Title: [134821] branches/safari-536.27-branch/Source/WTF
- Revision
- 134821
- Author
- [email protected]
- Date
- 2012-11-15 12:57:27 -0800 (Thu, 15 Nov 2012)
Log Message
Merged r134797 -> <rdar://problem/12711308>
Modified Paths
Diff
Modified: branches/safari-536.27-branch/Source/WTF/ChangeLog (134820 => 134821)
--- branches/safari-536.27-branch/Source/WTF/ChangeLog 2012-11-15 20:55:54 UTC (rev 134820)
+++ branches/safari-536.27-branch/Source/WTF/ChangeLog 2012-11-15 20:57:27 UTC (rev 134821)
@@ -1,3 +1,34 @@
+2012-11-15 Lucas Forschler <[email protected]>
+
+ Merge r134797
+
+ 2012-11-15 Mark Hahnenberg <[email protected]>
+
+ Windows Fibers can corrupt the cached StackBounds
+ https://bugs.webkit.org/show_bug.cgi?id=102411
+
+ Reviewed by Geoffrey Garen.
+
+ Windows has support for something called fibers, which are like lightweight versions of
+ threads. Multiple fibers can run within the context of a single thread and they have access
+ to the same thread local storage but have different stacks. If we create a new JSGlobalContext
+ on one fiber, then switch to another fiber and create a JSGlobalContext there, we will call
+ initializeThreading() once for each new JSGlobalContext created. However, since these fibers
+ are technically running inside the same thread, they will clobber each other's wtfThreadData(),
+ which is stored using thread local storage. This can lead to corruption of the WTFThreadData
+ structure for the fibers other than the last one to create a new JSGlobalContext, including
+ the StackBounds data structure which is used during conservative scanning, among other things.
+ This can lead to crashes during garbage collection on Windows if fibers are used.
+
+ A quick fix would be to always get a fresh StackBounds data structure when asking for it
+ instead of using the cached version from the thread local storage. There is a larger problem
+ in that these fibers can corrupt other WebKit data that uses thread local storage. We'll leave
+ those theoretical fixes for future theoretical bugs.
+
+ * wtf/WTFThreadData.h:
+ (WTF::WTFThreadData::stack): We now refresh the m_stackBounds field whenever somebody asks for
+ the StackBounds.
+
2012-08-24 Filip Pizlo <[email protected]>
Log-to-a-file should not be enabled
Modified: branches/safari-536.27-branch/Source/WTF/wtf/WTFThreadData.h (134820 => 134821)
--- branches/safari-536.27-branch/Source/WTF/wtf/WTFThreadData.h 2012-11-15 20:55:54 UTC (rev 134820)
+++ branches/safari-536.27-branch/Source/WTF/wtf/WTFThreadData.h 2012-11-15 20:57:27 UTC (rev 134821)
@@ -104,8 +104,13 @@
m_currentIdentifierTable = m_defaultIdentifierTable;
}
- const StackBounds& stack() const
+ const StackBounds& stack()
{
+ // We need to always get a fresh StackBounds from the OS due to how fibers work.
+ // See https://bugs.webkit.org/show_bug.cgi?id=102411
+#if OS(WINDOWS)
+ m_stackBounds = StackBounds::currentThreadStackBounds();
+#endif
return m_stackBounds;
}
#endif
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
