Changeset 246507 in webkit
- Timestamp:
- Jun 17, 2019 11:54:30 AM (5 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r246505 r246507 1 2019-06-17 Tadeu Zagallo <tzagallo@apple.com> 2 3 Concurrent GC should check the conn before starting a new collection cycle 4 https://bugs.webkit.org/show_bug.cgi?id=198913 5 <rdar://problem/49515149> 6 7 Reviewed by Filip Pizlo. 8 9 Heap::requestCollection tries to steal the conn as an optimization to avoid waking up the collector 10 thread if it's idle. We determine if the collector is idle by ensuring that there are no pending collections 11 and that the current GC phase is NotRunning. However, that's not safe immediately after the concurrent 12 GC has finished processing the last pending request. The collector thread will runEndPhase and immediately 13 start runNotRunningPhase, without checking if it still has the conn. If the mutator has stolen the conn in 14 the mean time, this will lead to both threads collecting concurrently, and eventually we'll crash in checkConn, 15 since the collector is running but doesn't have the conn anymore. 16 17 To solve this, we check if we still have the conn after holding the lock in runNotRunningPhase, in case the mutator 18 has stolen the conn. Ideally, we wouldn't let the mutator steal the conn in the first place, but that doesn't seem 19 trivial to determine. 20 21 * heap/Heap.cpp: 22 (JSC::Heap::runNotRunningPhase): 23 1 24 2019-06-17 Yusuke Suzuki <ysuzuki@apple.com> 2 25 -
trunk/Source/JavaScriptCore/heap/Heap.cpp
r246490 r246507 1235 1235 if (m_requests.isEmpty()) 1236 1236 return false; 1237 // Check if the mutator has stolen the conn while the collector transitioned from End to NotRunning 1238 if (conn == GCConductor::Collector && !!(m_worldState.load() & mutatorHasConnBit)) 1239 return false; 1237 1240 } 1238 1241
Note: See TracChangeset
for help on using the changeset viewer.