New issue
Advanced search Search tips

Issue 884218 link

Starred by 1 user
Status: Fixed
Owner:
mlippautz@chromium.org
Closed: Sep 17
Cc:
jbroman@chromium.org
blink-reviews-bindings@chromium.org
lfg@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Buggy use of base::AutoReset in third_party/blink/renderer/platform/bindings/script_wrappable_marking_visitor.cc

Project Member Reported by mpawlow...@opera.com, Sep 14 
https://cs.chromium.org/chromium/src/third_party/blink/renderer/platform/bindings/script_wrappable_marking_visitor.cc?rcl=c0e3a0bdbbac8a81a01394067057bd83bc2a0600&l=188


The RAII base::AutoReset<bool> object is not named, and thus gets deleted immediately. advancing_tracing_ member is NOT temporarily set to true for the duration of this scope.

Comment 1 by jbroman@chromium.org, Sep 14

Owner: mlippautz@chromium.org
Status: Assigned (was: Untriaged)
Good catch! This seems to only affect DCHECK_IS_ON code and has never worked correctly since originally added as a WTF::TemporaryChange over two years ago:

https://chromium.googlesource.com/chromium/src/+/a973a859a9b6c995ff5081174426306a9fa3914d

Given that, leaving it at P3 and letting mlippautz@ decide whether we want to correct this scoped AutoReset or eliminate the flag in question.

Comment 2 by mlippautz@chromium.org, Sep 14 

Nice find :)

The scope is used to avoid adding unnecessary objects to the verifier. For the time being we'd still like to have the verifier.  Lets fix the scope by giving it a name. This will speed up debug build by a bit although I am not sure if it's measurable these days.

Can do that on Monday unless you want to fix it.

Comment 3 by mlippautz@chromium.org, Sep 17

Status: Started (was: Assigned)
Project Member

Comment 4 by bugdroid1@chromium.org, Sep 17 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/38e1c72978cd85dae716ddab01f8ad6e66cb6b61

commit 38e1c72978cd85dae716ddab01f8ad6e66cb6b61
Author: Michael Lippautz <mlippautz@chromium.org>
Date: Mon Sep 17 10:02:33 2018

[wrapper-tracing] Remove tracing scope in AdvanceTracing

The wrapper tracing verifier used to only record entry points in the Blink
graph as the verification pass then transitively traversed the graph again to
check for non-black objects. To do so, only objects that have an incoming V8
reference were recorded for verification.  The broken scope was supposed to
implement that filter.

In these days however, the verifier only checks the next level of an object and
does not recurse. This requires that all objects are recorded for verification.
Remove the non-working unnecessary scope as a consequence.

Bug:  chromium:884218 
Change-Id: If37bc1815f346a5c9ae2588972761c177bc10880
Reviewed-on: https://chromium-review.googlesource.com/1227798
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#591631}
[modify] https://crrev.com/38e1c72978cd85dae716ddab01f8ad6e66cb6b61/third_party/blink/renderer/platform/bindings/script_wrappable_marking_visitor.cc
[modify] https://crrev.com/38e1c72978cd85dae716ddab01f8ad6e66cb6b61/third_party/blink/renderer/platform/bindings/script_wrappable_marking_visitor.h

Comment 5 by mlippautz@chromium.org, Sep 17

Status: Fixed (was: Started)

Sign in to add a comment