Bug 144183 - Simplify DOM wrapper destruction, don't deref() in finalizers.
Summary: Simplify DOM wrapper destruction, don't deref() in finalizers.
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Andreas Kling
Depends on:
Reported: 2015-04-24 21:13 PDT by Andreas Kling
Modified: 2015-04-28 19:13 PDT (History)
2 users (show)

See Also:

Proposed patch (37.47 KB, patch)
2015-04-24 21:13 PDT, Andreas Kling
darin: review+
Details | Formatted Diff | Diff
Patch for landing (37.57 KB, patch)
2015-04-28 16:55 PDT, Andreas Kling
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Kling 2015-04-24 21:13:05 PDT
Finalizers are not guaranteed to run for a Weak if its WeakImpl has been replaced by another (through use of Weak::operator=(Weak&&)) before the GC's incremental sweeper has swept the containing WeakBlock.

Let's settle on a single way of invoking deref() on the DOM object.
Comment 1 Andreas Kling 2015-04-24 21:13:35 PDT
Created attachment 251609 [details]
Proposed patch
Comment 2 Darin Adler 2015-04-26 11:52:39 PDT
Comment on attachment 251609 [details]
Proposed patch

View in context: https://bugs.webkit.org/attachment.cgi?id=251609&action=review

> Source/WebCore/bindings/scripts/CodeGeneratorJS.pm:1089
> +        push(@headerContent, "    void releaseImpl() { m_impl->deref(); m_impl = nullptr; }\n\n");

Could consider the suggestion Oliver Hunt made for the smart pointer classes:

    void releaseImpl() { std::exchange(m_impl, nullptr)->deref(); }

That would mean that m_impl would be null if something happened to run in the destructor and turn around and see this object.
Comment 3 Andreas Kling 2015-04-28 16:55:57 PDT
Created attachment 251899 [details]
Patch for landing

With std::exchange like darin suggested.
Comment 4 Andreas Kling 2015-04-28 17:29:21 PDT
Comment on attachment 251899 [details]
Patch for landing

Holding cq+ while I check on a potential issue locally.
Comment 5 Andreas Kling 2015-04-28 18:25:45 PDT
Comment on attachment 251899 [details]
Patch for landing

Local issue was something else entirely. Resuming commit queue.
Comment 6 WebKit Commit Bot 2015-04-28 19:13:47 PDT
Comment on attachment 251899 [details]
Patch for landing

Clearing flags on attachment: 251899

Committed r183523: <http://trac.webkit.org/changeset/183523>
Comment 7 WebKit Commit Bot 2015-04-28 19:13:51 PDT
All reviewed patches have been landed.  Closing bug.