Bug 196759 - OfflineAudioDestinationNode::startRendering leaks OfflineAudioDestinationNode if offlineRender exists early
Summary: OfflineAudioDestinationNode::startRendering leaks OfflineAudioDestinationNode...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Audio (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ryosuke Niwa
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-04-09 19:34 PDT by Ryosuke Niwa
Modified: 2019-04-10 13:31 PDT (History)
5 users (show)

See Also:


Attachments
Fixes the bug (4.92 KB, patch)
2019-04-09 19:40 PDT, Ryosuke Niwa
eric.carlson: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2019-04-09 19:34:49 PDT
OfflineAudioDestinationNode::startRendering calls ref() unconditionally
but offlineRender() calls deref() conditionally.
Comment 1 Ryosuke Niwa 2019-04-09 19:34:58 PDT
<rdar://problem/47900062>
Comment 2 Ryosuke Niwa 2019-04-09 19:40:23 PDT
Created attachment 367098 [details]
Fixes the bug
Comment 3 Eric Carlson 2019-04-10 12:02:09 PDT
Comment on attachment 367098 [details]
Fixes the bug

View in context: https://bugs.webkit.org/attachment.cgi?id=367098&action=review

> Source/WebCore/ChangeLog:9
> +        But offlineRender can early exit without ever calling deref() in the main thread, leaking to the leak of

s/leaking/leading/

> Source/WebCore/Modules/webaudio/OfflineAudioDestinationNode.h:69
> +    bool startRenderingIfPossible();

Nit: looks like this isn't necessary.
Comment 4 youenn fablet 2019-04-10 12:06:38 PDT
Comment on attachment 367098 [details]
Fixes the bug

View in context: https://bugs.webkit.org/attachment.cgi?id=367098&action=review

> Source/WebCore/Modules/webaudio/OfflineAudioDestinationNode.cpp:94
> +    m_renderThread = Thread::create("offline renderer", [this] {

Instead of ref/deref, could the thread lambda take a protectedThis=makeRef(*this) and move protectedThis to the callOnMainThread lambda below?
That will make it clear that 'this' is protected and ref/deref count is always ok.
Comment 5 Ryosuke Niwa 2019-04-10 13:23:57 PDT
(In reply to youenn fablet from comment #4)
> Comment on attachment 367098 [details]
> Fixes the bug
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=367098&action=review
> 
> > Source/WebCore/Modules/webaudio/OfflineAudioDestinationNode.cpp:94
> > +    m_renderThread = Thread::create("offline renderer", [this] {
> 
> Instead of ref/deref, could the thread lambda take a
> protectedThis=makeRef(*this) and move protectedThis to the callOnMainThread
> lambda below?
> That will make it clear that 'this' is protected and ref/deref count is
> always ok.

That's a bit dangerous since OfflineAudioDestinationNode is not thread-safe ref counted. We need to very carefully copy & not copy things in each lambdas.
Comment 6 Ryosuke Niwa 2019-04-10 13:25:15 PDT
(In reply to Eric Carlson from comment #3)
> Comment on attachment 367098 [details]
> Fixes the bug
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=367098&action=review
> 
> > Source/WebCore/ChangeLog:9
> > +        But offlineRender can early exit without ever calling deref() in the main thread, leaking to the leak of
> 
> s/leaking/leading/

Fixed.

> > Source/WebCore/Modules/webaudio/OfflineAudioDestinationNode.h:69
> > +    bool startRenderingIfPossible();
> 
> Nit: looks like this isn't necessary.

Indeed. Removed.
Comment 7 Ryosuke Niwa 2019-04-10 13:31:06 PDT
Committed r244145: <https://trac.webkit.org/changeset/244145>