|
|
Created:
4 years, 4 months ago by yhirano Modified:
4 years, 3 months ago CC:
chromium-reviews, fs, apavlov+blink_chromium.org, kouhei+svg_chromium.org, rwlbuis, Yoav Weiss, krit, gavinp+loader_chromium.org, devtools-reviews_chromium.org, blink-reviews, gyuyoung2, pdr+svgwatchlist_chromium.org, blink-reviews-style_chromium.org, caseq+blink_chromium.org, lushnikov+blink_chromium.org, loading-reviews+fetch_chromium.org, Nate Chapin, Stephen Chennney, tyoshino+watch_chromium.org, pfeldman+blink_chromium.org, f(malita), sergeyv+blink_chromium.org, kozyatinskiy+blink_chromium.org Base URL:
https://chromium.googlesource.com/chromium/src.git@onheap-raw-resource-client Target Ref:
refs/pending/heads/master Project:
chromium Visibility:
Public. |
DescriptionMove ResourceClient to Oilpan heap
Now Resource has its clients as weak members.
BUG=587663
Committed: https://crrev.com/9c3053df29fa90acbd9c2187f94807ff546b0981
Cr-Commit-Position: refs/heads/master@{#415007}
Patch Set 1 #Patch Set 2 : rebase #
Total comments: 17
Patch Set 3 : fix #Patch Set 4 : fix #
Total comments: 1
Patch Set 5 : fix #Patch Set 6 : rebase #
Total comments: 10
Patch Set 7 : rebase #Patch Set 8 : fix #Patch Set 9 : non-buildable #Patch Set 10 : fix #Patch Set 11 : fix #Patch Set 12 : fix #Patch Set 13 : fix #Patch Set 14 : fix #Patch Set 15 : fix #
Total comments: 11
Patch Set 16 : rebase #Patch Set 17 : rebase #Patch Set 18 : rebase #Patch Set 19 : fix #Patch Set 20 : build fix #Messages
Total messages: 169 (130 generated)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...) cast_shell_linux on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/cast_shell_linu...) linux_chromium_compile_dbg_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...) mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...) mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: ios-simulator on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/bui...) ios-simulator-gn on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator-gn/...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Patchset #2 (id:20001) has been deleted
Patchset #2 (id:40001) has been deleted
Patchset #2 (id:60001) has been deleted
Patchset #2 (id:80001) has been deleted
Patchset #2 (id:100001) has been deleted
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...) linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...) chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...) mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
Description was changed from ========== Move ResourceClient to Oilpan heap wip BUG=587663 ========== to ========== Move ResourceClient to Oilpan heap Now Resource has its clients as weak members. BUG=587663 ==========
yhirano@chromium.org changed reviewers: + japhet@chromium.org, oilpan-reviews@chromium.org
Patchset #3 (id:140001) has been deleted
Patchset #2 (id:120001) has been deleted
haraken@chromium.org changed reviewers: + haraken@chromium.org
This is amazing! You're getting pretty close :) https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/ImageResource.cpp (right): https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ImageResource.cpp:47: struct ImageResourceObserverWalker { Shall we add a TODO to replace this with ResourceClientWalker? Also as I commented below, I think we can just remove the walkers if we have copyToVector(HashCountedSet<>). Then the caller site can just copyToVector the hash counted set and iterate the vector. https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:725: if (!hasClient(client)) { Would you help me understand when this can happen? It seems problematic that the client is already removed from the weak hash counted set while you're still holding a reference to the client... https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:820: clientsToNotify.reserveCapacity(m_clientsAwaitingCallback.size()); Can we implement copyToVector for a hash counted set? https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:823: if (client) I don't think this can happen. See my comment below. https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/ResourceClientWalker.h (right): https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ResourceClientWalker.h:37: struct ResourceClientWalker { I'd prefer using a class. (Honestly speaking, I'm not quite sure of the benefit of having the ResourceClientWalker class. The caller sites can just copyToVector the hash counted set and iterate the vector.) https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ResourceClientWalker.h:47: // |client| can be null, as the container holds weak pointers. I guess |client| cannot be null because null-ed entries are automatically removed from the hash counted set.
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_clang on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_clang/builds/...)
https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/ImageResource.cpp (right): https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ImageResource.cpp:47: struct ImageResourceObserverWalker { On 2016/08/02 04:18:06, haraken wrote: > > Shall we add a TODO to replace this with ResourceClientWalker? > > Also as I commented below, I think we can just remove the walkers if we have > copyToVector(HashCountedSet<>). Then the caller site can just copyToVector the > hash counted set and iterate the vector. Thanks, done. https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:725: if (!hasClient(client)) { On 2016/08/02 04:18:06, haraken wrote: > > Would you help me understand when this can happen? It seems problematic that the > client is already removed from the weak hash counted set while you're still > holding a reference to the client... This function can be called from a pre-finalizer (see ResourceOwner). In such a case weak pointers are cleared just before the pre-finalization step. https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:820: clientsToNotify.reserveCapacity(m_clientsAwaitingCallback.size()); On 2016/08/02 04:18:06, haraken wrote: > > Can we implement copyToVector for a hash counted set? We already have it, but as I said in the other place, it's not usable to convert HeapHashCountedSet<WeakMember<T>> to HeapVector<Member<T>>. https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:823: if (client) On 2016/08/02 04:18:06, haraken wrote: > > I don't think this can happen. See my comment below. Done. https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/ResourceClientWalker.h (right): https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ResourceClientWalker.h:37: struct ResourceClientWalker { On 2016/08/02 04:18:06, haraken wrote: > > I'd prefer using a class. > > (Honestly speaking, I'm not quite sure of the benefit of having the > ResourceClientWalker class. The caller sites can just copyToVector the hash > counted set and iterate the vector.) Done. This class is doing two extra conversions: One is WeakMember to Member and another is ResourceClient* to T*. copyToVector can handle neither conversions. https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ResourceClientWalker.h:47: // |client| can be null, as the container holds weak pointers. On 2016/08/02 04:18:06, haraken wrote: > > I guess |client| cannot be null because null-ed entries are automatically > removed from the hash counted set. Done.
