Closed Bug 93217 Opened 23 years ago Closed 23 years ago

[review]nsRenderingContextMac doesn't reference count offscreens

Categories

(Core Graveyard :: GFX, defect, P2)

Product:
Core Graveyard
Component:
GFX
Platform:
PowerPC
Mac System 9.x
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla0.9.8

People

(Reporter: jmt, Assigned: pierre)

References

Details

Attachments

(2 files)

Updated version of the fix, since the previous one got mangled
815 bytes, patch
Details | Diff | Splinter Review
patch 2.0
2.21 KB, patch
mikepinkerton
: review+
Details | Diff | Splinter Review 
[kmclusk, I know you're not a Mac person, but in the absence of an explicit
owner for gfx/src/mac on the modules pages, I'm hoping you can CC someone who
is. dcone? sfraser?]

nsRenderingContextMac::CreateDrawingSurface doesn't NS_ADDREF the
nsDrawingSurfaceMac it creates; similarly ::DestroyDrawingSurface calls 'delete'
explicitly rather than using an NS_IF_RELASE.

This is causing instantaneous deletion of the drawing surface when the SVG code
I'm helping with passes the surface through getter_AddRefs and friends (since
the reference count is zero). Both nsRenderingContextWin and
nsRenderingContextGtk use add/release.

The fix below simply calls NS_ADDREF in Create, and replaces the delete in
::DestroyDrawingSurface with an NS_IF_RELEASE. I have been running with this
change in me tree for several days without any (apparent) issues.

Proposed patch:

Index: mozilla/gfx/src/mac/nsRenderingContextMac.cpp
===================================================================
RCS file: /cvsroot/mozilla/gfx/src/mac/nsRenderingContextMac.cpp,v
retrieving revision 1.124
diff -u -2 -r1.124 nsRenderingContextMac.cpp
--- mozilla/gfx/src/mac/nsRenderingContextMac.cpp	2001/07/16 02:38:50	1.124
+++ mozilla/gfx/src/mac/nsRenderingContextMac.cpp	2001/08/01 11:08:19
@@ -506,4 +510,6 @@
 
	return NS_ERROR_OUT_OF_MEMORY;
 
+
NS_ADDREF(surface);
+
 	nsresult rv = surface->Init(depth, macRect.right, macRect.bottom, aSurfFlags);
 	if (NS_SUCCEEDED(rv))
@@ -537,6 +543,8 @@
 */
 	// delete the surface
-
delete surface;
-
+
 //release it...
+  	NS_IF_RELEASE(surface);
+  
 	return NS_OK;
 }
Over to dcone. Note that this blocks SVG work, so we need a fix.
Assignee: kmcclusk → dcone
Status: UNCONFIRMED → NEW
Ever confirmed: true
The patch seems funny, the +'s dont match up with the Addref, etc.  Can you 
submit the patch -u, and as an attachment.  Thanx.  Do you want me to check this 
in.. or just a review.
Attached a non-broken version of the patch, not sure what happened last time. I
don't have CVS write access so review and checkin would be appreciated. The only
issue for me is whether this change might trigger a leak / crash in some obscure
place (eg somone manually add-refing). The fact that Win and Gtk ref-count makes
this unlikely, and I've had the patch in my tree for over a week without
noticing any suspicous crashes.

Anyway test / commit as you see fit. Many thanks!
Blocks: 80142
r=dcone
The refcounting rules for ns{I}DrawingSurfaces are very weak, and in most places 
they are treated like a non-refcounted object. For example, 
nsRenderingContextImpl::DrawTile() does a GetDrawingSurface((void**)&theSurface), 
but never calls anything to release or destroy the surface. In addition,
nsRenderingContextMac::GetDrawingSurface doesn't addref its return value, and nor 
does nsDeviceContextMac::GetDrawingSurface(). Add to that the explicit casts 
between nsDrawingSurfaces and nsDrawingSurfaceMacs (which implement 
nsIDrawingSurface{Mac}, and you're in for a world of hurt.

I'm not going to sr this bug. dcone needs to whack the mac gfx source to make the 
ownership model of nsDrawingSurface explicit. If that means passing them around 
as interfaces, and doing proper refcounting, then that's what needs to happen.

It was written in the good ol'days before the general "COM-ification" and many 
objects that were considered "native" were not refcounted.

I agree for the refcounting, that's what this bug is about.  I would be more 
cautious about removing the static casts (we have 4 instances of static_cast<
nsDrawingSurfaceMac*>).  If you change things in these strategic places, please 
watch the performance carefully.  I recommend we file another bug for that.

