Changeset 202458 in webkit


Ignore:
Timestamp:
Jun 24, 2016 3:52:47 PM (8 years ago)
Author:
commit-queue@webkit.org
Message:

Unreviewed, rolling out r202443.
https://bugs.webkit.org/show_bug.cgi?id=159105

Introduced memory corruption crashes (Requested by ap on
#webkit).

Reverted changeset:

"Web Inspector: CRASH in backend at
Inspector::HeapFrontendDispatcher::garbageCollected + 552 when
closing frontend/inspected page"
https://bugs.webkit.org/show_bug.cgi?id=159075
http://trac.webkit.org/changeset/202443

Location:
trunk/Source/JavaScriptCore
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r202443 r202458  
     12016-06-24  Commit Queue  <commit-queue@webkit.org>
     2
     3        Unreviewed, rolling out r202443.
     4        https://bugs.webkit.org/show_bug.cgi?id=159105
     5
     6        Introduced memory corruption crashes (Requested by ap on
     7        #webkit).
     8
     9        Reverted changeset:
     10
     11        "Web Inspector: CRASH in backend at
     12        Inspector::HeapFrontendDispatcher::garbageCollected + 552 when
     13        closing frontend/inspected page"
     14        https://bugs.webkit.org/show_bug.cgi?id=159075
     15        http://trac.webkit.org/changeset/202443
     16
    1172016-06-24  Brian Burg  <bburg@apple.com>
    218

  • trunk/Source/JavaScriptCore/inspector/agents/InspectorHeapAgent.cpp

    r202443 r202458  
    4040namespace Inspector {
    4141
    42 class SendGarbageCollectionEventsTask {
    43 public:
    44     SendGarbageCollectionEventsTask(HeapFrontendDispatcher&);
    45     void addGarbageCollection(RefPtr<Inspector::Protocol::Heap::GarbageCollection>&&);
    46     void reset();
    47 private:
    48     void timerFired();
    49 
    50     HeapFrontendDispatcher& m_frontendDispatcher;
    51     Vector<RefPtr<Inspector::Protocol::Heap::GarbageCollection>> m_garbageCollections;
    52     RunLoop::Timer<SendGarbageCollectionEventsTask> m_timer;
    53 };
    54 
    55 SendGarbageCollectionEventsTask::SendGarbageCollectionEventsTask(HeapFrontendDispatcher& frontendDispatcher)
    56     : m_frontendDispatcher(frontendDispatcher)
    57     , m_timer(RunLoop::current(), this, &SendGarbageCollectionEventsTask::timerFired)
    58 {
    59 }
    60 
    61 void SendGarbageCollectionEventsTask::addGarbageCollection(RefPtr<Inspector::Protocol::Heap::GarbageCollection>&& garbageCollection)
    62 {
    63     m_garbageCollections.append(WTFMove(garbageCollection));
    64 
    65     if (!m_timer.isActive())
    66         m_timer.startOneShot(0);
    67 }
    68 
    69 void SendGarbageCollectionEventsTask::reset()
    70 {
    71     m_timer.stop();
    72     m_garbageCollections.clear();
    73 }
    74 
    75 void SendGarbageCollectionEventsTask::timerFired()
    76 {
    77     // The timer is stopped on agent destruction, so this method will never be called after agent has been destroyed.
    78     for (auto& event : m_garbageCollections)
    79         m_frontendDispatcher.garbageCollected(event);
    80 
    81     m_garbageCollections.clear();
    82 }
    83 
    8442InspectorHeapAgent::InspectorHeapAgent(AgentContext& context)
    8543    : InspectorAgentBase(ASCIILiteral("Heap"))
     
    8846    , m_backendDispatcher(HeapBackendDispatcher::create(context.backendDispatcher, this))
    8947    , m_environment(context.environment)
    90     , m_sendGarbageCollectionEventsTask(std::make_unique<SendGarbageCollectionEventsTask>(*m_frontendDispatcher))
    9148{
    9249}
     
    9451InspectorHeapAgent::~InspectorHeapAgent()
    9552{
    96     m_sendGarbageCollectionEventsTask->reset();
    9753}
    9854
     
    12682
    12783    m_environment.vm().heap.removeObserver(this);
    128     m_sendGarbageCollectionEventsTask->reset();
    12984
    13085    clearHeapSnapshots();
     
    322277    // FIXME: Include number of bytes freed by collection.
    323278
     279    double startTime = m_gcStartTime;
     280    double endTime = m_environment.executionStopwatch()->elapsedTime();
     281
    324282    // Dispatch the event asynchronously because this method may be
    325283    // called between collection and sweeping and we don't want to
     
    329287    // VM as the inspected page.
    330288
    331     m_sendGarbageCollectionEventsTask->addGarbageCollection(Inspector::Protocol::Heap::GarbageCollection::create()
    332         .setType(protocolTypeForHeapOperation(operation))
    333         .setStartTime(m_gcStartTime)
    334         .setEndTime(m_environment.executionStopwatch()->elapsedTime())
    335         .release());
     289    RunLoop::current().dispatch([this, startTime, endTime, operation]() {
     290        auto collection = Inspector::Protocol::Heap::GarbageCollection::create()
     291            .setType(protocolTypeForHeapOperation(operation))
     292            .setStartTime(startTime)
     293            .setEndTime(endTime)
     294            .release();
     295
     296        m_frontendDispatcher->garbageCollected(WTFMove(collection));
     297    });
    336298
    337299    m_gcStartTime = NAN;

  • trunk/Source/JavaScriptCore/inspector/agents/InspectorHeapAgent.h

    r202443 r202458  
    3838
    3939class InjectedScriptManager;
    40 class SendGarbageCollectionEventsTask;
    4140typedef String ErrorString;
    4241
     
    7574    InspectorEnvironment& m_environment;
    7675
    77     std::unique_ptr<SendGarbageCollectionEventsTask> m_sendGarbageCollectionEventsTask;
    78 
    7976    bool m_enabled { false };
    8077    bool m_tracking { false };
Note: See TracChangeset for help on using the changeset viewer.