Title: [214509] trunk/Source/_javascript_Core
- Revision
- 214509
- Author
- [email protected]
- Date
- 2017-03-28 17:43:09 -0700 (Tue, 28 Mar 2017)
Log Message
The Mutator should not be able to steal the conn if the Collector hasn't reached the NotRunning phase yet.
https://bugs.webkit.org/show_bug.cgi?id=170213
<rdar://problem/30755345>
Reviewed by Filip Pizlo.
The current condition for stealing the conn isn't tight enough. Restricting the
stealing to when m_currentPhase == NotRunning ensures that the Collector is
really done running.
No test because this issue only manifests with a race condition that is difficult
to reproduce on demand.
* heap/Heap.cpp:
(JSC::Heap::requestCollection):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (214508 => 214509)
--- trunk/Source/_javascript_Core/ChangeLog 2017-03-29 00:06:11 UTC (rev 214508)
+++ trunk/Source/_javascript_Core/ChangeLog 2017-03-29 00:43:09 UTC (rev 214509)
@@ -1,3 +1,21 @@
+2017-03-28 Mark Lam <[email protected]>
+
+ The Mutator should not be able to steal the conn if the Collector hasn't reached the NotRunning phase yet.
+ https://bugs.webkit.org/show_bug.cgi?id=170213
+ <rdar://problem/30755345>
+
+ Reviewed by Filip Pizlo.
+
+ The current condition for stealing the conn isn't tight enough. Restricting the
+ stealing to when m_currentPhase == NotRunning ensures that the Collector is
+ really done running.
+
+ No test because this issue only manifests with a race condition that is difficult
+ to reproduce on demand.
+
+ * heap/Heap.cpp:
+ (JSC::Heap::requestCollection):
+
2017-03-28 Keith Miller <[email protected]>
WebAssembly: Make WebAssembly.instantiate/compile truly asynchronous
Modified: trunk/Source/_javascript_Core/heap/Heap.cpp (214508 => 214509)
--- trunk/Source/_javascript_Core/heap/Heap.cpp 2017-03-29 00:06:11 UTC (rev 214508)
+++ trunk/Source/_javascript_Core/heap/Heap.cpp 2017-03-29 00:43:09 UTC (rev 214509)
@@ -1961,7 +1961,7 @@
// right now. This is an optimization that prevents the collector thread from ever starting in most
// cases.
ASSERT(m_lastServedTicket <= m_lastGrantedTicket);
- if (m_lastServedTicket == m_lastGrantedTicket) {
+ if ((m_lastServedTicket == m_lastGrantedTicket) && (m_currentPhase == CollectorPhase::NotRunning)) {
if (false)
dataLog("Taking the conn.\n");
m_worldState.exchangeOr(mutatorHasConnBit);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
