[webkit-changes] [214805] releases/WebKitGTK/webkit-2.16/Source/JavaScriptCore

[carlosgc]

Title: [214805] releases/WebKitGTK/webkit-2.16/Source/_javascript_Core

Revision

214805

Author

carlo...@webkit.org

Date

2017-04-03 09:54:49 -0700 (Mon, 03 Apr 2017)

Log Message

Merge r214509 - The Mutator should not be able to steal the conn if the Collector hasn't reached the NotRunning phase yet.
https://bugs.webkit.org/show_bug.cgi?id=170213
<rdar://problem/30755345>

Reviewed by Filip Pizlo.

The current condition for stealing the conn isn't tight enough.  Restricting the
stealing to when m_currentPhase == NotRunning ensures that the Collector is
really done running.

No test because this issue only manifests with a race condition that is difficult
to reproduce on demand.

* heap/Heap.cpp:
(JSC::Heap::requestCollection):

Modified Paths

• releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog
• releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/heap/Heap.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog (214804 => 214805)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 16:53:11 UTC (rev 214804)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/ChangeLog	2017-04-03 16:54:49 UTC (rev 214805)
@@ -1,3 +1,21 @@
+2017-03-28  Mark Lam  <mark....@apple.com>
+
+        The Mutator should not be able to steal the conn if the Collector hasn't reached the NotRunning phase yet.
+        https://bugs.webkit.org/show_bug.cgi?id=170213
+        <rdar://problem/30755345>
+
+        Reviewed by Filip Pizlo.
+
+        The current condition for stealing the conn isn't tight enough.  Restricting the
+        stealing to when m_currentPhase == NotRunning ensures that the Collector is
+        really done running.
+
+        No test because this issue only manifests with a race condition that is difficult
+        to reproduce on demand.
+
+        * heap/Heap.cpp:
+        (JSC::Heap::requestCollection):
+
 2017-03-24  Mark Lam  <mark....@apple.com>
 
         Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.

Modified: releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/heap/Heap.cpp (214804 => 214805)

--- releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/heap/Heap.cpp	2017-04-03 16:53:11 UTC (rev 214804)
+++ releases/WebKitGTK/webkit-2.16/Source/_javascript_Core/heap/Heap.cpp	2017-04-03 16:54:49 UTC (rev 214805)
@@ -1936,7 +1936,7 @@
     // right now. This is an optimization that prevents the collector thread from ever starting in most
     // cases.
     ASSERT(m_lastServedTicket <= m_lastGrantedTicket);
-    if (m_lastServedTicket == m_lastGrantedTicket) {
+    if ((m_lastServedTicket == m_lastGrantedTicket) && (m_currentPhase == CollectorPhase::NotRunning)) {
         if (false)
             dataLog("Taking the conn.\n");
         m_worldState.exchangeOr(mutatorHasConnBit);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes