143789 – Ensure that all the smart pointer types in WTF clear their pointer before deref

Bug 143789 - Ensure that all the smart pointer types in WTF clear their pointer before deref

Summary: Ensure that all the smart pointer types in WTF clear their pointer before deref

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Oliver Hunt

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-04-15 11:24 PDT by Oliver Hunt
Modified:	2015-05-13 16:20 PDT (History)
CC List:	7 users (show)

See Also:

Attachments
Patch (8.26 KB, patch) 2015-04-15 11:59 PDT, Oliver Hunt	no flags	Details \| Formatted Diff \| Diff
Patch (8.26 KB, patch) 2015-04-15 12:02 PDT, Oliver Hunt	no flags	Details \| Formatted Diff \| Diff
Archive of layout-test-results from ews103 for mac-mavericks (788.96 KB, application/zip) 2015-04-15 12:59 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews107 for mac-mavericks-wk2 (802.85 KB, application/zip) 2015-04-15 13:28 PDT, Build Bot	no flags	Details
Patch (8.41 KB, patch) 2015-04-30 16:07 PDT, Oliver Hunt	no flags	Details \| Formatted Diff \| Diff
Archive of layout-test-results from ews105 for mac-mavericks-wk2 (411.98 KB, application/zip) 2015-04-30 17:03 PDT, Build Bot	no flags	Details
Archive of layout-test-results from ews103 for mac-mavericks (303.27 KB, application/zip) 2015-04-30 17:08 PDT, Build Bot	no flags	Details
Patch (8.39 KB, patch) 2015-05-01 15:42 PDT, Oliver Hunt	no flags	Details \| Formatted Diff \| Diff
Archive of layout-test-results from ews102 for mac-mavericks (251.55 KB, application/zip) 2015-05-01 16:34 PDT, Build Bot	no flags	Details
just a test to run against other bots (7.17 KB, patch) 2015-05-11 11:44 PDT, Oliver Hunt	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Oliver Hunt 2015-04-15 11:24:30 PDT

Ensure that all the smart pointer types in WTF clear their pointer before deref

Comment 1 Oliver Hunt 2015-04-15 11:59:09 PDT

Created attachment 250828 [details]
Patch

Comment 2 Oliver Hunt 2015-04-15 12:02:11 PDT

Created attachment 250829 [details]
Patch

Comment 3 Build Bot 2015-04-15 12:59:04 PDT

Comment on attachment 250829 [details]
Patch

Attachment 250829 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/4594815194890240

Number of test failures exceeded the failure limit.

Comment 4 Build Bot 2015-04-15 12:59:07 PDT

Created attachment 250838 [details]
Archive of layout-test-results from ews103 for mac-mavericks

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews103  Port: mac-mavericks  Platform: Mac OS X 10.9.5

Comment 5 Build Bot 2015-04-15 13:28:54 PDT

Comment on attachment 250829 [details]
Patch

Attachment 250829 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/4723881109618688

Number of test failures exceeded the failure limit.

Comment 6 Build Bot 2015-04-15 13:28:57 PDT

Created attachment 250845 [details]
Archive of layout-test-results from ews107 for mac-mavericks-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews107  Port: mac-mavericks-wk2  Platform: Mac OS X 10.9.5

Comment 7 Darin Adler 2015-04-16 12:34:53 PDT

Comment on attachment 250829 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=250829&action=review

Good idea. I almost said review+ but there are a few questions worth answering first.

Since deref is a hot function, I presume this could have performance impact. What did we do to measure it?

Looks like some tests are crashing. Should look into that.

> Source/WTF/wtf/PassRefPtr.h:62
> +        ALWAYS_INLINE ~PassRefPtr() {
> +            T* ptr = m_ptr;
> +            m_ptr = nullptr;
> +            derefIfNotNull(ptr);
> +        }

If it’s going to become multi-line like this I prefer that this function’s body be moved outside of the class definition.

> Source/WTF/wtf/Ref.h:77
> +        T* ptr = std::exchange(m_ptr, nullptr);
>          m_ptr = &object;

Why first set to nullptr, then to &object? Seems that we either should simply set it to &object in the first place, or leave it as nullptr during the deref and then set to &object only after the deref.

> Source/WTF/wtf/RefPtr.h:62
> -    ALWAYS_INLINE ~RefPtr() { derefIfNotNull(m_ptr); }
> +    ALWAYS_INLINE ~RefPtr()
> +    {
> +        derefIfNotNull(std::exchange(m_ptr, nullptr));
> +    }

If it’s going to become multi-line like this I prefer that this function’s body be moved outside of the class definition.

> Source/WTF/wtf/RetainPtr.h:78
> +    ~RetainPtr()
> +    {
> +        if (StorageType ptr = std::exchange(m_ptr, nullptr))
> +            CFRelease(ptr);
> +    }

If it’s going to become multi-line like this I prefer that this function’s body be moved outside of the class definition.

Comment 8 Oliver Hunt 2015-04-16 12:59:18 PDT

Another r- because it is somehow causing millions of tests to fail ;)

I hadn't run tests yet when i pushed it up as i assumed it would Just Work (hahahahaha), and wanted to make sure everything built on other platforms.

--Oliver

(In reply to comment #7)
> Comment on attachment 250829 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=250829&action=review
> 
> Good idea. I almost said review+ but there are a few questions worth
> answering first.
> 
> Since deref is a hot function, I presume this could have performance impact.
> What did we do to measure it?
> 
> Looks like some tests are crashing. Should look into that.
> 
> > Source/WTF/wtf/PassRefPtr.h:62
> > +        ALWAYS_INLINE ~PassRefPtr() {
> > +            T* ptr = m_ptr;
> > +            m_ptr = nullptr;
> > +            derefIfNotNull(ptr);
> > +        }
> 
> If it’s going to become multi-line like this I prefer that this function’s
> body be moved outside of the class definition.
> 
> > Source/WTF/wtf/Ref.h:77
> > +        T* ptr = std::exchange(m_ptr, nullptr);
> >          m_ptr = &object;
> 
> Why first set to nullptr, then to &object? Seems that we either should
> simply set it to &object in the first place, or leave it as nullptr during
> the deref and then set to &object only after the deref.
> 
> > Source/WTF/wtf/RefPtr.h:62
> > -    ALWAYS_INLINE ~RefPtr() { derefIfNotNull(m_ptr); }
> > +    ALWAYS_INLINE ~RefPtr()
> > +    {
> > +        derefIfNotNull(std::exchange(m_ptr, nullptr));
> > +    }
> 
> If it’s going to become multi-line like this I prefer that this function’s
> body be moved outside of the class definition.
> 
> > Source/WTF/wtf/RetainPtr.h:78
> > +    ~RetainPtr()
> > +    {
> > +        if (StorageType ptr = std::exchange(m_ptr, nullptr))
> > +            CFRelease(ptr);
> > +    }
> 
> If it’s going to become multi-line like this I prefer that this function’s
> body be moved outside of the class definition.

Comment 9 Oliver Hunt 2015-04-30 16:07:05 PDT

Created attachment 252101 [details]
Patch

Comment 10 Build Bot 2015-04-30 17:03:13 PDT

Comment on attachment 252101 [details]
Patch

Attachment 252101 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.appspot.com/results/6709304367251456

Number of test failures exceeded the failure limit.

Comment 11 Build Bot 2015-04-30 17:03:22 PDT

Created attachment 252116 [details]
Archive of layout-test-results from ews105 for mac-mavericks-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews105  Port: mac-mavericks-wk2  Platform: Mac OS X 10.9.5

Comment 12 Build Bot 2015-04-30 17:08:36 PDT

Comment on attachment 252101 [details]
Patch

Attachment 252101 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/6428580472946688

Number of test failures exceeded the failure limit.

Comment 13 Build Bot 2015-04-30 17:08:39 PDT

Created attachment 252117 [details]
Archive of layout-test-results from ews103 for mac-mavericks

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews103  Port: mac-mavericks  Platform: Mac OS X 10.9.5

Comment 14 Oliver Hunt 2015-05-01 15:42:32 PDT

Created attachment 252180 [details]
Patch

Comment 15 Build Bot 2015-05-01 16:34:24 PDT

Comment on attachment 252180 [details]
Patch

Attachment 252180 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.appspot.com/results/5818393932333056

Number of test failures exceeded the failure limit.

Comment 16 Build Bot 2015-05-01 16:34:28 PDT

Created attachment 252194 [details]
Archive of layout-test-results from ews102 for mac-mavericks

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews102  Port: mac-mavericks  Platform: Mac OS X 10.9.5

Comment 17 Darin Adler 2015-05-01 16:38:16 PDT

Comment on attachment 252180 [details]
Patch

Can you do one pointer type at a time? Doing them all at once will make it harder for us to regress later if any of these changes causes a bug.

Comment 18 Darin Adler 2015-05-01 16:40:55 PDT

Comment on attachment 252180 [details]
Patch

There are 25 or 30 crashes caused by this in run-webkit-tests test cases. Should land these one at a time and investigate and solve problems caused by code that depends on the old behavior.

Comment 19 Oliver Hunt 2015-05-11 11:44:07 PDT

Created attachment 252876 [details]
just a test to run against other bots

Comment 20 Ryosuke Niwa 2015-05-13 15:32:50 PDT

Comment on attachment 252876 [details]
just a test to run against other bots

Hopefully no perf regressions...

Comment 21 WebKit Commit Bot 2015-05-13 16:20:24 PDT

Comment on attachment 252876 [details]
just a test to run against other bots

Clearing flags on attachment: 252876

Committed r184316: <http://trac.webkit.org/changeset/184316>

Comment 22 WebKit Commit Bot 2015-05-13 16:20:29 PDT

All reviewed patches have been landed.  Closing bug.