Skip to site navigation (Press enter)

[webkit-changes] [259602] branches/safari-609-branch/Source/JavaScriptCore

alancoon Mon, 06 Apr 2020 16:06:26 -0700

Title: [259602] branches/safari-609-branch/Source/_javascript_Core

Revision: 259602
Author: [email protected]
Date: 2020-04-06 16:05:18 -0700 (Mon, 06 Apr 2020)

Log Message

Cherry-pick r259424. rdar://problem/61352472


    [JSC] RecordedStatuses's assignment should be guarded by CodeBlock's lock
    https://bugs.webkit.org/show_bug.cgi?id=209935
    <rdar://problem/59443383>

    Reviewed by Mark Lam.

    Previously RecordedStatuses are not touched by GC. But now, GC visits RecordedStatuses.
    This means that modifying RecordedStatuses should be guarded by CodeBlock's lock if
    it is reachable from CodeBlock.
    In DFG::Plan::reallyAdd, we already installed DFG::JITCode into the CodeBlock so that
    RecordedStatuses is reachable from CodeBlock. We should lock CodeBlock's lock while
    performing `WTFMove(RecordedStatuses)`.

    We do not need to emit write-barrier here because (1) DFG::Plan::reallyAdd is executed
    while GC is deferred and (2) we emit write-barrier to CodeBlock before deferred GC is executed.

    * dfg/DFGPlan.cpp:
    (JSC::DFG::Plan::reallyAdd):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259424 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-609-branch/Source/_javascript_Core/ChangeLog
branches/safari-609-branch/Source/_javascript_Core/dfg/DFGPlan.cpp

Diff

Modified: branches/safari-609-branch/Source/_javascript_Core/ChangeLog (259601 => 259602)


--- branches/safari-609-branch/Source/_javascript_Core/ChangeLog	2020-04-06 23:05:15 UTC (rev 259601)
+++ branches/safari-609-branch/Source/_javascript_Core/ChangeLog	2020-04-06 23:05:18 UTC (rev 259602)
@@ -1,5 +1,51 @@
 2020-04-06  Alan Coon  <[email protected]>
 
+        Cherry-pick r259424. rdar://problem/61352472
+
+    [JSC] RecordedStatuses's assignment should be guarded by CodeBlock's lock
+    https://bugs.webkit.org/show_bug.cgi?id=209935
+    <rdar://problem/59443383>
+    
+    Reviewed by Mark Lam.
+    
+    Previously RecordedStatuses are not touched by GC. But now, GC visits RecordedStatuses.
+    This means that modifying RecordedStatuses should be guarded by CodeBlock's lock if
+    it is reachable from CodeBlock.
+    In DFG::Plan::reallyAdd, we already installed DFG::JITCode into the CodeBlock so that
+    RecordedStatuses is reachable from CodeBlock. We should lock CodeBlock's lock while
+    performing `WTFMove(RecordedStatuses)`.
+    
+    We do not need to emit write-barrier here because (1) DFG::Plan::reallyAdd is executed
+    while GC is deferred and (2) we emit write-barrier to CodeBlock before deferred GC is executed.
+    
+    * dfg/DFGPlan.cpp:
+    (JSC::DFG::Plan::reallyAdd):
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@259424 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-04-02  Yusuke Suzuki  <[email protected]>
+
+            [JSC] RecordedStatuses's assignment should be guarded by CodeBlock's lock
+            https://bugs.webkit.org/show_bug.cgi?id=209935
+            <rdar://problem/59443383>
+
+            Reviewed by Mark Lam.
+
+            Previously RecordedStatuses are not touched by GC. But now, GC visits RecordedStatuses.
+            This means that modifying RecordedStatuses should be guarded by CodeBlock's lock if
+            it is reachable from CodeBlock.
+            In DFG::Plan::reallyAdd, we already installed DFG::JITCode into the CodeBlock so that
+            RecordedStatuses is reachable from CodeBlock. We should lock CodeBlock's lock while
+            performing `WTFMove(RecordedStatuses)`.
+
+            We do not need to emit write-barrier here because (1) DFG::Plan::reallyAdd is executed
+            while GC is deferred and (2) we emit write-barrier to CodeBlock before deferred GC is executed.
+
+            * dfg/DFGPlan.cpp:
+            (JSC::DFG::Plan::reallyAdd):
+
+2020-04-06  Alan Coon  <[email protected]>
+
         Cherry-pick r259264. rdar://problem/61352442
 
     [JSC] DFGArrayMode::alreadyChecked should have NonArray check when ArrayMode is NonArray+SlowPutArrayStorage

Modified: branches/safari-609-branch/Source/_javascript_Core/dfg/DFGPlan.cpp (259601 => 259602)


--- branches/safari-609-branch/Source/_javascript_Core/dfg/DFGPlan.cpp	2020-04-06 23:05:15 UTC (rev 259601)
+++ branches/safari-609-branch/Source/_javascript_Core/dfg/DFGPlan.cpp	2020-04-06 23:05:18 UTC (rev 259602)
@@ -558,12 +558,16 @@
 
 void Plan::reallyAdd(CommonData* commonData)
 {
+    ASSERT(m_vm->heap.isDeferred());
     m_watchpoints.reallyAdd(m_codeBlock, *commonData);
     m_identifiers.reallyAdd(*m_vm, commonData);
     m_weakReferences.reallyAdd(*m_vm, commonData);
     m_transitions.reallyAdd(*m_vm, commonData);
     m_globalProperties.reallyAdd(m_codeBlock, m_identifiers, *commonData);
-    commonData->recordedStatuses = WTFMove(m_recordedStatuses);
+    {
+        ConcurrentJSLocker locker(m_codeBlock->m_lock);
+        commonData->recordedStatuses = WTFMove(m_recordedStatuses);
+    }
 }
 
 void Plan::notifyCompiling()

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes