Chromium Code Reviews
|
|
|
Created:
4 years, 10 months ago by alex clarke (OOO till 29th) Modified:
4 years, 10 months ago CC:
blink-reviews, oilpan-reviews Base URL:
https://chromium.googlesource.com/chromium/blink.git@master Target Ref:
refs/heads/master Project:
blink Visibility:
Public. |
DescriptionLazily constructed bespoke cancellable timer task. This is
a bit cheaper that using the CancellableTaskFactory and
goes part way towards fixing the performance regression in
dromaeo.jslibmodifyprototype.
For perf results with this patch, see:
http://storage.googleapis.com/chromium-telemetry/html-results/results-2015-06-23_10-45-33 and
http://storage.googleapis.com/chromium-telemetry/html-results/results-2015-06-23_10-42-47
Testing on a local machine suggests this patch will fix the
regression in
chromium-rel-win8-dual/memory.idle_multi_tab/commit_charge
BUG=498229, 463143
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=197752
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=197814
Committed: https://src.chromium.org/viewvc/blink?view=rev&revision=197915
Patch Set 1 #Patch Set 2 : Fix more stuff #Patch Set 3 : Remove obsolete asan stuff #
Total comments: 2
Patch Set 4 : Fix UAF bug that occured on worker shutdown, where ~CancellableTimerTask wasn't clearing backref #
Messages
Total messages: 59 (24 generated)
The CQ bit was checked by alexclarke@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1185643002/1
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: mac_blink_rel on tryserver.blink (JOB_FAILED, http://build.chromium.org/p/tryserver.blink/builders/mac_blink_rel/builds/60077)
The CQ bit was checked by alexclarke@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1185643002/20001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: mac_blink_rel on tryserver.blink (JOB_FAILED, http://build.chromium.org/p/tryserver.blink/builders/mac_blink_rel/builds/60092)
The CQ bit was checked by alexclarke@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1185643002/40001
The CQ bit was checked by alexclarke@chromium.org to run a CQ dry run
Dry run: Try jobs failed on following builders: mac_blink_rel on tryserver.blink (JOB_FAILED, http://build.chromium.org/p/tryserver.blink/builders/mac_blink_rel/builds/60111)
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1185643002/60001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: mac_blink_rel on tryserver.blink (JOB_FAILED, http://build.chromium.org/p/tryserver.blink/builders/mac_blink_rel/builds/60118)
The CQ bit was checked by alexclarke@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1185643002/80001
The CQ bit was unchecked by alexclarke@chromium.org
The CQ bit was unchecked by commit-bot@chromium.org
No L-G-T-M from a valid reviewer yet. Only full committers are accepted. Even if an L-G-T-M may have been provided, it was from a non-committer, _not_ a full super star committer. See http://www.chromium.org/getting-involved/become-a-committer Note that this has nothing to do with OWNERS files.
The CQ bit was checked by alexclarke@chromium.org to run a CQ dry run
Patchset #2 (id:20001) has been deleted
Patchset #2 (id:40001) has been deleted
Patchset #2 (id:60001) has been deleted
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1185643002/80001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
alexclarke@chromium.org changed reviewers: + jochen@chromium.org
lgtm
The CQ bit was checked by alexclarke@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1185643002/80001
Message was sent while issue was closed.
Committed patchset #2 (id:80001) as https://src.chromium.org/viewvc/blink?view=rev&revision=197752
Message was sent while issue was closed.
