Issue 2666423002: Assert sequence validity on non-thread-safe RefCount manipulations (2)

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-01 19:57:44 UTC) #1

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/1

3 years, 10 months ago (2017-02-01 19:58:20 UTC) #2

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-01 20:14:04 UTC) #3

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: chromeos_amd64-generic_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromeos_amd64-generic_chromium_compile_only_ng/builds/274721)

3 years, 10 months ago (2017-02-01 20:14:04 UTC) #4

tzik

Description was changed from ========== Assert sequence validity on non-threadsafe RefCount bump ========== to ========== ...

3 years, 10 months ago (2017-02-02 18:13:30 UTC) #5

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-02 18:13:35 UTC) #6

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/20001

3 years, 10 months ago (2017-02-02 18:13:58 UTC) #7

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-02 19:11:30 UTC) #8

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: ios-simulator on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/builds/147918)

3 years, 10 months ago (2017-02-02 19:11:31 UTC) #9

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-02 21:28:41 UTC) #10

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/40001

3 years, 10 months ago (2017-02-02 21:29:14 UTC) #11

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-02 22:11:37 UTC) #12

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_optional_gpu_tests_rel on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_optional_gpu_tests_rel/builds/5765)

3 years, 10 months ago (2017-02-02 22:11:38 UTC) #13

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-02 22:56:42 UTC) #14

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/60001

3 years, 10 months ago (2017-02-02 22:57:32 UTC) #15

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-02 23:57:46 UTC) #16

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linux/builds/302639)

3 years, 10 months ago (2017-02-02 23:57:47 UTC) #17

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-08 03:38:06 UTC) #18

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/80001

3 years, 10 months ago (2017-02-08 03:38:27 UTC) #19

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-08 04:41:56 UTC) #20

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_optional_gpu_tests_rel on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_optional_gpu_tests_rel/builds/5861)

3 years, 10 months ago (2017-02-08 04:41:57 UTC) #21

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-08 05:50:56 UTC) #22

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/100001

3 years, 10 months ago (2017-02-08 05:51:13 UTC) #23

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-08 07:05:51 UTC) #24

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: mac_optional_gpu_tests_rel on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_optional_gpu_tests_rel/builds/6862)

3 years, 10 months ago (2017-02-08 07:05:52 UTC) #25

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-08 07:07:28 UTC) #26

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/120001

3 years, 10 months ago (2017-02-08 07:07:54 UTC) #27

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-08 07:47:15 UTC) #28

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_rel_ng/builds/362329)

3 years, 10 months ago (2017-02-08 07:47:16 UTC) #29

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-08 08:23:25 UTC) #30

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/140001

3 years, 10 months ago (2017-02-08 08:23:44 UTC) #31

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-08 09:00:38 UTC) #32

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/160001

3 years, 10 months ago (2017-02-08 09:00:58 UTC) #33

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-08 09:13:19 UTC) #34

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/180001

3 years, 10 months ago (2017-02-08 09:13:46 UTC) #35

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-08 09:51:26 UTC) #36

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_ng/builds/378472)

3 years, 10 months ago (2017-02-08 09:51:27 UTC) #37

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-08 13:10:28 UTC) #38

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/200001

3 years, 10 months ago (2017-02-08 13:10:46 UTC) #39

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-08 13:53:31 UTC) #40

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: win_chromium_compile_dbg_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_compile_dbg_ng/builds/344541)

3 years, 10 months ago (2017-02-08 13:53:32 UTC) #41

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-08 23:57:58 UTC) #42

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/200001

3 years, 10 months ago (2017-02-08 23:58:58 UTC) #44

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-09 00:03:38 UTC) #45

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presubmit/builds/360073) linux_chromium_rel_ng on ...

3 years, 10 months ago (2017-02-09 00:03:39 UTC) #46

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-09 03:48:37 UTC) #47

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/240001

3 years, 10 months ago (2017-02-09 03:49:14 UTC) #48

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-09 04:56:35 UTC) #49

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_rel_ng/builds/363132)

3 years, 10 months ago (2017-02-09 04:56:36 UTC) #50

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-09 07:16:42 UTC) #51

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/260001

3 years, 10 months ago (2017-02-09 07:17:04 UTC) #52

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-09 07:56:07 UTC) #53

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_ng/builds/379311)

3 years, 10 months ago (2017-02-09 07:56:08 UTC) #54

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-09 09:32:33 UTC) #55

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/280001

3 years, 10 months ago (2017-02-09 09:32:58 UTC) #56

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-09 10:07:29 UTC) #57

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: win_chromium_compile_dbg_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_compile_dbg_ng/builds/345360)

3 years, 10 months ago (2017-02-09 10:07:30 UTC) #58

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-09 11:43:53 UTC) #59

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/300001

3 years, 10 months ago (2017-02-09 11:44:07 UTC) #60

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-09 11:54:29 UTC) #61

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: ios-device-xcode-clang on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device-xcode-clang/builds/35749)

3 years, 10 months ago (2017-02-09 11:54:30 UTC) #62

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-09 12:03:51 UTC) #63

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/320001

3 years, 10 months ago (2017-02-09 12:03:58 UTC) #64

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-09 14:28:30 UTC) #65

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_android_rel_ng/builds/229122)

3 years, 10 months ago (2017-02-09 14:28:31 UTC) #66

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-14 14:01:46 UTC) #67

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/340001

3 years, 10 months ago (2017-02-14 14:02:36 UTC) #68

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-14 14:18:17 UTC) #69

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: ios-simulator on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/builds/154771)

3 years, 10 months ago (2017-02-14 14:18:18 UTC) #70

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-16 09:26:24 UTC) #71

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/360001

3 years, 10 months ago (2017-02-16 09:27:04 UTC) #72

tzik

Description was changed from ========== Assert sequence validity on non-threadsafe RefCount bump CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel ========== to ...

3 years, 10 months ago (2017-02-16 09:28:25 UTC) #73

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-16 11:09:34 UTC) #74

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_ng/builds/383998)

3 years, 10 months ago (2017-02-16 11:09:36 UTC) #75

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-16 11:29:09 UTC) #76

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/380001

3 years, 10 months ago (2017-02-16 11:29:33 UTC) #77

tzik

Description was changed from ========== Assert sequence validity on non-threadsafe RefCount manipulations CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel ========== to ...

3 years, 10 months ago (2017-02-16 11:42:42 UTC) #78

tzik

I think all depending CLs and fixes have landed now. PTAL.

3 years, 10 months ago (2017-02-16 11:43:49 UTC) #80

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-16 12:18:14 UTC) #81

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_android_rel_ng/builds/233814)

3 years, 10 months ago (2017-02-16 12:18:15 UTC) #82

tzik

On 2017/02/16 11:43:49, tzik wrote: > I think all depending CLs and fixes have landed ...

3 years, 10 months ago (2017-02-16 12:48:52 UTC) #83

tzik

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 10 months ago (2017-02-16 13:52:23 UTC) #84

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-16 15:42:15 UTC) #85

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/420001

3 years, 10 months ago (2017-02-16 15:42:49 UTC) #86

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-16 17:27:14 UTC) #87

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_rel_ng/builds/367898)

3 years, 10 months ago (2017-02-16 17:27:15 UTC) #88

tzik

On 2017/02/16 12:48:52, tzik wrote: > On 2017/02/16 11:43:49, tzik wrote: > > I think ...

3 years, 10 months ago (2017-02-16 18:11:46 UTC) #89

tzik

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 10 months ago (2017-02-16 18:12:21 UTC) #90

gab

Took a peak at ref_counted.h/cc, this is very nice, thanks for doing this and the ...

3 years, 10 months ago (2017-02-16 21:38:47 UTC) #91

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-17 07:09:21 UTC) #92

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/440001

3 years, 10 months ago (2017-02-17 07:09:54 UTC) #93

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-17 10:27:01 UTC) #94

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

3 years, 10 months ago (2017-02-17 10:27:03 UTC) #95

tzik

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 10 months ago (2017-02-17 11:33:49 UTC) #96

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-17 11:35:33 UTC) #97

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/460001

3 years, 10 months ago (2017-02-17 11:35:53 UTC) #98

tzik

https://codereview.chromium.org/2666423002/diff/420001/base/memory/ref_counted.cc File base/memory/ref_counted.cc (right): https://codereview.chromium.org/2666423002/diff/420001/base/memory/ref_counted.cc#newcode67 base/memory/ref_counted.cc:67: } On 2017/02/16 21:38:46, gab wrote: > Keep these ...

3 years, 10 months ago (2017-02-17 11:36:09 UTC) #99

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-17 13:07:28 UTC) #100

tzik

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 10 months ago (2017-02-17 13:07:40 UTC) #101

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/480001

3 years, 10 months ago (2017-02-17 13:07:44 UTC) #102

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-17 15:08:01 UTC) #103

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_ng/builds/384929)

3 years, 10 months ago (2017-02-17 15:08:02 UTC) #104

gab

//base looks great :) I'm don't think I like the ScopedAllow when behind locks though. ...

3 years, 10 months ago (2017-02-17 21:10:41 UTC) #105

tzik

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 10 months ago (2017-02-21 05:31:36 UTC) #106

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-21 05:32:16 UTC) #107

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/500001

3 years, 10 months ago (2017-02-21 05:32:28 UTC) #108

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 10 months ago (2017-02-21 06:13:38 UTC) #109

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/520001

3 years, 10 months ago (2017-02-21 06:13:53 UTC) #110

tzik

https://codereview.chromium.org/2666423002/diff/480001/base/memory/ref_counted.cc File base/memory/ref_counted.cc (right): https://codereview.chromium.org/2666423002/diff/480001/base/memory/ref_counted.cc#newcode62 base/memory/ref_counted.cc:62: sequence_checker_.CalledOnValidSequence(); On 2017/02/17 21:10:40, gab wrote: > Flip these ...

3 years, 10 months ago (2017-02-21 06:15:03 UTC) #111

tzik

On 2017/02/17 21:10:41, gab wrote: > //base looks great :) > > I'm don't think ...

3 years, 10 months ago (2017-02-21 07:06:26 UTC) #112

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 10 months ago (2017-02-21 08:03:51 UTC) #113

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_android_rel_ng/builds/235980)

3 years, 10 months ago (2017-02-21 08:03:52 UTC) #114

gab

On 2017/02/21 07:06:26, tzik wrote: > On 2017/02/17 21:10:41, gab wrote: > > //base looks ...

3 years, 10 months ago (2017-02-21 21:45:38 UTC) #115

gab

On 2017/02/21 07:06:26, tzik wrote: > On 2017/02/17 21:10:41, gab wrote: > > //base looks ...

3 years, 10 months ago (2017-02-21 21:45:38 UTC) #116

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 9 months ago (2017-02-27 06:49:05 UTC) #117

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/540001

3 years, 9 months ago (2017-02-27 06:49:20 UTC) #118

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 9 months ago (2017-02-27 08:49:29 UTC) #119

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

3 years, 9 months ago (2017-02-27 08:49:30 UTC) #120

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 9 months ago (2017-02-28 06:23:41 UTC) #121

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/560001

3 years, 9 months ago (2017-02-28 06:24:09 UTC) #122

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 9 months ago (2017-02-28 08:34:03 UTC) #123

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

3 years, 9 months ago (2017-02-28 08:34:04 UTC) #124

tzik

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 9 months ago (2017-03-01 03:52:01 UTC) #125

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 9 months ago (2017-03-02 08:50:23 UTC) #126

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/580001

3 years, 9 months ago (2017-03-02 08:50:32 UTC) #127

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 9 months ago (2017-03-02 11:11:25 UTC) #128

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

3 years, 9 months ago (2017-03-02 11:11:27 UTC) #129

tzik

tzik@chromium.org changed reviewers: + danakj@chromium.org, raymes@chromium.org, yzshen@chromium.org, zmo@chromium.org

3 years, 9 months ago (2017-03-03 10:05:59 UTC) #130

tzik

All race fixes have landed. Let's resume this to prevent further race. On 2017/02/21 21:45:38, ...

