Changeset 144527 in webkit

Timestamp:

Mar 1, 2013 9:23:18 PM (11 years ago)

Author:

loislo@chromium.org

Message:

Web Inspector: Native Memory Instrumentation: do not visit raw pointers by default.
​https://bugs.webkit.org/show_bug.cgi?id=110943

Reviewed by Yury Semikhatsky.

Unfortunately in many cases raw pointer may point to an object that has been deleted.
There is no working solution to solve this problem in general.
It could be solved only on case by case basis.

Source/WebCore:

• inspector/HeapGraphSerializer.cpp:

(WebCore::HeapGraphSerializer::HeapGraphSerializer):
(WebCore::HeapGraphSerializer::reportLeaf):

• loader/cache/MemoryCache.cpp:

(WebCore::MemoryCache::reportMemoryUsage):

• platform/graphics/BitmapImage.cpp:

(WebCore::FrameData::reportMemoryUsage):

• platform/graphics/skia/MemoryInstrumentationSkia.cpp:

(reportMemoryUsage):

Source/WTF:

• wtf/MemoryInstrumentation.h:

(WTF::MemoryInstrumentation::addObject):
(WTF::MemoryInstrumentation::MemberTypeTraits::addObject):
(WTF::MemoryClassInfo::addMember):
(WTF::MemoryInstrumentation::addObjectImpl):

• wtf/MemoryInstrumentationString.h:

(WTF::reportMemoryUsage):

Tools:

• TestWebKitAPI/Tests/WTF/MemoryInstrumentationTest.cpp:
• TestWebKitAPI/Tests/WebCore/HeapGraphSerializerTest.cpp:

(TestWebKitAPI::TEST):

Location:

trunk

Files:

• Source/WTF/ChangeLog (modified) (1 diff)
• Source/WTF/wtf/MemoryInstrumentation.h (modified) (8 diffs)
• Source/WTF/wtf/MemoryInstrumentationString.h (modified) (3 diffs)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/inspector/HeapGraphSerializer.cpp (modified) (2 diffs)
• Source/WebCore/loader/cache/MemoryCache.cpp (modified) (1 diff)
• Source/WebCore/platform/graphics/BitmapImage.cpp (modified) (1 diff)
• Source/WebCore/platform/graphics/skia/MemoryInstrumentationSkia.cpp (modified) (2 diffs)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WTF/MemoryInstrumentationTest.cpp (modified) (15 diffs)
• Tools/TestWebKitAPI/Tests/WebCore/HeapGraphSerializerTest.cpp (modified) (2 diffs)

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2013-03-01  Ilya Tikhonovsky  <loislo@chromium.org>
+
+        Web Inspector: Native Memory Instrumentation: do not visit raw pointers by default.
+        https://bugs.webkit.org/show_bug.cgi?id=110943
+
+        Reviewed by Yury Semikhatsky.
+
+        Unfortunately in many cases raw pointer may point to an object that has been deleted.
+        There is no working solution to solve this problem in general.
+        It could be solved only on case by case basis.
+
+        * wtf/MemoryInstrumentation.h:
+        (WTF::MemoryInstrumentation::addObject):
+        (WTF::MemoryInstrumentation::MemberTypeTraits::addObject):
+        (WTF::MemoryClassInfo::addMember):
+        (WTF::MemoryInstrumentation::addObjectImpl):
+        * wtf/MemoryInstrumentationString.h:
+        (WTF::reportMemoryUsage):
+
 2013-03-01  Eric Seidel  <eric@webkit.org>
 

trunk/Source/WTF/wtf/MemoryInstrumentation.h

@@ -49 +49 @@
     PointerMember,
     ReferenceMember,
-    OwnPtrMember,
-    RefPtrMember,
+    RetainingPointer,
     LastMemberTypeEntry
 };
@@ -168 +167 @@
     };
 