https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:725: if (!hasClient(client)) { On 2016/08/03 10:40:28, yhirano wrote: > On 2016/08/02 04:18:06, haraken wrote: > > > > Would you help me understand when this can happen? It seems problematic that > the > > client is already removed from the weak hash counted set while you're still > > holding a reference to the client... > > This function can be called from a pre-finalizer (see ResourceOwner). In such a > case weak pointers are cleared just before the pre-finalization step. Can we avoid calling Resource::removeClient() in the pre-finalizer? Alternately, we can call didRemoveClientOrObserver() in the pre-finalizer. https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:725: if (!hasClient(client)) { On 2016/08/03 10:40:28, yhirano wrote: > On 2016/08/02 04:18:06, haraken wrote: > > > > Would you help me understand when this can happen? It seems problematic that > the > > client is already removed from the weak hash counted set while you're still > > holding a reference to the client... > > This function can be called from a pre-finalizer (see ResourceOwner). In such a > case weak pointers are cleared just before the pre-finalization step. Can you avoid calling Resource::removeClient in the pre-finalizer? You can call didRemoveClientOrObserver() instead.
LGTM! https://codereview.chromium.org/2191633003/diff/200001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/inspector/InspectorResourceContentLoader.cpp (right): https://codereview.chromium.org/2191633003/diff/200001/third_party/WebKit/Sou... third_party/WebKit/Source/core/inspector/InspectorResourceContentLoader.cpp:45: RawResourceClient::trace(visitor); Why change the ordering here?
Sorry for the late response. https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:725: if (!hasClient(client)) { On 2016/08/03 11:11:40, haraken wrote: > On 2016/08/03 10:40:28, yhirano wrote: > > On 2016/08/02 04:18:06, haraken wrote: > > > > > > Would you help me understand when this can happen? It seems problematic that > > the > > > client is already removed from the weak hash counted set while you're still > > > holding a reference to the client... > > > > This function can be called from a pre-finalizer (see ResourceOwner). In such > a > > case weak pointers are cleared just before the pre-finalization step. > > Can you avoid calling Resource::removeClient in the pre-finalizer? You can call > didRemoveClientOrObserver() instead. It's hard because callers generally don't distinguish them. For example, PendingScript::stopWatchingForLoad calls Resource::removeClient and there are 8 callers who call PendingScript::stopWatchingForLoad. At least one of them (ScriptLoader::notifyFinished) can be called as a non-prefinalizer and at least one of them (HTMLScriptRunner::detach) can be called in the prefinalization step.
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
haraken@: ping
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
LGTM https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/ImageResource.cpp (right): https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ImageResource.cpp:50: Vector<T*> asVector(const HashCountedSet<T*>& set) I'd move this helper function to HashCountedSet. https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: // hold clients as weak member. // This code may be called in a pre-finalizer, where weak members in the HashCountedSet are already swept out. In that case, we just need to call didRemoveClientOrObserver(). https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:819: HeapVector<Member<ResourceClient>> clientsToNotify; Can we use the asVector? https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/ResourceClientWalker.h (right): https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ResourceClientWalker.h:37: class ResourceClientWalker { I'd prefer removing this class in a follow-up CL in favor of HashCountedSet.asVector(), just like you did in ImageResource.cpp.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/ImageResource.cpp (right): https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ImageResource.cpp:50: Vector<T*> asVector(const HashCountedSet<T*>& set) On 2016/08/12 10:45:20, haraken wrote: > > I'd move this helper function to HashCountedSet. Done. https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: // hold clients as weak member. On 2016/08/12 10:45:20, haraken wrote: > > // This code may be called in a pre-finalizer, where weak members in the > HashCountedSet are already swept out. In that case, we just need to call > didRemoveClientOrObserver(). Done. https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:819: HeapVector<Member<ResourceClient>> clientsToNotify; On 2016/08/12 10:45:20, haraken wrote: > > Can we use the asVector? Using asVector means making clientsToNotify a HeapVector<WeakMember<ResourceClient>>. I think keeping clientsToNotify's type is more important. https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/ResourceClientWalker.h (right): https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ResourceClientWalker.h:37: class ResourceClientWalker { On 2016/08/12 10:45:20, haraken wrote: > > I'd prefer removing this class in a follow-up CL in favor of > HashCountedSet.asVector(), just like you did in ImageResource.cpp. > > Please see https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou....
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/ResourceClientWalker.h (right): https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ResourceClientWalker.h:37: struct ResourceClientWalker { On 2016/08/03 10:40:28, yhirano wrote: > On 2016/08/02 04:18:06, haraken wrote: > > > > I'd prefer using a class. > > > > (Honestly speaking, I'm not quite sure of the benefit of having the > > ResourceClientWalker class. The caller sites can just copyToVector the hash > > counted set and iterate the vector.) > > Done. > > This class is doing two extra conversions: One is WeakMember to Member and > another is ResourceClient* to T*. copyToVector can handle neither conversions. I'm just curious but why do you need to convert ResourceClient* to T*? Can we avoid the conversion by adding some virtual method on ResourceClient? https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:819: HeapVector<Member<ResourceClient>> clientsToNotify; On 2016/08/16 08:57:24, yhirano wrote: > On 2016/08/12 10:45:20, haraken wrote: > > > > Can we use the asVector? > > Using asVector means making clientsToNotify a > HeapVector<WeakMember<ResourceClient>>. I think keeping clientsToNotify's type > is more important. asVector should convert HeapHashCountedSet<WeakMember> to HeapVector<Member>. Remember that copyToVector is converting HeapHashSet<WeakMember> to HeapVector<Member>. Nit: I'd prefer introducing copyToVector(HeapHashCountedSet<WeakMember/Member>, HeapVector<Member>) to make the type conversion explicit. Then the call site needs to create HeapVector<Member> before calling copyToVector, which makes the type conversion explicit. I'm wondering why you want to keep the type as WeakMembers.
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_asan_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Exceeded global retry quota
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/ResourceClientWalker.h (right): https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/ResourceClientWalker.h:37: struct ResourceClientWalker { On 2016/08/16 11:55:44, haraken wrote: > On 2016/08/03 10:40:28, yhirano wrote: > > On 2016/08/02 04:18:06, haraken wrote: > > > > > > I'd prefer using a class. > > > > > > (Honestly speaking, I'm not quite sure of the benefit of having the > > > ResourceClientWalker class. The caller sites can just copyToVector the hash > > > counted set and iterate the vector.) > > > > Done. > > > > This class is doing two extra conversions: One is WeakMember to Member and > > another is ResourceClient* to T*. copyToVector can handle neither conversions. > > I'm just curious but why do you need to convert ResourceClient* to T*? Can we > avoid the conversion by adding some virtual method on ResourceClient? The right direction would be making each Resource subclass have its ResourceClient. https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:819: HeapVector<Member<ResourceClient>> clientsToNotify; On 2016/08/16 11:55:44, haraken wrote: > On 2016/08/16 08:57:24, yhirano wrote: > > On 2016/08/12 10:45:20, haraken wrote: > > > > > > Can we use the asVector? > > > > Using asVector means making clientsToNotify a > > HeapVector<WeakMember<ResourceClient>>. I think keeping clientsToNotify's type > > is more important. > > asVector should convert HeapHashCountedSet<WeakMember> to HeapVector<Member>. > Remember that copyToVector is converting HeapHashSet<WeakMember> to > HeapVector<Member>. > > Nit: I'd prefer introducing copyToVector(HeapHashCountedSet<WeakMember/Member>, > HeapVector<Member>) to make the type conversion explicit. Then the call site > needs to create HeapVector<Member> before calling copyToVector, which makes the > type conversion explicit. > > I'm wondering why you want to keep the type as WeakMembers. > > > > I think HashCountedSet<T, ...>.asVector() should return Vector<T, ...>. WTF containers don't know about Oilpan, so I feel it confusing if HeapHashCountedSet<T, ...>.asVector() doesn't return Vector<T, ...>. It's possible to introduce a type parameter, like clientsToNotify = m_clientsAwaitingClalback.asVector<HeapVector<Member<ResourceClient>>>(); but it is too verbose. PS11 uses copyToVector.
LGTM On 2016/08/17 08:36:09, yhirano wrote: > https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... > File third_party/WebKit/Source/core/fetch/ResourceClientWalker.h (right): > > https://codereview.chromium.org/2191633003/diff/160001/third_party/WebKit/Sou... > third_party/WebKit/Source/core/fetch/ResourceClientWalker.h:37: struct > ResourceClientWalker { > On 2016/08/16 11:55:44, haraken wrote: > > On 2016/08/03 10:40:28, yhirano wrote: > > > On 2016/08/02 04:18:06, haraken wrote: > > > > > > > > I'd prefer using a class. > > > > > > > > (Honestly speaking, I'm not quite sure of the benefit of having the > > > > ResourceClientWalker class. The caller sites can just copyToVector the > hash > > > > counted set and iterate the vector.) > > > > > > Done. > > > > > > This class is doing two extra conversions: One is WeakMember to Member and > > > another is ResourceClient* to T*. copyToVector can handle neither > conversions. > > > > I'm just curious but why do you need to convert ResourceClient* to T*? Can we > > avoid the conversion by adding some virtual method on ResourceClient? > > The right direction would be making each Resource subclass have its > ResourceClient. > > https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... > File third_party/WebKit/Source/core/fetch/Resource.cpp (right): > > https://codereview.chromium.org/2191633003/diff/240001/third_party/WebKit/Sou... > third_party/WebKit/Source/core/fetch/Resource.cpp:819: > HeapVector<Member<ResourceClient>> clientsToNotify; > On 2016/08/16 11:55:44, haraken wrote: > > On 2016/08/16 08:57:24, yhirano wrote: > > > On 2016/08/12 10:45:20, haraken wrote: > > > > > > > > Can we use the asVector? > > > > > > Using asVector means making clientsToNotify a > > > HeapVector<WeakMember<ResourceClient>>. I think keeping clientsToNotify's > type > > > is more important. > > > > asVector should convert HeapHashCountedSet<WeakMember> to HeapVector<Member>. > > Remember that copyToVector is converting HeapHashSet<WeakMember> to > > HeapVector<Member>. > > > > Nit: I'd prefer introducing > copyToVector(HeapHashCountedSet<WeakMember/Member>, > > HeapVector<Member>) to make the type conversion explicit. Then the call site > > needs to create HeapVector<Member> before calling copyToVector, which makes > the > > type conversion explicit. > > > > I'm wondering why you want to keep the type as WeakMembers. > > > > > > > > > > I think HashCountedSet<T, ...>.asVector() should return Vector<T, ...>. WTF > containers don't know about Oilpan, so I feel it confusing if > HeapHashCountedSet<T, ...>.asVector() doesn't return Vector<T, ...>. > > It's possible to introduce a type parameter, like > > clientsToNotify = > m_clientsAwaitingClalback.asVector<HeapVector<Member<ResourceClient>>>(); > > but it is too verbose. > > PS11 uses copyToVector. My preference was just to use copyToVector in the caller side without introducing a helper function like asVector (it's a well-established pattern in the Blink code base), but this looks fine.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
PS15 introduces Resource::m_isAlive and Resource::isAlive() because we cannot rely on Resource::hasClientsOrObservers() in the pre-finalization step.
https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { I begin to think this is problematic... If Resource and ResoureClient die at the same time, the weak processing doesn't run. However, pre-finalizer runs. Then hasClient() returns true and we end up with executing line 734 - 744. Which should be problematic... :/
https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { On 2016/08/18 08:06:17, haraken wrote: > > I begin to think this is problematic... > > If Resource and ResoureClient die at the same time, the weak processing doesn't > run. However, pre-finalizer runs. Then hasClient() returns true and we end up > with executing line 734 - 744. Which should be problematic... :/ Hmm, I did think the weak processing is executed in such a case... Let me confirm, an entry |e| in a HeapVector<WeakMember<E>> |v| is cleared by the weak processing when |e| is no longer reachable but |v| is still reachable, is that correct?
