Chromium Code Reviews
|
|
Chromium Code Reviews|
Created:
5 years ago by sof Modified:
5 years ago Reviewers:
haraken, oilpan-reviews, kcc2, Nico CC:
chromium-reviews, blink-reviews, dglazkov+blink, blink-reviews-api_chromium.org Base URL:
https://chromium.googlesource.com/chromium/src.git@master Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionTrial: build trunk with Oilpan everywhere.
NOT.FOR.LANDING.
Patch Set 1 #Patch Set 2 : add some leak suppressions #Patch Set 3 : simplify suppressions #Patch Set 4 : more leak fixes #Patch Set 5 : more CSSDefaultStyleSheets leak ignorance #Patch Set 6 : have RemoteDOMWindow keep a weak ref back to its RemoteFrame #
Total comments: 4
Patch Set 7 : unregister global persistents #Patch Set 8 : reinstate config.gyp change #Patch Set 9 : address content_browsertests leaks #Patch Set 10 : rework registration of static persistent nodes #Patch Set 11 : tidy up registration of static refs, where needed. #Patch Set 12 : compile fix (release) #Patch Set 13 : reinstate leak prevention for ComputedStyle::initialStyle() #Patch Set 14 : enable --expose-gc when running various chromium unit tests; now needed. #Patch Set 15 : enable --expose-gc for browser_tests also #Patch Set 16 : simplify GCing of static refs, Oilpan only. #Patch Set 17 : reinstate use of v8 GCs on shutdown; needed for reliability of leak checks #Patch Set 18 : add remote frame detach step #Patch Set 19 : fix RenderViewImplTest leakiness instead #
Created: 5 years ago
Messages
Total messages: 82 (35 generated)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/1 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/1
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/20001
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/40001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/40001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/60001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/60001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/80001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/80001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/100001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/100001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
haraken@chromium.org changed reviewers: + haraken@chromium.org
https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/css/CSSDefaultStyleSheets.cpp (right): https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... third_party/WebKit/Source/core/css/CSSDefaultStyleSheets.cpp:50: DEFINE_STATIC_LOCAL(OwnPtrWillBePersistent<CSSDefaultStyleSheets>, cssDefaultStyleSheets, (adoptPtrWillBeNoop(new CSSDefaultStyleSheets))); What happens if we insert WTF_ANNOTATE_SCOPED_MEMORY_LEAK into DEFINE_STATIC_LOCAL (and its family)? I guess it would be reasonable to mark all DEFINE_STATIC_LOCALs as leaking. https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/frame/RemoteDOMWindow.h (right): https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... third_party/WebKit/Source/core/frame/RemoteDOMWindow.h:86: RawPtrWillBeWeakMember<RemoteFrame> m_frame; I'm wondering why this needs to be a weak member.
haraken@chromium.org changed reviewers: + oilpan-reviews@chromium.org
https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/frame/RemoteDOMWindow.h (right): https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... third_party/WebKit/Source/core/frame/RemoteDOMWindow.h:86: RawPtrWillBeWeakMember<RemoteFrame> m_frame; On 2015/11/30 01:48:47, haraken wrote: > > I'm wondering why this needs to be a weak member. The RemoteDOMWindow will turn into the global object (and have a wrapper holding it alive) in some unit tests (frame "swap" tests involving remote frames.) So once the RemoteFrame becomes detached, the WebRemoteFrameImpl object just drops the reference to it. But it is still kept alive via the wrapper holding onto the RemoteDOMWindow and consequently not finalized (which will take down the wrapper & the RemoteDOMWindow.) Break the undesirable dependency by making this weak. A one line fix to a leak that it took some time to understand; I hope we don't have to mirror the explicit protocol between LocalFrame <-> LocalDOMWindow as far as destruction steps are concerned. But I have my doubts.
hope that makes some sense.. https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/css/CSSDefaultStyleSheets.cpp (right): https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... third_party/WebKit/Source/core/css/CSSDefaultStyleSheets.cpp:50: DEFINE_STATIC_LOCAL(OwnPtrWillBePersistent<CSSDefaultStyleSheets>, cssDefaultStyleSheets, (adoptPtrWillBeNoop(new CSSDefaultStyleSheets))); On 2015/11/30 01:48:47, haraken wrote: > > What happens if we insert WTF_ANNOTATE_SCOPED_MEMORY_LEAK into > DEFINE_STATIC_LOCAL (and its family)? I guess it would be reasonable to mark all > DEFINE_STATIC_LOCALs as leaking. I think it will mostly be non-harmful, with or without Oilpan, but it isn't sufficient to solve the problem for Oilpan. The reason why is that Oilpan heap pages are registered root regions to LSan, meaning that the leak detector will scan those regions for pointers into other heaps (e.g., PartitionAlloc's) and check if those pointed-to objects are LSan-controlled allocations. If they are, we've got a leak. Which means it will be able to scan some of the stylesheet heap objects that instance() retains and refers to, and from those locate their off-heap & LSan-controlled allocations. So, if we just use WTF_ANNOTATE_SCOPED_MEMORY_LEAK when instantiating instance(), only the allocations that the constructor makes will be exempted from LSan's consideration. e.g., what instance()::m_defaultSheet initially allocates will not be seen as leaking. However, any allocation made subsequently and then attached to instance() will not be exempted from LSan leak detection & will be seen as leaking. e.g., instance()::m_defaultViewSourceStyle and all it points will leak if it is ever lazily created. Which means we have to turn off LSan whenever we create objects and update a global singleton Persistent<> to refer to those. Hence all the uses of WTF_ANNOTATE_SCOPED_MEMORY_LEAK here. Which is a brittle arrangement. We sort of want LSan to flood fill kIgnored tags from the global cache/singleton, but that is not what LSan (also) does. iow, I don't have a good solution or approach to suggest atm.
haraken@chromium.org changed reviewers: + kcc@chromium.org, thakis@chromium.org
On 2015/11/30 21:53:39, sof wrote: > hope that makes some sense.. > > https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... > File third_party/WebKit/Source/core/css/CSSDefaultStyleSheets.cpp (right): > > https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... > third_party/WebKit/Source/core/css/CSSDefaultStyleSheets.cpp:50: > DEFINE_STATIC_LOCAL(OwnPtrWillBePersistent<CSSDefaultStyleSheets>, > cssDefaultStyleSheets, (adoptPtrWillBeNoop(new CSSDefaultStyleSheets))); > On 2015/11/30 01:48:47, haraken wrote: > > > > What happens if we insert WTF_ANNOTATE_SCOPED_MEMORY_LEAK into > > DEFINE_STATIC_LOCAL (and its family)? I guess it would be reasonable to mark > all > > DEFINE_STATIC_LOCALs as leaking. > > I think it will mostly be non-harmful, with or without Oilpan, but it isn't > sufficient to solve the problem for Oilpan. > > The reason why is that Oilpan heap pages are registered root regions to LSan, > meaning that the leak detector will scan those regions for pointers into other > heaps (e.g., PartitionAlloc's) and check if those pointed-to objects are > LSan-controlled allocations. If they are, we've got a leak. > > Which means it will be able to scan some of the stylesheet heap objects that > instance() retains and refers to, and from those locate their off-heap & > LSan-controlled allocations. So, if we just use WTF_ANNOTATE_SCOPED_MEMORY_LEAK > when instantiating instance(), only the allocations that the constructor makes > will be exempted from LSan's consideration. e.g., what > instance()::m_defaultSheet initially allocates will not be seen as leaking. > > However, any allocation made subsequently and then attached to instance() will > not be exempted from LSan leak detection & will be seen as leaking. e.g., > instance()::m_defaultViewSourceStyle and all it points will leak if it is ever > lazily created. > > Which means we have to turn off LSan whenever we create objects and update a > global singleton Persistent<> to refer to those. Hence all the uses of > WTF_ANNOTATE_SCOPED_MEMORY_LEAK here. Which is a brittle arrangement. > > We sort of want LSan to flood fill kIgnored tags from the global > cache/singleton, but that is not what LSan (also) does. > > iow, I don't have a good solution or approach to suggest atm. Thanks for the clarification. Would there be any way to annotate that the raw pointers of the static persistent handles are not a root region?
fwiw, if you can think of an lsan runtime change that might help, then getting that deployed everywhere is just a clang roll away after it lands in the compiler-rt repo (where the lsan runtime lives)
On 2015/12/01 01:52:45, haraken wrote: > On 2015/11/30 21:53:39, sof wrote: > > hope that makes some sense.. > > > > > https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... > > File third_party/WebKit/Source/core/css/CSSDefaultStyleSheets.cpp (right): > > > > > https://codereview.chromium.org/1482683002/diff/100001/third_party/WebKit/Sou... > > third_party/WebKit/Source/core/css/CSSDefaultStyleSheets.cpp:50: > > DEFINE_STATIC_LOCAL(OwnPtrWillBePersistent<CSSDefaultStyleSheets>, > > cssDefaultStyleSheets, (adoptPtrWillBeNoop(new CSSDefaultStyleSheets))); > > On 2015/11/30 01:48:47, haraken wrote: > > > > > > What happens if we insert WTF_ANNOTATE_SCOPED_MEMORY_LEAK into > > > DEFINE_STATIC_LOCAL (and its family)? I guess it would be reasonable to mark > > all > > > DEFINE_STATIC_LOCALs as leaking. > > > > I think it will mostly be non-harmful, with or without Oilpan, but it isn't > > sufficient to solve the problem for Oilpan. > > > > The reason why is that Oilpan heap pages are registered root regions to LSan, > > meaning that the leak detector will scan those regions for pointers into other > > heaps (e.g., PartitionAlloc's) and check if those pointed-to objects are > > LSan-controlled allocations. If they are, we've got a leak. > > > > Which means it will be able to scan some of the stylesheet heap objects that > > instance() retains and refers to, and from those locate their off-heap & > > LSan-controlled allocations. So, if we just use > WTF_ANNOTATE_SCOPED_MEMORY_LEAK > > when instantiating instance(), only the allocations that the constructor makes > > will be exempted from LSan's consideration. e.g., what > > instance()::m_defaultSheet initially allocates will not be seen as leaking. > > > > However, any allocation made subsequently and then attached to instance() will > > not be exempted from LSan leak detection & will be seen as leaking. e.g., > > instance()::m_defaultViewSourceStyle and all it points will leak if it is ever > > lazily created. > > > > Which means we have to turn off LSan whenever we create objects and update a > > global singleton Persistent<> to refer to those. Hence all the uses of > > WTF_ANNOTATE_SCOPED_MEMORY_LEAK here. Which is a brittle arrangement. > > > > We sort of want LSan to flood fill kIgnored tags from the global > > cache/singleton, but that is not what LSan (also) does. > > > > iow, I don't have a good solution or approach to suggest atm. > > Thanks for the clarification. > > Would there be any way to annotate that the raw pointers of the static > persistent handles are not a root region? CSSDefaultStyleSheets.cpp:parseUASheet() is an example of how to do that with WTF_ANNOTATE_LEAKING_PTR(). The problem is that the ignorance of that object isn't transitive, so the objects it refers to are still part of a root region and end up being scanned by the leak detector pass. And, funnily enough, if you remove the Oilpan PageMemory regions as root regions altogether, it still reports the leaks. So, reachable somehow still.
On 2015/12/01 01:55:18, Nico wrote: > fwiw, if you can think of an lsan runtime change that might help, then getting > that deployed everywhere is just a clang roll away after it lands in the > compiler-rt repo (where the lsan runtime lives) Thanks, appreciate that. But I suspect there's an element of "select() is broken" [1] here, me not understanding important aspects of LSan. ..a bit of printf() debugging might just help :) 1: http://blog.codinghorror.com/the-first-rule-of-programming-its-always-your-fa...
The latest patchset has the only approach I think of that could work for combining Oilpan heaps and LSan -- keep track of the Persistent<>s kept in static references and release those before doing the final round of GCs. The patchset isn't complete nor polished, but thought it would be worthwhile to get some feedback first before getting it all ready (if that's deemed worthy.)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/120001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/120001
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/140001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/140001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/180001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/180001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win8_chromium_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win8_chromium_ng/...) win_chromium_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
Thanks for being persistent on this! The approach looks reasonable to me. Do we still need WTF_ANNOTATE_SCOPED_MEMORY_LEAK? If we release all persistent handles and then trigger GCs before LSan runs, I guess we no longer need to worry about objects reachable from the persistent handles...
On 2015/12/02 02:17:07, haraken wrote: > Thanks for being persistent on this! The approach looks reasonable to me. > > Do we still need WTF_ANNOTATE_SCOPED_MEMORY_LEAK? If we release all persistent > handles and then trigger GCs before LSan runs, I guess we no longer need to > worry about objects reachable from the persistent handles... Yes, until proven otherwise, none will be needed. Hiding away the registration details of these static PersistentNodes in DEFINE_STATIC_LOCAL() et al, is the main part needing work here.
On 2015/12/02 06:33:40, sof wrote: > On 2015/12/02 02:17:07, haraken wrote: > > Thanks for being persistent on this! The approach looks reasonable to me. > > > > Do we still need WTF_ANNOTATE_SCOPED_MEMORY_LEAK? If we release all persistent > > handles and then trigger GCs before LSan runs, I guess we no longer need to > > worry about objects reachable from the persistent handles... > > Yes, until proven otherwise, none will be needed. > > Hiding away the registration details of these static PersistentNodes in > DEFINE_STATIC_LOCAL() et al, is the main part needing work here. I think the approach is reasonable.
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/200001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/200001
On 2015/12/02 07:28:58, haraken wrote: > On 2015/12/02 06:33:40, sof wrote: > > On 2015/12/02 02:17:07, haraken wrote: > > > Thanks for being persistent on this! The approach looks reasonable to me. > > > > > > Do we still need WTF_ANNOTATE_SCOPED_MEMORY_LEAK? If we release all > persistent > > > handles and then trigger GCs before LSan runs, I guess we no longer need to > > > worry about objects reachable from the persistent handles... > > > > Yes, until proven otherwise, none will be needed. > > > > Hiding away the registration details of these static PersistentNodes in > > DEFINE_STATIC_LOCAL() et al, is the main part needing work here. > > I think the approach is reasonable. It sort of works out, I think, able to retire the suppressions. But I need to think through the registration parts, not sure the right tradeoffs have been made.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_compile_dbg_32_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/220001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/220001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: mac_chromium_rel_ng on tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/240001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/240001
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/260001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/260001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_android_r...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/280001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/280001
Dry run: Try jobs failed on following builders: linux_chromium_compile_dbg_32_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_compile_dbg_32_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/300001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/300001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_asan_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/320001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/320001
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/340001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/340001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_rel_ng on tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1482683002/360001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1482683002/360001
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_asan_rel_ng on tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
I think I'm ready here for the most part; split out the main chunk of it as https://codereview.chromium.org/1491253004/ |