3 years, 9 months ago (2017-03-03 12:05:49 UTC) #131

danakj

On 2017/03/03 12:05:49, tzik wrote: > All race fixes have landed. Let's resume this to ...

3 years, 9 months ago (2017-03-03 17:32:14 UTC) #132

raymes

On 2017/03/03 17:32:14, danakj wrote: > On 2017/03/03 12:05:49, tzik wrote: > > All race ...

3 years, 9 months ago (2017-03-06 00:43:01 UTC) #133

On 2017/03/03 17:32:14, danakj wrote:
> On 2017/03/03 12:05:49, tzik wrote:
> > All race fixes have landed. Let's resume this to prevent further race.
> > 
> > On 2017/02/21 21:45:38, gab (OOO until Mar 13) wrote:
> > > On 2017/02/21 07:06:26, tzik wrote:
> > > > On 2017/02/17 21:10:41, gab wrote:
> > > > > //base looks great :)
> > > > > 
> > > > > I'm don't think I like the ScopedAllow when behind locks though. Locks
> are
> > > at
> > > > > least as expensive as atomics (in the best case implemented with
> atomics)
> > > and
> > > > as
> > > > > such these use cases could just use RefCountedThreadSafe for "free".
> > > > 
> > > > I agree we should use RefCountedThreadSafe on simple case, but I doubt
we
> > can
> > > > remove these locks since they protects other data too.
> > > > I prefer RefCountedThreadSafe even behind locks, since, IIUC, it's easy
to
> > > leak
> > > > a reference temporarily to another thread, and atomic ops are generally
> > cheap
> > > > enough when we use them on single thread, and it's easy to leak the
> > reference
> > > to
> > > > a separate thread.
> > > 
> > > Right, I'm not saying we should remove the usage of those locks, but that
we
> > > shouldn't ScopedAllow just because we're behind locks (instead those
should
> > use
> > > RefCountedThreadSafe as the performance gain of the non-atomic RefCounted
is
> > > already irrelevant when surrounding usage of a Lock -- and it's also
> > error-prone
> > > as not all refs modifications may properly be done behind the lock in
which
> > case
> > > even an "on sequence" modification can race with an "off sequence"
> > modification
> > > if the former isn't behind the lock while the latter is...).
> > 
> > I'd defer that to the component owners.
> > raymes, zmo, yzshen, danakj: Does it make sense to convert these ref counted
> > classes to RefCountedThreadSafe?
> > 
> > +raymes, zmo, yzshen and danakj. PTAL to
> > raymes: //ppapi
> > zmo: //gpu and //content/browser/gpu
> > yzshen: //mojo
> > danakj: //cc
> 
> cc LGTM

I'm not sure if I understand the question fully. Is the question whether the
performance of RefCountedThreadSafe would be problematic for these classes in
ppapi? I don't think it would be given all the other overheads involved.

yzshen1

https://codereview.chromium.org/2666423002/diff/580001/mojo/public/cpp/bindings/lib/multiplex_router.cc File mojo/public/cpp/bindings/lib/multiplex_router.cc (right): https://codereview.chromium.org/2666423002/diff/580001/mojo/public/cpp/bindings/lib/multiplex_router.cc#newcode436 mojo/public/cpp/bindings/lib/multiplex_router.cc:436: base::ScopedAllowCrossThreadRefCountAccess Can this opt-out be configured with a type ...

3 years, 9 months ago (2017-03-06 17:53:52 UTC) #135

tzik

On 2017/03/06 17:53:52, yzshen1 wrote: > https://codereview.chromium.org/2666423002/diff/580001/mojo/public/cpp/bindings/lib/multiplex_router.cc > File mojo/public/cpp/bindings/lib/multiplex_router.cc (right): > > https://codereview.chromium.org/2666423002/diff/580001/mojo/public/cpp/bindings/lib/multiplex_router.cc#newcode436 > ...

3 years, 9 months ago (2017-03-07 13:50:27 UTC) #136

yzshen1

On 2017/03/07 13:50:27, tzik wrote: > On 2017/03/06 17:53:52, yzshen1 wrote: > > > https://codereview.chromium.org/2666423002/diff/580001/mojo/public/cpp/bindings/lib/multiplex_router.cc ...

3 years, 9 months ago (2017-03-07 16:49:31 UTC) #137

tzik

On 2017/03/07 16:49:31, yzshen1 wrote: > On 2017/03/07 13:50:27, tzik wrote: > > On 2017/03/06 ...

3 years, 9 months ago (2017-03-13 06:48:20 UTC) #138

danakj

On Mon, Mar 13, 2017 at 2:48 AM, <tzik@chromium.org> wrote: > On 2017/03/07 16:49:31, yzshen1 ...

3 years, 9 months ago (2017-03-13 14:41:39 UTC) #139

On Mon, Mar 13, 2017 at 2:48 AM, <tzik@chromium.org> wrote:

> On 2017/03/07 16:49:31, yzshen1 wrote:
> > On 2017/03/07 13:50:27, tzik wrote:
> > > On 2017/03/06 17:53:52, yzshen1 wrote:
> > > >
> > >
> >
> https://codereview.chromium.org/2666423002/diff/580001/
> mojo/public/cpp/bindings/lib/multiplex_router.cc
> > > > File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
> > > >
> > > >
> > >
> >
> https://codereview.chromium.org/2666423002/diff/580001/
> mojo/public/cpp/bindings/lib/multiplex_router.cc#newcode436
> > > > mojo/public/cpp/bindings/lib/multiplex_router.cc:436:
> > > > base::ScopedAllowCrossThreadRefCountAccess
> > > > Can this opt-out be configured with a type (in this case
> > > > MultiplexRouter::Endpoint), instead on each callsite? That would be
> less
> > > > verbose.
> > >
> > > Since the type itself doesn't have the protection and the call sites
> do as
> the
> > > lock, I think the opt-out should be done at the call site around the
> lock.
> Can
> > > we keep it there?
> >
> > IMO, if a developer intentionally takes responsibility to protect
> multi-threaded
> > access to a non-thread ref-counted object, it is a promise for that
> entire
> > object. That means he/she needs to consistently protect the ref-count
> under
> the
> > exact same lock.
> >
> > On the other hand, SACTRCA disables the check for all ref-counted objects
> within
> > its scope (IIUC). Looking at the SACTRCA calls, it doesn't tell what
> objects
> > would like to opt-out of the check, and the opt-out may not be applied
> > consistently across all usage of those objects.
> >
> > That is why I think having SACTRCA at each callsite seems a little
> verbose,
> and
> > also seems to be the wrong level.
> >
> > WDYT? Thanks!
> >
> >
> > IIUC, with the current implementation, if the object is accessed on the
> thread
> > that it is bound to, there is no need to have SACTRCA. In this case, it
> can
> > still race with the
>
> OK. Can we do it in a separate follow-up CL? Adding per-type whitelist
> needs
> additional template trick around RefCounted, and I want to avoid blocking
> following CLs with this.
>

Hm, this is tricky because there also may be types that are used
cross-thread safely in one place, but that doesn't mean every use is safe
and it could hide other uses to tie it to the type globally.


>
> https://codereview.chromium.org/2666423002/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

tzik

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 9 months ago (2017-03-13 15:03:57 UTC) #140

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 9 months ago (2017-03-13 15:04:02 UTC) #141

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/600001

3 years, 9 months ago (2017-03-13 15:04:22 UTC) #142

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 9 months ago (2017-03-13 18:05:25 UTC) #143

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/381963)

3 years, 9 months ago (2017-03-13 18:05:27 UTC) #144

yzshen1

On 2017/03/13 14:41:39, danakj wrote: > On Mon, Mar 13, 2017 at 2:48 AM, <mailto:tzik@chromium.org> ...

3 years, 9 months ago (2017-03-13 18:10:03 UTC) #145

On 2017/03/13 14:41:39, danakj wrote:
> On Mon, Mar 13, 2017 at 2:48 AM, <mailto:tzik@chromium.org> wrote:
> 
> > On 2017/03/07 16:49:31, yzshen1 wrote:
> > > On 2017/03/07 13:50:27, tzik wrote:
> > > > On 2017/03/06 17:53:52, yzshen1 wrote:
> > > > >
> > > >
> > >
> > https://codereview.chromium.org/2666423002/diff/580001/
> > mojo/public/cpp/bindings/lib/multiplex_router.cc
> > > > > File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
> > > > >
> > > > >
> > > >
> > >
> > https://codereview.chromium.org/2666423002/diff/580001/
> > mojo/public/cpp/bindings/lib/multiplex_router.cc#newcode436
> > > > > mojo/public/cpp/bindings/lib/multiplex_router.cc:436:
> > > > > base::ScopedAllowCrossThreadRefCountAccess
> > > > > Can this opt-out be configured with a type (in this case
> > > > > MultiplexRouter::Endpoint), instead on each callsite? That would be
> > less
> > > > > verbose.
> > > >
> > > > Since the type itself doesn't have the protection and the call sites
> > do as
> > the
> > > > lock, I think the opt-out should be done at the call site around the
> > lock.
> > Can
> > > > we keep it there?
> > >
> > > IMO, if a developer intentionally takes responsibility to protect
> > multi-threaded
> > > access to a non-thread ref-counted object, it is a promise for that
> > entire
> > > object. That means he/she needs to consistently protect the ref-count
> > under
> > the
> > > exact same lock.
> > >
> > > On the other hand, SACTRCA disables the check for all ref-counted objects
> > within
> > > its scope (IIUC). Looking at the SACTRCA calls, it doesn't tell what
> > objects
> > > would like to opt-out of the check, and the opt-out may not be applied
> > > consistently across all usage of those objects.
> > >
> > > That is why I think having SACTRCA at each callsite seems a little
> > verbose,
> > and
> > > also seems to be the wrong level.
> > >
> > > WDYT? Thanks!
> > >
> > >
> > > IIUC, with the current implementation, if the object is accessed on the
> > thread
> > > that it is bound to, there is no need to have SACTRCA. In this case, it
> > can
> > > still race with the
> >
> > OK. Can we do it in a separate follow-up CL? Adding per-type whitelist
> > needs
> > additional template trick around RefCounted, and I want to avoid blocking
> > following CLs with this.
> >
> 
> Hm, this is tricky because there also may be types that are used
> cross-thread safely in one place, but that doesn't mean every use is safe
> and it could hide other uses to tie it to the type globally.

So maybe it should be a policy for each individual instance (as opposed to all
instances of a class)?
Would you please give an example for me to better understand it?




> 
> 
> >
> > https://codereview.chromium.org/2666423002/
> >
> 
> -- 
> You received this message because you are subscribed to the Google Groups
> "Chromium-reviews" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email
> to mailto:chromium-reviews+unsubscribe@chromium.org.

yzshen1

On 2017/03/13 06:48:20, tzik wrote: > On 2017/03/07 16:49:31, yzshen1 wrote: > > On 2017/03/07 ...