On 2016/08/18 08:31:53, yhirano wrote: > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > File third_party/WebKit/Source/core/fetch/Resource.cpp (right): > > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { > On 2016/08/18 08:06:17, haraken wrote: > > > > I begin to think this is problematic... > > > > If Resource and ResoureClient die at the same time, the weak processing > doesn't > > run. However, pre-finalizer runs. Then hasClient() returns true and we end up > > with executing line 734 - 744. Which should be problematic... :/ > > Hmm, I did think the weak processing is executed in such a case... > > Let me confirm, an entry |e| in a HeapVector<WeakMember<E>> |v| is cleared by > the weak processing when |e| is no longer reachable but |v| is still reachable, > is that correct? I meant "when and only when"
On 2016/08/18 08:31:53, yhirano wrote: > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > File third_party/WebKit/Source/core/fetch/Resource.cpp (right): > > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { > On 2016/08/18 08:06:17, haraken wrote: > > > > I begin to think this is problematic... > > > > If Resource and ResoureClient die at the same time, the weak processing > doesn't > > run. However, pre-finalizer runs. Then hasClient() returns true and we end up > > with executing line 734 - 744. Which should be problematic... :/ > > Hmm, I did think the weak processing is executed in such a case... > > Let me confirm, an entry |e| in a HeapVector<WeakMember<E>> |v| is cleared by > the weak processing when |e| is no longer reachable but |v| is still reachable, > is that correct? Correct. If you have objects A and B, and A has a WeakMember to B, the weak processing runs when B dies before A.
On 2016/08/18 08:35:12, haraken wrote: > On 2016/08/18 08:31:53, yhirano wrote: > > > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > > File third_party/WebKit/Source/core/fetch/Resource.cpp (right): > > > > > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > > third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) > { > > On 2016/08/18 08:06:17, haraken wrote: > > > > > > I begin to think this is problematic... > > > > > > If Resource and ResoureClient die at the same time, the weak processing > > doesn't > > > run. However, pre-finalizer runs. Then hasClient() returns true and we end > up > > > with executing line 734 - 744. Which should be problematic... :/ > > > > Hmm, I did think the weak processing is executed in such a case... > > > > Let me confirm, an entry |e| in a HeapVector<WeakMember<E>> |v| is cleared by > > the weak processing when |e| is no longer reachable but |v| is still > reachable, > > is that correct? > > Correct. > > If you have objects A and B, and A has a WeakMember to B, the weak processing > runs when B dies before A. Right. s/when/when and only when/.
https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { On 2016/08/18 08:06:17, haraken wrote: > > I begin to think this is problematic... > > If Resource and ResoureClient die at the same time, the weak processing doesn't > run. However, pre-finalizer runs. Then hasClient() returns true and we end up > with executing line 734 - 744. Which should be problematic... :/ What problems do we have in such a case? I think L734-L739 (accessing unreachable heap vectors in a prefinalizer) is safe to process and didRemoveClientOrObserver is called in any case. I'm not so sure about ResourceCallback::cancel but it looks consisting of HeapHashSet operations and CancellableTaskFactory which is not related with Oilpan.
https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { On 2016/08/18 08:53:15, yhirano wrote: > On 2016/08/18 08:06:17, haraken wrote: > > > > I begin to think this is problematic... > > > > If Resource and ResoureClient die at the same time, the weak processing > doesn't > > run. However, pre-finalizer runs. Then hasClient() returns true and we end up > > with executing line 734 - 744. Which should be problematic... :/ > > What problems do we have in such a case? I think L734-L739 (accessing > unreachable heap vectors in a prefinalizer) is safe to process and > didRemoveClientOrObserver is called in any case. > > I'm not so sure about ResourceCallback::cancel but it looks consisting of > HeapHashSet operations and CancellableTaskFactory which is not related with > Oilpan. > > Does it mean that it's always safe to run line 734 - 744 regardless of whether we're in a pre-finalizer or not? Then maybe can we just simply the hasClient() check entirely? https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:765: // This object may be dead here. I think we can now remove this comment because Resource is no longer ref-counted, right?
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
I'm sorry for the late response, I thought I have replied. https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { On 2016/08/18 09:11:01, haraken wrote: > On 2016/08/18 08:53:15, yhirano wrote: > > On 2016/08/18 08:06:17, haraken wrote: > > > > > > I begin to think this is problematic... > > > > > > If Resource and ResoureClient die at the same time, the weak processing > > doesn't > > > run. However, pre-finalizer runs. Then hasClient() returns true and we end > up > > > with executing line 734 - 744. Which should be problematic... :/ > > > > What problems do we have in such a case? I think L734-L739 (accessing > > unreachable heap vectors in a prefinalizer) is safe to process and > > didRemoveClientOrObserver is called in any case. > > > > I'm not so sure about ResourceCallback::cancel but it looks consisting of > > HeapHashSet operations and CancellableTaskFactory which is not related with > > Oilpan. > > > > > > Does it mean that it's always safe to run line 734 - 744 regardless of whether > we're in a pre-finalizer or not? Then maybe can we just simply the hasClient() > check entirely? Even without this change removeClient can be called in the pre-finalization step. What this CL changes is that m_clients (and other heap collections) will be swept automatically just before the pre-finalization step. L734-L744 is not affected by the change because when |client| is swept this branch is taken. https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:765: // This object may be dead here. On 2016/08/18 09:11:01, haraken wrote: > > I think we can now remove this comment because Resource is no longer > ref-counted, right? > Yes, there are many stale comments but I don't want to fix them in this CL.
https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { On 2016/08/26 09:12:16, yhirano wrote: > On 2016/08/18 09:11:01, haraken wrote: > > On 2016/08/18 08:53:15, yhirano wrote: > > > On 2016/08/18 08:06:17, haraken wrote: > > > > > > > > I begin to think this is problematic... > > > > > > > > If Resource and ResoureClient die at the same time, the weak processing > > > doesn't > > > > run. However, pre-finalizer runs. Then hasClient() returns true and we end > > up > > > > with executing line 734 - 744. Which should be problematic... :/ > > > > > > What problems do we have in such a case? I think L734-L739 (accessing > > > unreachable heap vectors in a prefinalizer) is safe to process and > > > didRemoveClientOrObserver is called in any case. > > > > > > I'm not so sure about ResourceCallback::cancel but it looks consisting of > > > HeapHashSet operations and CancellableTaskFactory which is not related with > > > Oilpan. > > > > > > > > > > Does it mean that it's always safe to run line 734 - 744 regardless of whether > > we're in a pre-finalizer or not? Then maybe can we just simply the hasClient() > > check entirely? > > Even without this change removeClient can be called in the pre-finalization > step. What this CL changes is that m_clients (and other heap collections) will > be swept automatically just before the pre-finalization step. L734-L744 is not > affected by the change because when |client| is swept this branch is taken. My question is: Why do we need to have the branch at 727? If Resource and ResourceClient die at the same time, the weak processing doesn't run. Then the pre-finalizer will run line 734 - 744. Hence, line 734 - 744 must be anyway written in a way that doesn't touch any other on-heap objects. If that's the case, we can just unconditionally run line 734 - 744. Hence we don't need the branch at 727.
https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { On 2016/08/26 09:49:29, haraken wrote: > On 2016/08/26 09:12:16, yhirano wrote: > > On 2016/08/18 09:11:01, haraken wrote: > > > On 2016/08/18 08:53:15, yhirano wrote: > > > > On 2016/08/18 08:06:17, haraken wrote: > > > > > > > > > > I begin to think this is problematic... > > > > > > > > > > If Resource and ResoureClient die at the same time, the weak processing > > > > doesn't > > > > > run. However, pre-finalizer runs. Then hasClient() returns true and we > end > > > up > > > > > with executing line 734 - 744. Which should be problematic... :/ > > > > > > > > What problems do we have in such a case? I think L734-L739 (accessing > > > > unreachable heap vectors in a prefinalizer) is safe to process and > > > > didRemoveClientOrObserver is called in any case. > > > > > > > > I'm not so sure about ResourceCallback::cancel but it looks consisting of > > > > HeapHashSet operations and CancellableTaskFactory which is not related > with > > > > Oilpan. > > > > > > > > > > > > > > Does it mean that it's always safe to run line 734 - 744 regardless of > whether > > > we're in a pre-finalizer or not? Then maybe can we just simply the > hasClient() > > > check entirely? > > > > Even without this change removeClient can be called in the pre-finalization > > step. What this CL changes is that m_clients (and other heap collections) will > > be swept automatically just before the pre-finalization step. L734-L744 is not > > affected by the change because when |client| is swept this branch is taken. > > My question is: Why do we need to have the branch at 727? > > If Resource and ResourceClient die at the same time, the weak processing doesn't > run. Then the pre-finalizer will run line 734 - 744. Hence, line 734 - 744 must > be anyway written in a way that doesn't touch any other on-heap objects. If > that's the case, we can just unconditionally run line 734 - 744. Hence we don't > need the branch at 727. > > Because it's possible that a Resource is reachable but all ResourceClients registered are unreachable and hence swept. Imagine a ResourceOwner |o| is registered to a Resource |r| and the memory cache holds |r|. When |o| becomes unreachable, this function will be called in |o|'s pre-finalizer, but |o| is swept from |r->m_clients|. Note that |r| is still reachable via the memory cache.
https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { On 2016/08/26 10:08:55, yhirano wrote: > On 2016/08/26 09:49:29, haraken wrote: > > On 2016/08/26 09:12:16, yhirano wrote: > > > On 2016/08/18 09:11:01, haraken wrote: > > > > On 2016/08/18 08:53:15, yhirano wrote: > > > > > On 2016/08/18 08:06:17, haraken wrote: > > > > > > > > > > > > I begin to think this is problematic... > > > > > > > > > > > > If Resource and ResoureClient die at the same time, the weak > processing > > > > > doesn't > > > > > > run. However, pre-finalizer runs. Then hasClient() returns true and we > > end > > > > up > > > > > > with executing line 734 - 744. Which should be problematic... :/ > > > > > > > > > > What problems do we have in such a case? I think L734-L739 (accessing > > > > > unreachable heap vectors in a prefinalizer) is safe to process and > > > > > didRemoveClientOrObserver is called in any case. > > > > > > > > > > I'm not so sure about ResourceCallback::cancel but it looks consisting > of > > > > > HeapHashSet operations and CancellableTaskFactory which is not related > > with > > > > > Oilpan. > > > > > > > > > > > > > > > > > > Does it mean that it's always safe to run line 734 - 744 regardless of > > whether > > > > we're in a pre-finalizer or not? Then maybe can we just simply the > > hasClient() > > > > check entirely? > > > > > > Even without this change removeClient can be called in the pre-finalization > > > step. What this CL changes is that m_clients (and other heap collections) > will > > > be swept automatically just before the pre-finalization step. L734-L744 is > not > > > affected by the change because when |client| is swept this branch is taken. > > > > My question is: Why do we need to have the branch at 727? > > > > If Resource and ResourceClient die at the same time, the weak processing > doesn't > > run. Then the pre-finalizer will run line 734 - 744. Hence, line 734 - 744 > must > > be anyway written in a way that doesn't touch any other on-heap objects. If > > that's the case, we can just unconditionally run line 734 - 744. Hence we > don't > > need the branch at 727. > > > > > > Because it's possible that a Resource is reachable but all ResourceClients > registered are unreachable and hence swept. Imagine a ResourceOwner |o| is > registered to a Resource |r| and the memory cache holds |r|. When |o| becomes > unreachable, this function will be called in |o|'s pre-finalizer, but |o| is > swept from |r->m_clients|. Note that |r| is still reachable via the memory > cache. It will happen, but what's a problem of running line 734 - 744 then?