On 2015/06/24 16:09:45, commit-bot: I haz the power wrote: > Committed patchset #2 (id:80001) as > https://src.chromium.org/viewvc/blink?view=rev&revision=197752 This broke the linux asan bot. http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20ASAN/bu... In file included from ../../third_party/WebKit/Source/core/animation/CompositorPendingAnimations.h:36: ../../third_party/WebKit/Source/platform/Timer.h:76:5: error: unknown type name 'CancellableTaskFactory' CancellableTaskFactory& cancellableTaskFactory() { return m_cancellableTaskFactory; } ^ ../../third_party/WebKit/Source/platform/Timer.h:76:63: error: use of undeclared identifier 'm_cancellableTaskFactory' CancellableTaskFactory& cancellableTaskFactory() { return m_cancellableTaskFactory; } ^ 2 errors generated. FAILED: /mnt/data/b/build/goma/gomacc ../../third_party/llvm-build/Release+Asserts/bin/clang++ -MMD -MF obj/third_party/WebKit/Source/core/html/webcore_html.HTMLCollection.o.d -DV8_DEPRECATION_WARNINGS -D_FILE_OFFSET_BITS=64 -DNO_TCMALLOC -DCHROMIUM_BUILD -DCR_CLANG_REVISION=239765-1 -DUI_COMPOSITOR_IMAGE_TRANSPORT -DUSE_AURA=1 -DUSE_ASH=1 -DUSE_PANGO=1 -DUSE_CAIRO=1 -DUSE_DEFAULT_RENDER_THEME=1 -DUSE_LIBJPEG_TURBO=1 -DUSE_X11=1 -DUSE_CLIPBOARD_AURAX11=1 -DENABLE_ONE_CLICK_SIGNIN -DENABLE_PRE_SYNC_BACKUP -DENABLE_REMOTING=1 -DENABLE_WEBRTC=1 -DENABLE_MEDIA_ROUTER=1 -DENABLE_PEPPER_CDMS -DENABLE_CONFIGURATION_POLICY -DENABLE_NOTIFICATIONS -DENABLE_HIDPI=1 -DUSE_UDEV -DDONT_EMBED_BUILD_METADATA -DADDRESS_SANITIZER -DMEMORY_TOOL_REPLACES_ALLOCATOR -DMEMORY_SANITIZER_INITIAL_SIZE -DENABLE_TASK_MANAGER=1 -DENABLE_EXTENSIONS=1 -DENABLE_PLUGINS=1 -DENABLE_SESSION_SERVICE=1 -DENABLE_THEMES=1 -DENABLE_AUTOFILL_DIALOG=1 -DENABLE_BACKGROUND=1 -DENABLE_GOOGLE_NOW=1 -DCLD_VERSION=2 -DENABLE_PRINTING=1 -DENABLE_BASIC_PRINTING=1 -DENABLE_PRINT_PREVIEW=1 -DENABLE_SPELLCHECK=1 -DENABLE_CAPTIVE_PORTAL_DETECTION=1 -DENABLE_APP_LIST=1 -DENABLE_SETTINGS_APP=1 -DENABLE_SUPERVISED_USERS=1 -DENABLE_MDNS=1 -DENABLE_SERVICE_DISCOVERY=1 -DV8_USE_EXTERNAL_STARTUP_DATA -DFULL_SAFE_BROWSING -DSAFE_BROWSING_CSD -DSAFE_BROWSING_DB_LOCAL -DSAFE_BROWSING_SERVICE -DBLINK_IMPLEMENTATION=1 -DINSIDE_BLINK -DENABLE_LAYOUT_UNIT_IN_INLINE_BOXES=0 -DWTF_USE_CONCATENATED_IMPULSE_RESPONSES=1 -DENABLE_INPUT_MULTIPLE_FIELDS_UI=1 -DENABLE_WEB_AUDIO=1 -DWTF_USE_WEBAUDIO_FFMPEG=1 -DWTF_USE_DEFAULT_RENDER_THEME=1 -DU_USING_ICU_NAMESPACE=0 -DU_ENABLE_DYLOAD=0 -DU_STATIC_IMPLEMENTATION -DSK_SUPPORT_GPU=1 -DSK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -DCHROME_PNG_WRITE_SUPPORT -DPNG_USER_CONFIG -DLIBXML_STATIC -DLIBXSLT_STATIC -DUSE_LIBPCI=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -DLEAK_SANITIZER -DWTF_USE_LEAK_SANITIZER=1 -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -Igen -I../../third_party/WebKit/Source -I../.. -I../../skia/config -I../../third_party/khronos -I../../gpu -Igen/blink -I../../third_party/angle/include -I../../third_party/ffmpeg -I../../third_party/icu/source/i18n -I../../third_party/icu/source/common -I../../third_party/WebKit -I../../third_party/skia/include/core -I../../third_party/skia/include/effects -I../../third_party/skia/include/pdf -I../../third_party/skia/include/gpu -I../../third_party/skia/include/lazy -I../../third_party/skia/include/pathops -I../../third_party/skia/include/pipe -I../../third_party/skia/include/ports -I../../third_party/skia/include/utils -I../../skia/ext -I../../third_party/iccjpeg -I../../third_party/libpng -I../../third_party/libwebp -I../../third_party/libxml/linux/include -I../../third_party/libxml/src/include -I../../third_party/libxslt -I../../third_party/npapi -I../../third_party/npapi/bindings -I../../third_party/ots/include -I../../third_party/qcms/src -I../../third_party/sqlite -I../../third_party/zlib -I../../v8/include '-I../../buildtools/third_party/libc++/trunk/include' '-I../../buildtools/third_party/libc++abi/trunk/include' -fstack-protector --param=ssp-buffer-size=4 -Werror -pthread -fno-strict-aliasing -Wall -Wno-unused-parameter -Wno-missing-field-initializers -fvisibility=hidden -pipe -fPIC -Wno-reserved-user-defined-literal -Xclang -load -Xclang /mnt/data/b/build/slave/WebKit_Linux_ASAN/build/src/third_party/llvm-build/Release+Asserts/lib/libFindBadConstructs.so -Xclang -add-plugin -Xclang find-bad-constructs -Xclang -plugin-arg-find-bad-constructs -Xclang check-templates -fcolor-diagnostics -B/mnt/data/b/build/slave/WebKit_Linux_ASAN/build/src/third_party/binutils/Linux_x64/Release/bin -Wheader-hygiene -Wno-char-subscripts -Wno-unneeded-internal-declaration -Wno-covered-switch-default -Wstring-conversion -Wno-c++11-narrowing -Wno-deprecated-register -Wno-inconsistent-missing-override -Wglobal-constructors -Wexit-time-destructors -fno-strict-aliasing -Xclang -load -Xclang /mnt/data/b/build/slave/WebKit_Linux_ASAN/build/src/third_party/llvm-build/Release+Asserts/lib/libBlinkGCPlugin.so -Xclang -add-plugin -Xclang blink-gc-plugin -m64 -march=x86-64 -fno-omit-frame-pointer -gline-tables-only -fsanitize=address -fsanitize=leak -O2 -fno-ident -fdata-sections -ffunction-sections -funwind-tables -fno-exceptions -fno-rtti -fno-threadsafe-statics -fvisibility-inlines-hidden -Wsign-compare -std=gnu++11 -nostdinc++ -c ../../third_party/WebKit/Source/core/html/HTMLCollection.cpp -o obj/third_party/WebKit/Source/core/html/webcore_html.HTMLCollection.o In file included from ../../third_party/WebKit/Source/core/html/HTMLCollection.cpp:25: In file included from ../../third_party/WebKit/Source/core/html/HTMLCollection.h:28: In file included from ../../third_party/WebKit/Source/core/dom/LiveNodeListBase.h:30: In file included from ../../third_party/WebKit/Source/core/dom/Document.h:35: In file included from ../../third_party/WebKit/Source/core/animation/CompositorPendingAnimations.h:36: ../../third_party/WebKit/Source/platform/Timer.h:76:5: error: unknown type name 'CancellableTaskFactory' CancellableTaskFactory& cancellableTaskFactory() { return m_cancellableTaskFactory; } ^ ../../third_party/WebKit/Source/platform/Timer.h:76:63: error: use of undeclared identifier 'm_cancellableTaskFactory' CancellableTaskFactory& cancellableTaskFactory() { return m_cancellableTaskFactory; } ^ 2 errors generated. Will procede to revert.
Message was sent while issue was closed.
Revert https://codereview.chromium.org/1211543004
The CQ bit was checked by alexclarke@chromium.org to run a CQ dry run
The patchset sent to the CQ was uploaded after l-g-t-m from jochen@chromium.org Link to the patchset: https://codereview.chromium.org/1185643002/#ps100001 (title: "Remove obsolete asan stuff")
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1185643002/100001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by alexclarke@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1185643002/100001
Message was sent while issue was closed.
Committed patchset #3 (id:100001) as https://src.chromium.org/viewvc/blink?view=rev&revision=197814
Message was sent while issue was closed.
sigbjornf@opera.com changed reviewers: + sigbjornf@opera.com
Message was sent while issue was closed.
https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.h File Source/platform/Timer.h (left): https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.... Source/platform/Timer.h:131: #if ENABLE(LAZY_SWEEPING) && defined(ADDRESS_SANITIZER) Looks like not replacing this with an alternative caused an Oilpan ASan meltdown, http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Oilpan%...
