Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2625083006:
[DesktopCaptureDevice] Remove the if no client_ check (Closed)
Description[DesktopCaptureDevice] Remove the if no client_ check
DesktopCaptureDevice is not designed to work with asynchronous implementation
of DesktopCapturer. So the if (!client_) check in OnCaptureResult() is not
reasonable and confusing.
BUG=681145
Review-Url: https://codereview.chromium.org/2625083006
Cr-Commit-Position: refs/heads/master@{#444541}
Committed: https://chromium.googlesource.com/chromium/src/+/c4f77c059dcf999c6411ce18d0312dd8f46774bf
Patch Set 1 #
Total comments: 2
Patch Set 2 : Resolve review comments #Patch Set 3 : Resolve review comments #Messages
Total messages: 48 (35 generated)
The CQ bit was checked by zijiehe@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== [DesktopCaptureDevice] Check client_ before using it This code defect does not really like to be the root cause of the bug, but it's worth to fix it. And this fix is also not a safe solution, using variables of instance after it has been deleted is not always safe. IMO, DesktopCaptureDevice::Core should inherit base::RefCountedThreadSafe. BUG=680027 ========== to ========== [DesktopCaptureDevice] Check client_ before using it This fix is also not a safe solution, using variables of instance after it has been deleted is not always safe. IMO, DesktopCaptureDevice::Core should inherit base::RefCountedThreadSafe. BUG=680027 ==========
zijiehe@chromium.org changed reviewers: + sergeyu@chromium.org
zijiehe@chromium.org changed reviewers: + jamiewalch@chromium.org
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
miu@chromium.org changed reviewers: + miu@chromium.org
lgtm, but note: Ref-counting is *not* a default solution to problems like these. The Chromium project specifically recommends ref-counting be avoided, and discusses why here: https://www.chromium.org/developers/smart-pointer-guidelines
I'm not sure how this change is related to the linked bug. The crash in that bug is in Magnification.dll. https://codereview.chromium.org/2625083006/diff/1/content/browser/media/captu... File content/browser/media/capture/desktop_capture_device.cc (right): https://codereview.chromium.org/2625083006/diff/1/content/browser/media/captu... content/browser/media/capture/desktop_capture_device.cc:220: if (!client_) Why do we need this check? As far as I can tell client_ is reset only in the destructor. Is OnCaptureResult() being called after Core is destroyed? If so, then this code is still unsafe. The capturer must ensure that it doesn't call OnCaptureResult after it's destroyed.
On 2017/01/13 06:52:31, miu wrote: > lgtm, but note: Ref-counting is *not* a default solution to problems like these. > The Chromium project specifically recommends ref-counting be avoided, and > discusses why here: https://www.chromium.org/developers/smart-pointer-guidelines DesktopCaptureDevice::Core is actually single-threaded (except for creation) with very simple ownership semantics, so ref-counting would not be useful here at all.
Description was changed from ========== [DesktopCaptureDevice] Check client_ before using it This fix is also not a safe solution, using variables of instance after it has been deleted is not always safe. IMO, DesktopCaptureDevice::Core should inherit base::RefCountedThreadSafe. BUG=680027 ========== to ========== [DesktopCaptureDevice] Check client_ before using it This fix is also not a safe solution, using variables of instance after it has been deleted is not always safe. IMO, DesktopCaptureDevice::Core should be protected by a WeakPtr. BUG=680027 ==========
On 2017/01/13 07:52:39, Sergey Ulanov wrote: > On 2017/01/13 06:52:31, miu wrote: > > lgtm, but note: Ref-counting is *not* a default solution to problems like > these. > > The Chromium project specifically recommends ref-counting be avoided, and > > discusses why here: > https://www.chromium.org/developers/smart-pointer-guidelines > > DesktopCaptureDevice::Core is actually single-threaded (except for creation) > with very simple ownership semantics, so ref-counting would not be useful here > at all. Sorry, I mean WeakPtr instead of RefCounted.
On 2017/01/13 20:17:24, Hzj_jie wrote: > On 2017/01/13 07:52:39, Sergey Ulanov wrote: > > On 2017/01/13 06:52:31, miu wrote: > > > lgtm, but note: Ref-counting is *not* a default solution to problems like > > these. > > > The Chromium project specifically recommends ref-counting be avoided, and > > > discusses why here: > > https://www.chromium.org/developers/smart-pointer-guidelines > > > > DesktopCaptureDevice::Core is actually single-threaded (except for creation) > > with very simple ownership semantics, so ref-counting would not be useful here > > at all. > > Sorry, I mean WeakPtr instead of RefCounted. No, the bug does not relate to the change, I was so lazy to create a new bug.
