Changeset 247346 in webkit

Timestamp:

Jul 11, 2019 2:42:22 AM (5 years ago)

Author:

ysuzuki@apple.com

Message:

Unreviewed, revert r243617.
​https://bugs.webkit.org/show_bug.cgi?id=196341

Mark pointed out that JSVirtualMachine can be gone in the other thread while we are executing GC constraint-solving.
This patch does not account that JavaScriptCore.framework is multi-thread safe: JSVirtualMachine wrapper can be destroyed,
and [JSVirtualMachine dealloc] can be executed in any threads while the VM is retained and used in the other thread (e.g.
destroyed from AutoReleasePool in some thread).

• API/JSContext.mm:

(-[JSContext initWithVirtualMachine:]):
(-[JSContext dealloc]):
(-[JSContext initWithGlobalContextRef:]):
(-[JSContext wrapperMap]):
(+[JSContext contextWithJSGlobalContextRef:]):

• API/JSVirtualMachine.mm:

(initWrapperCache):
(wrapperCache):
(+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
(+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
(-[JSVirtualMachine initWithContextGroupRef:]):
(-[JSVirtualMachine dealloc]):
(+[JSVirtualMachine virtualMachineWithContextGroupRef:]):
(-[JSVirtualMachine contextForGlobalContextRef:]):
(-[JSVirtualMachine addContext:forGlobalContextRef:]):
(scanExternalObjectGraph):
(scanExternalRememberedSet):

• API/JSVirtualMachineInternal.h:
• runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::setWrapperMap):
(JSC::JSGlobalObject::setAPIWrapper): Deleted.
(JSC::JSGlobalObject::apiWrapper const): Deleted.

• runtime/VM.h:

Location:

trunk/Source/JavaScriptCore

Files:

• API/JSContext.mm (modified) (5 diffs)
• API/JSVirtualMachine.mm (modified) (7 diffs)
• API/JSVirtualMachineInternal.h (modified) (1 diff)
• ChangeLog (modified) (1 diff)
• runtime/JSGlobalObject.h (modified) (2 diffs)
• runtime/VM.h (modified) (1 diff)

trunk/Source/JavaScriptCore/API/JSContext.mm

@@ -86 +86 @@
 
     [self ensureWrapperMap];
-
-    toJSGlobalObject(m_context)->setAPIWrapper((__bridge void*)self);
+    [m_virtualMachine addContext:self forGlobalContextRef:m_context];
 
     return self;
@@ -94 +93 @@
 - (void)dealloc
 {
-    toJSGlobalObject(m_context)->setAPIWrapper((__bridge void*)nil);
     m_exception.clear();
     JSGlobalContextRelease(m_context);
@@ -311 +309 @@
     };
 
-    toJSGlobalObject(m_context)->setAPIWrapper((__bridge void*)self);
+    [m_virtualMachine addContext:self forGlobalContextRef:m_context];
 
     return self;
@@ -361 +359 @@
 - (JSWrapperMap *)wrapperMap
 {
-    return toJSGlobalObject(m_context)->wrapperMap();
+    return toJS(m_context)->lexicalGlobalObject()->wrapperMap();
 }
 
@@ -372 +370 @@
 + (JSContext *)contextWithJSGlobalContextRef:(JSGlobalContextRef)globalContext
 {
-    JSContext *context = (__bridge JSContext *)toJSGlobalObject(globalContext)->apiWrapper();
+    JSVirtualMachine *virtualMachine = [JSVirtualMachine virtualMachineWithContextGroupRef:toRef(&toJS(globalContext)->vm())];
+    JSContext *context = [virtualMachine contextForGlobalContextRef:globalContext];
     if (!context)
         context = [[[JSContext alloc] initWithGlobalContextRef:globalContext] autorelease];

trunk/Source/JavaScriptCore/API/JSVirtualMachine.mm

@@ -42 +42 @@
 #import <wtf/Lock.h>
 
+static NSMapTable *globalWrapperCache = 0;
+
+static Lock wrapperCacheMutex;
+
+static void initWrapperCache()
+{
+    ASSERT(!globalWrapperCache);
+    NSPointerFunctionsOptions keyOptions = NSPointerFunctionsOpaqueMemory | NSPointerFunctionsOpaquePersonality;
+    NSPointerFunctionsOptions valueOptions = NSPointerFunctionsWeakMemory | NSPointerFunctionsObjectPersonality;
+    globalWrapperCache = [[NSMapTable alloc] initWithKeyOptions:keyOptions valueOptions:valueOptions capacity:0];
+}
+
+static NSMapTable *wrapperCache()
+{
+    if (!globalWrapperCache)
+        initWrapperCache();
+    return globalWrapperCache;
+}
+
+@interface JSVMWrapperCache : NSObject
++ (void)addWrapper:(JSVirtualMachine *)wrapper forJSContextGroupRef:(JSContextGroupRef)group;
++ (JSVirtualMachine *)wrapperForJSContextGroupRef:(JSContextGroupRef)group;
+@end
+
+@implementation JSVMWrapperCache
+
++ (void)addWrapper:(JSVirtualMachine *)wrapper forJSContextGroupRef:(JSContextGroupRef)group
+{
+    std::lock_guard<Lock> lock(wrapperCacheMutex);
+    NSMapInsert(wrapperCache(), group, (__bridge void*)wrapper);
+}
+
++ (JSVirtualMachine *)wrapperForJSContextGroupRef:(JSContextGroupRef)group
+{
+    std::lock_guard<Lock> lock(wrapperCacheMutex);
+    return (__bridge JSVirtualMachine *)NSMapGet(wrapperCache(), group);
+}
+
+@end
+
 @implementation JSVirtualMachine {
     JSContextGroupRef m_group;
     Lock m_externalDataMutex;
+    NSMapTable *m_contextCache;
     NSMapTable *m_externalObjectGraph;
     NSMapTable *m_externalRememberedSet;
@@ -66 +107 @@
     m_group = JSContextGroupRetain(group);
     
+    NSPointerFunctionsOptions keyOptions = NSPointerFunctionsOpaqueMemory | NSPointerFunctionsOpaquePersonality;
+    NSPointerFunctionsOptions valueOptions = NSPointerFunctionsWeakMemory | NSPointerFunctionsObjectPersonality;
+    m_contextCache = [[NSMapTable alloc] initWithKeyOptions:keyOptions valueOptions:valueOptions capacity:0];
+    
     NSPointerFunctionsOptions weakIDOptions = NSPointerFunctionsWeakMemory | NSPointerFunctionsObjectPersonality;
     NSPointerFunctionsOptions strongIDOptions = NSPointerFunctionsStrongMemory | NSPointerFunctionsObjectPersonality;
@@ -72 +117 @@
     NSPointerFunctionsOptions integerOptions = NSPointerFunctionsOpaqueMemory | NSPointerFunctionsIntegerPersonality;
     m_externalRememberedSet = [[NSMapTable alloc] initWithKeyOptions:weakIDOptions valueOptions:integerOptions capacity:0];
-
-    toJS(group)->m_apiWrapper = (__bridge void*)self;
+   
+    [JSVMWrapperCache addWrapper:self forJSContextGroupRef:group];
  
     return self;
@@ -80 +125 @@
 - (void)dealloc
 {
-    toJS(m_group)->m_apiWrapper = (__bridge void*)nil;
     JSContextGroupRelease(m_group);
+    [m_contextCache release];
     [m_externalObjectGraph release];
     [m_externalRememberedSet release];
@@ -193 +238 @@
 + (JSVirtualMachine *)virtualMachineWithContextGroupRef:(JSContextGroupRef)group
 {
-    auto* vm = toJS(group);
-    JSVirtualMachine *virtualMachine = (__bridge JSVirtualMachine *)vm->m_apiWrapper;
+    JSVirtualMachine *virtualMachine = [JSVMWrapperCache wrapperForJSContextGroupRef:group];
     if (!virtualMachine)
         virtualMachine = [[[JSVirtualMachine alloc] initWithContextGroupRef:group] autorelease];
     return virtualMachine;
+}
+
+- (JSContext *)contextForGlobalContextRef:(JSGlobalContextRef)globalContext
+{
+    return (__bridge JSContext *)NSMapGet(m_contextCache, globalContext);
+}
+
+- (void)addContext:(JSContext *)wrapper forGlobalContextRef:(JSGlobalContextRef)globalContext
+{
+    NSMapInsert(m_contextCache, globalContext, (__bridge void*)wrapper);
 }
 
