Reviewers: Toon Verwaest,
Message:
Could you take a look, please?
I could upload the clusterfuzz repro case, but it is quite brittle (GC has
to
happen at a certain point) and long running, so I think it is not worth it.
I
tried to minimize it, but whatever I touch, it stops crashing.
Description:
Resolve race condition with GC in CompilationCacheTable::Put.
The trouble is that the AsHandle method can allocate and thus
invoke GC, which could empty the table while we are updating it.
BUG=chromium:430880
LOG=N
Please review this at https://codereview.chromium.org/700913003/
Base URL: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files (+18, -12 lines):
M src/objects.cc
Index: src/objects.cc
diff --git a/src/objects.cc b/src/objects.cc
index
258390c4d5cb2b62ff079e31d90de3e5595b6fcb..96c92a7e71846f3ab9cebeafab273eada75191cb
100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -14899,16 +14899,19 @@ Handle<CompilationCacheTable>
CompilationCacheTable::Put(
Handle<SharedFunctionInfo> shared(context->closure()->shared());
StringSharedKey key(src, shared, FLAG_use_strict ? STRICT : SLOPPY,
RelocInfo::kNoPosition);
- int entry = cache->FindEntry(&key);
- if (entry != kNotFound) {
+ {
Handle<Object> k = key.AsHandle(isolate);
- cache->set(EntryToIndex(entry), *k);
- cache->set(EntryToIndex(entry) + 1, *value);
- return cache;
+ DisallowHeapAllocation no_allocation_scope;
+ int entry = cache->FindEntry(&key);
+ if (entry != kNotFound) {
+ cache->set(EntryToIndex(entry), *k);
+ cache->set(EntryToIndex(entry) + 1, *value);
+ return cache;
+ }
}
cache = EnsureCapacity(cache, 1, &key);
- entry = cache->FindInsertionEntry(key.Hash());
+ int entry = cache->FindInsertionEntry(key.Hash());
Handle<Object> k =
isolate->factory()->NewNumber(static_cast<double>(key.Hash()));
cache->set(EntryToIndex(entry), *k);
@@ -14924,16 +14927,19 @@ Handle<CompilationCacheTable>
CompilationCacheTable::PutEval(
int scope_position) {
Isolate* isolate = cache->GetIsolate();
StringSharedKey key(src, outer_info, value->strict_mode(),
scope_position);
- int entry = cache->FindEntry(&key);
- if (entry != kNotFound) {
+ {
Handle<Object> k = key.AsHandle(isolate);
- cache->set(EntryToIndex(entry), *k);
- cache->set(EntryToIndex(entry) + 1, *value);
- return cache;
+ DisallowHeapAllocation no_allocation_scope;
+ int entry = cache->FindEntry(&key);
+ if (entry != kNotFound) {
+ cache->set(EntryToIndex(entry), *k);
+ cache->set(EntryToIndex(entry) + 1, *value);
+ return cache;
+ }
}
cache = EnsureCapacity(cache, 1, &key);
- entry = cache->FindInsertionEntry(key.Hash());
+ int entry = cache->FindInsertionEntry(key.Hash());
Handle<Object> k =
isolate->factory()->NewNumber(static_cast<double>(key.Hash()));
cache->set(EntryToIndex(entry), *k);
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