Description was changed from ========== [DesktopCaptureDevice] Check client_ before using it This fix is also not a safe solution, using variables of instance after it has been deleted is not always safe. IMO, DesktopCaptureDevice::Core should be protected by a WeakPtr. BUG=680027 ========== to ========== [DesktopCaptureDevice] Check client_ before using it This fix is also not a safe solution, using variables of instance after it has been deleted is not always safe. IMO, DesktopCaptureDevice::Core should be protected by a WeakPtr. BUG=681145 ==========
The CQ bit was checked by zijiehe@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by zijiehe@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Patchset #2 (id:20001) has been deleted
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: chromeos_amd64-generic_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_amd64-...) linux_chromium_asan_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...) linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by zijiehe@chromium.org to run a CQ dry run
Patchset #2 (id:40001) has been deleted
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
https://codereview.chromium.org/2625083006/diff/1/content/browser/media/captu... File content/browser/media/capture/desktop_capture_device.cc (right): https://codereview.chromium.org/2625083006/diff/1/content/browser/media/captu... content/browser/media/capture/desktop_capture_device.cc:220: if (!client_) On 2017/01/13 07:49:03, Sergey Ulanov wrote: > Why do we need this check? As far as I can tell client_ is reset only in the > destructor. Is OnCaptureResult() being called after Core is destroyed? If so, > then this code is still unsafe. The capturer must ensure that it doesn't call > OnCaptureResult after it's destroyed. No, as I mentioned in the code review, this change is still not safe. But it resolves part of the issue. My original thought is to use WeakPtr (Sorry for the typo in the description). But a backup solution without WeakPtr is to separate destructor of Core with the deletion. i.e. In DesktopCaptureDevice::StopAndDeAllocate() { if (core_) { thread_.task_runner()->PostTask(FROM_HERE, base::Bind(&Core::Stop, core_.release()); } } In Core::Stop() { client_.reset(); output_frame_.reset(); previous_frame_size_.set(0, 0); desktop_capturer_.reset(); task_runner_->DeleteSoon(FROM_HERE, this); } The issue here is, before desktop_capture_.reset() has been called, DesktopCapturer is always able to push a callback of OnCaptureResult() in the thread. So in the thread there may be, CaptureFrame() -> Destructor(pushed by StopAndDeAllocate()) -> OnCaptureResult(pushed by CaptureFrame()). We do not have this scenario for now, as all the DesktopCapturers synchronously call OnCaptureResult() in CaptureFrame() function. But as far as we design the interface as this, the consumer should prepare for it.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
On 2017/01/13 22:10:23, Hzj_jie wrote: > The issue here is, before desktop_capture_.reset() has been called, > DesktopCapturer is always able to push a callback of OnCaptureResult() in the > thread. So in the thread there may be, > CaptureFrame() -> Destructor(pushed by StopAndDeAllocate()) -> > OnCaptureResult(pushed by CaptureFrame()). > We do not have this scenario for now, as all the DesktopCapturers synchronously > call OnCaptureResult() in CaptureFrame() function. But as far as we design the > interface as this, the consumer should prepare for it. Even if capturers call OnCaptureResult() asynchronously they still must guarantee that the callback is not called after the capturer is destroyed. If OnCaptureResult() is ever called after the destructor then it's a bug in the capturer and should be fixed there. Otherwise the current DesktopCapturer would not be safe as it uses raw pointer for callback_. BTW, note that DesktopCaptureDevice currently doesn't support asynchronous capturers at all, there are DCHECKS for that.
On 2017/01/17 22:53:44, Sergey Ulanov wrote: > On 2017/01/13 22:10:23, Hzj_jie wrote: > > The issue here is, before desktop_capture_.reset() has been called, > > DesktopCapturer is always able to push a callback of OnCaptureResult() in the > > thread. So in the thread there may be, > > CaptureFrame() -> Destructor(pushed by StopAndDeAllocate()) -> > > OnCaptureResult(pushed by CaptureFrame()). > > We do not have this scenario for now, as all the DesktopCapturers > synchronously > > call OnCaptureResult() in CaptureFrame() function. But as far as we design the > > interface as this, the consumer should prepare for it. > > Even if capturers call OnCaptureResult() asynchronously they still must > guarantee that the callback is not called after the capturer is destroyed. If > OnCaptureResult() is ever called after the destructor then it's a bug in the > capturer and should be fixed there. Otherwise the current DesktopCapturer would > not be safe as it uses raw pointer for callback_. > > BTW, note that DesktopCaptureDevice currently doesn't support asynchronous > capturers at all, there are DCHECKS for that. I have not noticed the DCHECK. Thank you.