3 years, 9 months ago (2017-03-13 18:12:52 UTC) #146

On 2017/03/13 06:48:20, tzik wrote:
> On 2017/03/07 16:49:31, yzshen1 wrote:
> > On 2017/03/07 13:50:27, tzik wrote:
> > > On 2017/03/06 17:53:52, yzshen1 wrote:
> > > >
> > >
> >
>
https://codereview.chromium.org/2666423002/diff/580001/mojo/public/cpp/bindin...
> > > > File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
> > > > 
> > > >
> > >
> >
>
https://codereview.chromium.org/2666423002/diff/580001/mojo/public/cpp/bindin...
> > > > mojo/public/cpp/bindings/lib/multiplex_router.cc:436:
> > > > base::ScopedAllowCrossThreadRefCountAccess
> > > > Can this opt-out be configured with a type (in this case
> > > > MultiplexRouter::Endpoint), instead on each callsite? That would be less
> > > > verbose.
> > > 
> > > Since the type itself doesn't have the protection and the call sites do as
> the
> > > lock, I think the opt-out should be done at the call site around the lock.
> Can
> > > we keep it there?
> > 
> > IMO, if a developer intentionally takes responsibility to protect
> multi-threaded
> > access to a non-thread ref-counted object, it is a promise for that entire
> > object. That means he/she needs to consistently protect the ref-count under
> the
> > exact same lock.
> > 
> > On the other hand, SACTRCA disables the check for all ref-counted objects
> within
> > its scope (IIUC). Looking at the SACTRCA calls, it doesn't tell what objects
> > would like to opt-out of the check, and the opt-out may not be applied
> > consistently across all usage of those objects.
> > 
> > That is why I think having SACTRCA at each callsite seems a little verbose,
> and
> > also seems to be the wrong level.
> > 
> > WDYT? Thanks!
> > 
> > 
> > IIUC, with the current implementation, if the object is accessed on the
thread
> > that it is bound to, there is no need to have SACTRCA. In this case, it can
> > still race with the
> 
> OK. Can we do it in a separate follow-up CL? Adding per-type whitelist needs
> additional template trick around RefCounted, and I want to avoid blocking
> following CLs with this.

How about this: change the Endpoint class to use ThreadSafeRefCounted, if the
perf bots are still happy (I guess they would), and add a TODO to change it back
the non-thread-safe RefCounted when the support is ready?
I think that is still better than using per-call-site opt-out.

danakj

On Mon, Mar 13, 2017 at 2:10 PM, <yzshen@chromium.org> wrote: > On 2017/03/13 14:41:39, danakj ...

3 years, 9 months ago (2017-03-13 18:13:22 UTC) #147

On Mon, Mar 13, 2017 at 2:10 PM, <yzshen@chromium.org> wrote:

> On 2017/03/13 14:41:39, danakj wrote:
>
> > On Mon, Mar 13, 2017 at 2:48 AM, <mailto:tzik@chromium.org> wrote:
> >
> > > On 2017/03/07 16:49:31, yzshen1 wrote:
> > > > On 2017/03/07 13:50:27, tzik wrote:
> > > > > On 2017/03/06 17:53:52, yzshen1 wrote:
> > > > > >
> > > > >
> > > >
> > > https://codereview.chromium.org/2666423002/diff/580001/
> > > mojo/public/cpp/bindings/lib/multiplex_router.cc
> > > > > > File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
> > > > > >
> > > > > >
> > > > >
> > > >
> > > https://codereview.chromium.org/2666423002/diff/580001/
> > > mojo/public/cpp/bindings/lib/multiplex_router.cc#newcode436
> > > > > > mojo/public/cpp/bindings/lib/multiplex_router.cc:436:
> > > > > > base::ScopedAllowCrossThreadRefCountAccess
> > > > > > Can this opt-out be configured with a type (in this case
> > > > > > MultiplexRouter::Endpoint), instead on each callsite? That would
> be
> > > less
> > > > > > verbose.
> > > > >
> > > > > Since the type itself doesn't have the protection and the call
> sites
> > > do as
> > > the
> > > > > lock, I think the opt-out should be done at the call site around
> the
> > > lock.
> > > Can
> > > > > we keep it there?
> > > >
> > > > IMO, if a developer intentionally takes responsibility to protect
> > > multi-threaded
> > > > access to a non-thread ref-counted object, it is a promise for that
> > > entire
> > > > object. That means he/she needs to consistently protect the ref-count
> > > under
> > > the
> > > > exact same lock.
> > > >
> > > > On the other hand, SACTRCA disables the check for all ref-counted
> objects
> > > within
> > > > its scope (IIUC). Looking at the SACTRCA calls, it doesn't tell what
> > > objects
> > > > would like to opt-out of the check, and the opt-out may not be
> applied
> > > > consistently across all usage of those objects.
> > > >
> > > > That is why I think having SACTRCA at each callsite seems a little
> > > verbose,
> > > and
> > > > also seems to be the wrong level.
> > > >
> > > > WDYT? Thanks!
> > > >
> > > >
> > > > IIUC, with the current implementation, if the object is accessed on
> the
> > > thread
> > > > that it is bound to, there is no need to have SACTRCA. In this case,
> it
> > > can
> > > > still race with the
> > >
> > > OK. Can we do it in a separate follow-up CL? Adding per-type whitelist
> > > needs
> > > additional template trick around RefCounted, and I want to avoid
> blocking
> > > following CLs with this.
> > >
> >
> > Hm, this is tricky because there also may be types that are used
> > cross-thread safely in one place, but that doesn't mean every use is safe
> > and it could hide other uses to tie it to the type globally.
>
> So maybe it should be a policy for each individual instance (as opposed to
> all
> instances of a class)?
> Would you please give an example for me to better understand it?
>

Like, you can have a refcounted Widget, which is used in two classes. In
class A, Widget is used across threads but its refcount is protected by
A::lock_. In class B, it is not meant for use across threads, so there is
no lock. If B's instance happened to end up refcounting across threads,
this patch would catch that (there'd be no scoped silencing of DCHECKs
outside of class A). But whitelisting Widget would not catch it.


>
>
>
>
> >
> >
> > >
> > > https://codereview.chromium.org/2666423002/
> > >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Chromium-reviews" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> email
> > to mailto:chromium-reviews+unsubscribe@chromium.org.
>
>
>
> https://codereview.chromium.org/2666423002/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

yzshen1

On Mon, Mar 13, 2017 at 11:12 AM, <danakj@chromium.org> wrote: > On Mon, Mar 13, ...

3 years, 9 months ago (2017-03-13 18:17:15 UTC) #148

On Mon, Mar 13, 2017 at 11:12 AM, <danakj@chromium.org> wrote:

> On Mon, Mar 13, 2017 at 2:10 PM, <yzshen@chromium.org> wrote:
>
>> On 2017/03/13 14:41:39, danakj wrote:
>>
>> > On Mon, Mar 13, 2017 at 2:48 AM, <mailto:tzik@chromium.org> wrote:
>> >
>> > > On 2017/03/07 16:49:31, yzshen1 wrote:
>> > > > On 2017/03/07 13:50:27, tzik wrote:
>> > > > > On 2017/03/06 17:53:52, yzshen1 wrote:
>> > > > > >
>> > > > >
>> > > >
>> > > https://codereview.chromium.org/2666423002/diff/580001/
>> > > mojo/public/cpp/bindings/lib/multiplex_router.cc
>> > > > > > File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
>> > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > > https://codereview.chromium.org/2666423002/diff/580001/
>> > > mojo/public/cpp/bindings/lib/multiplex_router.cc#newcode436
>> > > > > > mojo/public/cpp/bindings/lib/multiplex_router.cc:436:
>> > > > > > base::ScopedAllowCrossThreadRefCountAccess
>> > > > > > Can this opt-out be configured with a type (in this case
>> > > > > > MultiplexRouter::Endpoint), instead on each callsite? That
>> would be
>> > > less
>> > > > > > verbose.
>> > > > >
>> > > > > Since the type itself doesn't have the protection and the call
>> sites
>> > > do as
>> > > the
>> > > > > lock, I think the opt-out should be done at the call site around
>> the
>> > > lock.
>> > > Can
>> > > > > we keep it there?
>> > > >
>> > > > IMO, if a developer intentionally takes responsibility to protect
>> > > multi-threaded
>> > > > access to a non-thread ref-counted object, it is a promise for that
>> > > entire
>> > > > object. That means he/she needs to consistently protect the
>> ref-count
>> > > under
>> > > the
>> > > > exact same lock.
>> > > >
>> > > > On the other hand, SACTRCA disables the check for all ref-counted
>> objects
>> > > within
>> > > > its scope (IIUC). Looking at the SACTRCA calls, it doesn't tell what
>> > > objects
>> > > > would like to opt-out of the check, and the opt-out may not be
>> applied
>> > > > consistently across all usage of those objects.
>> > > >
>> > > > That is why I think having SACTRCA at each callsite seems a little
>> > > verbose,
>> > > and
>> > > > also seems to be the wrong level.
>> > > >
>> > > > WDYT? Thanks!
>> > > >
>> > > >
>> > > > IIUC, with the current implementation, if the object is accessed on
>> the
>> > > thread
>> > > > that it is bound to, there is no need to have SACTRCA. In this
>> case, it
>> > > can
>> > > > still race with the
>> > >
>> > > OK. Can we do it in a separate follow-up CL? Adding per-type whitelist
>> > > needs
>> > > additional template trick around RefCounted, and I want to avoid
>> blocking
>> > > following CLs with this.
>> > >
>> >
>> > Hm, this is tricky because there also may be types that are used
>> > cross-thread safely in one place, but that doesn't mean every use is
>> safe
>> > and it could hide other uses to tie it to the type globally.
>>
>> So maybe it should be a policy for each individual instance (as opposed
>> to all
>> instances of a class)?
>> Would you please give an example for me to better understand it?
>>
>
> Like, you can have a refcounted Widget, which is used in two classes. In
> class A, Widget is used across threads but its refcount is protected by
> A::lock_. In class B, it is not meant for use across threads, so there is
> no lock. If B's instance happened to end up refcounting across threads,
> this patch would catch that (there'd be no scoped silencing of DCHECKs
> outside of class A). But whitelisting Widget would not catch it.
>

Right. I think it makes sense to use per-instance policy in this case. We
explicitly opt-out the check for the Widget instance in class A.


>
>
>>
>>
>>
>>
>> >
>> >
>> > >
>> > > https://codereview.chromium.org/2666423002/
>> > >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Chromium-reviews" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an
>> email
>> > to mailto:chromium-reviews+unsubscribe@chromium.org.
>>
>>
>>
>> https://codereview.chromium.org/2666423002/
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 9 months ago (2017-03-14 11:03:20 UTC) #149

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/620001

3 years, 9 months ago (2017-03-14 11:03:36 UTC) #150

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 9 months ago (2017-03-14 13:11:06 UTC) #152

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

3 years, 9 months ago (2017-03-14 13:11:08 UTC) #153

yzshen1

mojo LGTM https://codereview.chromium.org/2666423002/diff/620001/base/memory/ref_counted.h File base/memory/ref_counted.h (right): https://codereview.chromium.org/2666423002/diff/620001/base/memory/ref_counted.h#newcode165 base/memory/ref_counted.h:165: // and disable the aforementioned check. Nit: ...

