Changeset 279924 in webkit


Ignore:
Timestamp:
Jul 14, 2021 3:10:35 PM (3 years ago)
Author:
mark.lam@apple.com
Message:

Speculative fix for failed scope.releaseAssertNoException() after calls to JSMap::create().
https://bugs.webkit.org/show_bug.cgi?id=227964
rdar://78013960

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

There have been reports of flaky failures on the scope.releaseAssertNoException()
after the call to JSMap::create() in JSModuleLoader::finishCreation().

The scope.releaseAssertNoException() says that we don't expect the JSMap::create()
to ever throw an exception. If the assertion is true, the only way that we can
see an exception there is if we're throwing an asynchronous TerminationException.

Since JSModuleLoader::finishCreation() does not have any long running loops, we can
just DeferTerminationForAWhile and let the next exception check site throw the
asynchronous TerminationException. We don't want to just use DeferTermination
because it will throw the TerminationException right at the end of
JSModuleLoader::finishCreation(), and the caller of JSModuleLoader::finishCreation()
may be similarly not expecting an exception to be thrown there.

Also apply the same treatment to AbstractModuleRecord::finishCreation(), and
getBackingMap() in WebCore for the same reason. Other than those, other sites that
call JSMap::create() already check for exceptions. So, those sites do not need to
DeferTerminationForAWhile.

  • runtime/AbstractModuleRecord.cpp:

(JSC::AbstractModuleRecord::finishCreation):

  • runtime/JSModuleLoader.cpp:

(JSC::JSModuleLoader::finishCreation):

Source/WebCore:

  • bindings/js/JSDOMMapLike.cpp:

(WebCore::getBackingMap):

Location:
trunk/Source
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r279916 r279924  
     12021-07-14  Mark Lam  <mark.lam@apple.com>
     2
     3        Speculative fix for failed scope.releaseAssertNoException() after calls to JSMap::create().
     4        https://bugs.webkit.org/show_bug.cgi?id=227964
     5        rdar://78013960
     6
     7        Reviewed by Yusuke Suzuki.
     8
     9        There have been reports of flaky failures on the scope.releaseAssertNoException()
     10        after the call to JSMap::create() in JSModuleLoader::finishCreation().
     11
     12        The scope.releaseAssertNoException() says that we don't expect the JSMap::create()
     13        to ever throw an exception.  If the assertion is true, the only way that we can
     14        see an exception there is if we're throwing an asynchronous TerminationException.
     15
     16        Since JSModuleLoader::finishCreation() does not have any long running loops, we can
     17        just DeferTerminationForAWhile and let the next exception check site throw the
     18        asynchronous TerminationException.  We don't want to just use DeferTermination
     19        because it will throw the TerminationException right at the end of
     20        JSModuleLoader::finishCreation(), and the caller of JSModuleLoader::finishCreation()
     21        may be similarly not expecting an exception to be thrown there.
     22
     23        Also apply the same treatment to AbstractModuleRecord::finishCreation(), and
     24        getBackingMap() in WebCore for the same reason.  Other than those, other sites that
     25        call JSMap::create() already check for exceptions.  So, those sites do not need to
     26        DeferTerminationForAWhile.
     27
     28        * runtime/AbstractModuleRecord.cpp:
     29        (JSC::AbstractModuleRecord::finishCreation):
     30        * runtime/JSModuleLoader.cpp:
     31        (JSC::JSModuleLoader::finishCreation):
     32
    1332021-07-14  Keith Miller  <keith_miller@apple.com>
    234

  • trunk/Source/JavaScriptCore/runtime/AbstractModuleRecord.cpp

    r278340 r279924  
    3434#include "JSModuleNamespaceObject.h"
    3535#include "JSModuleRecord.h"
     36#include "VMTrapsInlines.h"
    3637#include "WebAssemblyModuleRecord.h"
    3738
     
    5152void AbstractModuleRecord::finishCreation(JSGlobalObject* globalObject, VM& vm)
    5253{
    53     DeferTermination deferScope(vm);
    54     auto scope = DECLARE_THROW_SCOPE(vm);
     54    DeferTerminationForAWhile deferScope(vm);
     55    auto scope = DECLARE_CATCH_SCOPE(vm);
    5556
    5657    Base::finishCreation(vm);

  • trunk/Source/JavaScriptCore/runtime/JSModuleLoader.cpp

    r276900 r279924  
    4242#include "Parser.h"
    4343#include "ParserError.h"
     44#include "VMTrapsInlines.h"
    4445
    4546namespace JSC {
     
    99100void JSModuleLoader::finishCreation(JSGlobalObject* globalObject, VM& vm)
    100101{
     102    DeferTerminationForAWhile deferScope(vm);
    101103    auto scope = DECLARE_CATCH_SCOPE(vm);
    102104

  • trunk/Source/WebCore/ChangeLog

    r279919 r279924  
     12021-07-14  Mark Lam  <mark.lam@apple.com>
     2
     3        Speculative fix for failed scope.releaseAssertNoException() after calls to JSMap::create().
     4        https://bugs.webkit.org/show_bug.cgi?id=227964
     5        rdar://78013960
     6
     7        Reviewed by Yusuke Suzuki.
     8
     9        * bindings/js/JSDOMMapLike.cpp:
     10        (WebCore::getBackingMap):
     11
    1122021-07-14  Jer Noble  <jer.noble@apple.com>
    213

  • trunk/Source/WebCore/bindings/js/JSDOMMapLike.cpp

    r276719 r279924  
    4141        return { false, *JSC::asObject(backingMap) };
    4242
    43     JSC::DeferTermination deferScope(vm);
     43    JSC::DeferTerminationForAWhile deferScope(vm);
    4444    auto scope = DECLARE_CATCH_SCOPE(vm);
    4545
Note: See TracChangeset for help on using the changeset viewer.