-    template<typename T> void addObject(const T& t, MemoryObjectInfo* ownerObjectInfo, const char* edgeName) { MemberTypeTraits<T>::addObject(this, t, ownerObjectInfo, edgeName); }
+    template<typename T> void addObject(const T& t, MemoryObjectInfo* ownerObjectInfo, const char* edgeName, MemberType memberType)
+    {
+        MemberTypeTraits<T>::addObject(this, t, ownerObjectInfo, edgeName, memberType);
+    }
     void addRawBuffer(const void* buffer, MemoryObjectType ownerObjectType, size_t size, const char* className = 0, const char* edgeName = 0)
     {
@@ -180 +182 @@
     template<typename T>
     struct MemberTypeTraits { // Default ReferenceMember implementation.
-        static void addObject(MemoryInstrumentation* instrumentation, const T& t, MemoryObjectInfo* ownerObjectInfo, const char* edgeName)
+        static void addObject(MemoryInstrumentation* instrumentation, const T& t, MemoryObjectInfo* ownerObjectInfo, const char* edgeName, MemberType)
         {
             instrumentation->addObjectImpl(&t, ownerObjectInfo, ReferenceMember, edgeName);
@@ -193 +195 @@
     template<typename T>
     struct MemberTypeTraits<T*> { // Custom PointerMember implementation.
-        static void addObject(MemoryInstrumentation* instrumentation, const T* const& t, MemoryObjectInfo* ownerObjectInfo, const char* edgeName)
+        static void addObject(MemoryInstrumentation* instrumentation, const T* const& t, MemoryObjectInfo* ownerObjectInfo, const char* edgeName, MemberType memberType)
         {
-            instrumentation->addObjectImpl(t, ownerObjectInfo, PointerMember, edgeName);
+            instrumentation->addObjectImpl(t, ownerObjectInfo, memberType != LastMemberTypeEntry ? memberType : PointerMember, edgeName);
         }
 
@@ -238 +240 @@
     }
 
-    template<typename M> void addMember(const M& member, const char* edgeName = 0)
+    template<typename M> void addMember(const M& member, const char* edgeName = 0, MemberType memberType = LastMemberTypeEntry)
     {
         if (!m_skipMembers)
-            m_memoryInstrumentation->addObject(member, m_memoryObjectInfo, edgeName);
+            m_memoryInstrumentation->addObject(member, m_memoryObjectInfo, edgeName, memberType);
     }
 
@@ -285 +287 @@
 void MemoryInstrumentation::addObjectImpl(const T* object, MemoryObjectInfo* ownerObjectInfo, MemberType memberType, const char* edgeName)
 {
+    if (memberType == PointerMember)
+        return;
     if (memberType == ReferenceMember)
         reportMemoryUsage(object, ownerObjectInfo);
@@ -302 +306 @@
     if (memberType == PointerMember && !visited(object))
         countObjectSize(object, getObjectType(ownerObjectInfo), sizeof(*object));
-    addObjectImpl(object->get(), ownerObjectInfo, OwnPtrMember, edgeName);
+    addObjectImpl(object->get(), ownerObjectInfo, RetainingPointer, edgeName);
 }
 
@@ -310 +314 @@
     if (memberType == PointerMember && !visited(object))
         countObjectSize(object, getObjectType(ownerObjectInfo), sizeof(*object));
-    addObjectImpl(object->get(), ownerObjectInfo, RefPtrMember, edgeName);
+    addObjectImpl(object->get(), ownerObjectInfo, RetainingPointer, edgeName);
 }
 

trunk/Source/WTF/wtf/MemoryInstrumentationString.h

@@ -55 +55 @@
 
     if (StringImpl* baseString = stringImpl->baseString())
-        info.addMember(baseString, "baseString");
+        info.addMember(baseString, "baseString", RetainingPointer);
     else {
         if (stringImpl->hasOwnedBuffer())
@@ -68 +68 @@
 {
     MemoryClassInfo info(memoryObjectInfo, string);
-    info.addMember(string->impl(), "stringImpl");
+    info.addMember(string->impl(), "stringImpl", RetainingPointer);
 }
 
