Diff
Modified: tags/Safari-538.15/Source/_javascript_Core/ChangeLog (163218 => 163219)
--- tags/Safari-538.15/Source/_javascript_Core/ChangeLog 2014-02-01 00:34:12 UTC (rev 163218)
+++ tags/Safari-538.15/Source/_javascript_Core/ChangeLog 2014-02-01 00:36:31 UTC (rev 163219)
@@ -1,3 +1,31 @@
+2014-01-31 Lucas Forschler <[email protected]>
+
+ Merge r163214
+
+ 2014-01-31 Michael Saboff <[email protected]>
+
+ REGRESSION: Crash in sanitizeStackForVMImpl when scrolling @ lifehacker.com.au
+ https://bugs.webkit.org/show_bug.cgi?id=128017
+
+ Reviewed by Filip Pizlo.
+
+ Moved the setting and saving of VM::stackPointerAtVMEntry and the corresponding stack limit
+ to JSLock and JSLock::DropAllLocks. The saved data is now stored in per-thread in
+ WTFThreadData.
+
+ * runtime/InitializeThreading.cpp:
+ (JSC::initializeThreading):
+ * runtime/JSLock.cpp:
+ (JSC::JSLock::lock):
+ (JSC::JSLock::unlock):
+ (JSC::JSLock::DropAllLocks::DropAllLocks):
+ (JSC::JSLock::DropAllLocks::~DropAllLocks):
+ * runtime/JSLock.h:
+ * runtime/VMEntryScope.cpp:
+ (JSC::VMEntryScope::VMEntryScope):
+ (JSC::VMEntryScope::~VMEntryScope):
+ * runtime/VMEntryScope.h:
+
2014-01-30 Andreas Kling <[email protected]>
CodeBlock's cloned SymbolTables only need the captured names.
Modified: tags/Safari-538.15/Source/_javascript_Core/runtime/InitializeThreading.cpp (163218 => 163219)
--- tags/Safari-538.15/Source/_javascript_Core/runtime/InitializeThreading.cpp 2014-02-01 00:34:12 UTC (rev 163218)
+++ tags/Safari-538.15/Source/_javascript_Core/runtime/InitializeThreading.cpp 2014-02-01 00:36:31 UTC (rev 163219)
@@ -72,6 +72,10 @@
#ifndef NDEBUG
DisallowGC::initialize();
#endif
+ WTFThreadData& threadData = wtfThreadData();
+
+ threadData.setSavedLastStackTop(threadData.stack().origin());
+ threadData.setSavedReservedZoneSize(Options::reservedZoneSize());
});
}
Modified: tags/Safari-538.15/Source/_javascript_Core/runtime/JSLock.cpp (163218 => 163219)
--- tags/Safari-538.15/Source/_javascript_Core/runtime/JSLock.cpp 2014-02-01 00:34:12 UTC (rev 163218)
+++ tags/Safari-538.15/Source/_javascript_Core/runtime/JSLock.cpp 2014-02-01 00:36:31 UTC (rev 163219)
@@ -121,6 +121,16 @@
m_ownerThread = currentThread;
ASSERT(!m_lockCount);
m_lockCount = 1;
+
+ WTFThreadData& threadData = wtfThreadData();
+
+ if (!m_vm->stackPointerAtVMEntry) {
+ entryStackPointer = &holder; // A proxy for the current stack pointer.
