Changeset 216637 in webkit


Ignore:
Timestamp:
May 10, 2017, 4:43:44 PM (8 years ago)
Author:
mark.lam@apple.com
Message:

Crash in JavaScriptCore GC when using JSC on dispatch queues (thread_get_state returns NULL stack pointer).
https://bugs.webkit.org/show_bug.cgi?id=160337
<rdar://problem/27611733>

Not reviewed.

Updated a comment per Geoff's suggestion.

  • heap/MachineStackMarker.cpp:

(JSC::MachineThreads::tryCopyOtherThreadStack):

Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r216635 r216637  
     12017-05-10  Mark Lam  <mark.lam@apple.com>
     2
     3        Crash in JavaScriptCore GC when using JSC on dispatch queues (thread_get_state returns NULL stack pointer).
     4        https://bugs.webkit.org/show_bug.cgi?id=160337
     5        <rdar://problem/27611733>
     6
     7        Not reviewed.
     8
     9        Updated a comment per Geoff's suggestion.
     10
     11        * heap/MachineStackMarker.cpp:
     12        (JSC::MachineThreads::tryCopyOtherThreadStack):
     13
    1142017-05-10  Mark Lam  <mark.lam@apple.com>
    215

  • trunk/Source/JavaScriptCore/heap/MachineStackMarker.cpp

    r216608 r216637  
    313313    size_t registersSize = thread->getRegisters(registers);
    314314
    315     // This is a workaround for <rdar://problem/27607384>. During thread initialization,
    316     // for some target platforms, thread state is momentarily set to 0 before being
    317     // filled in with the target thread's real register values. As a result, there's
    318     // a race condition that may result in us getting a null stackPointer.
    319     // This issue may manifest with workqueue threads where the OS may choose to recycle
    320     // a thread for an expired task.
    321     //
    322     // The workaround is simply to indicate that there's nothing to copy and return.
    323     // This is correct because we will only ever observe a null pointer during thread
    324     // initialization. Hence, by definition, there's nothing there that we need to scan
    325     // yet, and therefore, nothing that needs to be copied.
     315    // This is a workaround for <rdar://problem/27607384>. libdispatch recycles work
     316    // queue threads without running pthread exit destructors. This can cause us to scan a
     317    // thread during work queue initialization, when the stack pointer is null.
    326318    if (UNLIKELY(!registers.stackPointer())) {
    327319        *size = 0;
Note: See TracChangeset for help on using the changeset viewer.