@@ -85 +85 @@
 {
     MemoryClassInfo info(memoryObjectInfo, cString);
-    info.addMember(cString->buffer(), "buffer");
+    info.addMember(cString->buffer(), "buffer", RetainingPointer);
 }
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-03-01  Ilya Tikhonovsky  <loislo@chromium.org>
+
+        Web Inspector: Native Memory Instrumentation: do not visit raw pointers by default.
+        https://bugs.webkit.org/show_bug.cgi?id=110943
+
+        Reviewed by Yury Semikhatsky.
+
+        Unfortunately in many cases raw pointer may point to an object that has been deleted.
+        There is no working solution to solve this problem in general.
+        It could be solved only on case by case basis.
+
+        * inspector/HeapGraphSerializer.cpp:
+        (WebCore::HeapGraphSerializer::HeapGraphSerializer):
+        (WebCore::HeapGraphSerializer::reportLeaf):
+        * loader/cache/MemoryCache.cpp:
+        (WebCore::MemoryCache::reportMemoryUsage):
+        * platform/graphics/BitmapImage.cpp:
+        (WebCore::FrameData::reportMemoryUsage):
+        * platform/graphics/skia/MemoryInstrumentationSkia.cpp:
+        (reportMemoryUsage):
+
 2013-03-01  Kentaro Hara  <haraken@chromium.org>
 

trunk/Source/WebCore/inspector/HeapGraphSerializer.cpp

@@ -60 +60 @@
 
     m_edgeTypes[WTF::PointerMember] = registerTypeString("weak");
-    m_edgeTypes[WTF::OwnPtrMember] = m_edgeTypes[WTF::RefPtrMember] = registerTypeString("property");
+    m_edgeTypes[WTF::RetainingPointer] = registerTypeString("property");
 
     // FIXME: It is used as a magic constant for 'object' node type.
@@ -149 +149 @@
 {
     int nodeId = reportNodeImpl(info, 0);
-    reportEdgeImpl(nodeId, edgeName, m_edgeTypes[WTF::OwnPtrMember]);
+    reportEdgeImpl(nodeId, edgeName, m_edgeTypes[WTF::RetainingPointer]);
     pushUpdateIfNeeded();
 }

trunk/Source/WebCore/loader/cache/MemoryCache.cpp

@@ -801 +801 @@
     info.addMember(m_allResources, "allResources");
     info.addMember(m_liveDecodedResources, "liveDecodedResources");
+#if !ENABLE(CACHE_PARTITIONING)
+    for (CachedResourceMap::const_iterator i = m_resources.begin(); i != m_resources.end(); ++i)
+        info.addMember(i->value, "cachedResourceItem", WTF::RetainingPointer);
+#endif
 }
 

trunk/Source/WebCore/platform/graphics/BitmapImage.cpp

@@ -592 +592 @@
     info.addRawBuffer(m_frame.get(), m_frameBytes, "NativeImage", "frame");
 #elif USE(SKIA)
-    info.addMember(m_frame, "frame");
+    info.addMember(m_frame, "frame", WTF::RetainingPointer);
 #else
     info.addRawBuffer(m_frame, m_frameBytes, "NativeImage", "frame");

trunk/Source/WebCore/platform/graphics/skia/MemoryInstrumentationSkia.cpp

@@ -52 +52 @@
 {
     WTF::MemoryClassInfo info(memoryObjectInfo, device);
-    info.addMember(const_cast<SkDevice*>(device)->accessBitmap(false), "bitmap");
+    info.addMember(const_cast<SkDevice*>(device)->accessBitmap(false), "bitmap", WTF::RetainingPointer);
 }
 
