Closed Bug 226692 Opened 21 years ago Closed 21 years ago

[FIXr]mXBLDocInfoWeak (on nsXBLPrototypeBinding) could probably just be a raw ptr

Categories

(Core :: XBL, defect, P1)

Product:
Core
Component:
XBL
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.7alpha

People

(Reporter: bzbarsky, Assigned: bzbarsky)

References

Details

Attachments

(1 file, 1 obsolete file)

Proposed fix
17.02 KB, patch
timeless
: review+
bryner
: superreview+
brendan
: approval1.7a+
Details | Diff | Splinter Review
As it is, the code assumes that it'll be non-null (the retval of GetXBLDocumentInfo is not really checked). I don't see any circumstances under which it could really become null, short of someone holding on to prototype bindings or bindings outside XBL past document info destruction and then trying to do something with them...
Surprise. We're seeing a crash in GKLAYOUT on the GCC OS/2 build. In particular here: http://lxr.mozilla.org/seamonkey/source/content/xbl/src/nsXBLPrototypeBinding.cpp#332 332 nsCOMPtr<nsIXBLDocumentInfo> info = GetXBLDocumentInfo(nsnull); 333 334 return info->DocumentURI(); info is null.... This is after going to a particular preference page, changing a preference and clicking OK.
Attached patch Patch to work around crash (obsolete) — Splinter Review
Here's what the patch looks like that works around the crash. I had to null check in two places.
mkaply, which preference page and which preference? That function should never be returning null (or we need to rename it back and fix all its callers to null-check (which they currently do not)).
Here's the scenario (it seems to happen mostly with a new profile) Go to preferences->Debug->Networking Change Diretcory Listing format from HTML to XUL. Then click OK. On the OS/2 GCC build, we then crash. Doesn't happen on the OS/2 VACPP build. I can't figure out why this would be compiler specific, except GCC is more sensitive about uninitialized variables.
Ok, thanks. I'll try to debug that when I get back (3 weeks or so). Either I will need to change some teardown order somewhere, or the ownership model here will change.
I thought about this some more, and it's safest to change the ownership model as follows: 1) nsXBLDocumentInfo holds strong refs to the prototype bindings via mBindingTable 2) The prototype bindings hold strong refs to the nsXBLDocumentInfo 3) nsXBLDocumentInfo::Release checks whether the new refcount is equal to the number of objects in mBindingTable; if it is, it clears mBindingTable. That should make sure things stay alive for the right length of time, and shouldn't leak.
I have a simpler model that I've implemented in Safari. The simplification could be applied to Gecko. (1) Instead of having an nsXBLDocInfo object in Safari, I just made an XBLDocument class that subclasses XMLDocument. The XBLDocument is reference-counted. (2) A memory cache can addref the XBLDocument to pin it. This would be somewhat analogous to Gecko's chrome cache (which would cache XBL documents). (3) The XBLDocument owns all the prototype bindings. The prototype bindings are not reference counted. They die when the XBLDocument dies. (4) XBLBindings (real bindings, not prototypes) then add refs to the XBLDocument. With this model, prototype bindings needn't be reference counted, and the XBLDocument can be pulled out of a memory cache safely even if XBL bindings are still referencing the document.
Blocks: 228730
Attached patch Proposed fixSplinter Review
This is more or less hyatt's suggestion, except I kept nsIXBLDocumentInfo, since we have no sane way to create different document types based on root namespace. So the model this patch implents is: 1) nsXLBDocumentInfo owns all prototype bindings and deletes them in its destructor 2) Everyone else just has weak refs to prototype bindings 3) nsXBLBinding holds a weak ref to the proto binding and a strong ref to the document info 4) The document info is what's stored in the chrome cache.
Attachment #137262 - Attachment is obsolete: true
Comment on attachment 140790 [details] [diff] [review] Proposed fix Thoughts? mkaply, does this fix your crash?
Attachment #140790 - Flags: superreview?(bryner)
Attachment #140790 - Flags: review?(timeless)
Status: NEW → ASSIGNED
Priority: -- → P1
Summary: mXBLDocInfoWeak (on nsXBLPrototypeBinding) could probably just be a raw ptr → [FIX]mXBLDocInfoWeak (on nsXBLPrototypeBinding) could probably just be a raw ptr
Target Milestone: --- → mozilla1.7alpha
Attachment #140790 - Flags: superreview?(bryner) → superreview+
Yes, this fixes the OS/2 crash. Ganesh - we need this for the OS/2 IWB build.
Comment on attachment 140790 [details] [diff] [review] Proposed fix I think I flagged the unchecked new in nsXBLDocumentInfo::SetPrototypeBinding as an OOM concern, but otherwise this looks fine :)
Attachment #140790 - Flags: review?(timeless) → review+
Comment on attachment 140790 [details] [diff] [review] Proposed fix Could this possibly be approved for 1.7a? Fixes some crashes by changing the ownership model around a bit...
Attachment #140790 - Flags: approval1.7a?
Summary: [FIX]mXBLDocInfoWeak (on nsXBLPrototypeBinding) could probably just be a raw ptr → [FIXr]mXBLDocInfoWeak (on nsXBLPrototypeBinding) could probably just be a raw ptr
Comment on attachment 140790 [details] [diff] [review] Proposed fix a=brendan@mozilla.org for 1.7a. /be
Attachment #140790 - Flags: approval1.7a? → approval1.7a+
Checked in for 1.7a
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
<OT> Wouah. David (from Apple) proposes an implementation. Michael (from IBM) helps investigation. Boris (from MIT) fixes it. Ian (from Opera) is QA contact. This is sooooo open source. Thank you guys! This was my first and last post off topic on that system, but I couldn't find a better way to thank you all for your work. </OT>
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: