Changeset 261591 in webkit

Timestamp:

May 12, 2020 5:17:19 PM (4 years ago)

Author:

mark.lam@apple.com

Message:

Cherry-pick r260165, r261538. rdar://problem/63156083

2020-04-15 Robin Morisset <​rmorisset@apple.com>

Flaky Test: fetch/fetch-worker-crash.html
​https://bugs.webkit.org/show_bug.cgi?id=187257
<rdar://problem/48527526>

Reviewed by Yusuke Suzuki.

Source/JavaScriptCore:

The crash is coming from setExceptionPorts which is inlined in WTF::registerThreadForMachExceptionHandling.
From the error message we know that the problem is an "invalid port right".
​http://web.mit.edu/darwin/src/modules/xnu/osfmk/man/thread_set_exception_ports.html tells us that the "port right" is the third parameter to thread_set_exception_ports, which is exceptionPort in our case.
exceptionPort is a global variable defined at the top of Signals.cpp:

static mach_port_t exceptionPort;

It is set in exactly one place:

kern_return_t kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &exceptionPort);

in a std::call_once, in startMachExceptionHandlerThread().
Note that startMachExceptionHandlerThread() is called from the main thread just before the point where we are stuck.. and there is no synchronization to make sure it completed and its effect is visible to the worker thread before it uses exceptionPort.

So I think the crash is due to this race between allocating exceptionPort and using it, resulting in an invalid exceptionPort being sometimes passed to the kernel.
So this patch is a simple speculative fix, by running startMachExceptionHandlerThread() in initializeThreading(), before JSLock()::lock() can be run.

• runtime/InitializeThreading.cpp: (JSC::initializeThreading):

2020-05-11 Mark Lam <​mark.lam@apple.com>

Introduce WTF::Config and put Signal.cpp's init-once globals in it.
​https://bugs.webkit.org/show_bug.cgi?id=211729
<rdar://problem/62938878>

Reviewed by Keith Miller and Saam Barati.

1. Initialize VMTraps' signals early now that we'll be freezing signals at the end of the first VM initialization.

2. Move the !initializeThreadingHasBeenCalled RELEASE_ASSERT in initializeThreading() to the bottom of the function. This way, we'll also catch bugs which may cause us to jump into the middle of the function.

Added a compilerFence there to ensure that the RELEASE_ASSERT is only executed
after all initialization is done. This guarantees that it will only be executed
at the end.

3. Call WTF::Config::permanentlyFreeze() from JSC::Config::permanentlyFreeze() for obvious reasons: freezing one should freeze the other.

• runtime/InitializeThreading.cpp: (JSC::initializeThreading):
• runtime/JSCConfig.cpp: (JSC::Config::permanentlyFreeze):
• runtime/VMTraps.cpp: (JSC::VMTraps::initializeSignals):
• runtime/VMTraps.h:

Source/WTF:

Make startMachExceptionHandlerThread visible so that we can make sure it is called whenever initializing JSC.

• wtf/threads/Signals.cpp: (WTF::startMachExceptionHandlerThread):
• wtf/threads/Signals.h:

2020-05-11 Mark Lam <​mark.lam@apple.com>

Introduce WTF::Config and put Signal.cpp's init-once globals in it.
​https://bugs.webkit.org/show_bug.cgi?id=211729
<rdar://problem/62938878>

Reviewed by Keith Miller and Saam Barati.

1. Added WTF::Config for storing globals that effectively serve as constants i.e we'll be initializing them before or during the first VM instantiation, but should not have any reason to modify them later. The WTF::Config will be frozen (along with JSC::Config) at the end of instantiating the first VM instance.

2. Added a Config::AssertNotFrozenScope RAII object to ensure that initialization operations that should only be called at initialization time, will not be called once the Config has been frozen.

3. Moved most of Signal.cpp's globals into WTF::Config. The only globals (or statics) not moved are ones that cannot be moved because they require a non-trivial default constructor (once_flag), or need to be modifiable at runtime (e.g. Lock).

Instead of freezing the once_flag, we sanity check the call_once block with
the Config::AssertNotFrozenScope.

4. SignalHandler records are now allocated from arrays of SignalHandlerMemory in the WTF::Config. The number of signal handlers we will ever install is always finite. Hence, there's no reason to use a dynamic data structure like the LocklessBag to hold it.

We introduce a SignalHandlers struct to manage these arrays (and all the other
Signal.cpp globals that we want to move to the WTF::Config). Amongst other
things, SignalHandlers provides the abstractions for:

1. allocating memory for the SignalHandler instances. See SignalHandlers::alloc().
2. iterating SignalHandler instances. See SignalHandlers::forEachHandler().

To maintain the synchronization properties of the LocklessBag,
SignalHandlers::alloc() uses a mutex. In practice, this mutex will never be
contended on because all signal handlers are now installed at initialization
time before any concurrency comes into play.

5. We now initialize activeThreads() eagerly via initializeThreading. In production configurations, this does not matter because signal handler installations will always trigger its initialization. However, in debugging configurations, we may end up disabling the use of all signal handlers. As a result, we need to do this eager initialization to ensure that it is done before we freeze the WTF::Config.

• WTF.xcodeproj/project.pbxproj:
• wtf/CMakeLists.txt:
• wtf/Threading.cpp: (WTF::initializeThreading):
• wtf/WTFConfig.cpp: Added. (WTF::Config::disableFreezingForTesting): (WTF::Config::permanentlyFreeze):
• wtf/WTFConfig.h: Added. (WTF::Config::configureForTesting): (WTF::Config::AssertNotFrozenScope::~AssertNotFrozenScope):
• wtf/threads/Signals.cpp: (WTF::SignalHandlers::alloc): (WTF::SignalHandlers::forEachHandler const): (WTF::startMachExceptionHandlerThread): (WTF::handleSignalsWithMach): (WTF::setExceptionPorts): (WTF::activeThreads): (WTF::installSignalHandler): (WTF::jscSignalHandler): (WTF::SignalHandlers::initialize):
• wtf/threads/Signals.h:

Location:

branches/safari-609-branch/Source

Files:

• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/runtime/InitializeThreading.cpp (modified) (5 diffs)
• JavaScriptCore/runtime/JSCConfig.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/VMTraps.cpp (modified) (3 diffs)
• JavaScriptCore/runtime/VMTraps.h (modified) (2 diffs)
• WTF/ChangeLog (modified) (1 diff)
• WTF/WTF.xcodeproj/project.pbxproj (modified) (4 diffs)
• WTF/wtf/CMakeLists.txt (modified) (2 diffs)
• WTF/wtf/Threading.cpp (modified) (3 diffs)
• WTF/wtf/WTFConfig.cpp (copied) (copied from trunk/Source/WTF/wtf/WTFConfig.cpp)
• WTF/wtf/WTFConfig.h (copied) (copied from trunk/Source/WTF/wtf/WTFConfig.h) (1 diff)
• WTF/wtf/threads/Signals.cpp (modified) (15 diffs)
• WTF/wtf/threads/Signals.h (modified) (4 diffs)

