Context Navigation

← Previous Changeset
Next Changeset →

Changeset 259576 in webkit

Timestamp:

Apr 6, 2020 10:35:44 AM (4 years ago)

Author:

ysuzuki@apple.com

Message:

[JSC] Since ArrayBufferViewWatchpointAdaptor::add can fire watchpoints, DFG::Plan should check validity of CodeBlock after executing reallyAdd
https://bugs.webkit.org/show_bug.cgi?id=210055
<rdar://problem/61331962>

Reviewed by Keith Miller.

JSTests:

stress/array-buffer-view-watchpoint-can-be-fired-in-really-add-in-dfg.js: Added.

(xxx.foo):

Source/JavaScriptCore:

Since ArrayBufferViewWatchpointAdaptor::add can fire watchpoints, it is possible that the DFG CodeBlock is already invalidated after executing DFG::Plan::reallyAdd.
We should check CodeBlock's validity again and terminate DFG::Plan::finalizeWithoutNotifyingCallback with CompilationInvalidated if CodeBlock got invalidated.

dfg/DFGPlan.cpp:

(JSC::DFG::Plan::finalizeWithoutNotifyingCallback):

Location:

trunk

Files:

: 1 added
: 3 edited

JSTests/ChangeLog (modified) (1 diff)
JSTests/stress/array-buffer-view-watchpoint-can-be-fired-in-really-add-in-dfg.js (added)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGPlan.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/JSTests/ChangeLog

-                      r259564
+                      r259576
+-04-06  Yusuke Suzuki  <ysuzuki@apple.com>
+        [JSC] Since ArrayBufferViewWatchpointAdaptor::add can fire watchpoints, DFG::Plan should check validity of CodeBlock after executing reallyAdd
+        https://bugs.webkit.org/show_bug.cgi?id=210055
+        <rdar://problem/61331962>
+        Reviewed by Keith Miller.
+        * stress/array-buffer-view-watchpoint-can-be-fired-in-really-add-in-dfg.js: Added.
+        (xxx.foo):
 -04-05  Ross Kirsling  <ross.kirsling@sony.com>

trunk/Source/JavaScriptCore/ChangeLog

-                      r259572
+                      r259576
+-04-06  Yusuke Suzuki  <ysuzuki@apple.com>
+        [JSC] Since ArrayBufferViewWatchpointAdaptor::add can fire watchpoints, DFG::Plan should check validity of CodeBlock after executing reallyAdd
+        https://bugs.webkit.org/show_bug.cgi?id=210055
+        <rdar://problem/61331962>
+        Reviewed by Keith Miller.
+        Since ArrayBufferViewWatchpointAdaptor::add can fire watchpoints, it is possible that the DFG CodeBlock is already invalidated after executing DFG::Plan::reallyAdd.
+        We should check CodeBlock's validity again and terminate DFG::Plan::finalizeWithoutNotifyingCallback with CompilationInvalidated if CodeBlock got invalidated.
+        * dfg/DFGPlan.cpp:
+        (JSC::DFG::Plan::finalizeWithoutNotifyingCallback):
 -04-06  Yusuke Suzuki  <ysuzuki@apple.com>

trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp

-                      r259424
+                      r259576
+        }
+        // Since Plan::reallyAdd could fire watchpoints (see ArrayBufferViewWatchpointAdaptor::add), it is possible that the current CodeBlock is now invalidated.
+        if (!m_codeBlock->jitCode()->dfgCommon()->isStillValid) {
+            CODEBLOCK_LOG_EVENT(m_codeBlock, "dfgFinalize", ("invalidated"));
+            return CompilationInvalidated;
+        }
         if (validationEnabled()) {
             TrackedReferences trackedReferences;

Note: See TracChangeset for help on using the changeset viewer.