[Webkit-unassigned] [Bug 195605] makeWeakPtr isn't thread-safe
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 11 22:12:18 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=195605
Ryosuke Niwa <rniwa at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fpizlo at apple.com,
| |ggaren at apple.com,
| |keith_miller at apple.com,
| |mark.lam at apple.com,
| |sbarati at apple.com
--- Comment #1 from Ryosuke Niwa <rniwa at webkit.org> ---
(In reply to Fujii Hironori from comment #0)
> makeWeakPtr isn't thread-safe even though it is called in non main threads.
> This can be problem if multiple threads would call makeWeakPtr
> simultaneously.
>
> WeakPtrFactory::createWeakPtr reads/writes 'm_ref' member variable without
> locking mutex.
> https://trac.webkit.org/browser/webkit/trunk/Source/WTF/wtf/WeakPtr.
> h?rev=242387#L109
>
> > WeakPtr<T> createWeakPtr(T& ptr) const
> > {
> > if (!m_ref)
> > m_ref = WeakReference<T>::create(&ptr);
> > return { makeRef(*m_ref) };
> > }
>
> The simple solution is making WeakPtrFactory::m_ref always have a reference
> to a instance of WeakReference by calling createWeakPtr in WeakPtrFactory
> ctor.
It's important that WeakReference<T> is constructed lazily. I think we should do make the assignment to m_ref atomic.
Maybe we can use std::atomic<WeakReference<T>*> m_ref then manually call ref() / deref()? I'm sure others have a better idea than this.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190312/418a2bfb/attachment-0001.html>
More information about the webkit-unassigned
mailing list