branches/safari-609-branch/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2020-05-12  Mark Lam  <mark.lam@apple.com>
+
+        Cherry-pick r260165, r261538. rdar://problem/63156083
+
+    2020-04-15  Robin Morisset  <rmorisset@apple.com>
+
+            Flaky Test: fetch/fetch-worker-crash.html
+            https://bugs.webkit.org/show_bug.cgi?id=187257
+            <rdar://problem/48527526>
+
+            Reviewed by Yusuke Suzuki.
+
+            The crash is coming from setExceptionPorts which is inlined in WTF::registerThreadForMachExceptionHandling.
+            From the error message we know that the problem is an "invalid port right".
+            http://web.mit.edu/darwin/src/modules/xnu/osfmk/man/thread_set_exception_ports.html tells us that the "port right" is the third parameter to thread_set_exception_ports, which is exceptionPort in our case.
+            exceptionPort is a global variable defined at the top of Signals.cpp:
+              static mach_port_t exceptionPort;
+            It is set in exactly one place:
+              kern_return_t kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &exceptionPort);
+            in a std::call_once, in startMachExceptionHandlerThread().
+            Note that startMachExceptionHandlerThread() is called from the main thread just before the point where we are stuck.. and there is no synchronization to make sure it completed and its effect is visible to the worker thread before it uses exceptionPort.
+
+            So I think the crash is due to this race between allocating exceptionPort and using it, resulting in an invalid exceptionPort being sometimes passed to the kernel.
+            So this patch is a simple speculative fix, by running startMachExceptionHandlerThread() in initializeThreading(), before JSLock()::lock() can be run.
+
+            * runtime/InitializeThreading.cpp:
+            (JSC::initializeThreading):
+
+    2020-05-11  Mark Lam  <mark.lam@apple.com>
+
+            Introduce WTF::Config and put Signal.cpp's init-once globals in it.
+            https://bugs.webkit.org/show_bug.cgi?id=211729
+            <rdar://problem/62938878>
+
+            Reviewed by Keith Miller and Saam Barati.
+
+            1. Initialize VMTraps' signals early now that we'll be freezing signals at the end
+               of the first VM initialization.
+
+            2. Move the !initializeThreadingHasBeenCalled RELEASE_ASSERT in initializeThreading()
+               to the bottom of the function.  This way, we'll also catch bugs which may cause
+               us to jump into the middle of the function.
+
+               Added a compilerFence there to ensure that the RELEASE_ASSERT is only executed
+               after all initialization is done.  This guarantees that it will only be executed
+               at the end.
+
+            3. Call WTF::Config::permanentlyFreeze() from JSC::Config::permanentlyFreeze()
+               for obvious reasons: freezing one should freeze the other.
+
+            * runtime/InitializeThreading.cpp:
+            (JSC::initializeThreading):
+            * runtime/JSCConfig.cpp:
+            (JSC::Config::permanentlyFreeze):
+            * runtime/VMTraps.cpp:
+            (JSC::VMTraps::initializeSignals):
+            * runtime/VMTraps.h:
+
 2020-04-18  Alex Christensen  <achristensen@webkit.org>
 

branches/safari-609-branch/Source/JavaScriptCore/runtime/InitializeThreading.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -45 +45 @@
 #include "StructureIDTable.h"
 #include "SuperSampler.h"
+#include "VMTraps.h"
 #include "WasmCalleeRegistry.h"
 #include "WasmCapabilities.h"
@@ -54 +55 @@
 #include <wtf/dtoa.h>
 #include <wtf/dtoa/cached-powers.h>
+#include <wtf/threads/Signals.h>
 
 namespace JSC {
@@ -64 +66 @@
 
     std::call_once(initializeThreadingOnceFlag, []{
-        RELEASE_ASSERT(!g_jscConfig.initializeThreadingHasBeenCalled);
-        g_jscConfig.initializeThreadingHasBeenCalled = true;
-
         WTF::initializeThreading();
         Options::initialize();
@@ -100 +99 @@
         if (VM::isInMiniMode())
             WTF::fastEnableMiniMode();
+
+#if HAVE(MACH_EXCEPTIONS)
+        // JSLock::lock() can call registerThreadForMachExceptionHandling() which crashes if this has not been called first.
+        WTF::startMachExceptionHandlerThread();
+#endif
+        VMTraps::initializeSignals();
+
+        WTF::compilerFence();
+        RELEASE_ASSERT(!g_jscConfig.initializeThreadingHasBeenCalled);
+        g_jscConfig.initializeThreadingHasBeenCalled = true;
     });
 }

branches/safari-609-branch/Source/JavaScriptCore/runtime/JSCConfig.cpp

@@ -29 +29 @@
 #include <wtf/ResourceUsage.h>
 #include <wtf/StdLibExtras.h>
+#include <wtf/WTFConfig.h>
 
