Commit Graph

29 Commits

Author SHA1 Message Date
Thomas Haller
787861761d gobject/tests/reference: add test for deadlock related to GWeakRef and toggle reference
GWeakRef calls g_object_ref() while holding a read lock.
g_object_ref() can emit a toggle notification.

If you then inside the toggle notification setup a GWeakRef
(to the same or another object), the code will try to get
a write lock. Deadlock will happen.

Add a test to "show" that (the breaking part is commented out).
Will be fixed next.
2024-01-04 16:17:13 +01:00
Thomas Haller
2952cfd7a7 gobject: drop clearing quark_weak_locations from g_object_real_dispose()
In g_object_unref(), we call _object_unref_clear_weak_locations() before
and after dispose() already. At those places it is necessary to do.

Calling it a third time during g_object_real_dispose() seems not useful,
has unnecessary overhead and actually undesirable.

In particular, because g_object_real_dispose() is the implementation for
the virtual function GObject.dispose(). For subclasses that override dispose(),
it's not well defined at which point they should chain up the parent
implementation (for dispose(), I'd argue that usually they chain up at
the end of their own code). If they chain up at the end, this has no
effect.

This only really matters if you try to register GWeakRef during dipose
and/or resurrect the object.

        static void dispose(GObject *object)
        {
            g_weak_ref_set(&global_weak_ref, object);
            global_ref = g_object_ref(object);
            G_OBJECT_CLASS (parent_class)->dispose (object);
        }

the object was resurrected, but g_object_real_dispose() would clear the
weak ref. That is not desirable, nor does it make sense.

Instead, the virtual function dispose() is called from two places, from
g_object_unref() and g_object_run_dispose(). In both cases, it is
ensured that weak locations are cleared *after* dispatching the virtual
function. Don't do it somewhere in the middle from
g_object_real_dispose().
2023-12-30 00:20:17 +01:00
Thomas Haller
408dc69186 gobject: fix race in g_object_unref() related to toggle references
The previous g_object_unref() was racy. There were three places where we
decremented the ref count, but still accessed the object afterwards
(while assuming that somebody else might still hold a reference). For
example:

      if (!g_atomic_int_compare_and_exchange_full ((int *) &object->ref_count,
                                                   old_ref, old_ref - 1,
                                                   &old_ref))
        continue;

      TRACE (GOBJECT_OBJECT_UNREF (object, G_TYPE_FROM_INSTANCE (object), old_ref));

      /* if we went from 2->1 we need to notify toggle refs if any */
      if (old_ref == 2 && OBJECT_HAS_TOGGLE_REF (object))
        {
          /* The last ref being held in this case is owned by the toggle_ref */
          toggle_refs_notify (object, TRUE);
        }

After we decrement the reference count (and gave up our reference), we
are only allowed to access object if we know we have the only possible
reference to it. In particular, if old_ref is larger than 1, then
somebody else holds references and races against destroying object.
The object might be a dangling pointer already.

This is slightly complicated due to toggle references and clearing of
weak-locations.

For toggle references, we must take a lock on the mutex. Luckily, that
is only necessary, when the current reference count is exactly 2.

Note that we emit the TRACE() after the ref count was already decreased.
If another thread unrefs the object, inside the TRACE() we might have a
dangling pointer. That would only be fixable, by emitting the TRACE()
before the actual unref (which has its own problems). This problem
already existed previously.

The change to the test is necessary and correct. Before this patch,
g_object_unref() would call dispose() and decrement the reference count
right after.
In the test case at gobject/tests/reference.c:1108, the reference count
after dispose and decrement is 1. Then it thaws the queue notification,
which emits a property changed signal. The test then proceeds to
reference the object again and notifying the toggle reference.
Previously, the toggle reference was notified 3 times.
After this change, the property changed signal is emitted before
decreasing the reference count. Taking a reference then does not cause
an additional toggle on+off, so in total only one toggle happens.
That accounts for the change in the test. The new behavior is
correct.
2023-12-28 09:36:56 +01:00
Marco Trevisan (Treviño)
0918ce013a gobject: Do not call toggle down notifications if current refcount is not 1
When an object is revitalized and a notify callbacks increased the reference
counter of the object, we are calling the toggle notifier twice, while it
should only happen if also the actual reference count value is 1 (after
having been decremented from 2).
2022-12-06 04:38:26 +01:00
Marco Trevisan (Treviño)
1f852863ec gobject: Check for toggle references only if the old ref is relevant
If an object gets revitalized during the dispose vfunc, we need to call
toggle refs notifiers only if we had 2 references and if the object has
the toggle references enabled.