@@ -58 +58 @@
 {
     WTF::MemoryClassInfo info(memoryObjectInfo, canvas);
-    info.addMember(canvas->getDevice(), "canvas");
+    info.addMember(canvas->getDevice(), "canvas", WTF::RetainingPointer);
 }

trunk/Tools/ChangeLog

@@ +1 @@
+2013-03-01  Ilya Tikhonovsky  <loislo@chromium.org>
+
+        Web Inspector: Native Memory Instrumentation: do not visit raw pointers by default.
+        https://bugs.webkit.org/show_bug.cgi?id=110943
+
+        Reviewed by Yury Semikhatsky.
+
+        Unfortunately in many cases raw pointer may point to an object that has been deleted.
+        There is no working solution to solve this problem in general.
+        It could be solved only on case by case basis.
+
+        * TestWebKitAPI/Tests/WTF/MemoryInstrumentationTest.cpp:
+        * TestWebKitAPI/Tests/WebCore/HeapGraphSerializerTest.cpp:
+        (TestWebKitAPI::TEST):
+
 2013-03-01  Jason Anderssen  <janderssen@gmail.com>
 

trunk/Tools/TestWebKitAPI/Tests/WTF/MemoryInstrumentationTest.cpp

@@ -90 +90 @@
         m_links[WTF::PointerMember] = 0;
         m_links[WTF::ReferenceMember] = 0;
-        m_links[WTF::RefPtrMember] = 0;
-        m_links[WTF::OwnPtrMember] = 0;
+        m_links[WTF::RetainingPointer] = 0;
     }
 
@@ -109 +108 @@
     virtual void reportLeaf(const MemoryObjectInfo&, const char*) OVERRIDE
     {
-        ++m_links[WTF::OwnPtrMember];
+        ++m_links[WTF::RetainingPointer];
     }
     virtual void reportBaseAddress(const void*, const void*) OVERRIDE { }
@@ -197 +196 @@
         MemoryClassInfo info(memoryObjectInfo, this, TestType);
         memoryObjectInfo->setClassName("Instrumented");
-        info.addMember(m_notInstrumented, "m_notInstrumented");
+        info.addMember(m_notInstrumented, "m_notInstrumented", WTF::RetainingPointer);
     }
 
@@ -216 +215 @@
     EXPECT_EQ(sizeof(NotInstrumented), helper.reportedSizeForAllTypes());
     EXPECT_EQ(1u, helper.visitedObjects());
-    EXPECT_EQ(1u, helper.linksCount(WTF::PointerMember));
+    EXPECT_EQ(1u, helper.linksCount(WTF::RetainingPointer));
 }
 
@@ -226 +225 @@
     EXPECT_EQ(0u, helper.reportedSizeForAllTypes());
     EXPECT_EQ(0u, helper.visitedObjects());
-    EXPECT_EQ(0u, helper.linksCount(WTF::PointerMember));
+    EXPECT_EQ(0u, helper.linksCount(WTF::RetainingPointer));
 }
 
@@ -237 +236 @@
         EXPECT_EQ(sizeof(Instrumented) + sizeof(NotInstrumented), helper.reportedSizeForAllTypes());
         EXPECT_EQ(2u, helper.visitedObjects());
-        EXPECT_EQ(1u, helper.linksCount(WTF::PointerMember));
+        EXPECT_EQ(1u, helper.linksCount(WTF::RetainingPointer));
     }
     {
@@ -245 +244 @@
         EXPECT_EQ(sizeof(NotInstrumented), helper.reportedSizeForAllTypes());
         EXPECT_EQ(1u, helper.visitedObjects());
-        EXPECT_EQ(1u, helper.linksCount(WTF::PointerMember));
+        EXPECT_EQ(1u, helper.linksCount(WTF::RetainingPointer));
     }
 }
@@ -269 +268 @@
     EXPECT_EQ(2u * sizeof(NotInstrumented), helper.reportedSizeForAllTypes());
     EXPECT_EQ(2u, helper.visitedObjects());
-    EXPECT_EQ(1u, helper.linksCount(WTF::OwnPtrMember));
-    EXPECT_EQ(1u, helper.linksCount(WTF::PointerMember));
+    EXPECT_EQ(2u, helper.linksCount(WTF::RetainingPointer));
 }
 
@@ -335 +333 @@
     {
         MemoryClassInfo info(memoryObjectInfo, this, TestType);
-        info.addMember(m_value);
+        info.addMember(m_value, "value", WTF::RetainingPointer);
     }
 