3 years, 9 months ago (2017-03-14 17:36:34 UTC) #154

gab

Let me re-iterate this as I think owners started reviewing this CL not this question... ...

3 years, 9 months ago (2017-03-15 20:34:34 UTC) #156

danakj

On Wed, Mar 15, 2017 at 4:34 PM, <gab@chromium.org> wrote: > Let me re-iterate this ...

3 years, 9 months ago (2017-03-15 20:37:46 UTC) #157

On Wed, Mar 15, 2017 at 4:34 PM, <gab@chromium.org> wrote:

> Let me re-iterate this as I think owners started reviewing this CL not this
> question... we should change RefCounted usage that's behind locks to just
> use
> RefCountedThreadSafe -- the overhead of atomics is nil in the presence of
> the
> overhead of locks and avoiding the ScopedAllow(...) is better as it avoids
> complexity (if we can avoid introducing this scoped allowance altogether
> that's
> even better).
>

I can't speak to all the cases, but in cc, it's a refptr that is used on
the compositor thread only when the main thread is blocked. This is a
well-known state in the system called commit, where the compositor thread
uses data structures from the blocked main thread to build structures for
its own thread. There's no reason to use atomics, and there's no locks
trying to replace atomics.


>
>
> > > we shouldn't ScopedAllow just because we're behind locks (instead those
> should
> > use
> > > RefCountedThreadSafe as the performance gain of the non-atomic
> RefCounted is
> > > already irrelevant when surrounding usage of a Lock -- and it's also
> > error-prone
> > > as not all refs modifications may properly be done behind the lock in
> which
> > case
> > > even an "on sequence" modification can race with an "off sequence"
> > modification
> > > if the former isn't behind the lock while the latter is...).
> >
> > I'd defer that to the component owners.
> > raymes, zmo, yzshen, danakj: Does it make sense to convert these ref
> counted
> > classes to RefCountedThreadSafe?
> >
> > +raymes, zmo, yzshen and danakj. PTAL to
> > raymes: //ppapi
> > zmo: //gpu and //content/browser/gpu
> > yzshen: //mojo
> > danakj: //cc
>
>
>
> https://codereview.chromium.org/2666423002/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

gab

On 2017/03/15 20:34:34, gab wrote: > Let me re-iterate this as I think owners started ...

3 years, 9 months ago (2017-03-15 20:38:15 UTC) #158

gab

On 2017/03/15 20:37:46, danakj wrote: > On Wed, Mar 15, 2017 at 4:34 PM, <mailto:gab@chromium.org> ...

3 years, 9 months ago (2017-03-15 20:40:21 UTC) #159

On 2017/03/15 20:37:46, danakj wrote:
> On Wed, Mar 15, 2017 at 4:34 PM, <mailto:gab@chromium.org> wrote:
> 
> > Let me re-iterate this as I think owners started reviewing this CL not this
> > question... we should change RefCounted usage that's behind locks to just
> > use
> > RefCountedThreadSafe -- the overhead of atomics is nil in the presence of
> > the
> > overhead of locks and avoiding the ScopedAllow(...) is better as it avoids
> > complexity (if we can avoid introducing this scoped allowance altogether
> > that's
> > even better).
> >
> 
> I can't speak to all the cases, but in cc, it's a refptr that is used on
> the compositor thread only when the main thread is blocked. This is a
> well-known state in the system called commit, where the compositor thread
> uses data structures from the blocked main thread to build structures for
> its own thread. There's no reason to use atomics, and there's no locks
> trying to replace atomics.

Ah ok, yes in that case that makes sense. The question is, say that's the only
remaining use case, it it worth having ScopedAllowCrossThreadRefCountAccess just
for it? PostTask uses locks so once again maybe the atomics for refcount are no
big deal..?

> 
> 
> >
> >
> > > > we shouldn't ScopedAllow just because we're behind locks (instead those
> > should
> > > use
> > > > RefCountedThreadSafe as the performance gain of the non-atomic
> > RefCounted is
> > > > already irrelevant when surrounding usage of a Lock -- and it's also
> > > error-prone
> > > > as not all refs modifications may properly be done behind the lock in
> > which
> > > case
> > > > even an "on sequence" modification can race with an "off sequence"
> > > modification
> > > > if the former isn't behind the lock while the latter is...).
> > >
> > > I'd defer that to the component owners.
> > > raymes, zmo, yzshen, danakj: Does it make sense to convert these ref
> > counted
> > > classes to RefCountedThreadSafe?
> > >
> > > +raymes, zmo, yzshen and danakj. PTAL to
> > > raymes: //ppapi
> > > zmo: //gpu and //content/browser/gpu
> > > yzshen: //mojo
> > > danakj: //cc
> >
> >
> >
> > https://codereview.chromium.org/2666423002/
> >
> 
> -- 
> You received this message because you are subscribed to the Google Groups
> "Chromium-reviews" group.
> To unsubscribe from this group and stop receiving emails from it, send an
email
> to mailto:chromium-reviews+unsubscribe@chromium.org.

danakj

On Wed, Mar 15, 2017 at 4:40 PM, <gab@chromium.org> wrote: > On 2017/03/15 20:37:46, danakj ...

3 years, 9 months ago (2017-03-15 20:46:41 UTC) #160

On Wed, Mar 15, 2017 at 4:40 PM, <gab@chromium.org> wrote:

> On 2017/03/15 20:37:46, danakj wrote:
> > On Wed, Mar 15, 2017 at 4:34 PM, <mailto:gab@chromium.org> wrote:
> >
> > > Let me re-iterate this as I think owners started reviewing this CL not
> this
> > > question... we should change RefCounted usage that's behind locks to
> just
> > > use
> > > RefCountedThreadSafe -- the overhead of atomics is nil in the presence
> of
> > > the
> > > overhead of locks and avoiding the ScopedAllow(...) is better as it
> avoids
> > > complexity (if we can avoid introducing this scoped allowance
> altogether
> > > that's
> > > even better).
> > >
> >
> > I can't speak to all the cases, but in cc, it's a refptr that is used on
> > the compositor thread only when the main thread is blocked. This is a
> > well-known state in the system called commit, where the compositor thread
> > uses data structures from the blocked main thread to build structures for
> > its own thread. There's no reason to use atomics, and there's no locks
> > trying to replace atomics.
>
> Ah ok, yes in that case that makes sense. The question is, say that's the
> only
> remaining use case, it it worth having ScopedAllowCrossThreadRefCountAccess
> just
> for it? PostTask uses locks so once again maybe the atomics for refcount
> are no
> big deal..?
>

I'd need performance tests to show. This scoped object is at the top of
commit. Commit may use the entire compositor data structures, all layers,
pictures, things in skia, etc.. This isn't a scoped object for a single
refptr instance or anything.

*also* I think changing to ThreadSafeRefCounted would be extremely
misleading and I would not be happy about it. ThreadSafeRefCounted means
the references can change on any thread -> implies it can be destroyed on
any thread and needs very different expectations. In this case even tho
technically the compositor thread ends up running the code, conceptually it
is single threaded and only needs to deal with the main thread.


> >
> >
> > >
> > >
> > > > > we shouldn't ScopedAllow just because we're behind locks (instead
> those
> > > should
> > > > use
> > > > > RefCountedThreadSafe as the performance gain of the non-atomic
> > > RefCounted is
> > > > > already irrelevant when surrounding usage of a Lock -- and it's
> also
> > > > error-prone
> > > > > as not all refs modifications may properly be done behind the lock
> in
> > > which
> > > > case
> > > > > even an "on sequence" modification can race with an "off sequence"
> > > > modification
> > > > > if the former isn't behind the lock while the latter is...).
> > > >
> > > > I'd defer that to the component owners.
> > > > raymes, zmo, yzshen, danakj: Does it make sense to convert these ref
> > > counted
> > > > classes to RefCountedThreadSafe?
> > > >
> > > > +raymes, zmo, yzshen and danakj. PTAL to
> > > > raymes: //ppapi
> > > > zmo: //gpu and //content/browser/gpu
> > > > yzshen: //mojo
> > > > danakj: //cc
> > >
> > >
> > >
> > > https://codereview.chromium.org/2666423002/
> > >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Chromium-reviews" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> email
> > to mailto:chromium-reviews+unsubscribe@chromium.org.
>
>
> https://codereview.chromium.org/2666423002/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

chromium-reviews

Le mer. 15 mars 2017 16:46, <danakj@chromium.org> a écrit : > On Wed, Mar 15, ...

3 years, 9 months ago (2017-03-15 22:25:18 UTC) #161

Le mer. 15 mars 2017 16:46, <danakj@chromium.org> a écrit :

> On Wed, Mar 15, 2017 at 4:40 PM, <gab@chromium.org> wrote:
>
> On 2017/03/15 20:37:46, danakj wrote:
> > On Wed, Mar 15, 2017 at 4:34 PM, <mailto:gab@chromium.org> wrote:
> >
> > > Let me re-iterate this as I think owners started reviewing this CL not
> this
> > > question... we should change RefCounted usage that's behind locks to
> just
> > > use
> > > RefCountedThreadSafe -- the overhead of atomics is nil in the presence
> of
> > > the
> > > overhead of locks and avoiding the ScopedAllow(...) is better as it
> avoids
> > > complexity (if we can avoid introducing this scoped allowance
> altogether
> > > that's
> > > even better).
> > >
> >
> > I can't speak to all the cases, but in cc, it's a refptr that is used on
> > the compositor thread only when the main thread is blocked. This is a
> > well-known state in the system called commit, where the compositor thread
> > uses data structures from the blocked main thread to build structures for
> > its own thread. There's no reason to use atomics, and there's no locks
> > trying to replace atomics.
>
> Ah ok, yes in that case that makes sense. The question is, say that's the
> only
> remaining use case, it it worth having
> ScopedAllowCrossThreadRefCountAccess just
> for it? PostTask uses locks so once again maybe the atomics for refcount
> are no
> big deal..?
>
>
> I'd need performance tests to show. This scoped object is at the top of
> commit. Commit may use the entire compositor data structures, all layers,
> pictures, things in skia, etc.. This isn't a scoped object for a single
> refptr instance or anything.
>
> *also* I think changing to ThreadSafeRefCounted would be extremely
> misleading and I would not be happy about it. ThreadSafeRefCounted means
> the references can change on any thread -> implies it can be destroyed on
> any thread and needs very different expectations. In this case even tho
> technically the compositor thread ends up running the code, conceptually it
> is single threaded and only needs to deal with the main thread.
>

So why even pass the ref then? Pass it Unretained if the cc thread never
owns?


>
> >
> >
> > >
> > >
> > > > > we shouldn't ScopedAllow just because we're behind locks (instead
> those
> > > should
> > > > use
> > > > > RefCountedThreadSafe as the performance gain of the non-atomic
> > > RefCounted is
> > > > > already irrelevant when surrounding usage of a Lock -- and it's
> also
> > > > error-prone
> > > > > as not all refs modifications may properly be done behind the lock
> in
> > > which
> > > > case
> > > > > even an "on sequence" modification can race with an "off sequence"
> > > > modification
> > > > > if the former isn't behind the lock while the latter is...).
> > > >
> > > > I'd defer that to the component owners.
> > > > raymes, zmo, yzshen, danakj: Does it make sense to convert these ref
> > > counted
> > > > classes to RefCountedThreadSafe?
> > > >
> > > > +raymes, zmo, yzshen and danakj. PTAL to
> > > > raymes: //ppapi
> > > > zmo: //gpu and //content/browser/gpu
> > > > yzshen: //mojo
> > > > danakj: //cc
> > >
> > >
> > >
> > > https://codereview.chromium.org/2666423002/
> > >
> >
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Chromium-reviews" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> email
> > to mailto:chromium-reviews+unsubscribe@chromium.org.
>
>
> https://codereview.chromium.org/2666423002/
>
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

raymes

On 2017/03/15 20:34:34, gab wrote: > Let me re-iterate this as I think owners started ...

