Title: [207071] releases/WebKitGTK/webkit-2.14/Source/WTF
Revision
207071
Author
carlo...@webkit.org
Date
2016-10-11 02:23:28 -0700 (Tue, 11 Oct 2016)

Log Message

Merge r205859 - ParkingLot is going to have a bad time with threads dying
https://bugs.webkit.org/show_bug.cgi?id=161893

Reviewed by Michael Saboff.

If a thread dies right as it falls out of parkConditionally, then unparkOne() and friends
might die because they will dereference a deallocated ThreadData.

The solution is to ref-count ThreadData's. When unparkOne() and friends want to hold onto a
ThreadData past the queue lock, they can use RefPtr<>.

* wtf/ParkingLot.cpp:
(WTF::ParkingLot::unparkOne):
(WTF::ParkingLot::unparkOneImpl):
(WTF::ParkingLot::unparkAll):

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.14/Source/WTF/ChangeLog (207070 => 207071)


--- releases/WebKitGTK/webkit-2.14/Source/WTF/ChangeLog	2016-10-11 09:18:15 UTC (rev 207070)
+++ releases/WebKitGTK/webkit-2.14/Source/WTF/ChangeLog	2016-10-11 09:23:28 UTC (rev 207071)
@@ -1,3 +1,21 @@
+2016-09-12  Filip Pizlo  <fpi...@apple.com>
+
+        ParkingLot is going to have a bad time with threads dying
+        https://bugs.webkit.org/show_bug.cgi?id=161893
+
+        Reviewed by Michael Saboff.
+        
+        If a thread dies right as it falls out of parkConditionally, then unparkOne() and friends
+        might die because they will dereference a deallocated ThreadData.
+
+        The solution is to ref-count ThreadData's. When unparkOne() and friends want to hold onto a
+        ThreadData past the queue lock, they can use RefPtr<>.
+
+        * wtf/ParkingLot.cpp:
+        (WTF::ParkingLot::unparkOne):
+        (WTF::ParkingLot::unparkOneImpl):
+        (WTF::ParkingLot::unparkAll):
+
 2016-09-12  Yusuke Suzuki  <utatane....@gmail.com>
 
         [WTF] HashTable's rehash is not compatible to Ref<T> and ASan

Modified: releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.cpp (207070 => 207071)


--- releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.cpp	2016-10-11 09:18:15 UTC (rev 207070)
+++ releases/WebKitGTK/webkit-2.14/Source/WTF/wtf/ParkingLot.cpp	2016-10-11 09:23:28 UTC (rev 207071)
@@ -45,7 +45,7 @@
 
 const bool verbose = false;
 
-struct ThreadData {
+struct ThreadData : public ThreadSafeRefCounted<ThreadData> {
     WTF_MAKE_FAST_ALLOCATED;
 public:
     
@@ -245,7 +245,6 @@
     }
 };
 
-ThreadSpecific<ThreadData>* threadData;
 Atomic<Hashtable*> hashtable;
 Atomic<unsigned> numThreads;
 
@@ -448,14 +447,20 @@
 
 ThreadData* myThreadData()
 {
+    static ThreadSpecific<RefPtr<ThreadData>>* threadData;
     static std::once_flag initializeOnce;
     std::call_once(
         initializeOnce,
         [] {
-            threadData = new ThreadSpecific<ThreadData>();
+            threadData = new ThreadSpecific<RefPtr<ThreadData>>();
         });
-
-    return *threadData;
+    
+    RefPtr<ThreadData>& result = **threadData;
+    
+    if (!result)
+        result = adoptRef(new ThreadData());
+    
+    return result.get();
 }
 
 template<typename Functor>
@@ -659,7 +664,7 @@
     
     UnparkResult result;
 
-    ThreadData* threadData = nullptr;
+    RefPtr<ThreadData> threadData;
     result.mayHaveMoreThreads = dequeue(
         address,
         BucketMode::EnsureNonEmpty,
@@ -697,7 +702,7 @@
     if (verbose)
         dataLog(toString(currentThread(), ": unparking one the hard way.\n"));
     
-    ThreadData* threadData = nullptr;
+    RefPtr<ThreadData> threadData;
     bool timeToBeFair = false;
     dequeue(
         address,
@@ -738,7 +743,7 @@
     if (verbose)
         dataLog(toString(currentThread(), ": unparking all from ", RawPointer(address), ".\n"));
     
-    Vector<ThreadData*, 8> threadDatas;
+    Vector<RefPtr<ThreadData>, 8> threadDatas;
     dequeue(
         address,
         BucketMode::IgnoreEmpty,
@@ -752,9 +757,9 @@
         },
         [] (bool) { });
 
-    for (ThreadData* threadData : threadDatas) {
+    for (RefPtr<ThreadData>& threadData : threadDatas) {
         if (verbose)
-            dataLog(toString(currentThread(), ": unparking ", RawPointer(threadData), " with address ", RawPointer(threadData->address), "\n"));
+            dataLog(toString(currentThread(), ": unparking ", RawPointer(threadData.get()), " with address ", RawPointer(threadData->address), "\n"));
         ASSERT(threadData->address);
         {
             std::unique_lock<std::mutex> locker(threadData->parkingLock);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to