https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... File third_party/WebKit/Source/core/fetch/Resource.cpp (right): https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { On 2016/08/26 10:19:51, haraken wrote: > On 2016/08/26 10:08:55, yhirano wrote: > > On 2016/08/26 09:49:29, haraken wrote: > > > On 2016/08/26 09:12:16, yhirano wrote: > > > > On 2016/08/18 09:11:01, haraken wrote: > > > > > On 2016/08/18 08:53:15, yhirano wrote: > > > > > > On 2016/08/18 08:06:17, haraken wrote: > > > > > > > > > > > > > > I begin to think this is problematic... > > > > > > > > > > > > > > If Resource and ResoureClient die at the same time, the weak > > processing > > > > > > doesn't > > > > > > > run. However, pre-finalizer runs. Then hasClient() returns true and > we > > > end > > > > > up > > > > > > > with executing line 734 - 744. Which should be problematic... :/ > > > > > > > > > > > > What problems do we have in such a case? I think L734-L739 (accessing > > > > > > unreachable heap vectors in a prefinalizer) is safe to process and > > > > > > didRemoveClientOrObserver is called in any case. > > > > > > > > > > > > I'm not so sure about ResourceCallback::cancel but it looks consisting > > of > > > > > > HeapHashSet operations and CancellableTaskFactory which is not related > > > with > > > > > > Oilpan. > > > > > > > > > > > > > > > > > > > > > > Does it mean that it's always safe to run line 734 - 744 regardless of > > > whether > > > > > we're in a pre-finalizer or not? Then maybe can we just simply the > > > hasClient() > > > > > check entirely? > > > > > > > > Even without this change removeClient can be called in the > pre-finalization > > > > step. What this CL changes is that m_clients (and other heap collections) > > will > > > > be swept automatically just before the pre-finalization step. L734-L744 is > > not > > > > affected by the change because when |client| is swept this branch is > taken. > > > > > > My question is: Why do we need to have the branch at 727? > > > > > > If Resource and ResourceClient die at the same time, the weak processing > > doesn't > > > run. Then the pre-finalizer will run line 734 - 744. Hence, line 734 - 744 > > must > > > be anyway written in a way that doesn't touch any other on-heap objects. If > > > that's the case, we can just unconditionally run line 734 - 744. Hence we > > don't > > > need the branch at 727. > > > > > > > > > > Because it's possible that a Resource is reachable but all ResourceClients > > registered are unreachable and hence swept. Imagine a ResourceOwner |o| is > > registered to a Resource |r| and the memory cache holds |r|. When |o| becomes > > unreachable, this function will be called in |o|'s pre-finalizer, but |o| is > > swept from |r->m_clients|. Note that |r| is still reachable via the memory > > cache. > > It will happen, but what's a problem of running line 734 - 744 then? Hm, I didn't think of that. It looks safe as HashCountedSet::remove is no-op in such cases.
On 2016/08/26 10:26:12, yhirano wrote: > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > File third_party/WebKit/Source/core/fetch/Resource.cpp (right): > > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) { > On 2016/08/26 10:19:51, haraken wrote: > > On 2016/08/26 10:08:55, yhirano wrote: > > > On 2016/08/26 09:49:29, haraken wrote: > > > > On 2016/08/26 09:12:16, yhirano wrote: > > > > > On 2016/08/18 09:11:01, haraken wrote: > > > > > > On 2016/08/18 08:53:15, yhirano wrote: > > > > > > > On 2016/08/18 08:06:17, haraken wrote: > > > > > > > > > > > > > > > > I begin to think this is problematic... > > > > > > > > > > > > > > > > If Resource and ResoureClient die at the same time, the weak > > > processing > > > > > > > doesn't > > > > > > > > run. However, pre-finalizer runs. Then hasClient() returns true > and > > we > > > > end > > > > > > up > > > > > > > > with executing line 734 - 744. Which should be problematic... :/ > > > > > > > > > > > > > > What problems do we have in such a case? I think L734-L739 > (accessing > > > > > > > unreachable heap vectors in a prefinalizer) is safe to process and > > > > > > > didRemoveClientOrObserver is called in any case. > > > > > > > > > > > > > > I'm not so sure about ResourceCallback::cancel but it looks > consisting > > > of > > > > > > > HeapHashSet operations and CancellableTaskFactory which is not > related > > > > with > > > > > > > Oilpan. > > > > > > > > > > > > > > > > > > > > > > > > > > Does it mean that it's always safe to run line 734 - 744 regardless of > > > > whether > > > > > > we're in a pre-finalizer or not? Then maybe can we just simply the > > > > hasClient() > > > > > > check entirely? > > > > > > > > > > Even without this change removeClient can be called in the > > pre-finalization > > > > > step. What this CL changes is that m_clients (and other heap > collections) > > > will > > > > > be swept automatically just before the pre-finalization step. L734-L744 > is > > > not > > > > > affected by the change because when |client| is swept this branch is > > taken. > > > > > > > > My question is: Why do we need to have the branch at 727? > > > > > > > > If Resource and ResourceClient die at the same time, the weak processing > > > doesn't > > > > run. Then the pre-finalizer will run line 734 - 744. Hence, line 734 - 744 > > > must > > > > be anyway written in a way that doesn't touch any other on-heap objects. > If > > > > that's the case, we can just unconditionally run line 734 - 744. Hence we > > > don't > > > > need the branch at 727. > > > > > > > > > > > > > > Because it's possible that a Resource is reachable but all ResourceClients > > > registered are unreachable and hence swept. Imagine a ResourceOwner |o| is > > > registered to a Resource |r| and the memory cache holds |r|. When |o| > becomes > > > unreachable, this function will be called in |o|'s pre-finalizer, but |o| is > > > swept from |r->m_clients|. Note that |r| is still reachable via the memory > > > cache. > > > > It will happen, but what's a problem of running line 734 - 744 then? > > Hm, I didn't think of that. It looks safe as HashCountedSet::remove is no-op in > such cases. Look at my comment #132. My point is that if it's not safe to run line 734 - 744 unconditionally, it should be problematic.
