[Webkit-unassigned] [Bug 229867] New: -Wodr warning spam caused by ENABLE(BINDING_INTEGRITY)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Sep 3 07:29:09 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=229867

            Bug ID: 229867
           Summary: -Wodr warning spam caused by ENABLE(BINDING_INTEGRITY)
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Bindings
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mcatanzaro at gnome.org
                CC: cdumez at apple.com

When LTO is enabled (using -flto=auto), GCC is able to report violations of C++'s one definition rule (ODR). Currently we have a huge spam of such warnings from WebCore caused by our ENABLE(BINDING_INTEGRITY) feature. CodeGeneratorJS.pm generates code that looks like this:

extern "C" { extern void* ${vtableNameGnu}[]; }

For example, JSTestGenerateIsReachable.cpp includes:

extern "C" { extern void* _ZTVN7WebCore23TestGenerateIsReachableE[]; }

It eventually gets used here:

    // If you hit this assertion you either have a use after free bug, or
    // ${implType} has subclasses. If ${implType} has subclasses that get passed
    // to toJS() we currently require $interfaceName you to opt out of binding hardening
    // by adding the SkipVTableValidation attribute to the interface IDL definition
    RELEASE_ASSERT(actualVTablePointer == expectedVTablePointer);

This seems like a reasonable thing for us to do, and it does not seem like it should be an ODR violation because we are not actually defining the vtable symbol at all! We are merely declaring it. So I don't understand why GCC would be complaining about this. I'm tempted to consider this not a bug and suppress the warnings, but I want to check with the GCC developers first.

Anyway, since this is caused by our code generation, there are separate warnings for each generated bindings file, which adds up to a nice spam. The first few look like this:

../../Source/WebCore/page/UserMessageHandlersNamespace.h:45: warning: virtual table of type ‘struct UserMessageHandlersNamespace’ violates one definition rule [-Wodr]
   45 | class UserMessageHandlersNamespace : public RefCounted<UserMessageHandlersNamespace>, public FrameDestructionObserver, public UserContentProviderInvalidationClient {
      | 
WebCore/DerivedSources/JSUserMessageHandlersNamespace.cpp:270: note: variable of same assembler name as the virtual table is defined in another translation unit
  270 | extern "C" { extern void* _ZTVN7WebCore28UserMessageHandlersNamespaceE[]; }
      | 
../../Source/WebCore/page/UserMessageHandler.h:38: warning: virtual table of type ‘struct UserMessageHandler’ violates one definition rule [-Wodr]
   38 | class UserMessageHandler : public RefCounted<UserMessageHandler>, public FrameDestructionObserver {
      | 
WebCore/DerivedSources/JSUserMessageHandler.cpp:251: note: variable of same assembler name as the virtual table is defined in another translation unit
  251 | extern "C" { extern void* _ZTVN7WebCore18UserMessageHandlerE[]; }
      | 
../../Source/WebCore/Modules/gamepad/GamepadEvent.h:36: warning: virtual table of type ‘struct GamepadEvent’ violates one definition rule [-Wodr]
   36 | class GamepadEvent final : public Event {
      | 
WebCore/DerivedSources/JSGamepadEvent.cpp:304: note: variable of same assembler name as the virtual table is defined in another translation unit
  304 | extern "C" { extern void* _ZTVN7WebCore12GamepadEventE[]; }
      | 
../../Source/WebCore/xml/XMLHttpRequest.h:55: warning: virtual table of type ‘struct XMLHttpRequest’ violates one definition rule [-Wodr]
   55 | class XMLHttpRequest final : public ActiveDOMObject, public RefCounted<XMLHttpRequest>, private ThreadableLoaderClient, public XMLHttpRequestEventTarget {
      | 
WebCore/DerivedSources/JSXMLHttpRequest.cpp:819: note: variable of same assembler name as the virtual table is defined in another translation unit
  819 | extern "C" { extern void* _ZTVN7WebCore14XMLHttpRequestE[]; }
      | 
../../Source/WebCore/xml/XMLHttpRequestUpload.h:33: warning: virtual table of type ‘struct XMLHttpRequestUpload’ violates one definition rule [-Wodr]
   33 | class XMLHttpRequestUpload final : public XMLHttpRequestEventTarget {
      | 
WebCore/DerivedSources/JSXMLHttpRequestUpload.cpp:213: note: variable of same assembler name as the virtual table is defined in another translation unit
  213 | extern "C" { extern void* _ZTVN7WebCore20XMLHttpRequestUploadE[]; }
      |

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210903/24d97cfb/attachment-0001.htm>

More information about the webkit-unassigned mailing list