I was pretty much afraid of the scenario sfraser suggests. I can keep using my
patch locally (it seems to work and I haven't noticed huge leaks). As to fixing
the correctness of nsDrawingSurface(Mac) for reference counting generally, well
as pierre said it's going to be a bit critical.

The obvious (naiive?) validation for me seems to be compare and contrast with
Gtk / Win32 implementations, and any code treating these things as
nsIDrawingSurfaces will therefore be 'safe' (I think).

That still leaves all the cases where people are working with an
nsDrawingSurfaceMac directly. 

One thought I did have for to prevent leaks was to leave the original 'delete'
call in DestroyDrawingSurface; this would be a hack but would't leak.
So, I really need some traction here. I've had this patch in my tree for nearly
3 months now, it seems to work for my browser usage. My feeling is that since
many other gfx implementations *do* ref-count (win32, gdk, and OS2), the common
code must be safe. (The Motif code also fails to ref-count, but I have no idea
if that's dead or what..)

That leaves the Mac-specific code, especially the casting between
nsIDrawingSurfaces and nsDrawingSurfaceMacs which sfraser pointed out.

Is this something I can audit, or does it have to be done by dcone? Any hints
for useful things to get movement here appreciated.
Get on IRC and bug people (politely). I'm not being funny, its just the only 
thing that actually works...

Reassigning to Pierre, since Don is Sabbatical.
Assignee: dcone → pierre
Blocks: 103889
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → mozilla0.9.7
This is my usual 'I've had this is my tree since July, and haven't had a single
failure or crash that I can attribute to it'. I know sfraser has pointed out
potential issues that need to be addressed, but at the same time the very
minimal change in the patch does seem to work. If there's useful analysis of
suspect code in DrawingSurfaceMac or RenderingContextMac I could do to validate
the changes, please let me know.
dcone is back from sabbatical. He needs to look at this, and fix the 
nsDrawingSurface mess. Maybe Pierre could chip in too.

I checked James' patch into SVG_0_9_6_BRANCH. (This is basically a branch where 
we're trying to get a stable Mozilla 0.9.6 with SVG support on all 3 platforms. 
It's not destined for the trunk).

As for the main svg branch (SVG_20010721_BRANCH), this bug is blocking us from 
landing on the trunk. We're planning to land for 0.9.7. Is it likely that this 
bug gets sorted out by then?
If not we've got the option of 
a) landing without mac-support (and break the current trunk svg-support in the 
process)
or
b) enclosing James' patch in #ifdef MOZ_SVG's

Does anyone have any thoughts on how to proceed?

I think we should proceed with option b) for now 

b) enclosing James' patch in #ifdef MOZ_SVG's.

This is the least amount of risk. The general offscreen refcnt cleanup will have
to wait for other more critical bugs to be addressed first.






sfraser (about comment #6): On none of the other platforms does 
GetDrawingSurface() addref the surface.  I'll attach a patch that makes the 
ownership on the Mac similar to what we find elsewhere, which is required because 
nsRenderingContextImpl.cpp is XP code.  Changing the ownership on all platforms 
is out of the scope of this bug (IMO).

pink/sfraser: please r/sr
Summary: nsRenderingContextMac doesn't reference count offscreens → [review]nsRenderingContextMac doesn't reference count offscreens
Attached patch patch 2.0Splinter Review 

    
    

    
  
In the proposed patch, a drawing surface is addref'd when it is created or 
selected, and released when the owning context is deleted or when another surface 
is selected.


    
    

    
  
Thanks for the work pierre, I'm glad to have someone more experienced looking at
this. Patch looks fine to me, not that that proves much. I will give it some
testing anyway.

    
    

    
  
I took the option given in comment 15 and checked this to the SVG branch with
#ifdef MOZ_SVG

The existing code got left as is. We're planning on merging the svg branch to
the trunk today; if the more complete patch gets in by then, then the hack can
be reversed.

    
    

    
  
pink/sfraser: please r/sr


    
    

    
  
I could have sworn that somewhere in the code, we treat nsDrawingSurfaces as 
casted CGrafPtrs, If I can find that, then I object to the patch. If I can't, 
then the patch is OK.


    
    

    
  
Comment on attachment 61062 [details] [diff] [review]
patch 2.0

i searched through gfx and the only places i found that used the string
"CGrafPtr" got it by calling GetGrafPtr() on the surface. r=pink

        Attachment #61062 -
        Flags: review+

    
    

    
  
fixed on the trunk

Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Target Milestone: mozilla0.9.7 → mozilla0.9.8
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: