Experiment: DanglingPointerDetector on the CQ

294 views
Skip to first unread message

Arthur Sonzogni

unread,
Mar 13, 2023, 5:26:28 AM3/13/23
to Chromium-dev

Hi everyone,

I'm excited to announce that we're starting an experiment to detect dangling pointers on the CQ.

See the latest bot status here.


The error message links to a survey to collect your feedback.


With current MiraclePtr coverage, we expect this to affect 0-3 patches per day, e.g. a rare event.


Dangling pointers are not a problem unless they are subsequently dereferenced. Proving that dangling pointers are unused has turned out to be difficult in general, especially in face of future modifications to the code. Hence, they are a source of UaF bugs and highly discouraged unless you are able to ensure that they can never be used after the pointed-to objects are freed.


Complexity around object lifetime is what leads to mistakes that end up as stability issues, and sometimes security vulnerabilities.


We hope the DanglingPointerDetector will help developers understand and avoid some potential issues early. It causes an error to be displayed when a raw_ptr becomes dangling at runtime.


The experiment will last for several weeks. We will use the survey to collect feedback, and confirm it’s not a high cost for engineers compared to its benefits.


If you have any questions, please don't hesitate to ask on chrome-mem...@google.com 

Thanks,


Arthur Sonzogni

unread,
Jul 3, 2023, 4:09:42 AM7/3/23
to Chromium-dev, Arthur Sonzogni

Update on the experiment

We got very positive feedback (survey data).

For the majority of developers, the check was useful. It either avoided bugs or nudged them toward using a better architecture.

The number of CL affected is close to our original estimations: ~3-4/day. Here is doc explaining how we scanned CQ artifacts.


Decision

We are now confident we should keep it enabled forever. It has a positive impact on developers and on the codebase. 

See also Chrome ATL thread.


Next

As much as we can, we will now enable it by default for most common developers builds. 

This avoids waiting on the CQ, or recompiling chrome to debug locally.


Linux/is_debug is available today.


If you have any questions, please don't hesitate to ask on chrome-memory-safety@google.com 

Thanks,


Reply all
Reply to author
Forward
0 new messages