Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2773013002:
Oilpan: isHeapObjectAlive should not return true for cross thread objects (Closed)
DescriptionOilpan: isHeapObjectAlive should not return true for cross thread objects
isHeapObjectAlive was returning true for all cross thread objects. This was added in https://codereview.chromium.org/1909813002 because PersistentBase::checkPointer was calling isHeapObjectAlive with cross thread objects. The call to isHeapObjectAlive from PersistentBase::checkPointer was removed in https://codereview.chromium.org/2701273002 so this was no longer necessary.
isHeapObjectAlive was being used during marking which meant cross thread objects were not being marked, skipping the DCHECK in marking, causing crbug.com/702527 and crbug.com/705872 to go undetected.
BUG=705873
Review-Url: https://codereview.chromium.org/2773013002
Cr-Commit-Position: refs/heads/master@{#462009}
Committed: https://chromium.googlesource.com/chromium/src/+/a93efbaa0146b717e42c78fd320074852822435a
Patch Set 1 #Patch Set 2 : fix #
Total comments: 2
Messages
Total messages: 21 (14 generated)
The CQ bit was checked by keishi@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
Description was changed from ========== Remove extra code BUG= ========== to ========== Oilpan: isHeapObjectAlive should not return true for cross thread objects isHeapObjectAlive was returning true for all cross thread objects. This was added in https://codereview.chromium.org/1909813002 because PersistentBase::checkPointer was calling isHeapObjectAlive with cross thread objects. The call to isHeapObjectAlive from PersistentBase::checkPointer was removed in https://codereview.chromium.org/2701273002 so this was no longer necessary. isHeapObjectAlive was being used during marking which meant cross thread objects were not being marked, skipping the DCHECK in marking, causing crbug.com/702527 and crbug.com/705872 to go undetected. BUG=705873 ==========
keishi@chromium.org changed reviewers: + haraken@chromium.org, oilpan-reviews@chromium.org
I need to land https://codereview.chromium.org/2774223002/ first but PTAL.
This bug caused crbug.com/702527 to go undetected. WIP but I'm hoping to also do something like this https://codereview.chromium.org/2778993002/ and add same thread checks to heap collections.
sigbjornf@opera.com changed reviewers: + sigbjornf@opera.com
https://codereview.chromium.org/2773013002/diff/20001/third_party/WebKit/Sour... File third_party/WebKit/Source/platform/heap/Heap.h (right): https://codereview.chromium.org/2773013002/diff/20001/third_party/WebKit/Sour... third_party/WebKit/Source/platform/heap/Heap.h:251: DCHECK(&ThreadState::current()->heap() == How does this work for CrossThreadWeakPersistent<> and handleWeakPersistent()'s use of isHeapObjectAlive() ?
lgtm https://codereview.chromium.org/2773013002/diff/20001/third_party/WebKit/Sour... File third_party/WebKit/Source/platform/heap/Heap.h (right): https://codereview.chromium.org/2773013002/diff/20001/third_party/WebKit/Sour... third_party/WebKit/Source/platform/heap/Heap.h:251: DCHECK(&ThreadState::current()->heap() == On 2017/03/28 19:50:09, sof wrote: > How does this work for CrossThreadWeakPersistent<> and handleWeakPersistent()'s > use of isHeapObjectAlive() ? The shouldTracePersistentNode() same-heap check should prevent cross-thread uses of such persistents, so there can't be any confusion about where that weak callback is used.
The CQ bit was checked by sigbjornf@opera.com to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)
LGTM
The CQ bit was checked by keishi@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 20001, "attempt_start_ts": 1491372347830510,
"parent_rev": "99d503570e95838275ab91e66639c4b4c21da039", "commit_rev":
"a93efbaa0146b717e42c78fd320074852822435a"}
Message was sent while issue was closed.
Description was changed from ========== Oilpan: isHeapObjectAlive should not return true for cross thread objects isHeapObjectAlive was returning true for all cross thread objects. This was added in https://codereview.chromium.org/1909813002 because PersistentBase::checkPointer was calling isHeapObjectAlive with cross thread objects. The call to isHeapObjectAlive from PersistentBase::checkPointer was removed in https://codereview.chromium.org/2701273002 so this was no longer necessary. isHeapObjectAlive was being used during marking which meant cross thread objects were not being marked, skipping the DCHECK in marking, causing crbug.com/702527 and crbug.com/705872 to go undetected. BUG=705873 ========== to ========== Oilpan: isHeapObjectAlive should not return true for cross thread objects isHeapObjectAlive was returning true for all cross thread objects. This was added in https://codereview.chromium.org/1909813002 because PersistentBase::checkPointer was calling isHeapObjectAlive with cross thread objects. The call to isHeapObjectAlive from PersistentBase::checkPointer was removed in https://codereview.chromium.org/2701273002 so this was no longer necessary. isHeapObjectAlive was being used during marking which meant cross thread objects were not being marked, skipping the DCHECK in marking, causing crbug.com/702527 and crbug.com/705872 to go undetected. BUG=705873 Review-Url: https://codereview.chromium.org/2773013002 Cr-Commit-Position: refs/heads/master@{#462009} Committed: https://chromium.googlesource.com/chromium/src/+/a93efbaa0146b717e42c78fd3200... ==========
Message was sent while issue was closed.
Committed patchset #2 (id:20001) as https://chromium.googlesource.com/chromium/src/+/a93efbaa0146b717e42c78fd3200... |