@@ -264 +318 @@
 {
     @autoreleasepool {
-        JSVirtualMachine *virtualMachine = (__bridge JSVirtualMachine *)vm.m_apiWrapper;
+        JSVirtualMachine *virtualMachine = [JSVMWrapperCache wrapperForJSContextGroupRef:toRef(&vm)];
         if (!virtualMachine)
             return;
@@ -302 +356 @@
 {
     @autoreleasepool {
-        JSVirtualMachine *virtualMachine = (__bridge JSVirtualMachine *)vm.m_apiWrapper;
+        JSVirtualMachine *virtualMachine = [JSVMWrapperCache wrapperForJSContextGroupRef:toRef(&vm)];
         if (!virtualMachine)
             return;

trunk/Source/JavaScriptCore/API/JSVirtualMachineInternal.h

@@ -45 +45 @@
 + (JSVirtualMachine *)virtualMachineWithContextGroupRef:(JSContextGroupRef)group;
 
+- (JSContext *)contextForGlobalContextRef:(JSGlobalContextRef)globalContext;
+- (void)addContext:(JSContext *)wrapper forGlobalContextRef:(JSGlobalContextRef)globalContext;
 - (JSC::VM&)vm;
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2019-07-11  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        Unreviewed, revert r243617.
+        https://bugs.webkit.org/show_bug.cgi?id=196341
+
+        Mark pointed out that JSVirtualMachine can be gone in the other thread while we are executing GC constraint-solving.
+        This patch does not account that JavaScriptCore.framework is multi-thread safe: JSVirtualMachine wrapper can be destroyed,
+        and [JSVirtualMachine dealloc] can be executed in any threads while the VM is retained and used in the other thread (e.g.
+        destroyed from AutoReleasePool in some thread).
+
+        * API/JSContext.mm:
+        (-[JSContext initWithVirtualMachine:]):
+        (-[JSContext dealloc]):
+        (-[JSContext initWithGlobalContextRef:]):
+        (-[JSContext wrapperMap]):
+        (+[JSContext contextWithJSGlobalContextRef:]):
+        * API/JSVirtualMachine.mm:
+        (initWrapperCache):
+        (wrapperCache):
+        (+[JSVMWrapperCache addWrapper:forJSContextGroupRef:]):
+        (+[JSVMWrapperCache wrapperForJSContextGroupRef:]):
+        (-[JSVirtualMachine initWithContextGroupRef:]):
+        (-[JSVirtualMachine dealloc]):
+        (+[JSVirtualMachine virtualMachineWithContextGroupRef:]):
+        (-[JSVirtualMachine contextForGlobalContextRef:]):
+        (-[JSVirtualMachine addContext:forGlobalContextRef:]):
+        (scanExternalObjectGraph):
+        (scanExternalRememberedSet):
+        * API/JSVirtualMachineInternal.h:
+        * runtime/JSGlobalObject.h:
+        (JSC::JSGlobalObject::setWrapperMap):
+        (JSC::JSGlobalObject::setAPIWrapper): Deleted.
+        (JSC::JSGlobalObject::apiWrapper const): Deleted.
+        * runtime/VM.h:
+
 2019-07-10  Tadeu Zagallo  <tzagallo@apple.com>
 

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.h

@@ -1011 +1011 @@
     JSWrapperMap* wrapperMap() const { return m_wrapperMap.get(); }
     void setWrapperMap(JSWrapperMap* map) { m_wrapperMap = map; }
-    void setAPIWrapper(void* apiWrapper) { m_apiWrapper = apiWrapper; }
-    void* apiWrapper() const { return m_apiWrapper; }
 #endif
 #ifdef JSC_GLIB_API_ENABLED
@@ -1055 +1053 @@
 #if JSC_OBJC_API_ENABLED
     RetainPtr<JSWrapperMap> m_wrapperMap;
-    void* m_apiWrapper { nullptr };
 #endif
 #ifdef JSC_GLIB_API_ENABLED

trunk/Source/JavaScriptCore/runtime/VM.h

@@ -834 +834 @@
 #endif
 
-#if JSC_OBJC_API_ENABLED
-    void* m_apiWrapper { nullptr };
-#endif
-
     JS_EXPORT_PRIVATE void resetDateCache();