3 years, 9 months ago (2017-03-15 22:36:34 UTC) #162

danakj

On Wed, Mar 15, 2017 at 6:25 PM, Gabriel Charette <gab@google.com> wrote: > > > ...

3 years, 9 months ago (2017-03-16 15:55:39 UTC) #163

On Wed, Mar 15, 2017 at 6:25 PM, Gabriel Charette <gab@google.com> wrote:

>
>
> Le mer. 15 mars 2017 16:46, <danakj@chromium.org> a écrit :
>
>> On Wed, Mar 15, 2017 at 4:40 PM, <gab@chromium.org> wrote:
>>
>> On 2017/03/15 20:37:46, danakj wrote:
>> > On Wed, Mar 15, 2017 at 4:34 PM, <mailto:gab@chromium.org> wrote:
>> >
>> > > Let me re-iterate this as I think owners started reviewing this CL
>> not this
>> > > question... we should change RefCounted usage that's behind locks to
>> just
>> > > use
>> > > RefCountedThreadSafe -- the overhead of atomics is nil in the
>> presence of
>> > > the
>> > > overhead of locks and avoiding the ScopedAllow(...) is better as it
>> avoids
>> > > complexity (if we can avoid introducing this scoped allowance
>> altogether
>> > > that's
>> > > even better).
>> > >
>> >
>> > I can't speak to all the cases, but in cc, it's a refptr that is used on
>> > the compositor thread only when the main thread is blocked. This is a
>> > well-known state in the system called commit, where the compositor
>> thread
>> > uses data structures from the blocked main thread to build structures
>> for
>> > its own thread. There's no reason to use atomics, and there's no locks
>> > trying to replace atomics.
>>
>> Ah ok, yes in that case that makes sense. The question is, say that's the
>> only
>> remaining use case, it it worth having ScopedAllowCrossThreadRefCountAccess
>> just
>> for it? PostTask uses locks so once again maybe the atomics for refcount
>> are no
>> big deal..?
>>
>>
>> I'd need performance tests to show. This scoped object is at the top of
>> commit. Commit may use the entire compositor data structures, all layers,
>> pictures, things in skia, etc.. This isn't a scoped object for a single
>> refptr instance or anything.
>>
>> *also* I think changing to ThreadSafeRefCounted would be extremely
>> misleading and I would not be happy about it. ThreadSafeRefCounted means
>> the references can change on any thread -> implies it can be destroyed on
>> any thread and needs very different expectations. In this case even tho
>> technically the compositor thread ends up running the code, conceptually it
>> is single threaded and only needs to deal with the main thread.
>>
>
> So why even pass the ref then? Pass it Unretained if the cc thread never
> owns?
>

It's possible we should be move()ing refptrs that we are not, and temp
objects are being created during the passing of ownership from the main
thread to the compositor thread or something, or maybe ownership is moving
within main-thread structures, in code run on the compositor thread. I
don't know which pointers and which lines of code are violating the DCHECKs
to say more.


>
>
>>
>> >
>> >
>> > >
>> > >
>> > > > > we shouldn't ScopedAllow just because we're behind locks (instead
>> those
>> > > should
>> > > > use
>> > > > > RefCountedThreadSafe as the performance gain of the non-atomic
>> > > RefCounted is
>> > > > > already irrelevant when surrounding usage of a Lock -- and it's
>> also
>> > > > error-prone
>> > > > > as not all refs modifications may properly be done behind the
>> lock in
>> > > which
>> > > > case
>> > > > > even an "on sequence" modification can race with an "off sequence"
>> > > > modification
>> > > > > if the former isn't behind the lock while the latter is...).
>> > > >
>> > > > I'd defer that to the component owners.
>> > > > raymes, zmo, yzshen, danakj: Does it make sense to convert these ref
>> > > counted
>> > > > classes to RefCountedThreadSafe?
>> > > >
>> > > > +raymes, zmo, yzshen and danakj. PTAL to
>> > > > raymes: //ppapi
>> > > > zmo: //gpu and //content/browser/gpu
>> > > > yzshen: //mojo
>> > > > danakj: //cc
>> > >
>> > >
>> > >
>> > > https://codereview.chromium.org/2666423002/
>> > >
>> >
>> > --
>> > You received this message because you are subscribed to the Google
>> Groups
>> > "Chromium-reviews" group.
>> > To unsubscribe from this group and stop receiving emails from it, send
>> an
>> email
>> > to mailto:chromium-reviews+unsubscribe@chromium.org.
>>
>>
>> https://codereview.chromium.org/2666423002/
>>
>>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

gab

On 2017/03/16 15:55:39, danakj wrote: > On Wed, Mar 15, 2017 at 6:25 PM, Gabriel ...

3 years, 9 months ago (2017-03-20 16:50:43 UTC) #164

On 2017/03/16 15:55:39, danakj wrote:
> On Wed, Mar 15, 2017 at 6:25 PM, Gabriel Charette
<https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=gab@google.com> wrote:
> 
> >
> >
> > Le mer. 15 mars 2017 16:46,
<https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=danakj@chromium.org> a écrit
:
> >
> >> On Wed, Mar 15, 2017 at 4:40 PM,
<https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=gab@chromium.org> wrote:
> >>
> >> On 2017/03/15 20:37:46, danakj wrote:
> >> > On Wed, Mar 15, 2017 at 4:34 PM, <mailto:gab@chromium.org> wrote:
> >> >
> >> > > Let me re-iterate this as I think owners started reviewing this CL
> >> not this
> >> > > question... we should change RefCounted usage that's behind locks to
> >> just
> >> > > use
> >> > > RefCountedThreadSafe -- the overhead of atomics is nil in the
> >> presence of
> >> > > the
> >> > > overhead of locks and avoiding the ScopedAllow(...) is better as it
> >> avoids
> >> > > complexity (if we can avoid introducing this scoped allowance
> >> altogether
> >> > > that's
> >> > > even better).
> >> > >
> >> >
> >> > I can't speak to all the cases, but in cc, it's a refptr that is used on
> >> > the compositor thread only when the main thread is blocked. This is a
> >> > well-known state in the system called commit, where the compositor
> >> thread
> >> > uses data structures from the blocked main thread to build structures
> >> for
> >> > its own thread. There's no reason to use atomics, and there's no locks
> >> > trying to replace atomics.
> >>
> >> Ah ok, yes in that case that makes sense. The question is, say that's the
> >> only
> >> remaining use case, it it worth having ScopedAllowCrossThreadRefCountAccess
> >> just
> >> for it? PostTask uses locks so once again maybe the atomics for refcount
> >> are no
> >> big deal..?
> >>
> >>
> >> I'd need performance tests to show. This scoped object is at the top of
> >> commit. Commit may use the entire compositor data structures, all layers,
> >> pictures, things in skia, etc.. This isn't a scoped object for a single
> >> refptr instance or anything.
> >>
> >> *also* I think changing to ThreadSafeRefCounted would be extremely
> >> misleading and I would not be happy about it. ThreadSafeRefCounted means
> >> the references can change on any thread -> implies it can be destroyed on
> >> any thread and needs very different expectations. In this case even tho
> >> technically the compositor thread ends up running the code, conceptually it
> >> is single threaded and only needs to deal with the main thread.
> >>
> >
> > So why even pass the ref then? Pass it Unretained if the cc thread never
> > owns?
> >
> 
> It's possible we should be move()ing refptrs that we are not, and temp
> objects are being created during the passing of ownership from the main
> thread to the compositor thread or something, or maybe ownership is moving
> within main-thread structures, in code run on the compositor thread. I
> don't know which pointers and which lines of code are violating the DCHECKs
> to say more.

Okay, would be great to figure that out but I no longer think it needs to block
this CL. I'm fine with adding ScopedAllowCrossThreadRefCountAccess if we use it
in the bare minimal set of places initially (it should have a big comment on it
saying that it's there to allow pre-existing "safe" use cases to live in the
presence of the check while we figure out why they hit the check -- missing move
or whatnot -- and shouldn't be used for new use cases). And for those use cases
that are solely safe per being behind locks I still think we should use
RefCountedThreadSafe per my previous comments.

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 9 months ago (2017-03-23 12:40:24 UTC) #165

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/640001

3 years, 9 months ago (2017-03-23 12:40:50 UTC) #166

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 9 months ago (2017-03-23 15:12:59 UTC) #167

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

3 years, 9 months ago (2017-03-23 15:13:02 UTC) #168

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 9 months ago (2017-03-24 06:51:15 UTC) #169

tzik

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 9 months ago (2017-03-24 06:51:18 UTC) #170

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/660001

3 years, 9 months ago (2017-03-24 06:51:26 UTC) #171

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 9 months ago (2017-03-24 08:47:53 UTC) #172

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/390531)

3 years, 9 months ago (2017-03-24 08:47:54 UTC) #173

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 9 months ago (2017-03-24 15:10:10 UTC) #174

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/660001

3 years, 9 months ago (2017-03-24 15:10:38 UTC) #175

tzik

On 2017/03/20 16:50:43, gab wrote: > On 2017/03/16 15:55:39, danakj wrote: > > On Wed, ...