zijiehe@chromium.org changed reviewers: - jamiewalch@chromium.org, miu@chromium.org, sergeyu@chromium.org
The CQ bit was checked by zijiehe@chromium.org to run a CQ dry run
Patchset #3 (id:80001) has been deleted
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Description was changed from ========== [DesktopCaptureDevice] Check client_ before using it This fix is also not a safe solution, using variables of instance after it has been deleted is not always safe. IMO, DesktopCaptureDevice::Core should be protected by a WeakPtr. BUG=681145 ========== to ========== [DesktopCaptureDevice] Remove the if no client_ check DesktopCaptureDevice is not designed to work with asynchronized implementation of DesktopCapturer. So the if (!client_) check in OnCaptureResult() is not reasonable and confusing. BUG=681145 ==========
zijiehe@chromium.org changed reviewers: + miu@chromium.org, sergeyu@chromium.org
On 2017/01/17 23:24:22, Hzj_jie wrote: > On 2017/01/17 22:53:44, Sergey Ulanov wrote: > > On 2017/01/13 22:10:23, Hzj_jie wrote: > > > The issue here is, before desktop_capture_.reset() has been called, > > > DesktopCapturer is always able to push a callback of OnCaptureResult() in > the > > > thread. So in the thread there may be, > > > CaptureFrame() -> Destructor(pushed by StopAndDeAllocate()) -> > > > OnCaptureResult(pushed by CaptureFrame()). > > > We do not have this scenario for now, as all the DesktopCapturers > > synchronously > > > call OnCaptureResult() in CaptureFrame() function. But as far as we design > the > > > interface as this, the consumer should prepare for it. > > > > Even if capturers call OnCaptureResult() asynchronously they still must > > guarantee that the callback is not called after the capturer is destroyed. If > > OnCaptureResult() is ever called after the destructor then it's a bug in the > > capturer and should be fixed there. Otherwise the current DesktopCapturer > would > > not be safe as it uses raw pointer for callback_. > > > > BTW, note that DesktopCaptureDevice currently doesn't support asynchronous > > capturers at all, there are DCHECKS for that. > > I have not noticed the DCHECK. Thank you. It looks like we should replace the if-check with a DCHECK, which is confusing.
Description was changed from ========== [DesktopCaptureDevice] Remove the if no client_ check DesktopCaptureDevice is not designed to work with asynchronized implementation of DesktopCapturer. So the if (!client_) check in OnCaptureResult() is not reasonable and confusing. BUG=681145 ========== to ========== [DesktopCaptureDevice] Remove the if no client_ check DesktopCaptureDevice is not designed to work with asynchronous implementation of DesktopCapturer. So the if (!client_) check in OnCaptureResult() is not reasonable and confusing. BUG=681145 ==========
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
lgtm
The CQ bit was checked by sergeyu@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from miu@chromium.org Link to the patchset: https://codereview.chromium.org/2625083006/#ps100001 (title: "Resolve review comments")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 100001, "attempt_start_ts": 1484781279575440,
"parent_rev": "f9744eae0a8431c08c291a3936d85532931d7a4f", "commit_rev":
"c4f77c059dcf999c6411ce18d0312dd8f46774bf"}
Message was sent while issue was closed.
Description was changed from ========== [DesktopCaptureDevice] Remove the if no client_ check DesktopCaptureDevice is not designed to work with asynchronous implementation of DesktopCapturer. So the if (!client_) check in OnCaptureResult() is not reasonable and confusing. BUG=681145 ========== to ========== [DesktopCaptureDevice] Remove the if no client_ check DesktopCaptureDevice is not designed to work with asynchronous implementation of DesktopCapturer. So the if (!client_) check in OnCaptureResult() is not reasonable and confusing. BUG=681145 Review-Url: https://codereview.chromium.org/2625083006 Cr-Commit-Position: refs/heads/master@{#444541} Committed: https://chromium.googlesource.com/chromium/src/+/c4f77c059dcf999c6411ce18d031... ==========
Message was sent while issue was closed.
Committed patchset #3 (id:100001) as https://chromium.googlesource.com/chromium/src/+/c4f77c059dcf999c6411ce18d031... |