Message was sent while issue was closed.
On 2015/06/25 14:03:42, sof wrote: > https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.h > File Source/platform/Timer.h (left): > > https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.... > Source/platform/Timer.h:131: #if ENABLE(LAZY_SWEEPING) && > defined(ADDRESS_SANITIZER) > Looks like not replacing this with an alternative caused an Oilpan ASan > meltdown, > > > http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Oilpan%... Oh dear. Do you want me to revert this, or is a fix simple enough?
Message was sent while issue was closed.
On 2015/06/25 14:05:29, alexclarke wrote: > On 2015/06/25 14:03:42, sof wrote: > > https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.h > > File Source/platform/Timer.h (left): > > > > > https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.... > > Source/platform/Timer.h:131: #if ENABLE(LAZY_SWEEPING) && > > defined(ADDRESS_SANITIZER) > > Looks like not replacing this with an alternative caused an Oilpan ASan > > meltdown, > > > > > > > http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Linux%20Oilpan%... > > Oh dear. Do you want me to revert this, or is a fix simple enough? will take care of it somehow, as Oilpan breakages are not considered blockers.
Message was sent while issue was closed.
A revert of this CL (patchset #3 id:100001) has been created in https://codereview.chromium.org/1204333002/ by alexclarke@chromium.org. The reason for reverting is: Looks like this is breaking: http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=htt....
Message was sent while issue was closed.
A revert of this CL (patchset #3 id:100001) has been created in https://codereview.chromium.org/1206363002/ by alexclarke@chromium.org. The reason for reverting is: Revert try #2 Looks like it's breaking http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=htt....
Message was sent while issue was closed.
https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.h File Source/platform/Timer.h (right): https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.... Source/platform/Timer.h:91: ~CancellableTimerTask() override { } I guess this needs to clear out m_timer's back reference ?
Message was sent while issue was closed.
On 2015/06/26 06:45:06, sof wrote: > https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.h > File Source/platform/Timer.h (right): > > https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.... > Source/platform/Timer.h:91: ~CancellableTimerTask() override { } > I guess this needs to clear out m_timer's back reference ? Yes that's exactly what it was. I've verified this with asan on the affected layout test.
On 2015/06/26 12:34:18, alexclarke1 wrote: > On 2015/06/26 06:45:06, sof wrote: > > https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.h > > File Source/platform/Timer.h (right): > > > > > https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.... > > Source/platform/Timer.h:91: ~CancellableTimerTask() override { } > > I guess this needs to clear out m_timer's back reference ? > > Yes that's exactly what it was. I've verified this with asan on the affected > layout test. Good, that test involved objects on the Oilpan heap, so possibly the destructor order differed & varied.
not a Source/platform/ owner, but lgtm to reland. Thanks for including the ASan annotation on run() at the same time.
On 2015/06/26 12:38:44, sof wrote: > On 2015/06/26 12:34:18, alexclarke1 wrote: > > On 2015/06/26 06:45:06, sof wrote: > > > > https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.h > > > File Source/platform/Timer.h (right): > > > > > > > > > https://codereview.chromium.org/1185643002/diff/100001/Source/platform/Timer.... > > > Source/platform/Timer.h:91: ~CancellableTimerTask() override { } > > > I guess this needs to clear out m_timer's back reference ? > > > > Yes that's exactly what it was. I've verified this with asan on the affected > > layout test. > > Good, that test involved objects on the Oilpan heap, so possibly the destructor > order differed & varied. The flaky test exposed something I hadn't considered, which is what happens to tasks that are posted and never run because the worker (in this case) shuts down. I'm really glad we caught this tbh.
LGTM
The CQ bit was checked by alexclarke@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from jochen@chromium.org Link to the patchset: https://codereview.chromium.org/1185643002/#ps120001 (title: "Fix UAF bug that occured on worker shutdown, where ~CancellableTimerTask wasn't clearing backref")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1185643002/120001
Message was sent while issue was closed.
Committed patchset #4 (id:120001) as https://src.chromium.org/viewvc/blink?view=rev&revision=197915 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
