summaryrefslogtreecommitdiffstats
path: root/base/timer_unittest.cc
diff options
context:
space:
mode:
authormbelshe@google.com <mbelshe@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2008-12-02 23:16:55 +0000
committermbelshe@google.com <mbelshe@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2008-12-02 23:16:55 +0000
commita0287cbdc1a56a27bf0eb29671942e44c8da599e (patch)
treea7b23f88c2c7245e98f1e668c6d1b3eb37aed0d7 /base/timer_unittest.cc
parentc1f67c9851a0462012c0c9687fa0f151d4aed109 (diff)
downloadchromium_src-a0287cbdc1a56a27bf0eb29671942e44c8da599e.zip
chromium_src-a0287cbdc1a56a27bf0eb29671942e44c8da599e.tar.gz
chromium_src-a0287cbdc1a56a27bf0eb29671942e44c8da599e.tar.bz2
Redo fix from yesterday.
Post Mortem on why yesterday's fix was bogus: The motivation for this change was because a separate CL had a OneShotTimer<> as part of a Singleton class. The Singleton is cleaned up in the AtExit manager, which currently runs after the MessageLoop is destroyed. The following sequence left a dangling pointer: 1) Start a OneShotTimer - Creates a task and registers on the MessageLoop 2) Destroy MessageLoop (this deletes all Pending Tasks) 3) Destroy your OneShotTimer - Tries to reference a dangling pointer for the already-deleted task. The fix was to modify the Task such that at destruction it would zero-out the wrapper's pointer to the Task. Now step 3 would not reference a bogus pointer. Unfortunately, the fix is broken. The timers work by having a wrapper Timer class (BaseTimer_Helper) and a Task. The Task has a pointer back to its wrapper and the wrapper has a pointer to the task. For the case where a timer is re-started from within its Run() loop, things fail: 1) Start a RepeatingTimer 2) Timer fires via the MessageLoop MessageLoop calls Run() 3) Run() restarts the timer, which creates a new Task but reuses the same BaseTimer_Helper. BaseTimer_Helper's timer pointer now points to the NEW timer 4) The MessageLoop destroys the Task The new code zeroes out the task pointer in the BaseTimer_Helper, breaking the newly restarted timer. This fix is the same as yesterday's fix, except: 1) More comments 2) Added extra check at line 169. Don't reset the Task pointer when destroying the Task if the Timer does not point to the Task being destroyed. I'm confident, but not 100% positive that this fixes the problem. I did reproduce *something* using PageHeap which now seems to be gone, but I can't quite confirm. Review URL: http://codereview.chromium.org/13067 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@6251 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base/timer_unittest.cc')
-rw-r--r--base/timer_unittest.cc21
1 files changed, 21 insertions, 0 deletions
diff --git a/base/timer_unittest.cc b/base/timer_unittest.cc
index face9c8..1fb44a3 100644
--- a/base/timer_unittest.cc
+++ b/base/timer_unittest.cc
@@ -145,3 +145,24 @@ TEST(TimerTest, RepeatingTimer_Cancel) {
RunTest_RepeatingTimer_Cancel(MessageLoop::TYPE_UI);
RunTest_RepeatingTimer_Cancel(MessageLoop::TYPE_IO);
}
+
+TEST(TimerTest, MessageLoopShutdown) {
+ // This test is designed to verify that shutdown of the
+ // message loop does not cause crashes if there were pending
+ // timers not yet fired. It may only trigger exceptions
+ // if debug heap checking (or purify) is enabled.
+ bool did_run = false;
+ {
+ OneShotTimerTester a(&did_run);
+ OneShotTimerTester b(&did_run);
+ OneShotTimerTester c(&did_run);
+ OneShotTimerTester d(&did_run);
+ {
+ MessageLoop loop(MessageLoop::TYPE_DEFAULT);
+ a.Start();
+ b.Start();
+ } // MessageLoop destructs by falling out of scope.
+ } // OneShotTimers destruct. SHOULD NOT CRASH, of course.
+
+ EXPECT_EQ(false, did_run);
+}