText, ShadowRoot, CSSRule, CSSRuleBase etc. I don't see anyone doing it like this. > > struct A { }; > struct B { A a; int b; } > struct C : A { int c; } > > Then sizeof(B) > sizeof(C) in most implementations. Oh that's really fascinating! In this case sizeof(A) is actually 1 not 0. Thanks. :)
Ryosuke Niwa
Comment 12 2013-01-15 21:09:38 PST
(In reply to comment #10) > (From update of attachment 182891 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=182891&action=review > > Looks good to me. I like both Elliott's ideas. > > > Source/WebCore/dom/ElementRareData.cpp:44 > > + void* pointers[7]; > > + LayoutSize sizeForResizing; > > Please move sizeForResizing before pointers. I'm gonna move both non-pointer times to before pointers as we discussed in person.
Ryosuke Niwa
Comment 13 2013-01-15 21:24:20 PST
Committed r139833: <http://trac.webkit.org/changeset/139833>
Csaba Osztrogonác
Comment 14 2013-01-15 22:37:17 PST
(In reply to comment #13) > Committed r139833: <http://trac.webkit.org/changeset/139833> It made all tests crash on GTK and on Qt: - http://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release/builds/33025 - http://build.webkit.org/builders/Qt%20Linux%20Release/builds/56380 It seems they are GC related crashes. Could you check it please?
Ryosuke Niwa
Comment 15 2013-01-15 22:43:02 PST
(In reply to comment #14) > (In reply to comment #13) > > Committed r139833: <http://trac.webkit.org/changeset/139833> > > It made all tests crash on GTK and on Qt: > - http://build.webkit.org/builders/GTK%20Linux%2064-bit%20Release/builds/33025 > - http://build.webkit.org/builders/Qt%20Linux%20Release/builds/56380 > > It seems they are GC related crashes. Could you check it please? Oops, sorry about that.This is strange maybe it doesn't like non-virtual destructor somehow?
Benjamin Poulain
Comment 16 2013-01-15 22:50:29 PST
Do you have a backtrace with symbols somewhere?
Csaba Osztrogonác
Comment 17 2013-01-15 22:51:36 PST
and Chromium too: http://build.webkit.org/builders/Chromium%20Mac%20Release%20%28Tests%29/builds/31809
Csaba Osztrogonác
Comment 18 2013-01-15 22:52:10 PST
(In reply to comment #16) > Do you have a backtrace with symbols somewhere? I'm on it. But unfortunately it doesn't occur in debug mode.
Benjamin Poulain
Comment 19 2013-01-15 22:53:51 PST
Just a hunch: it looks like it is using libstd delete && libc free instead of the FastAlloc delete and free.
Ryosuke Niwa
Comment 20 2013-01-15 22:55:01 PST
Fix attempted in http://trac.webkit.org/changeset/139838. The problem was that m_rareData is of type NodeRareDataBase even though it's an instance of NodeRareData so we have to explicitly cast it into NodeRareData before deleting it.
Darin Adler
Comment 21 2013-01-16 09:20:36 PST
Comment on attachment 182891 [details] Removes the vtable pointer View in context: https://bugs.webkit.org/attachment.cgi?id=182891&action=review > Source/WebCore/dom/NodeRareData.h:309 > + // This member function is intentionially not virtual to avoid adding a vtable pointer. Typo: intentionially
Ryosuke Niwa
Comment 22 2013-01-24 11:27:30 PST
(In reply to comment #21) > (From update of attachment 182891 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=182891&action=review > > > Source/WebCore/dom/NodeRareData.h:309 > > + // This member function is intentionially not virtual to avoid adding a vtable pointer. > > Typo: intentionially Oops, fixed in http://trac.webkit.org/changeset/140700.
Note You need to log in before you can comment on or make changes to this bug.