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
On 2016/08/26 10:29:29, haraken wrote: > On 2016/08/26 10:26:12, yhirano wrote: > > > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > > File third_party/WebKit/Source/core/fetch/Resource.cpp (right): > > > > > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > > third_party/WebKit/Source/core/fetch/Resource.cpp:727: if (!hasClient(client)) > { > > On 2016/08/26 10:19:51, haraken wrote: > > > On 2016/08/26 10:08:55, yhirano wrote: > > > > On 2016/08/26 09:49:29, haraken wrote: > > > > > On 2016/08/26 09:12:16, yhirano wrote: > > > > > > On 2016/08/18 09:11:01, haraken wrote: > > > > > > > On 2016/08/18 08:53:15, yhirano wrote: > > > > > > > > On 2016/08/18 08:06:17, haraken wrote: > > > > > > > > > > > > > > > > > > I begin to think this is problematic... > > > > > > > > > > > > > > > > > > If Resource and ResoureClient die at the same time, the weak > > > > processing > > > > > > > > doesn't > > > > > > > > > run. However, pre-finalizer runs. Then hasClient() returns true > > and > > > we > > > > > end > > > > > > > up > > > > > > > > > with executing line 734 - 744. Which should be problematic... :/ > > > > > > > > > > > > > > > > What problems do we have in such a case? I think L734-L739 > > (accessing > > > > > > > > unreachable heap vectors in a prefinalizer) is safe to process and > > > > > > > > didRemoveClientOrObserver is called in any case. > > > > > > > > > > > > > > > > I'm not so sure about ResourceCallback::cancel but it looks > > consisting > > > > of > > > > > > > > HeapHashSet operations and CancellableTaskFactory which is not > > related > > > > > with > > > > > > > > Oilpan. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Does it mean that it's always safe to run line 734 - 744 regardless > of > > > > > whether > > > > > > > we're in a pre-finalizer or not? Then maybe can we just simply the > > > > > hasClient() > > > > > > > check entirely? > > > > > > > > > > > > Even without this change removeClient can be called in the > > > pre-finalization > > > > > > step. What this CL changes is that m_clients (and other heap > > collections) > > > > will > > > > > > be swept automatically just before the pre-finalization step. > L734-L744 > > is > > > > not > > > > > > affected by the change because when |client| is swept this branch is > > > taken. > > > > > > > > > > My question is: Why do we need to have the branch at 727? > > > > > > > > > > If Resource and ResourceClient die at the same time, the weak processing > > > > doesn't > > > > > run. Then the pre-finalizer will run line 734 - 744. Hence, line 734 - > 744 > > > > must > > > > > be anyway written in a way that doesn't touch any other on-heap objects. > > If > > > > > that's the case, we can just unconditionally run line 734 - 744. Hence > we > > > > don't > > > > > need the branch at 727. > > > > > > > > > > > > > > > > > > Because it's possible that a Resource is reachable but all ResourceClients > > > > registered are unreachable and hence swept. Imagine a ResourceOwner |o| is > > > > registered to a Resource |r| and the memory cache holds |r|. When |o| > > becomes > > > > unreachable, this function will be called in |o|'s pre-finalizer, but |o| > is > > > > swept from |r->m_clients|. Note that |r| is still reachable via the memory > > > > cache. > > > > > > It will happen, but what's a problem of running line 734 - 744 then? > > > > Hm, I didn't think of that. It looks safe as HashCountedSet::remove is no-op > in > > such cases. > > Look at my comment #132. My point is that if it's not safe to run line 734 - 744 > unconditionally, it should be problematic. PS18 removes the branch (it removes the DCHECK from the original code). Waiting for the trybots results.
