Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d6d27c0ed374d16469872b40217fa8faaa3da36a
https://github.com/WebKit/WebKit/commit/d6d27c0ed374d16469872b40217fa8faaa3da36a
Author: Yijia Huang <[email protected]>
Date: 2026-03-25 (Wed, 25 Mar 2026)
Changed paths:
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/runtime/VM.cpp
M Source/JavaScriptCore/runtime/VM.h
M Source/JavaScriptCore/runtime/VMManager.cpp
M Source/JavaScriptCore/runtime/VMManager.h
M Source/JavaScriptCore/runtime/VMTraps.cpp
M Source/JavaScriptCore/shell/CMakeLists.txt
M Source/JavaScriptCore/wasm/debugger/README.md
M Source/JavaScriptCore/wasm/debugger/WasmExecutionHandler.cpp
M Source/JavaScriptCore/wasm/debugger/tests/ExecutionHandlerTest.cpp
A
Source/JavaScriptCore/wasm/debugger/tests/ExecutionHandlerVMLifecycleTest.cpp
A
Source/JavaScriptCore/wasm/debugger/tests/ExecutionHandlerVMLifecycleTest.h
M Source/JavaScriptCore/wasm/debugger/testwasmdebugger.cpp
Log Message:
-----------
[JSC][WASM][Debugger] Fix WASM debugger stop-the-world races during VM
construction and destruction
https://bugs.webkit.org/show_bug.cgi?id=310328
rdar://172974905
Reviewed by Mark Lam.
Fix crashes and assertion failures in the Wasm debugger's stop-the-world
(STW) machinery when VMs are created or destroyed concurrently with a
debugger interrupt.
- Move m_numberOfStoppedVMs and m_numberOfActiveVMs from Atomic<unsigned>
to plain unsigned WTF_GUARDED_BY_LOCK(m_worldLock), and consolidate all
counter updates and debugState()->setStopped()/clearStop() into the same
lock acquisitions as the mode checks, eliminating races where the counters
could be observed in an inconsistent state across separate lock acquisitions.
- Remove vm.requestStop() from notifyVMConstruction and notifyVMActivation.
requestStop() installs a VMTrap to indirectly drive notifyVMStop(), but
both functions already call notifyVMStop() directly, making the requestStop()
redundant.
- Separate VMManager registration from VMThreadContext lifecycle. Call
notifyVMConstruction() explicitly at the end of VM::VM() after all VM
state is initialized, so any STW triggered immediately on registration
sees a fully constructed VM. Call notifyVMDestruction() explicitly at
the start of VM::~VM() before any teardown. VMThreadContext is now a
pure data holder with a default constructor and destructor.
- Fix VMTraps::handleTraps() to tolerate a NoEvent result from
takeTopPriorityTrap() when cancelStop() races with trap dispatch.
Tests: JSC::Wasm::testExecutionHandlerVMLifecycle
Canonical link: https://commits.webkit.org/309965@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
