Changeset 117340 in webkit


Ignore:
Timestamp:
May 16, 2012 2:06:53 PM (12 years ago)
Author:
ggaren@apple.com
Message:

GC is not thread-safe when moving values between C stacks
https://bugs.webkit.org/show_bug.cgi?id=86672

Reviewed by Phil Pizlo.

GC pauses thread A while marking thread A, and then B while marking B,
which isn't safe against A and B moving values between each others'
stacks.

This is a theoretical bug -- I haven't been able to reproduce it
in the wild.

  • heap/MachineStackMarker.cpp:

(JSC::MachineThreads::gatherFromOtherThread):
(JSC::MachineThreads::gatherConservativeRoots): Pause all C stacks for the
duration of stack marking, to avoid missing values that might be moving
between C stacks.

Location:
trunk/Source/JavaScriptCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r117201 r117340  
     12012-05-16  Geoffrey Garen  <ggaren@apple.com>
     2
     3        GC is not thread-safe when moving values between C stacks
     4        https://bugs.webkit.org/show_bug.cgi?id=86672
     5
     6        Reviewed by Phil Pizlo.
     7
     8        GC pauses thread A while marking thread A, and then B while marking B,
     9        which isn't safe against A and B moving values between each others'
     10        stacks.
     11
     12        This is a theoretical bug -- I haven't been able to reproduce it
     13        in the wild.
     14
     15        * heap/MachineStackMarker.cpp:
     16        (JSC::MachineThreads::gatherFromOtherThread):
     17        (JSC::MachineThreads::gatherConservativeRoots): Pause all C stacks for the
     18        duration of stack marking, to avoid missing values that might be moving
     19        between C stacks.
     20
    1212012-05-15  Mark Hahnenberg  <mhahnenberg@apple.com>
    222

  • trunk/Source/JavaScriptCore/heap/MachineStackMarker.cpp

    r110617 r117340  
    453453void MachineThreads::gatherFromOtherThread(ConservativeRoots& conservativeRoots, Thread* thread)
    454454{
    455     suspendThread(thread->platformThread);
    456 
    457455    PlatformThreadRegisters regs;
    458456    size_t regSize = getPlatformThreadRegisters(thread->platformThread, regs);
     
    464462    swapIfBackwards(stackPointer, stackBase);
    465463    conservativeRoots.add(stackPointer, stackBase);
    466 
    467     resumeThread(thread->platformThread);
    468464
    469465    freePlatformThreadRegisters(regs);
     
    485481        fastMallocForbid();
    486482#endif
     483        for (Thread* thread = m_registeredThreads; thread; thread = thread->next) {
     484            if (!equalThread(thread->platformThread, currentPlatformThread))
     485                suspendThread(thread->platformThread);
     486        }
     487
    487488        // It is safe to access the registeredThreads list, because we earlier asserted that locks are being held,
    488489        // and since this is a shared heap, they are real locks.
     
    491492                gatherFromOtherThread(conservativeRoots, thread);
    492493        }
     494
     495        for (Thread* thread = m_registeredThreads; thread; thread = thread->next) {
     496            if (!equalThread(thread->platformThread, currentPlatformThread))
     497                resumeThread(thread->platformThread);
     498        }
     499
    493500#ifndef NDEBUG
    494501        fastMallocAllow();
Note: See TracChangeset for help on using the changeset viewer.