I'm excited to announce that we're starting an experiment to detect dangling pointers on the CQ.
See the latest bot status here.
With current MiraclePtr coverage, we expect this to affect 0-3 patches per day, e.g. a rare event.
Dangling pointers are not a problem unless they are subsequently dereferenced. Proving that dangling pointers are unused has turned out to be difficult in general, especially in face of future modifications to the code. Hence, they are a source of UaF bugs and highly discouraged unless you are able to ensure that they can never be used after the pointed-to objects are freed.
Complexity around object lifetime is what leads to mistakes that end up as stability issues, and sometimes security vulnerabilities.
We hope the DanglingPointerDetector will help developers understand and avoid some potential issues early. It causes an error to be displayed when a raw_ptr becomes dangling at runtime.
It is still possible to turn it off for individual pointers.
The experiment will last for several weeks. We will use the survey to collect feedback, and confirm it’s not a high cost for engineers compared to its benefits.
If you have any questions, please don't hesitate to ask on chrome-mem...@google.com
Update on the experiment
We got very positive feedback (survey data).
For the majority of developers, the check was useful. It either avoided bugs or nudged them toward using a better architecture.
The number of CL affected is close to our original estimations: ~3-4/day. Here is doc explaining how we scanned CQ artifacts.
We are now confident we should keep it enabled forever. It has a positive impact on developers and on the codebase.
See also Chrome ATL thread.
As much as we can, we will now enable it by default for most common developers builds.
This avoids waiting on the CQ, or recompiling chrome to debug locally.
Linux/is_debug is available today.
If you have any questions, please don't hesitate to ask on firstname.lastname@example.org