Reviewers: jochen,
Description:
Fix cluster-fuzz regression when getting message from Worker
The issue is that Worker.prototype.terminate was deleting the C++ Worker
object, and then Worker.prototype.getMessage was trying to read messages
from
the queue.
The simplest solution is to keep workers in a zombie state when they have
been
terminated. They won't be reaped until Shell::CleanupWorkers is called.
I've also fixed some threading issues with Workers:
* Workers can be created by another Worker, so the Shell::workers_ variable
must be protected by a mutex.
* An individual Worker can typically only be accessed by the isolate that
created it, but the main thread can always terminate it, so the
Worker::state_
must be accessed in a thread-safe way.
BUG=chromium:504136
[email protected]
LOG=n
Please review this at https://codereview.chromium.org/1208733002/
Base URL: https://chromium.googlesource.com/v8/v8.git@master
Affected files (+115, -66 lines):
M src/d8.h
M src/d8.cc
M test/mjsunit/d8-worker.js
A + test/mjsunit/d8-worker-spawn-worker.js
A + test/mjsunit/regress/regress-crbug-504136.js
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