This may change in case an object notifier handler changes this status,
so do this check only after we've called the notifiers so that in case
toggle notifications are enabled afterwards we still call the handlers.
2022-12-06 04:28:31 +01:00
Marco Trevisan (Treviño)
5e2b288033 gobject/tests/reference: Add test for notify during dispose
We need to check whether notifications and toggle references are working
properly if an object gets revitalized during the dispose vfunc.
2022-12-06 04:28:31 +01:00
Marco Trevisan (Treviño)
ea0c4d45b2 gobject/tests/reference: Add test for toggle reference up/down during dispose 2022-12-06 03:32:51 +01:00
Simon McVittie
0bba27eea9 gobject/tests: Exercise a floating object reaching last-unref
This was previously exercised (probably by mistake) in
gobject/tests/type.c, but without making any assertions about what
happened, and the test would fail under G_ENABLE_DIAGNOSTIC if GLib was
compiled with debug enabled.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-09-21 11:19:41 +01:00
Loic Le Page
8e37f9c48a Fix global variable name hidden by local variables in gobject/tests/reference.c 2022-02-18 10:49:00 +01:00
Marco Trevisan (Treviño)
a7262d6357 gobject: Cleanup weak locations data as part of dispose
Weak locations were not fully cleaned on run_dispose() and after dispose
vfunc was called, so ensure that this is the case.

Fixes: #865
2021-09-17 12:28:01 +02:00
Marco Trevisan (Treviño)
e861f60dcb gobject: Cleanup weak locations when the last one has been removed
As per the previous change, an object that had weak locations set may
need to lock again the weak locations mutex during qdata cleanup, but
we can avoid this when we know we're removing the last location, by
removing the qdata entry and freeing the data.

In case a new location is needed for the same object, new data will be
added.

However, by doing this the weak locations during dispose may be
invalidated once the weak locations lock is passed, so check again if
this is the case while removing them.
2021-09-17 12:27:59 +02:00
Marco Trevisan (Treviño)
ea68b22135 gobject: Cleanup GWeakRef locations on object finalization
It can happen that a GWeakRef is added to an object while it's disposing
(or even during finalizing) and this may happen in a thread that (weak)
references an object while the disposal isn't completed yet or when
using toggle references and switching to GWeakRef on notification (as
the API suggests).

In such scenario the weak locations are not cleaned up when the object
is finalized, and will point to a free'd area.

So, during finalization and when we're sure that the object will be
destroyed for sure, check again if there are new weak locations and
unset them if any as part of the qdata destruction.
Do this adding a new utility function so that we can avoid duplicating
code to free the weak locations.

Added various tests simulating this case.

Fixes: #2390
2021-09-17 12:21:23 +02:00
Allison Ryan Lortie
3764c6730e GObject: add g_object_take_ref()
This works in the same way as g_variant_take_ref(), and for the same
reason.

Updated and Rebased by Nitin Wartkar <nitinwartkar58@gmail.com>

Closes #1112
2021-06-11 18:13:34 +05:30
Philip Withnall
51acb01f73 gobject: Fix strict aliasing warnings with g_set_object()
When calling `g_set_object()` for a type derived from `GObject`, GCC 9.2
was giving the following strict aliasing warning:
```
../../source/malcontent/libmalcontent-ui/user-controls.c:1001:21: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
 1001 |   if (g_set_object (&self->user, user))
/opt/gnome/install/include/glib-2.0/gobject/gobject.h:744:33: note: in definition of macro ‘g_set_object’
  744 |   (g_set_object) ((GObject **) (object_ptr), (GObject *) (new_object)) \
      |                                 ^~~~~~~~~~
```

This was due to the `(GObject **)` cast.

Pass the pointer through a union to squash this warning. We already do
some size and type checks of the dereferenced type, which should catch
casual errors. The `g_object_ref()` and `g_object_unref()` calls which
subsequently happen inside the `g_set_object()` function also do some
dynamic type checks.

