[webkit-changes] [WebKit/WebKit] 36e906: [JSC] Fix ASSERT(canSafelyBeUsed()) failure in Wai...

Fri, 12 Jul 2024 09:14:29 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 36e90619cf8a0f01a4cf8f0d414140c78410279b
      
https://github.com/WebKit/WebKit/commit/36e90619cf8a0f01a4cf8f0d414140c78410279b
  Author: Yijia Huang <[email protected]>
  Date:   2024-07-12 (Fri, 12 Jul 2024)

  Changed paths:
    M Source/JavaScriptCore/runtime/DeferredWorkTimer.cpp
    M Source/JavaScriptCore/runtime/DeferredWorkTimer.h
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h
    M Source/JavaScriptCore/runtime/WaiterListManager.cpp
    M Source/JavaScriptCore/runtime/WaiterListManager.h
    M Source/JavaScriptCore/wasm/WasmStreamingCompiler.cpp

  Log Message:
  -----------
  [JSC] Fix ASSERT(canSafelyBeUsed()) failure in Waiter's 
WeakPtr<TicketData>::get() with ThreadSafeWeakPtr
https://bugs.webkit.org/show_bug.cgi?id=276527
rdar://131590927

Reviewed by Keith Miller.

The WeakPtr<TicketData> in the Waiter of WaiterListManager can be
accessed from various threads. Most of the accesses to the TicketData
are guarded by the corresponding WaiterList's lock. However,
DeferredWorkTimer::cancelPendingWorkSafe can force the cancellation
of the pending TicketData during the destruction of JSGlobalObject.
Therefore, let's use ThreadSafeWeakPtr to secure the usage of the Waiter's 
TicketData.

This patch enhances the robustness of WaiterListManager by:
1. Replacing WeakPtr with ThreadSafeWeakPtr for the Waiter's TicketData.
2. Refactoring scheduleWorkAndClearTicket to scheduleWorkAndClear.
3. Refactoring cancelAsyncWaiter to cancelAndClear.

* Source/JavaScriptCore/runtime/DeferredWorkTimer.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::addWeakTicket):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
* Source/JavaScriptCore/runtime/WaiterListManager.cpp:
(JSC::WaiterListManager::notifyWaiterImpl):
(JSC::Waiter::scheduleWorkAndClear):
(JSC::Waiter::cancelAndClear):
(JSC::WaiterListManager::unregister):
(JSC::Waiter::dump const):
(JSC::Waiter::~Waiter): Deleted.
(JSC::Waiter::scheduleWorkAndClearTicket): Deleted.
(JSC::WaiterListManager::cancelAsyncWaiter): Deleted.
* Source/JavaScriptCore/runtime/WaiterListManager.h:

Canonical link: https://commits.webkit.org/280909@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to