3 years, 9 months ago (2017-03-24 15:20:59 UTC) #176

On 2017/03/20 16:50:43, gab wrote:
> On 2017/03/16 15:55:39, danakj wrote:
> > On Wed, Mar 15, 2017 at 6:25 PM, Gabriel Charette
> <https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=gab@google.com> wrote:
> > 
> > >
> > >
> > > Le mer. 15 mars 2017 16:46,
> <https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=danakj@chromium.org> a
écrit
> :
> > >
> > >> On Wed, Mar 15, 2017 at 4:40 PM,
> <https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=gab@chromium.org> wrote:
> > >>
> > >> On 2017/03/15 20:37:46, danakj wrote:
> > >> > On Wed, Mar 15, 2017 at 4:34 PM, <mailto:gab@chromium.org> wrote:
> > >> >
> > >> > > Let me re-iterate this as I think owners started reviewing this CL
> > >> not this
> > >> > > question... we should change RefCounted usage that's behind locks to
> > >> just
> > >> > > use
> > >> > > RefCountedThreadSafe -- the overhead of atomics is nil in the
> > >> presence of
> > >> > > the
> > >> > > overhead of locks and avoiding the ScopedAllow(...) is better as it
> > >> avoids
> > >> > > complexity (if we can avoid introducing this scoped allowance
> > >> altogether
> > >> > > that's
> > >> > > even better).
> > >> > >
> > >> >
> > >> > I can't speak to all the cases, but in cc, it's a refptr that is used
on
> > >> > the compositor thread only when the main thread is blocked. This is a
> > >> > well-known state in the system called commit, where the compositor
> > >> thread
> > >> > uses data structures from the blocked main thread to build structures
> > >> for
> > >> > its own thread. There's no reason to use atomics, and there's no locks
> > >> > trying to replace atomics.
> > >>
> > >> Ah ok, yes in that case that makes sense. The question is, say that's the
> > >> only
> > >> remaining use case, it it worth having
ScopedAllowCrossThreadRefCountAccess
> > >> just
> > >> for it? PostTask uses locks so once again maybe the atomics for refcount
> > >> are no
> > >> big deal..?
> > >>
> > >>
> > >> I'd need performance tests to show. This scoped object is at the top of
> > >> commit. Commit may use the entire compositor data structures, all layers,
> > >> pictures, things in skia, etc.. This isn't a scoped object for a single
> > >> refptr instance or anything.
> > >>
> > >> *also* I think changing to ThreadSafeRefCounted would be extremely
> > >> misleading and I would not be happy about it. ThreadSafeRefCounted means
> > >> the references can change on any thread -> implies it can be destroyed on
> > >> any thread and needs very different expectations. In this case even tho
> > >> technically the compositor thread ends up running the code, conceptually
it
> > >> is single threaded and only needs to deal with the main thread.
> > >>
> > >
> > > So why even pass the ref then? Pass it Unretained if the cc thread never
> > > owns?
> > >
> > 
> > It's possible we should be move()ing refptrs that we are not, and temp
> > objects are being created during the passing of ownership from the main
> > thread to the compositor thread or something, or maybe ownership is moving
> > within main-thread structures, in code run on the compositor thread. I
> > don't know which pointers and which lines of code are violating the DCHECKs
> > to say more.
> 
> Okay, would be great to figure that out but I no longer think it needs to
block
> this CL. I'm fine with adding ScopedAllowCrossThreadRefCountAccess if we use
it
> in the bare minimal set of places initially (it should have a big comment on
it
> saying that it's there to allow pre-existing "safe" use cases to live in the
> presence of the check while we figure out why they hit the check -- missing
move
> or whatnot -- and shouldn't be used for new use cases). And for those use
cases
> that are solely safe per being behind locks I still think we should use
> RefCountedThreadSafe per my previous comments

I think the number of ScopedAllowCrossThreadRefCountAccess is not important
enough to stop adding the assertion itself. Can we handle these exception
separately on following CLs?

gab

https://codereview.chromium.org/2666423002/diff/660001/base/memory/ref_counted.h File base/memory/ref_counted.h (right): https://codereview.chromium.org/2666423002/diff/660001/base/memory/ref_counted.h#newcode131 base/memory/ref_counted.h:131: class BASE_EXPORT ScopedAllowCrossThreadRefCountAccess final { // ScopedAllowCrossThreadRefCountAccess disables the ...

3 years, 9 months ago (2017-03-24 15:46:46 UTC) #177

https://codereview.chromium.org/2666423002/diff/660001/base/memory/ref_counted.h
File base/memory/ref_counted.h (right):

https://codereview.chromium.org/2666423002/diff/660001/base/memory/ref_counte...
base/memory/ref_counted.h:131: class BASE_EXPORT
ScopedAllowCrossThreadRefCountAccess final {
// ScopedAllowCrossThreadRefCountAccess disables the check documented on
RefCounted below for rare pre-existing use cases where thread-safety was
guaranteed through other means (e.g. explicit sequencing of calls across
execution sequences when bouncing between threads in order). New callers should
refrain from using this (callsites handling thread-safety through locks should
use RefCountedThreadSafe per the overhead of its atomics being negligible
compared to locks anyways and callsites doing explicit sequencing should
properly std::move() the ref to avoid hitting this check).
// TODO(tzik): Cleanup existing use cases and remove
ScopedAllowCrossThreadRefCountAccess.

https://codereview.chromium.org/2666423002/diff/660001/base/memory/ref_counte...
base/memory/ref_counted.h:165: // and disable the aforementioned check.
Remove last sentence so it's not part of main API (no new users of
ScopedAllowCrossThreadRefCountAccess should be added) and move documentation
above with comment as suggested.

https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindin...
File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):

https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindin...
mojo/public/cpp/bindings/lib/multiplex_router.cc:964:
endpoint->DisableSequenceConsistencyAssertions();
That seems like a very large hammer, can we use the scoped object where relevant
instead? Otherwise how do we know all callers are truly doing the right thing
with the received pointer? I'd much rather not have
DisableSequenceConsistencyAssertions() if we can help it (and otherwise it
should have a large comment saying what it's there for and not to use it in new
use cases).

Also, outside the scope of this CL but why is this stored in a raw ptr and
returned as a raw ptr if it's RefCounted..?

yzshen1

https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindings/lib/multiplex_router.cc File mojo/public/cpp/bindings/lib/multiplex_router.cc (right): https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindings/lib/multiplex_router.cc#newcode964 mojo/public/cpp/bindings/lib/multiplex_router.cc:964: endpoint->DisableSequenceConsistencyAssertions(); On 2017/03/24 15:46:45, gab wrote: > That seems ...

3 years, 9 months ago (2017-03-24 16:58:09 UTC) #178

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 9 months ago (2017-03-24 17:03:27 UTC) #179

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

3 years, 9 months ago (2017-03-24 17:03:29 UTC) #180

yzshen1

I think I have expressed my opinion clearly that ScopedAllowCrossThreadRefCountAccess is not a correct API. ...

3 years, 9 months ago (2017-03-24 17:07:06 UTC) #181

I think I have expressed my opinion clearly
that ScopedAllowCrossThreadRefCountAccess is not a correct API.

WRT the MultiplexRouter::Endpoint case, I don't think it would be a huge
perf difference to change it to ThreadSafeRefCounted. Please feel free to
do that. Then we have one less thing to argue about. :)

On Fri, Mar 24, 2017 at 9:58 AM, <yzshen@chromium.org> wrote:

>
> https://codereview.chromium.org/2666423002/diff/660001/
> mojo/public/cpp/bindings/lib/multiplex_router.cc
> File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
>
> https://codereview.chromium.org/2666423002/diff/660001/
> mojo/public/cpp/bindings/lib/multiplex_router.cc#newcode964
> mojo/public/cpp/bindings/lib/multiplex_router.cc:964:
> endpoint->DisableSequenceConsistencyAssertions();
> On 2017/03/24 15:46:45, gab wrote:
> > That seems like a very large hammer, can we use the scoped object
> where relevant
> > instead? Otherwise how do we know all callers are truly doing the
> right thing
> > with the received pointer? I'd much rather not have
> > DisableSequenceConsistencyAssertions() if we can help it (and
> otherwise it
> > should have a large comment saying what it's there for and not to use
> it in new
> > use cases).
>
>
> I am the one who suggested that the check should be disabled at the
> object level, instead of using the scoped-allow object. :)
>
> That is because:
> - The scoped-allow object disables the check for *all* ref-counted
> objects in its scope.
> - When we want to disable the check for an object, it is a promise to
> behave correctly for all usage of that object across its lifetime. That
> is not a per-callsite choice. For example, all callsites should use the
> same lock to guard addref/release for that object.
>
> Considering these reasons, I don't think the scoped-allow approach is at
> the right level.
>
>
> >
> > Also, outside the scope of this CL but why is this stored in a raw ptr
> and
> > returned as a raw ptr if it's RefCounted..?
>
> (I think this is a question to me.)
> It saves one unnecessary add-ref for the return value of FindEndpoint().
> I agree that it is not a big difference though.
>
> https://codereview.chromium.org/2666423002/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

danakj

I tried to make these points earlier but just to reiterate why this doesn't seem ...

3 years, 9 months ago (2017-03-24 17:32:38 UTC) #182

I tried to make these points earlier but just to reiterate why this doesn't
seem one-size-fits-all..

On Fri, Mar 24, 2017 at 12:58 PM, <yzshen@chromium.org> wrote:

>
> https://codereview.chromium.org/2666423002/diff/660001/
> mojo/public/cpp/bindings/lib/multiplex_router.cc
> File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
>
> https://codereview.chromium.org/2666423002/diff/660001/
> mojo/public/cpp/bindings/lib/multiplex_router.cc#newcode964
> mojo/public/cpp/bindings/lib/multiplex_router.cc:964:
> endpoint->DisableSequenceConsistencyAssertions();
> On 2017/03/24 15:46:45, gab wrote:
> > That seems like a very large hammer, can we use the scoped object
> where relevant
> > instead? Otherwise how do we know all callers are truly doing the
> right thing
> > with the received pointer? I'd much rather not have
> > DisableSequenceConsistencyAssertions() if we can help it (and
> otherwise it
> > should have a large comment saying what it's there for and not to use
> it in new
> > use cases).
>
>
> I am the one who suggested that the check should be disabled at the
> object level, instead of using the scoped-allow object. :)
>
> That is because:
> - The scoped-allow object disables the check for *all* ref-counted
> objects in its scope.
>

If a thread is blocked then we want it to apply to all objects on that
thread, but only while it is blocked. The timing matters not the objects.


> - When we want to disable the check for an object, it is a promise to
> behave correctly for all usage of that object across its lifetime. That
> is not a per-callsite choice. For example, all callsites should use the
> same lock to guard addref/release for that object.
>

Some objects are not actually threadsafe and we want to guard against bad
behaviour outside of windows where it is safe.


>
> Considering these reasons, I don't think the scoped-allow approach is at
> the right level.
>
>
> >
> > Also, outside the scope of this CL but why is this stored in a raw ptr
> and
> > returned as a raw ptr if it's RefCounted..?
>
> (I think this is a question to me.)
> It saves one unnecessary add-ref for the return value of FindEndpoint().
> I agree that it is not a big difference though.
>
> https://codereview.chromium.org/2666423002/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

yzshen1

On Fri, Mar 24, 2017 at 10:32 AM, <danakj@chromium.org> wrote: > I tried to make ...

3 years, 9 months ago (2017-03-24 17:42:07 UTC) #183

On Fri, Mar 24, 2017 at 10:32 AM, <danakj@chromium.org> wrote:

> I tried to make these points earlier but just to reiterate why this
> doesn't seem one-size-fits-all..
>
> On Fri, Mar 24, 2017 at 12:58 PM, <yzshen@chromium.org> wrote:
>
>>
>> https://codereview.chromium.org/2666423002/diff/660001/mojo/
>> public/cpp/bindings/lib/multiplex_router.cc
>> File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
>>
>> https://codereview.chromium.org/2666423002/diff/660001/mojo/
>> public/cpp/bindings/lib/multiplex_router.cc#newcode964
>> mojo/public/cpp/bindings/lib/multiplex_router.cc:964:
>> endpoint->DisableSequenceConsistencyAssertions();
>> On 2017/03/24 15:46:45, gab wrote:
>> > That seems like a very large hammer, can we use the scoped object
>> where relevant
>> > instead? Otherwise how do we know all callers are truly doing the
>> right thing
>> > with the received pointer? I'd much rather not have
>> > DisableSequenceConsistencyAssertions() if we can help it (and
>> otherwise it
>> > should have a large comment saying what it's there for and not to use
>> it in new
>> > use cases).
>>
>>
>> I am the one who suggested that the check should be disabled at the
>> object level, instead of using the scoped-allow object. :)
>>
>> That is because:
>> - The scoped-allow object disables the check for *all* ref-counted
>> objects in its scope.
>>
>
> If a thread is blocked then we want it to apply to all objects on that
> thread, but only while it is blocked. The timing matters not the objects.
>

I agree that it could be useful in this particular case.
That being said, it seems easy to misuse this helper in other cases.