@@ -650 +648 @@
 }
 
+class InstrumentedRefCounted : public RefCounted<InstrumentedRefCounted> {
+public:
+    InstrumentedRefCounted() : m_notInstrumented(new NotInstrumented) { }
+    ~InstrumentedRefCounted() { delete m_notInstrumented; }
+    
+    void reportMemoryUsage(MemoryObjectInfo* memoryObjectInfo) const
+    {
+        MemoryClassInfo info(memoryObjectInfo, this, TestType);
+        info.addMember(m_notInstrumented, "m_notInstrumented", WTF::RetainingPointer);
+    }
+private:
+    NotInstrumented* m_notInstrumented;
+};
+
 TEST(MemoryInstrumentationTest, hashMapWithInstrumentedPointerKeysAndPointerValues)
 {
     InstrumentationTestHelper helper;
 
-    typedef HashMap<Instrumented*, Instrumented*> InstrumentedToInstrumentedMap;
+    typedef HashMap<RefPtr<InstrumentedRefCounted>, RefPtr<InstrumentedRefCounted> > InstrumentedToInstrumentedMap;
     OwnPtr<InstrumentedToInstrumentedMap> value(adoptPtr(new InstrumentedToInstrumentedMap()));
-    Vector<OwnPtr<Instrumented> > valuesVector;
     size_t count = 10;
-    for (size_t i = 0; i < count; ++i) {
-        valuesVector.append(adoptPtr(new Instrumented()));
-        valuesVector.append(adoptPtr(new Instrumented()));
-        value->set(valuesVector[2 * i].get(), valuesVector[2 * i + 1].get());
-    }
+    for (size_t i = 0; i < count; ++i)
+        value->set(adoptRef(new InstrumentedRefCounted()), adoptRef(new InstrumentedRefCounted()));
     InstrumentedOwner<InstrumentedToInstrumentedMap* > root(value.get());
     helper.addRootObject(root);
-    EXPECT_EQ(sizeof(InstrumentedToInstrumentedMap) + sizeof(InstrumentedToInstrumentedMap::ValueType) * value->capacity() + 2 * (sizeof(Instrumented) + sizeof(NotInstrumented)) * value->size(), helper.reportedSizeForAllTypes());
+    EXPECT_EQ(sizeof(InstrumentedToInstrumentedMap)
+        + sizeof(InstrumentedToInstrumentedMap::ValueType) * value->capacity()
+        + 2 * (sizeof(InstrumentedRefCounted) + sizeof(NotInstrumented)) * value->size(),
+        helper.reportedSizeForAllTypes());
     EXPECT_EQ(2u * 2u * count + 1, helper.visitedObjects());
 }
@@ -706 +717 @@
 }
 
-class InstrumentedConvertibleToInt {
-public:
-    InstrumentedConvertibleToInt() : m_notInstrumented(0) { }
-    virtual ~InstrumentedConvertibleToInt() { }
+class InstrumentedConvertibleToInt : public RefCounted<InstrumentedConvertibleToInt> {
+public:
+    InstrumentedConvertibleToInt() : m_notInstrumented(new NotInstrumented) { }
+    virtual ~InstrumentedConvertibleToInt() { delete m_notInstrumented; }
 
     virtual void reportMemoryUsage(MemoryObjectInfo* memoryObjectInfo) const
@@ -730 +741 @@
     InstrumentationTestHelper helper;
 
-    typedef HashMap<InstrumentedConvertibleToInt*, InstrumentedConvertibleToInt> TestMap;
+    typedef HashMap<RefPtr<InstrumentedConvertibleToInt>, int> TestMap;
     OwnPtr<TestMap> value(adoptPtr(new TestMap()));
-    Vector<OwnPtr<InstrumentedConvertibleToInt> > keysVector;
-    Vector<OwnPtr<NotInstrumented> > valuesVector;
     size_t count = 10;
-    for (size_t i = 0; i < count; ++i) {
-        keysVector.append(adoptPtr(new InstrumentedConvertibleToInt()));
-        valuesVector.append(adoptPtr(new NotInstrumented()));
-        value->set(keysVector[i].get(), InstrumentedConvertibleToInt()).iterator->value.m_notInstrumented = valuesVector[i].get();
-    }
+    for (size_t i = 0; i < count; ++i)
+        value->set(adoptRef(new InstrumentedConvertibleToInt()), 0);
     InstrumentedOwner<TestMap* > root(value.get());
     helper.addRootObject(root);
@@ -758 +764 @@
     InstrumentedOwner<EnumToStringMap* > root(value.get());
     helper.addRootObject(root);
-    EXPECT_EQ(sizeof(EnumToStringMap) + sizeof(EnumToStringMap::ValueType) * value->capacity() + (sizeof(StringImpl) + 1) * value->size(), helper.reportedSizeForAllTypes());
+    EXPECT_EQ(sizeof(EnumToStringMap)
+        + sizeof(EnumToStringMap::ValueType) * value->capacity()
+        + (sizeof(StringImpl) + 1) * value->size(),
+        helper.reportedSizeForAllTypes());
     EXPECT_EQ(count + 1, helper.visitedObjects());
 }
@@ -766 +775 @@
     InstrumentationTestHelper helper;
 
-    typedef HashCountedSet<Instrumented*> TestSet;
+    typedef HashCountedSet<RefPtr<InstrumentedRefCounted> > TestSet;
     OwnPtr<TestSet> set(adoptPtr(new TestSet()));
-    Vector<OwnPtr<Instrumented> > keysVector;
     size_t count = 10;
     for (size_t i = 0; i < count; ++i) {
-        keysVector.append(adoptPtr(new Instrumented()));
+        RefPtr<InstrumentedRefCounted> instrumentedRefCounted = adoptRef(new InstrumentedRefCounted());
         for (size_t j = 0; j <= i; j++)
-            set->add(keysVector.last().get());
+            set->add(instrumentedRefCounted);
     }
     InstrumentedOwner<TestSet* > root(set.get());
     helper.addRootObject(root);
-    EXPECT_EQ(sizeof(TestSet) + sizeof(HashMap<Instrumented*, unsigned>::ValueType) * set->capacity() + (sizeof(Instrumented) + sizeof(NotInstrumented))  * set->size(), helper.reportedSizeForAllTypes());
+    EXPECT_EQ(sizeof(TestSet)
+        + sizeof(HashMap<RefPtr<InstrumentedRefCounted>, unsigned>::ValueType) * set->capacity()
+        + (sizeof(InstrumentedRefCounted) + sizeof(NotInstrumented))  * set->size(),
+        helper.reportedSizeForAllTypes());
     EXPECT_EQ(2u * count + 1, helper.visitedObjects());
 }
@@ -790 +801 @@
     EXPECT_EQ(sizeof(int) * 1000 + sizeof(ArrayBuffer), helper.reportedSizeForAllTypes());
     EXPECT_EQ(2u, helper.visitedObjects());
-    EXPECT_EQ(1u, helper.linksCount(WTF::RefPtrMember));
+    EXPECT_EQ(2u, helper.linksCount(WTF::RetainingPointer));
 }
 

trunk/Tools/TestWebKitAPI/Tests/WebCore/HeapGraphSerializerTest.cpp

@@ -249 +249 @@
     Helper helper(receiver.serializer());
     void* childObject = helper.addNode("Child", "child", false);
-    helper.addEdge(childObject, "pointerToChild", WTF::OwnPtrMember);
+    helper.addEdge(childObject, "pointerToChild", WTF::RetainingPointer);
     helper.addNode("Parent", "parent", true);
     helper.done();
@@ -286 +286 @@
     receiver.printGraph();
     EXPECT_EQ(String("[6,0,1,0,0,5,0,4,0,3,9,0,3,0,0,9,0,2,0,0,10,0,5,0,1]"), receiver.dumpNodes());
-    EXPECT_EQ(String("[2,7,1,1,8,2,1,8,3,1,0,4]"), receiver.dumpEdges());
+    EXPECT_EQ(String("[2,7,1,2,8,2,2,8,3,1,0,4]"), receiver.dumpEdges());
     EXPECT_EQ(String("[]"), receiver.dumpBaseToRealNodeId());
 }