[Webkit-unassigned] [Bug 238493] IPC::Connection::UniqueID is not possible to use in thread safe manner
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 4 05:28:59 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=238493
--- Comment #4 from Kimmo Kinnunen <kkinnunen at apple.com> ---
(In reply to Chris Dumez from comment #3)
> Yes, it could be at the very beginning of its destructor. What is the
> (thread-safety) bug? At the point the destructor takes the locks in the
> destructor, nothing has been destroyed yet
No, this is incorrect.
C++ object lifetime ends when the destructor is called.
The object lifetime has already ended when the lock is acquired.
There is no point in acquiring a member variable lock in a destructor, since no other thread can dereference the object that has been destroyed.
One thread cannot be in the destructor of an object while other thread dereferences the same object.
This is a scenario that is for example caught by ASAN.
I fixed numerous these ASAN problems and you reviewed those.
These were for example in bugs related to destructors removing the WorkQueueMessageReceiver, ThreadMessageReceiverRefCounted, WorkQueueMessageReceiver.
In those cases IPC::Connection would deliver messages from IPC delivery work queue to the instance. This would be all the same time as main thread would remove the message receiver. These were fixed by introducing the stopListeningForIPC() member function that the main thread calls before destroying the objects.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220404/6d8a3226/attachment.htm>
More information about the webkit-unassigned
mailing list