>
>
>> - When we want to disable the check for an object, it is a promise to
>> behave correctly for all usage of that object across its lifetime. That
>> is not a per-callsite choice. For example, all callsites should use the
>> same lock to guard addref/release for that object.
>>
>
> Some objects are not actually threadsafe and we want to guard against bad
> behaviour outside of windows where it is safe.
>


Okay. I am persuaded that this class is useful in certain cases. :)


>
> Considering these reasons, I don't think the scoped-allow approach is at
> the right level.
>
>
> >
> > Also, outside the scope of this CL but why is this stored in a raw ptr
> and
> > returned as a raw ptr if it's RefCounted..?
>
> (I think this is a question to me.)
> It saves one unnecessary add-ref for the return value of FindEndpoint().
> I agree that it is not a big difference though.
>
> https://codereview.chromium.org/2666423002/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

chromium-reviews

Le ven. 24 mars 2017 12:58, <yzshen@chromium.org> a écrit : > > > https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindings/lib/multiplex_router.cc > ...

3 years, 9 months ago (2017-03-24 22:06:46 UTC) #184

Le ven. 24 mars 2017 12:58, <yzshen@chromium.org> a écrit :

>
>
>
https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindin...
> File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
>
>
>
https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindin...
> mojo/public/cpp/bindings/lib/multiplex_router.cc:964:
> endpoint->DisableSequenceConsistencyAssertions();
> On 2017/03/24 15:46:45, gab wrote:
> > That seems like a very large hammer, can we use the scoped object
> where relevant
> > instead? Otherwise how do we know all callers are truly doing the
> right thing
> > with the received pointer? I'd much rather not have
> > DisableSequenceConsistencyAssertions() if we can help it (and
> otherwise it
> > should have a large comment saying what it's there for and not to use
> it in new
> > use cases).
>
>
> I am the one who suggested that the check should be disabled at the
> object level, instead of using the scoped-allow object. :)
>
> That is because:
> - The scoped-allow object disables the check for *all* ref-counted
> objects in its scope.
> - When we want to disable the check for an object, it is a promise to
> behave correctly for all usage of that object across its lifetime. That
> is not a per-callsite choice. For example, all callsites should use the
> same lock to guard addref/release for that object.
>
> Considering these reasons, I don't think the scoped-allow approach is at
> the right level.
>

Am I understanding correctly from your other reply that this object doesn't
use RefCountedThreadSafe because it's always used behind a lock? If so I'd
much prefer to make it RefCountedThreadSafe anyways (as I mentioned
multiple times above) as the overhead of atomics is negligible compared to
locks so the optimization of using the unsafe version isn't worth it while
on the other hand not introducing this escape hatch is very much desired.


>
>
> >
> > Also, outside the scope of this CL but why is this stored in a raw ptr
> and
> > returned as a raw ptr if it's RefCounted..?
>
> (I think this is a question to me.)
> It saves one unnecessary add-ref for the return value of FindEndpoint().
> I agree that it is not a big difference though.
>

I don't have link handy from mobile now but Chromium style is to always
pass pointers through scoped_refptr/std::unique_ptr unless the caller
merely uses the value without taking a ref.

In this case this doesn't save an add-ref because C++11 move semantics
would move the ref to the caller anyways.



> https://codereview.chromium.org/2666423002/
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

yzshen1

On Fri, Mar 24, 2017 at 3:06 PM, Gabriel Charette <gab@google.com> wrote: > > > ...

3 years, 9 months ago (2017-03-25 05:40:55 UTC) #185

On Fri, Mar 24, 2017 at 3:06 PM, Gabriel Charette <gab@google.com> wrote:

>
>
> Le ven. 24 mars 2017 12:58, <yzshen@chromium.org> a écrit :
>
>>
>> https://codereview.chromium.org/2666423002/diff/660001/
>> mojo/public/cpp/bindings/lib/multiplex_router.cc
>> File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
>>
>> https://codereview.chromium.org/2666423002/diff/660001/
>> mojo/public/cpp/bindings/lib/multiplex_router.cc#newcode964
>> mojo/public/cpp/bindings/lib/multiplex_router.cc:964:
>> endpoint->DisableSequenceConsistencyAssertions();
>> On 2017/03/24 15:46:45, gab wrote:
>> > That seems like a very large hammer, can we use the scoped object
>> where relevant
>> > instead? Otherwise how do we know all callers are truly doing the
>> right thing
>> > with the received pointer? I'd much rather not have
>> > DisableSequenceConsistencyAssertions() if we can help it (and
>> otherwise it
>> > should have a large comment saying what it's there for and not to use
>> it in new
>> > use cases).
>>
>>
>> I am the one who suggested that the check should be disabled at the
>> object level, instead of using the scoped-allow object. :)
>>
>> That is because:
>> - The scoped-allow object disables the check for *all* ref-counted
>> objects in its scope.
>> - When we want to disable the check for an object, it is a promise to
>> behave correctly for all usage of that object across its lifetime. That
>> is not a per-callsite choice. For example, all callsites should use the
>> same lock to guard addref/release for that object.
>>
>> Considering these reasons, I don't think the scoped-allow approach is at
>> the right level.
>>
>
> Am I understanding correctly from your other reply that this object
> doesn't use RefCountedThreadSafe because it's always used behind a lock? If
> so I'd much prefer to make it RefCountedThreadSafe anyways (as I mentioned
> multiple times above) as the overhead of atomics is negligible compared to
> locks so the optimization of using the unsafe version isn't worth it while
> on the other hand not introducing this escape hatch is very much desired.
>
>
>>
>>
>> >
>> > Also, outside the scope of this CL but why is this stored in a raw ptr
>> and
>> > returned as a raw ptr if it's RefCounted..?
>>
>> (I think this is a question to me.)
>> It saves one unnecessary add-ref for the return value of FindEndpoint().
>> I agree that it is not a big difference though.
>>
>
> I don't have link handy from mobile now but Chromium style is to always
> pass pointers through scoped_refptr/std::unique_ptr unless the caller
> merely uses the value without taking a ref.
>

FindEndpoint() meets this criteria: users use it without taking a ref. That
is why it doesn't return a scoped_refptr.


>
> In this case this doesn't save an add-ref because C++11 move semantics
> would move the ref to the caller anyways.
>
>
>
>> https://codereview.chromium.org/2666423002/
>>
>

-- 
You received this message because you are subscribed to the Google Groups
"Chromium-reviews" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to chromium-reviews+unsubscribe@chromium.org.

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 8 months ago (2017-03-28 06:45:06 UTC) #186

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/680001

3 years, 8 months ago (2017-03-28 06:45:26 UTC) #187

tzik

https://codereview.chromium.org/2666423002/diff/660001/base/memory/ref_counted.h File base/memory/ref_counted.h (right): https://codereview.chromium.org/2666423002/diff/660001/base/memory/ref_counted.h#newcode131 base/memory/ref_counted.h:131: class BASE_EXPORT ScopedAllowCrossThreadRefCountAccess final { On 2017/03/24 15:46:45, gab ...

3 years, 8 months ago (2017-03-28 07:11:28 UTC) #188

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 8 months ago (2017-03-28 08:19:49 UTC) #189

commit-bot: I haz the power

Dry run: Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_chromeos_rel_ng/builds/392623)

3 years, 8 months ago (2017-03-28 08:19:50 UTC) #190

gab

On 2017/03/24 22:06:46, chromium-reviews wrote: > Le ven. 24 mars 2017 12:58, <https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=yzshen@chromium.org> a écrit ...

3 years, 8 months ago (2017-03-28 15:42:34 UTC) #191

On 2017/03/24 22:06:46, chromium-reviews wrote:
> Le ven. 24 mars 2017 12:58,
<https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=yzshen@chromium.org> a écrit
:
> 
> >
> >
> >
>
https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindin...
> > File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
> >
> >
> >
>
https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindin...
> > mojo/public/cpp/bindings/lib/multiplex_router.cc:964:
> > endpoint->DisableSequenceConsistencyAssertions();
> > On 2017/03/24 15:46:45, gab wrote:
> > > That seems like a very large hammer, can we use the scoped object
> > where relevant
> > > instead? Otherwise how do we know all callers are truly doing the
> > right thing
> > > with the received pointer? I'd much rather not have
> > > DisableSequenceConsistencyAssertions() if we can help it (and
> > otherwise it
> > > should have a large comment saying what it's there for and not to use
> > it in new
> > > use cases).
> >
> >
> > I am the one who suggested that the check should be disabled at the
> > object level, instead of using the scoped-allow object. :)
> >
> > That is because:
> > - The scoped-allow object disables the check for *all* ref-counted
> > objects in its scope.
> > - When we want to disable the check for an object, it is a promise to
> > behave correctly for all usage of that object across its lifetime. That
> > is not a per-callsite choice. For example, all callsites should use the
> > same lock to guard addref/release for that object.
> >
> > Considering these reasons, I don't think the scoped-allow approach is at
> > the right level.
> >
> 
> Am I understanding correctly from your other reply that this object doesn't
> use RefCountedThreadSafe because it's always used behind a lock? If so I'd
> much prefer to make it RefCountedThreadSafe anyways (as I mentioned
> multiple times above) as the overhead of atomics is negligible compared to
> locks so the optimization of using the unsafe version isn't worth it while
> on the other hand not introducing this escape hatch is very much desired.

Ping on this, looks like |endpoint|'s are refcounted from |endpoints_| and
always used behind |lock_|, can we once again make these RefCountedThreadSafe
and avoid introducing DisableSequenceConsistencyAssertions()? (keeping only
ScopedAllow is already much better than having two of these escape hatches)

tzik

The CQ bit was checked by tzik@chromium.org to run a CQ dry run

3 years, 8 months ago (2017-03-30 08:02:32 UTC) #192

commit-bot: I haz the power

Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/700001

3 years, 8 months ago (2017-03-30 08:02:44 UTC) #193

tzik

On 2017/03/28 15:42:34, gab wrote: > On 2017/03/24 22:06:46, chromium-reviews wrote: > > Le ven. ...

3 years, 8 months ago (2017-03-30 09:05:16 UTC) #194

On 2017/03/28 15:42:34, gab wrote:
> On 2017/03/24 22:06:46, chromium-reviews wrote:
> > Le ven. 24 mars 2017 12:58,
> <https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=yzshen@chromium.org> a
écrit
> :
> > 
> > >
> > >
> > >
> >
>
https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindin...
> > > File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
> > >
> > >
> > >
> >
>
https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindin...
> > > mojo/public/cpp/bindings/lib/multiplex_router.cc:964:
> > > endpoint->DisableSequenceConsistencyAssertions();
> > > On 2017/03/24 15:46:45, gab wrote:
> > > > That seems like a very large hammer, can we use the scoped object
> > > where relevant
> > > > instead? Otherwise how do we know all callers are truly doing the
> > > right thing
> > > > with the received pointer? I'd much rather not have
> > > > DisableSequenceConsistencyAssertions() if we can help it (and
> > > otherwise it
> > > > should have a large comment saying what it's there for and not to use
> > > it in new
> > > > use cases).
> > >
> > >
> > > I am the one who suggested that the check should be disabled at the
> > > object level, instead of using the scoped-allow object. :)
> > >
> > > That is because:
> > > - The scoped-allow object disables the check for *all* ref-counted
> > > objects in its scope.
> > > - When we want to disable the check for an object, it is a promise to
> > > behave correctly for all usage of that object across its lifetime. That
> > > is not a per-callsite choice. For example, all callsites should use the
> > > same lock to guard addref/release for that object.
> > >
> > > Considering these reasons, I don't think the scoped-allow approach is at
> > > the right level.
> > >
> > 
> > Am I understanding correctly from your other reply that this object doesn't
> > use RefCountedThreadSafe because it's always used behind a lock? If so I'd
> > much prefer to make it RefCountedThreadSafe anyways (as I mentioned
> > multiple times above) as the overhead of atomics is negligible compared to
> > locks so the optimization of using the unsafe version isn't worth it while
> > on the other hand not introducing this escape hatch is very much desired.
> 
> Ping on this, looks like |endpoint|'s are refcounted from |endpoints_| and
> always used behind |lock_|, can we once again make these RefCountedThreadSafe
> and avoid introducing DisableSequenceConsistencyAssertions()? (keeping only
> ScopedAllow is already much better than having two of these escape hatches)

OK, I converted InterfaceEndPoint to RefCountedThreadSafe in a separate CL, and
removed the per-instance suppression.

commit-bot: I haz the power

The CQ bit was unchecked by commit-bot@chromium.org

3 years, 8 months ago (2017-03-30 09:46:06 UTC) #195

commit-bot: I haz the power

Dry run: This issue passed the CQ dry run.

3 years, 8 months ago (2017-03-30 09:46:08 UTC) #196

gab

On 2017/03/30 09:05:16, tzik wrote: > On 2017/03/28 15:42:34, gab wrote: > > On 2017/03/24 ...

3 years, 8 months ago (2017-03-30 14:28:26 UTC) #197

On 2017/03/30 09:05:16, tzik wrote:
> On 2017/03/28 15:42:34, gab wrote:
> > On 2017/03/24 22:06:46, chromium-reviews wrote:
> > > Le ven. 24 mars 2017 12:58,
> > <https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=yzshen@chromium.org> a
> écrit
> > :
> > > 
> > > >
> > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindin...
> > > > File mojo/public/cpp/bindings/lib/multiplex_router.cc (right):
> > > >
> > > >
> > > >
> > >
> >
>
https://codereview.chromium.org/2666423002/diff/660001/mojo/public/cpp/bindin...
> > > > mojo/public/cpp/bindings/lib/multiplex_router.cc:964:
> > > > endpoint->DisableSequenceConsistencyAssertions();
> > > > On 2017/03/24 15:46:45, gab wrote:
> > > > > That seems like a very large hammer, can we use the scoped object
> > > > where relevant
> > > > > instead? Otherwise how do we know all callers are truly doing the
> > > > right thing
> > > > > with the received pointer? I'd much rather not have
> > > > > DisableSequenceConsistencyAssertions() if we can help it (and
> > > > otherwise it
> > > > > should have a large comment saying what it's there for and not to use
> > > > it in new
> > > > > use cases).
> > > >
> > > >
> > > > I am the one who suggested that the check should be disabled at the
> > > > object level, instead of using the scoped-allow object. :)
> > > >
> > > > That is because:
> > > > - The scoped-allow object disables the check for *all* ref-counted
> > > > objects in its scope.
> > > > - When we want to disable the check for an object, it is a promise to
> > > > behave correctly for all usage of that object across its lifetime. That
> > > > is not a per-callsite choice. For example, all callsites should use the
> > > > same lock to guard addref/release for that object.
> > > >
> > > > Considering these reasons, I don't think the scoped-allow approach is at
> > > > the right level.
> > > >
> > > 
> > > Am I understanding correctly from your other reply that this object
doesn't
> > > use RefCountedThreadSafe because it's always used behind a lock? If so I'd
> > > much prefer to make it RefCountedThreadSafe anyways (as I mentioned
> > > multiple times above) as the overhead of atomics is negligible compared to
> > > locks so the optimization of using the unsafe version isn't worth it while
> > > on the other hand not introducing this escape hatch is very much desired.
> > 
> > Ping on this, looks like |endpoint|'s are refcounted from |endpoints_| and
> > always used behind |lock_|, can we once again make these
RefCountedThreadSafe
> > and avoid introducing DisableSequenceConsistencyAssertions()? (keeping only
> > ScopedAllow is already much better than having two of these escape hatches)
> 
> OK, I converted InterfaceEndPoint to RefCountedThreadSafe in a separate CL,
and
> removed the per-instance suppression.

Awesome! LGTM :)! Thanks!

gab

The patchset sent to the CQ was uploaded after l-g-t-m from danakj@chromium.org, zmo@chromium.org, raymes@chromium.org, yzshen@chromium.org ...

3 years, 8 months ago (2017-03-30 15:32:24 UTC) #199

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/700001

3 years, 8 months ago (2017-03-30 15:33:24 UTC) #200

commit-bot: I haz the power

CQ is committing da patch. Bot data: {"patchset_id": 700001, "attempt_start_ts": 1490887944343840, "parent_rev": "e618b6971a699f5d25d9f1b8c5d3011b8118feab", "commit_rev": "f9a212dec0fec22e21d7f66ad1aa9414ed1dc068"}

3 years, 8 months ago (2017-03-30 15:42:41 UTC) #201

commit-bot: I haz the power

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 8 months ago (2017-03-30 15:44:15 UTC) #202

commit-bot: I haz the power

Committed patchset #35 (id:700001) as https://chromium.googlesource.com/chromium/src/+/f9a212dec0fec22e21d7f66ad1aa9414ed1dc068

3 years, 8 months ago (2017-03-30 15:44:18 UTC) #203

wjmaclean

A revert of this CL (patchset #35 id:700001) has been created in https://codereview.chromium.org/2783393002/ by wjmaclean@chromium.org. ...

3 years, 8 months ago (2017-03-30 19:51:55 UTC) #204

tzik

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 8 months ago (2017-03-31 05:33:52 UTC) #205

Message was sent while issue was closed.

Description was changed from

==========
Assert sequence validity on non-thread-safe RefCount manipulations

This CL adds DCHECKs to non-thread-safe base::RefCount to trace racy
ref count manipulations. A ref counted object is considered to be bound
to a sequence if the count is more than one. After this CL, ref count
manipulations to a sequenced-bound one cause DCHECK failure.

This CL also adds ScopedAllowCrossThreadRefCountAccess to opt out,
and applies the opt-out as needed.

BUG=688072
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2666423002
Cr-Commit-Position: refs/heads/master@{#460773}
Committed:
https://chromium.googlesource.com/chromium/src/+/f9a212dec0fec22e21d7f66ad1aa...
==========

to

==========
Assert sequence validity on non-thread-safe RefCount manipulations

This CL adds DCHECKs to non-thread-safe base::RefCount to trace racy
ref count manipulations. A ref counted object is considered to be bound
to a sequence if the count is more than one. After this CL, ref count
manipulations to a sequenced-bound one cause DCHECK failure.

This CL also adds ScopedAllowCrossThreadRefCountAccess to opt out,
and applies the opt-out as needed.

BUG=688072
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2666423002
Cr-Commit-Position: refs/heads/master@{#460773}
Committed:
https://chromium.googlesource.com/chromium/src/+/f9a212dec0fec22e21d7f66ad1aa...
==========

tzik

On 2017/03/30 19:51:55, wjmaclean wrote: > A revert of this CL (patchset #35 id:700001) has ...

3 years, 8 months ago (2017-03-31 13:40:47 UTC) #206

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2666423002/700001

3 years, 8 months ago (2017-03-31 17:07:26 UTC) #208

commit-bot: I haz the power

CQ is committing da patch. Bot data: {"patchset_id": 700001, "attempt_start_ts": 1490980003565110, "parent_rev": "6f6d07f111d9df9bc70ff3dc71612d940d9b2d17", "commit_rev": "3f4231f979090ad23fd89622b3b36ed564650645"}

3 years, 8 months ago (2017-03-31 21:31:30 UTC) #209

commit-bot: I haz the power

Description was changed from ========== Assert sequence validity on non-thread-safe RefCount manipulations This CL adds ...

3 years, 8 months ago (2017-03-31 21:32:19 UTC) #210

Message was sent while issue was closed.

Description was changed from

==========
Assert sequence validity on non-thread-safe RefCount manipulations

This CL adds DCHECKs to non-thread-safe base::RefCount to trace racy
ref count manipulations. A ref counted object is considered to be bound
to a sequence if the count is more than one. After this CL, ref count
manipulations to a sequenced-bound one cause DCHECK failure.

This CL also adds ScopedAllowCrossThreadRefCountAccess to opt out,
and applies the opt-out as needed.

BUG=688072
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2666423002
Cr-Commit-Position: refs/heads/master@{#460773}
Committed:
https://chromium.googlesource.com/chromium/src/+/f9a212dec0fec22e21d7f66ad1aa...
==========

to

==========
Assert sequence validity on non-thread-safe RefCount manipulations

This CL adds DCHECKs to non-thread-safe base::RefCount to trace racy
ref count manipulations. A ref counted object is considered to be bound
to a sequence if the count is more than one. After this CL, ref count
manipulations to a sequenced-bound one cause DCHECK failure.

This CL also adds ScopedAllowCrossThreadRefCountAccess to opt out,
and applies the opt-out as needed.

BUG=688072
CQ_INCLUDE_TRYBOTS=master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2666423002
Cr-Original-Commit-Position: refs/heads/master@{#460773}
Committed:
https://chromium.googlesource.com/chromium/src/+/f9a212dec0fec22e21d7f66ad1aa...
Review-Url: https://codereview.chromium.org/2666423002
Cr-Commit-Position: refs/heads/master@{#461235}
Committed:
https://chromium.googlesource.com/chromium/src/+/3f4231f979090ad23fd89622b3b3...
==========

commit-bot: I haz the power

3 years, 8 months ago (2017-03-31 21:32:22 UTC) #211

Message was sent while issue was closed.

Committed patchset #35 (id:700001) as
https://chromium.googlesource.com/chromium/src/+/3f4231f979090ad23fd89622b3b3...

Issue 2666423002: Assert sequence validity on non-thread-safe RefCount manipulations (2) (Closed)

Description

Patch Set 1 #

Patch Set 2 : fix #

Patch Set 3 : history fix #

Patch Set 4 : fix net_unittests #

Patch Set 5 : +suppressor #

Patch Set 6 : +SW fix #

Patch Set 7 : suppress ppapi false positive #

Patch Set 8 : fix devtools race #

Patch Set 9 : suppress GpuDataManagerImpl #

Patch Set 10 : suppress ResourceBundle and AtExitManager #

Patch Set 11 : fix #

Patch Set 12 : rebase #

Patch Set 13 : +loop_runner_fix. +page_capture_fix #

Patch Set 14 : suppress mojo #

Patch Set 15 : clean up #

Patch Set 16 : fix #

Patch Set 17 : rebase #

Patch Set 18 : rebase #

Patch Set 19 : rebase #

Patch Set 20 : font fix & add_to_home_fix #

Patch Set 21 : rebase on fonts_fix CL #

Patch Set 22 : rebase on snapshot_fix. suppress TextureGroup failure #

Patch Set 23 : . #

Patch Set 24 : rebase on ImageStorage fix #

Patch Set 25 : rebase #

Patch Set 26 : comment & variable name fix #

Patch Set 27 : . #

Patch Set 28 : rebase #

Patch Set 29 : rebase #

Patch Set 30 : rebase #

Patch Set 31 : per-instance opt-out #

Patch Set 32 : rebase #

Patch Set 33 : rebase #

Patch Set 34 : +comment #

Patch Set 35 : remove DisableSequenceConsistencyAssertions #

Messages