Mir

serious bug that might cause memory leaks

Bug #1183507 reported by Eleni Maria Stea on 2013-05-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mir	Fix Released	Medium	Eleni Maria Stea	Mir 0.0.5

Bug Description

I found a serious bug in several mir classes which was that classes with virtual functions did not have a virtual destructor as they should.

Whenever such a class is used polymorphically with an instance of a subclass being used through a pointer of "base class" type:
if an attempt is made to delete it through that pointer, only the destructor of the base class will be called resulting in a memory leak since the decision of which destructor to call is taken at compile time for non-virtual functions.

Related branches

lp:~hikiko/mir/mir.dest-tmp

Merged into lp:~mir-team/mir/trunk at revision 759

Daniel van Vugt: Approve on 2013-06-20

Alan Griffiths: Approve on 2013-06-19

PS Jenkins bot (community): Approve (continuous-integration) on 2013-06-19

lp:~hikiko/mir/mir.fix-virt-destructorS

Rejected for merging into lp:~mir-team/mir/trunk

Alan Griffiths: Needs Fixing on 2013-06-06

Daniel van Vugt: Needs Fixing on 2013-06-06

PS Jenkins bot (community): Needs Fixing (continuous-integration) on 2013-06-06

lp:~hikiko/mir/mir.fix-missing-virtual-destructors

On hold for merging into lp:~mir-team/mir/trunk

PS Jenkins bot (community): Needs Fixing (continuous-integration) on 2013-05-30

Robert Ancell: Needs Fixing on 2013-05-30

Alan Griffiths: Needs Fixing on 2013-05-30

Alexandros Frantzis (community): Needs Fixing on 2013-05-27

Diff: 1386 lines (+183/-29)

55 files modified

3rd_party/cucumber-cpp/CTestTestfile.cmake (+2/-3)
3rd_party/cucumber-cpp/include/cucumber-cpp/internal/hook/HookRegistrar.hpp (+2/-0)
3rd_party/cucumber-cpp/include/cucumber-cpp/internal/hook/Tag.hpp (+1/-0)
3rd_party/cucumber-cpp/include/cucumber-cpp/internal/step/StepManager.hpp (+2/-0)
3rd_party/cucumber-cpp/src/CTestTestfile.cmake (+2/-2)
3rd_party/cucumber-cpp/src/connectors/wire/WireProtocol.cpp (+1/-0)
3rd_party/cucumber-cpp/tests/CTestTestfile.cmake (+2/-2)
3rd_party/cucumber-cpp/tests/utils/DriverTestRunner.hpp (+1/-0)
3rd_party/gmock-1.6.0/gtest/fused-src/gtest/gtest.h (+2/-1)
3rd_party/gmock-1.6.0/gtest/include/gtest/internal/gtest-param-util.h (+2/-1)
3rd_party/gmock-1.6.0/include/gmock/gmock-actions.h (+24/-0)
3rd_party/gmock-1.6.0/include/gmock/gmock-generated-actions.h (+2/-0)
3rd_party/gmock-1.6.0/include/gmock/gmock-matchers.h (+44/-0)
include/server/mir/compositor/buffer_allocation_strategy.h (+1/-2)
include/server/mir/default_server_configuration.h (+1/-0)
include/server/mir/frontend/session_mediator_report.h (+2/-0)
include/server/mir/graphics/display.h (+1/-1)
include/server/mir/graphics/display_report.h (+1/-1)
include/server/mir/graphics/platform.h (+2/-0)
include/server/mir/graphics/viewable_area.h (+1/-1)
include/server/mir/logging/display_report.h (+1/-1)
include/server/mir/options/option.h (+1/-1)
include/server/mir/options/program_option.h (+1/-0)
include/server/mir/server_configuration.h (+1/-1)
include/server/mir/surfaces/buffer_bundle.h (+2/-0)
include/test/mir_test_doubles/mock_android_alloc_device.h (+1/-0)
include/test/mir_test_doubles/mock_display_report.h (+2/-0)
include/test/mir_test_doubles/mock_viewable_area.h (+1/-0)
include/test/mir_test_framework/testing_process_manager.h (+1/-0)
include/test/mir_test_framework/testing_server_configuration.h (+1/-0)
src/client/android/android_client_buffer.cpp (+4/-0)
src/client/android/android_registrar.h (+2/-0)
src/client/client_platform.h (+2/-0)
src/server/frontend/message_processor.h (+1/-1)
src/server/frontend/socket_session.cpp (+0/-1)
src/server/frontend/socket_session.h (+2/-0)
src/server/graphics/gbm/gbm_display.cpp (+2/-1)
src/server/graphics/gbm/gbm_display.h (+1/-1)
src/server/graphics/gbm/gbm_platform.cpp (+1/-2)
src/server/graphics/gbm/gbm_platform.h (+1/-1)
src/server/logging/display_report.cpp (+1/-1)
src/server/options/program_option.cpp (+4/-0)
tests/acceptance-tests/test_client_input.cpp (+4/-0)
tests/integration-tests/compositor/multithread_harness.h (+4/-3)
tests/integration-tests/frontend/test_application_mediator_report.cpp (+12/-0)
tests/integration-tests/test_display_server_main_loop_events.cpp (+4/-0)
tests/integration-tests/test_surface_first_frame_sync.cpp (+9/-1)
tests/integration-tests/test_surfaceloop.cpp (+6/-0)
tests/unit-tests/client/android/test_client_android_registrar.cpp (+2/-0)
tests/unit-tests/client/test_mir_connection.cpp (+4/-0)
tests/unit-tests/compositor/test_buffer_manager.cpp (+2/-0)
tests/unit-tests/frontend/test_session_mediator.cpp (+2/-0)
tests/unit-tests/graphics/android/test_android_framebuffer_window.cpp (+1/-0)
tests/unit-tests/shell/test_consuming_placement_strategy.cpp (+2/-0)
tests/unit-tests/test_gmock_fixes.cpp (+2/-0)

Eleni Maria Stea (hikiko) on 2013-05-23

summary:	- serious bug that might be causing memory leaks + serious bug that might cause memory leaks
Changed in mir:
assignee:	nobody → Eleni Maria Stea (hikiko)
status:	New → In Progress

Revision history for this message

Alexandros Frantzis (afrantzis) wrote on 2013-05-23:

We only use such classes through shared_ptrs, which, even when upcasted, "remember" the derived class type and call the proper destructor.

Of course, that's not to say that we shouldn't fix the missing virtual destructors (we should!), just that they are not a super critical issue in our case.

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2013-05-23:

This is more an "accident waiting to happen" than a serious problem. I doubt that any of these classes are deleted through a pointer to base. (They are typically created using make_shared - and the resulting pointer deletes the correct type.)

Changed in mir:
importance:	Critical → Low

Revision history for this message

Eleni Maria Stea (hikiko) wrote on 2013-05-23:

hmm... I added the virtual both in the base classes and the subclasses for clarity reasons (you don't have to follow the whole hierarchy to see what is virtual) but ok, I'll remove them.

About the shared pointer now, I think if the shared pointer points to the base class we will have problem (because the destructor that will be called is chosen at compile time for the virtual functions) but if it points to the subclass we are fine.

lol @tab :-D

Revision history for this message

Alan Griffiths (alan-griffiths) wrote on 2013-05-24:

"About the shared pointer now, I think if the shared pointer points to the base class we will have problem (because the destructor that will be called is chosen at compile time for the virtual functions) but if it points to the subclass we are fine."

Either you're saying something irrelevant, or you've misunderstood something. To clarify what do you expect the output of this to be?

#include <memory>
#include <iostream>

struct example { ~example() { std::cout << "No problem\n"; } };

int main()
{
std::shared_ptr<void> pointer_to_void = std::make_shared<example>();
}

Revision history for this message

Eleni Maria Stea (hikiko) wrote on 2013-05-24:

Ok, then! I didn't realize that shared pointers keep knowledge of the assigned type, I thought it was all based on the template parameter and thus work like regular pointers! :)

Revision history for this message

Eleni Maria Stea (hikiko) wrote on 2013-05-27:

Well, from what I see, there are many classes and structs that have the issue and don't make use of shared pointers (eg. inside the 3rd_party directory). I have already updated my branch to fix them.

A random example of a potential memory leak in 3rd_party tests is this:
class MockANativeWindow that inherits from ANativeWindow and ANativeWindowInterface but it doesn't have a virtual destructor and it doesn't use shared pointers.

I guess that the memory leaks in tests are not quite important but I found such problems elsewhere as well, all fixed in the proposed branch. Maybe we should use the virtual destructors from now on.

Revision history for this message

Eleni Maria Stea (hikiko) wrote on 2013-05-27:

(I mean when we don't make use of shared pointers)

Eleni Maria Stea (hikiko) on 2013-05-27

Changed in mir:
importance:	Low → Medium

Eleni Maria Stea (hikiko) on 2013-06-13

Changed in mir:
status:	In Progress → Fix Committed
status:	Fix Committed → In Progress

Revision history for this message

Daniel van Vugt (vanvugt) wrote on 2013-06-14:

Re-linked the old branches. It's good to have a paper trail.

Revision history for this message

PS Jenkins bot (ps-jenkins) wrote on 2013-06-20:

Fix committed into lp:mir at revision None, scheduled for release in mir, milestone 0.0.4

Changed in mir:
status:	In Progress → Fix Committed

Daniel van Vugt (vanvugt) on 2013-06-24

Changed in mir:
milestone:	none → 0.0.4

Robert Ancell (robert-ancell) on 2013-06-27

Changed in mir:
milestone:	0.0.4 → 0.0.5

Robert Ancell (robert-ancell) on 2013-06-27

Changed in mir:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.