Add a test.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2020-02-18 12:15:52 +00:00
Iain Lane
2aacef39b1 gobject: Make g_clear_object take a non-volatile GObject **
The implementation is silently discarding this anyway, and
g_object_unref() is using atomic operations. So this should be safe.

Having this here triggers -Wdiscarded-qualifiers when g_clear_pointer()
is fixed to use __typeof__().
2018-07-12 08:47:40 +01:00
Emmanuele Bassi
d3881bb1bf Revert "Merge branch 'type-safe-g-clear-pointer-1425' into 'master'"
This reverts merge request !165
2018-07-11 21:52:31 +00:00
Iain Lane
747c2f5720 gobject: Make g_clear_object take a non-volatile GObject **
The implementation is silently discarding this anyway, and
g_object_unref() is using atomic operations. So this should be safe.

Having this here triggers -Wdiscarded-qualifiers when g_clear_pointer()
is fixed to use __typeof__().
2018-07-11 10:52:53 +01:00
Philip Withnall
e818089b70 tests: Fix use-after-free in reference tests
Switch the check which tests whether the object has been finalised from
being a use-after-free, to using a weak pointer which is nullified on
finalisation.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
2018-06-29 13:55:24 +01:00
Martin Blanchard
156d32cb80 gobject: new g_set_weak_pointer() & g_clear_weak_pointer() helpers
Weak-pointers are currently lacking g_set_object() & g_clear_object()
helpers equivalent. New functions (and macros, both are provided) are
convenient in many case, especially for the property's notify-on-set
pattern:

  if (g_set_weak_pointer (...))
    g_object_notify (...)

Inspired by Christian Hergert's original implementation for
gnome-builder.

https://bugzilla.gnome.org/show_bug.cgi?id=749527
2017-12-21 09:59:30 +00:00
Philip Withnall
d951db4236 gobject: Add g_set_object() convenience function to set GObject pointers
Along the same lines as g_clear_object(), g_set_object() is a
convenience function to update a GObject pointer, handling reference
counting transparently and correctly.

Specifically, it handles the case where a pointer is set to its current
value. If handled naïvely, that could result in the object instance
being finalised. In the following code, that happens when
(my_obj == new_value) and the object has a single reference:
    g_clear_object (&my_obj);
    my_obj = g_object_ref (new_value);

It also simplifies boilerplate code such as set_property()
implementations, which are otherwise long and boring.

Test cases included.

https://bugzilla.gnome.org/show_bug.cgi?id=741589
2014-12-18 11:32:56 +00:00
Ryan Lortie
1dc774a653 Remove g_type_init() calls
Very many testcases, some GLib tools (resource compiler, etc) and
GApplication were calling g_type_init().

Remove those uses, as they are no longer required.

https://bugzilla.gnome.org/show_bug.cgi?id=686161
2012-10-16 09:39:24 -04:00
Matthias Clasen
2fa77fb76c Add some tests for new object data api
These are non-threaded, but the do test dup and destroy somewhat.

https://bugzilla.gnome.org/show_bug.cgi?id=682849
2012-09-02 15:09:13 -04:00
Matthias Clasen
e62102dbc5 Add tests for toggle reference and qdata 2012-04-23 08:20:22 -04:00
Matthias Clasen
b01af10c86 Remove a check that triggers deprecation warnings 2012-01-30 14:06:22 -05:00
Simon McVittie
fa5ff39559 Add deterministic tests for the API of GWeakRef
These don't address the thread-safety, but do address basic use.

https://bugzilla.gnome.org/show_bug.cgi?id=548954
2012-01-02 12:23:18 -05:00
Javier Jardón
108480b7ba gobject: Use G_VALUE_INIT 2011-10-18 17:12:33 +01:00
Ryan Lortie
38e8ecd62a more 'static' adding in testcases
No dead code found this time...
2011-10-16 21:41:15 -04:00
Matthias Clasen
309f5f978b Improve test coverage
Various test additions, mainly in GObject
2011-02-13 23:49:19 -05:00
Ryan Lortie
1a1fc130ec New function: g_clear_object()
By analogy to g_clear_error, takes a pass-by-reference GObject reference
and, if non-%NULL, unrefs it and sets it equal to %NULL.

Bug #620263.
2010-11-08 18:21:51 -05:00