Changeset 216608 in webkit
- Timestamp:
- May 10, 2017, 1:07:03 PM (8 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
TabularUnified trunk/Source/JavaScriptCore/ChangeLog ¶
r216597 r216608 1 2017-05-10 Mark Lam <mark.lam@apple.com> 2 3 Crash in JavaScriptCore GC when using JSC on dispatch queues (thread_get_state returns NULL stack pointer). 4 https://bugs.webkit.org/show_bug.cgi?id=160337 5 <rdar://problem/27611733> 6 7 Reviewed by Filip Pizlo and Geoffrey Garen. 8 9 This is a workaround for <rdar://problem/27607384>. During thread initialization, 10 for some target platforms, thread state is momentarily set to 0 before being 11 filled in with the target thread's real register values. As a result, there's 12 a race condition that may result in us getting a null stackPointer during a GC scan. 13 This issue may manifest with workqueue threads where the OS may choose to recycle 14 a thread for an expired task. 15 16 The workaround is simply to indicate that there's nothing to copy and return. 17 This is correct because we will only ever observe a null pointer during thread 18 initialization. Hence, by definition, there's nothing there that we need to scan 19 yet, and therefore, nothing that needs to be copied. 20 21 * heap/MachineStackMarker.cpp: 22 (JSC::MachineThreads::tryCopyOtherThreadStack): 23 1 24 2017-05-10 JF Bastien <jfbastien@apple.com> 2 25 -
TabularUnified trunk/Source/JavaScriptCore/heap/MachineStackMarker.cpp ¶
r215671 r216608 312 312 MachineThread::Registers registers; 313 313 size_t registersSize = thread->getRegisters(registers); 314 315 // This is a workaround for <rdar://problem/27607384>. During thread initialization, 316 // for some target platforms, thread state is momentarily set to 0 before being 317 // filled in with the target thread's real register values. As a result, there's 318 // a race condition that may result in us getting a null stackPointer. 319 // This issue may manifest with workqueue threads where the OS may choose to recycle 320 // a thread for an expired task. 321 // 322 // The workaround is simply to indicate that there's nothing to copy and return. 323 // This is correct because we will only ever observe a null pointer during thread 324 // initialization. Hence, by definition, there's nothing there that we need to scan 325 // yet, and therefore, nothing that needs to be copied. 326 if (UNLIKELY(!registers.stackPointer())) { 327 *size = 0; 328 return; 329 } 330 314 331 std::pair<void*, size_t> stack = thread->captureStack(registers.stackPointer()); 315 332
Note:
See TracChangeset
for help on using the changeset viewer.