On 2016/08/26 10:32:56, yhirano wrote: > On 2016/08/26 10:29:29, haraken wrote: > > On 2016/08/26 10:26:12, yhirano wrote: > > > > > > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > > > File third_party/WebKit/Source/core/fetch/Resource.cpp (right): > > > > > > > > > https://codereview.chromium.org/2191633003/diff/420001/third_party/WebKit/Sou... > > > third_party/WebKit/Source/core/fetch/Resource.cpp:727: if > (!hasClient(client)) > > { > > > On 2016/08/26 10:19:51, haraken wrote: > > > > On 2016/08/26 10:08:55, yhirano wrote: > > > > > On 2016/08/26 09:49:29, haraken wrote: > > > > > > On 2016/08/26 09:12:16, yhirano wrote: > > > > > > > On 2016/08/18 09:11:01, haraken wrote: > > > > > > > > On 2016/08/18 08:53:15, yhirano wrote: > > > > > > > > > On 2016/08/18 08:06:17, haraken wrote: > > > > > > > > > > > > > > > > > > > > I begin to think this is problematic... > > > > > > > > > > > > > > > > > > > > If Resource and ResoureClient die at the same time, the weak > > > > > processing > > > > > > > > > doesn't > > > > > > > > > > run. However, pre-finalizer runs. Then hasClient() returns > true > > > and > > > > we > > > > > > end > > > > > > > > up > > > > > > > > > > with executing line 734 - 744. Which should be problematic... > :/ > > > > > > > > > > > > > > > > > > What problems do we have in such a case? I think L734-L739 > > > (accessing > > > > > > > > > unreachable heap vectors in a prefinalizer) is safe to process > and > > > > > > > > > didRemoveClientOrObserver is called in any case. > > > > > > > > > > > > > > > > > > I'm not so sure about ResourceCallback::cancel but it looks > > > consisting > > > > > of > > > > > > > > > HeapHashSet operations and CancellableTaskFactory which is not > > > related > > > > > > with > > > > > > > > > Oilpan. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Does it mean that it's always safe to run line 734 - 744 > regardless > > of > > > > > > whether > > > > > > > > we're in a pre-finalizer or not? Then maybe can we just simply the > > > > > > hasClient() > > > > > > > > check entirely? > > > > > > > > > > > > > > Even without this change removeClient can be called in the > > > > pre-finalization > > > > > > > step. What this CL changes is that m_clients (and other heap > > > collections) > > > > > will > > > > > > > be swept automatically just before the pre-finalization step. > > L734-L744 > > > is > > > > > not > > > > > > > affected by the change because when |client| is swept this branch is > > > > taken. > > > > > > > > > > > > My question is: Why do we need to have the branch at 727? > > > > > > > > > > > > If Resource and ResourceClient die at the same time, the weak > processing > > > > > doesn't > > > > > > run. Then the pre-finalizer will run line 734 - 744. Hence, line 734 - > > 744 > > > > > must > > > > > > be anyway written in a way that doesn't touch any other on-heap > objects. > > > If > > > > > > that's the case, we can just unconditionally run line 734 - 744. Hence > > we > > > > > don't > > > > > > need the branch at 727. > > > > > > > > > > > > > > > > > > > > > > Because it's possible that a Resource is reachable but all > ResourceClients > > > > > registered are unreachable and hence swept. Imagine a ResourceOwner |o| > is > > > > > registered to a Resource |r| and the memory cache holds |r|. When |o| > > > becomes > > > > > unreachable, this function will be called in |o|'s pre-finalizer, but > |o| > > is > > > > > swept from |r->m_clients|. Note that |r| is still reachable via the > memory > > > > > cache. > > > > > > > > It will happen, but what's a problem of running line 734 - 744 then? > > > > > > Hm, I didn't think of that. It looks safe as HashCountedSet::remove is no-op > > in > > > such cases. > > > > Look at my comment #132. My point is that if it's not safe to run line 734 - > 744 > > unconditionally, it should be problematic. > > PS18 removes the branch (it removes the DCHECK from the original code). Waiting > for the trybots results. Thanks, LGTM. Please just double-check that ResourceCallback::callbackHandler().cancel() doesn't touch any on-heap objects.
On 2016/08/26 10:38:14, haraken wrote: (snip) > > Please just double-check that ResourceCallback::callbackHandler().cancel() > doesn't touch any on-heap objects. It sometimes creates an on-heap object. Is it a problem? If so, I'll fix it separately as this CL doesn't change the situation.
On 2016/08/26 11:15:38, yhirano wrote: > On 2016/08/26 10:38:14, haraken wrote: > > (snip) > > > > Please just double-check that ResourceCallback::callbackHandler().cancel() > > doesn't touch any on-heap objects. > > It sometimes creates an on-heap object. Is it a problem? If so, I'll fix it > separately as this CL doesn't change the situation. Yeah, it's not allowed to create an on-heap object during a pre-finalizer. I think it will already hit DCHECK though..
On 2016/08/26 13:20:41, haraken wrote: > On 2016/08/26 11:15:38, yhirano wrote: > > On 2016/08/26 10:38:14, haraken wrote: > > > > (snip) > > > > > > Please just double-check that ResourceCallback::callbackHandler().cancel() > > > doesn't touch any on-heap objects. > > > > It sometimes creates an on-heap object. Is it a problem? If so, I'll fix it > > separately as this CL doesn't change the situation. > > Yeah, it's not allowed to create an on-heap object during a pre-finalizer. I > think it will already hit DCHECK though.. It's a static variable initialization so I think it's very rare if possible. But I can't prove it's impossible.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
On 2016/08/26 13:31:30, yhirano wrote: > On 2016/08/26 13:20:41, haraken wrote: > > On 2016/08/26 11:15:38, yhirano wrote: > > > On 2016/08/26 10:38:14, haraken wrote: > > > > > > (snip) > > > > > > > > Please just double-check that ResourceCallback::callbackHandler().cancel() > > > > doesn't touch any on-heap objects. > > > > > > It sometimes creates an on-heap object. Is it a problem? If so, I'll fix it > > > separately as this CL doesn't change the situation. > > > > Yeah, it's not allowed to create an on-heap object during a pre-finalizer. I > > think it will already hit DCHECK though.. > > It's a static variable initialization so I think it's very rare if possible. But > I can't prove it's impossible. https://codereview.chromium.org/2287483003/
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: cast_shell_android on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/cast_shell_a...)
The CQ bit was checked by yhirano@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by yhirano@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from japhet@chromium.org, haraken@chromium.org Link to the patchset: https://codereview.chromium.org/2191633003/#ps520001 (title: "build fix")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by yhirano@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)
The CQ bit was checked by yhirano@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Description was changed from ========== Move ResourceClient to Oilpan heap Now Resource has its clients as weak members. BUG=587663 ========== to ========== Move ResourceClient to Oilpan heap Now Resource has its clients as weak members. BUG=587663 ==========
Message was sent while issue was closed.
Committed patchset #20 (id:520001)
Message was sent while issue was closed.
Description was changed from ========== Move ResourceClient to Oilpan heap Now Resource has its clients as weak members. BUG=587663 ========== to ========== Move ResourceClient to Oilpan heap Now Resource has its clients as weak members. BUG=587663 Committed: https://crrev.com/9c3053df29fa90acbd9c2187f94807ff546b0981 Cr-Commit-Position: refs/heads/master@{#415007} ==========
Message was sent while issue was closed.
Patchset 20 (id:??) landed as https://crrev.com/9c3053df29fa90acbd9c2187f94807ff546b0981 Cr-Commit-Position: refs/heads/master@{#415007} |