+ m_vm->stackPointerAtVMEntry = entryStackPointer;
+ threadData.setSavedReservedZoneSize(m_vm->updateStackLimitWithReservedZoneSize(Options::reservedZoneSize()));
+ }
+
+ m_vm->setLastStackTop(threadData.savedLastStackTop());
}
}
@@ -131,8 +141,13 @@
m_lockCount--;
- if (!m_lockCount)
+ if (!m_lockCount) {
+ if (m_vm && m_vm->stackPointerAtVMEntry == entryStackPointer) {
+ m_vm->stackPointerAtVMEntry = nullptr;
+ m_vm->updateStackLimitWithReservedZoneSize(wtfThreadData().savedReservedZoneSize());
+ }
m_lock.unlock();
+ }
}
void JSLock::lock(ExecState* exec)
@@ -290,8 +305,13 @@
#if PLATFORM(IOS)
SpinLockHolder holder(&spinLock);
#endif
- m_savedReservedZoneSize = m_vm->reservedZoneSize();
- m_savedStackPointerAtVMEntry = m_vm->stackPointerAtVMEntry;
+
+ WTFThreadData& threadData = wtfThreadData();
+
+ threadData.setSavedStackPointerAtVMEntry(m_vm->stackPointerAtVMEntry);
+ threadData.setSavedLastStackTop(m_vm->lastStackTop());
+ threadData.setSavedReservedZoneSize(m_vm->reservedZoneSize());
+
m_vm->stackPointerAtVMEntry = nullptr;
if (alwaysDropLocks)
@@ -310,8 +330,13 @@
#if PLATFORM(IOS)
SpinLockHolder holder(&spinLock);
#endif
- m_savedReservedZoneSize = m_vm->reservedZoneSize();
- m_savedStackPointerAtVMEntry = m_vm->stackPointerAtVMEntry;
+
+ WTFThreadData& threadData = wtfThreadData();
+
+ threadData.setSavedStackPointerAtVMEntry(m_vm->stackPointerAtVMEntry);
+ threadData.setSavedLastStackTop(m_vm->lastStackTop());
+ threadData.setSavedReservedZoneSize(m_vm->reservedZoneSize());
+
m_vm->stackPointerAtVMEntry = nullptr;
if (alwaysDropLocks)
@@ -330,8 +355,11 @@
#endif
m_vm->apiLock().grabAllLocks(m_lockCount, spinLock);
- m_vm->stackPointerAtVMEntry = m_savedStackPointerAtVMEntry;
- m_vm->updateStackLimitWithReservedZoneSize(m_savedReservedZoneSize);
+ WTFThreadData& threadData = wtfThreadData();
+
+ m_vm->stackPointerAtVMEntry = threadData.savedStackPointerAtVMEntry();
+ m_vm->setLastStackTop(threadData.savedLastStackTop());
+ m_vm->updateStackLimitWithReservedZoneSize(threadData.savedReservedZoneSize());
}
} // namespace JSC
Modified: tags/Safari-538.15/Source/_javascript_Core/runtime/JSLock.h (163218 => 163219)
--- tags/Safari-538.15/Source/_javascript_Core/runtime/JSLock.h 2014-02-01 00:34:12 UTC (rev 163218)
+++ tags/Safari-538.15/Source/_javascript_Core/runtime/JSLock.h 2014-02-01 00:36:31 UTC (rev 163219)
@@ -110,8 +110,6 @@
private:
intptr_t m_lockCount;
RefPtr<VM> m_vm;
- size_t m_savedReservedZoneSize;
- void* m_savedStackPointerAtVMEntry;
};
private:
@@ -125,6 +123,7 @@
intptr_t m_lockCount;
unsigned m_lockDropDepth;
VM* m_vm;
+ void* entryStackPointer;
};
} // namespace
Modified: tags/Safari-538.15/Source/_javascript_Core/runtime/VMEntryScope.cpp (163218 => 163219)
--- tags/Safari-538.15/Source/_javascript_Core/runtime/VMEntryScope.cpp 2014-02-01 00:34:12 UTC (rev 163218)
+++ tags/Safari-538.15/Source/_javascript_Core/runtime/VMEntryScope.cpp 2014-02-01 00:36:31 UTC (rev 163219)
@@ -51,31 +51,20 @@
vm.resetDateCache();
}
- if (!vm.stackPointerAtVMEntry) {
- vm.stackPointerAtVMEntry = this;
- m_savedReservedZoneSize = vm.updateStackLimitWithReservedZoneSize(Options::reservedZoneSize());
- }
-
// Clear the captured exception stack between entries
vm.clearExceptionStack();
}
VMEntryScope::~VMEntryScope()
{
- if (m_vm.entryScope == this)
- m_vm.entryScope = nullptr;
- if (m_vm.stackPointerAtVMEntry == this) {
- m_vm.stackPointerAtVMEntry = nullptr;
- m_vm.updateStackLimitWithReservedZoneSize(m_savedReservedZoneSize);
- }
+ if (m_vm.entryScope != this)
+ return;
+ m_vm.entryScope = nullptr;
+
if (m_recompilationNeeded) {
- if (m_vm.entryScope)
- m_vm.entryScope->setRecompilationNeeded(true);
- else {
- if (Debugger* debugger = m_globalObject->debugger())
- debugger->recompileAllJSFunctions(&m_vm);
- }
+ if (Debugger* debugger = m_globalObject->debugger())
+ debugger->recompileAllJSFunctions(&m_vm);
}
}
Modified: tags/Safari-538.15/Source/_javascript_Core/runtime/VMEntryScope.h (163218 => 163219)
--- tags/Safari-538.15/Source/_javascript_Core/runtime/VMEntryScope.h 2014-02-01 00:34:12 UTC (rev 163218)
+++ tags/Safari-538.15/Source/_javascript_Core/runtime/VMEntryScope.h 2014-02-01 00:36:31 UTC (rev 163219)
@@ -46,13 +46,10 @@
private:
VM& m_vm;
- StackStats::CheckPoint m_stackCheckPoint;
JSGlobalObject* m_globalObject;
- size_t m_savedReservedZoneSize;
bool m_recompilationNeeded;
};
} // namespace JSC
#endif // VMEntryScope_h
-
Modified: tags/Safari-538.15/Source/WTF/ChangeLog (163218 => 163219)
--- tags/Safari-538.15/Source/WTF/ChangeLog 2014-02-01 00:34:12 UTC (rev 163218)
+++ tags/Safari-538.15/Source/WTF/ChangeLog 2014-02-01 00:36:31 UTC (rev 163219)
@@ -1,3 +1,28 @@
+2014-01-31 Lucas Forschler <[email protected]>
+
+ Merge r163214
+
+ 2014-01-31 Michael Saboff <[email protected]>
+
+ REGRESSION: Crash in sanitizeStackForVMImpl when scrolling @ lifehacker.com.au
+ https://bugs.webkit.org/show_bug.cgi?id=128017
+
+ Reviewed by Filip Pizlo.
+
+ Moved the setting and saving of VM::stackPointerAtVMEntry and the corresponding stack limit
+ to JSLock and JSLock::DropAllLocks. The saved data is now stored in per-thread in
+ WTFThreadData.
+
+ * wtf/WTFThreadData.cpp:
+ (WTF::WTFThreadData::WTFThreadData):
+ * wtf/WTFThreadData.h:
+ (WTF::WTFThreadData::savedStackPointerAtVMEntry):
+ (WTF::WTFThreadData::setSavedStackPointerAtVMEntry):
+ (WTF::WTFThreadData::savedLastStackTop):
+ (WTF::WTFThreadData::setSavedLastStackTop):
+ (WTF::WTFThreadData::savedReservedZoneSize):
+ (WTF::WTFThreadData::setSavedReservedZoneSize):
+
2014-01-30 Andrei Bucur <[email protected]>
Remove the ACCELERATED_COMPOSITING flag
Modified: tags/Safari-538.15/Source/WTF/wtf/WTFThreadData.cpp (163218 => 163219)
--- tags/Safari-538.15/Source/WTF/wtf/WTFThreadData.cpp 2014-02-01 00:34:12 UTC (rev 163218)
+++ tags/Safari-538.15/Source/WTF/wtf/WTFThreadData.cpp 2014-02-01 00:36:31 UTC (rev 163219)
@@ -49,6 +49,9 @@
#if ENABLE(STACK_STATS)
, m_stackStats()
#endif
+ , m_savedStackPointerAtVMEntry(0)
+ , m_savedLastStackTop(stack().origin())
+ , m_savedReservedZoneSize(0)
{
#if USE(WEB_THREAD)
static JSC::IdentifierTable* sharedIdentifierTable = new JSC::IdentifierTable();
Modified: tags/Safari-538.15/Source/WTF/wtf/WTFThreadData.h (163218 => 163219)
--- tags/Safari-538.15/Source/WTF/wtf/WTFThreadData.h 2014-02-01 00:34:12 UTC (rev 163218)
+++ tags/Safari-538.15/Source/WTF/wtf/WTFThreadData.h 2014-02-01 00:36:31 UTC (rev 163219)
@@ -106,6 +106,36 @@
}
#endif
+ void* savedStackPointerAtVMEntry()
+ {
+ return m_savedStackPointerAtVMEntry;
+ }
+
+ void setSavedStackPointerAtVMEntry(void* stackPointerAtVMEntry)
+ {
+ m_savedStackPointerAtVMEntry = stackPointerAtVMEntry;
+ }
+
+ void* savedLastStackTop()
+ {
+ return m_savedLastStackTop;
+ }
+
+ void setSavedLastStackTop(void* lastStackTop)
+ {
+ m_savedLastStackTop = lastStackTop;
+ }
+
+ size_t savedReservedZoneSize()
+ {
+ return m_savedReservedZoneSize;
+ }
+
+ void setSavedReservedZoneSize(size_t reservedZoneSize)
+ {
+ m_savedReservedZoneSize = reservedZoneSize;
+ }
+
void* m_apiData;
private:
@@ -118,6 +148,9 @@
#if ENABLE(STACK_STATS)
StackStats::PerThreadStats m_stackStats;
#endif
+ void* m_savedStackPointerAtVMEntry;
+ void* m_savedLastStackTop;
+ size_t m_savedReservedZoneSize;
static WTF_EXPORTDATA ThreadSpecific<WTFThreadData>* staticData;
friend WTFThreadData& wtfThreadData();
