Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2657283002:
Do not delete synchronously in OnTaskRunnerDeleter. (Closed)
|
Created:
3 years, 10 months ago by pkalinnikov Modified:
3 years, 10 months ago CC:
chromium-reviews, vmpstr+watch_chromium.org, engedy Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionDo not delete synchronously in OnTaskRunnerDeleter.
Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread()
method of the TaskRunner. However, the latter has weak guarantees on the
returned value (see the comment to it). It can even always return true.
Therefore, thread-unsafe objects can not be safely deleted under some
circumstances.
The current implementation also makes such a crashing scenario possible. Suppose
there is an Object living in the SequencedTaskRunner and a Task has been posted
to a TaskRunner to access the Object. After that, the deleter has been invoked
and immediately deleted the Object. After that the Task got to execute in the
TaskRunner, and tries to read from a deleted Object => undefined behavior.
Review-Url: https://codereview.chromium.org/2657283002
Cr-Commit-Position: refs/heads/master@{#446920}
Committed: https://chromium.googlesource.com/chromium/src/+/90cdf584494922804c8d0c81a83bcad271645659
Patch Set 1 #
Dependent Patchsets: Messages
Total messages: 18 (11 generated)
Description was changed from ========== Do not delete synchronously in OnTaskRunnerDeleter. BUG= ========== to ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has a weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it cannot safely return thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted from a thread to the task runner to access the Object. Meanwhile, the deleter has been invoked and immediately deleted the Object. After that a task in the TaskRunner got to execute and tries to read from a deleted Object. ==========
Description was changed from ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has a weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it cannot safely return thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted from a thread to the task runner to access the Object. Meanwhile, the deleter has been invoked and immediately deleted the Object. After that a task in the TaskRunner got to execute and tries to read from a deleted Object. ========== to ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has a weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it can not safely return thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted from a thread to the task runner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => Crash. ==========
Description was changed from ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has a weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it can not safely return thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted from a thread to the task runner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => Crash. ========== to ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has a weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it can not safely return thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted from a to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => Crash. ==========
Description was changed from ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has a weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it can not safely return thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted from a to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => Crash. ========== to ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has a weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it can not safely return thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => undefined behaviour. ==========
pkalinnikov@chromium.org changed reviewers: + dcheng@chromium.org, tzik@chromium.org
Hi guys, please take a look. tzik@: You are the author of the class, and apparently so far the only user of it. dcheng@: You reviewed the CL introduced this class.
Description was changed from ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has a weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it can not safely return thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => undefined behaviour. ========== to ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it can not safely return thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => undefined behaviour. ==========
Description was changed from ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it can not safely return thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => undefined behaviour. ========== to ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it can not safely delete thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => undefined behaviour. ==========
Is this causing a bug somewhere? I'm OK with this change, but it seems largely theoretical?
I have a pending CL that relies on fixing this behavior. I could make such a class in our component locally, but fixing the existing one seems the right way to go.
lgtm
LGTM. Originally I was wondering why we had the synchronous delete, but if tzik is OK with this, then I am too.
Description was changed from ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, it can not safely delete thread-unsafe objects under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => undefined behaviour. ========== to ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, thread-unsafe objects can not be safely deleted under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => undefined behavior. ==========
The CQ bit was checked by pkalinnikov@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 1, "attempt_start_ts": 1485597329542100, "parent_rev":
"b2f66c7a95b2d366e8972efc5acac53d60f4978d", "commit_rev":
"90cdf584494922804c8d0c81a83bcad271645659"}
Message was sent while issue was closed.
Description was changed from ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, thread-unsafe objects can not be safely deleted under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => undefined behavior. ========== to ========== Do not delete synchronously in OnTaskRunnerDeleter. Currently OnTaskRunnerDeleter::operator() relies on RunsTasksOnCurrentThread() method of the TaskRunner. However, the latter has weak guarantees on the returned value (see the comment to it). It can even always return true. Therefore, thread-unsafe objects can not be safely deleted under some circumstances. The current implementation also makes such a crashing scenario possible. Suppose there is an Object living in the SequencedTaskRunner and a Task has been posted to a TaskRunner to access the Object. After that, the deleter has been invoked and immediately deleted the Object. After that the Task got to execute in the TaskRunner, and tries to read from a deleted Object => undefined behavior. Review-Url: https://codereview.chromium.org/2657283002 Cr-Commit-Position: refs/heads/master@{#446920} Committed: https://chromium.googlesource.com/chromium/src/+/90cdf584494922804c8d0c81a83b... ==========
Message was sent while issue was closed.
Committed patchset #1 (id:1) as https://chromium.googlesource.com/chromium/src/+/90cdf584494922804c8d0c81a83b... |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
