[webkit-changes] [149455] branches/dfgFourthTier/Source/JavaScriptCore

[fpizlo]

Title: [149455] branches/dfgFourthTier/Source/_javascript_Core

Revision

149455

Author

fpi...@apple.com

Date

2013-05-01 14:36:25 -0700 (Wed, 01 May 2013)

Log Message

fourthTier: Structure::getConcurrently() may be called from for uncacheable dictionaries, and this is safe
https://bugs.webkit.org/show_bug.cgi?id=115464

Reviewed by Oliver Hunt and Geoffrey Garen.
        
This can happen for example transitively from JSObject::put(). getCurrently() does
work for uncacheable dictionaries; it just has the obvious race that right after it
returns, the result it returned may no longer be right. This isn't an issue if it was
called on the main thread, and may not be an issue in some other situations.
        
So, we should just remove the assertion, since the only thing it buys us is crashes.

* runtime/Structure.cpp:
(JSC::Structure::getConcurrently):

Modified Paths

• branches/dfgFourthTier/Source/_javascript_Core/ChangeLog
• branches/dfgFourthTier/Source/_javascript_Core/runtime/Structure.cpp

Diff

Modified: branches/dfgFourthTier/Source/_javascript_Core/ChangeLog (149454 => 149455)

--- branches/dfgFourthTier/Source/_javascript_Core/ChangeLog	2013-05-01 21:22:24 UTC (rev 149454)
+++ branches/dfgFourthTier/Source/_javascript_Core/ChangeLog	2013-05-01 21:36:25 UTC (rev 149455)
@@ -1,5 +1,22 @@
 2013-04-30  Filip Pizlo  <fpi...@apple.com>
 
+        fourthTier: Structure::getConcurrently() may be called from for uncacheable dictionaries, and this is safe
+        https://bugs.webkit.org/show_bug.cgi?id=115464
+
+        Reviewed by Oliver Hunt and Geoffrey Garen.
+        
+        This can happen for example transitively from JSObject::put(). getCurrently() does
+        work for uncacheable dictionaries; it just has the obvious race that right after it
+        returns, the result it returned may no longer be right. This isn't an issue if it was
+        called on the main thread, and may not be an issue in some other situations.
+        
+        So, we should just remove the assertion, since the only thing it buys us is crashes.
+
+        * runtime/Structure.cpp:
+        (JSC::Structure::getConcurrently):
+
+2013-04-30  Filip Pizlo  <fpi...@apple.com>
+
         fourthTier: Don't link gtest into _javascript_Core
 
         Rubber stamped by Mark Rowe.

Modified: branches/dfgFourthTier/Source/_javascript_Core/runtime/Structure.cpp (149454 => 149455)

--- branches/dfgFourthTier/Source/_javascript_Core/runtime/Structure.cpp	2013-05-01 21:22:24 UTC (rev 149454)
+++ branches/dfgFourthTier/Source/_javascript_Core/runtime/Structure.cpp	2013-05-01 21:36:25 UTC (rev 149455)
@@ -773,10 +773,6 @@
 
 PropertyOffset Structure::getConcurrently(VM&, PropertyName propertyName, unsigned& attributes, JSCell*& specificValue)
 {
-    // We can't handle uncacheable dictionaries because we can't handle concurrent remove's
-    // from the property maps.
-    RELEASE_ASSERT(!isUncacheableDictionary());
-    
     Vector<Structure*, 8> structures;
     Structure* structure;
     PropertyTable* table;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes