Speculatively handle weak member clearing while creating iteration vector.

Speculatively handle weak member clearing while creating iteration vector.

CSSFontSelector keeps a set of weakly referenced clients; when notifying
those the set is copied into a temporary heap vector before iterating.

Allocating that vector might potentially cause a GC, which in turn
could cause some of the weak references to be cleared. With the outcome
that the temporary vector will contain empty tail elements.

Speculatively check&handle that eventuality when iterating.

R=haraken
BUG=568173
Committed: https://crrev.com/29c36f00c3ca2f967891c15dc14bcc651c100bfb
Cr-Commit-Position: refs/heads/master@{#372112}

[sof, 2016-01-28 14:55:05]

sigbjornf@opera.com changed reviewers:
+ oilpan-reviews@chromium.org

[sof, 2016-01-28 14:55:06]

please take a look.

[haraken, 2016-01-28 15:04:34]

If the conservative GC hits during the copyToVector, won't it already break the
resulted vector because the weak processing will confuse the iteration in the
copyToVector?

[sof, 2016-01-28 15:07:25]

On 2016/01/28 15:04:34, haraken wrote:
> If the conservative GC hits during the copyToVector, won't it already break
the
> resulted vector because the weak processing will confuse the iteration in the
> copyToVector?

No, the collection.end() will mark the end of the set of weak refs. But the
resize() for the vector will have used the pre-GC size.

[haraken, 2016-01-28 15:12:37]

On 2016/01/28 15:07:25, sof wrote:
> On 2016/01/28 15:04:34, haraken wrote:
> > If the conservative GC hits during the copyToVector, won't it already break
> the
> > resulted vector because the weak processing will confuse the iteration in
the
> > copyToVector?
> 
> No, the collection.end() will mark the end of the set of weak refs. But the
> resize() for the vector will have used the pre-GC size.

Oh, I remembered. If an iterator of the HeapHashTable is on a stack, the
HeapHashTable is strongified. So the conservative GC shouldn't collect the
HeapHashTable.

But LGTM to land this CL to investigate the crash.

[sof, 2016-01-28 15:18:54]

Description was changed from

==========
Speculatively handle weak member clearing while creating iteration vector.

CSSFontSelector keeps a set of weakly referenced clients; when notifying
those the set is copied into a temporary heap vector before iterating.

Allocating that vector might potentially cause a GC, which in turn
could cause some of the weak references to be cleared. With the outcome
that the temporary vector will contain empty tail elements.

Speculatively check&handle that eventuality when iterating.

R=
BUG=568173
==========

to

==========
Speculatively handle weak member clearing while creating iteration vector.

CSSFontSelector keeps a set of weakly referenced clients; when notifying
those the set is copied into a temporary heap vector before iterating.

Allocating that vector might potentially cause a GC, which in turn
could cause some of the weak references to be cleared. With the outcome
that the temporary vector will contain empty tail elements.

Speculatively check&handle that eventuality when iterating.

R=haraken
BUG=568173
==========

[sof, 2016-01-28 15:18:59]

The CQ bit was checked by sigbjornf@opera.com

[commit-bot: I haz the power, 2016-01-28 15:19:21]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1642913002/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1642913002/1

[commit-bot: I haz the power, 2016-01-28 17:05:20]

Description was changed from

==========
Speculatively handle weak member clearing while creating iteration vector.

CSSFontSelector keeps a set of weakly referenced clients; when notifying
those the set is copied into a temporary heap vector before iterating.

Allocating that vector might potentially cause a GC, which in turn
could cause some of the weak references to be cleared. With the outcome
that the temporary vector will contain empty tail elements.

Speculatively check&handle that eventuality when iterating.

R=haraken
BUG=568173
==========

to

==========
Speculatively handle weak member clearing while creating iteration vector.

CSSFontSelector keeps a set of weakly referenced clients; when notifying
those the set is copied into a temporary heap vector before iterating.

Allocating that vector might potentially cause a GC, which in turn
could cause some of the weak references to be cleared. With the outcome
that the temporary vector will contain empty tail elements.

Speculatively check&handle that eventuality when iterating.

R=haraken
BUG=568173
==========

[commit-bot: I haz the power, 2016-01-28 17:05:21]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-01-28 17:07:16]

Description was changed from

==========
Speculatively handle weak member clearing while creating iteration vector.

CSSFontSelector keeps a set of weakly referenced clients; when notifying
those the set is copied into a temporary heap vector before iterating.

Allocating that vector might potentially cause a GC, which in turn
could cause some of the weak references to be cleared. With the outcome
that the temporary vector will contain empty tail elements.

Speculatively check&handle that eventuality when iterating.

R=haraken
BUG=568173
==========

to

==========
Speculatively handle weak member clearing while creating iteration vector.

CSSFontSelector keeps a set of weakly referenced clients; when notifying
those the set is copied into a temporary heap vector before iterating.

Allocating that vector might potentially cause a GC, which in turn
could cause some of the weak references to be cleared. With the outcome
that the temporary vector will contain empty tail elements.

Speculatively check&handle that eventuality when iterating.

R=haraken
BUG=568173

Committed: https://crrev.com/29c36f00c3ca2f967891c15dc14bcc651c100bfb
Cr-Commit-Position: refs/heads/master@{#372112}
==========

[commit-bot: I haz the power, 2016-01-28 17:07:17]

Patchset 1 (id:??) landed as
https://crrev.com/29c36f00c3ca2f967891c15dc14bcc651c100bfb
Cr-Commit-Position: refs/heads/master@{#372112}