 #if OS(DARWIN)
@@ -54 +55 @@
 void Config::permanentlyFreeze()
 {
+    WTF::Config::permanentlyFreeze();
+
 #if PLATFORM(COCOA)
     RELEASE_ASSERT(roundUpToMultipleOf(vmPageSize(), ConfigSizeToProtect) == ConfigSizeToProtect);

branches/safari-609-branch/Source/JavaScriptCore/runtime/VMTraps.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -199 +199 @@
         : Base(locker, vm.traps().m_lock, vm.traps().m_condition.copyRef())
         , m_vm(vm)
+    { }
+
+    static void initializeSignals()
     {
         static std::once_flag once;
@@ -296 +299 @@
 
 #endif // ENABLE(SIGNAL_BASED_VM_TRAPS)
+
+void VMTraps::initializeSignals()
+{
+#if ENABLE(SIGNAL_BASED_VM_TRAPS)
+    if (!Options::usePollingTraps())
+        SignalSender::initializeSignals();
+#endif
+}
 
 void VMTraps::willDestroyVM()

branches/safari-609-branch/Source/JavaScriptCore/runtime/VMTraps.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -99 +99 @@
     VMTraps();
 
+    static void initializeSignals();
+
     void willDestroyVM();
 

branches/safari-609-branch/Source/WTF/ChangeLog

@@ +1 @@
+2020-05-12  Mark Lam  <mark.lam@apple.com>
+
+        Cherry-pick r260165, r261538. rdar://problem/63156083
+
+    2020-04-15  Robin Morisset  <rmorisset@apple.com>
+
+            Flaky Test: fetch/fetch-worker-crash.html
+            https://bugs.webkit.org/show_bug.cgi?id=187257
+            <rdar://problem/48527526>
+
+            Reviewed by Yusuke Suzuki.
+
+            Make startMachExceptionHandlerThread visible so that we can make sure it is called whenever initializing JSC.
+
+            * wtf/threads/Signals.cpp:
+            (WTF::startMachExceptionHandlerThread):
+            * wtf/threads/Signals.h:
+
+    2020-05-11  Mark Lam  <mark.lam@apple.com>
+
+            Introduce WTF::Config and put Signal.cpp's init-once globals in it.
+            https://bugs.webkit.org/show_bug.cgi?id=211729
+            <rdar://problem/62938878>
+
+            Reviewed by Keith Miller and Saam Barati.
+
+            1. Added WTF::Config for storing globals that effectively serve as constants i.e
+               we'll be initializing them before or during the first VM instantiation, but
+               should not have any reason to modify them later.  The WTF::Config will be frozen
+               (along with JSC::Config) at the end of instantiating the first VM instance.
+
+            2. Added a Config::AssertNotFrozenScope RAII object to ensure that initialization
+               operations that should only be called at initialization time, will not be
+               called once the Config has been frozen.
+
+            3. Moved most of Signal.cpp's globals into WTF::Config.  The only globals (or
+               statics) not moved are ones that cannot be moved because they require a
+               non-trivial default constructor (once_flag), or need to be modifiable
+               at runtime (e.g. Lock).
+
+               Instead of freezing the once_flag, we sanity check the call_once block with
+               the Config::AssertNotFrozenScope.
+
+            4. SignalHandler records are now allocated from arrays of SignalHandlerMemory in
+               the WTF::Config.  The number of signal handlers we will ever install is always
+               finite.  Hence, there's no reason to use a dynamic data structure like the
+               LocklessBag to hold it.
+
+               We introduce a SignalHandlers struct to manage these arrays (and all the other
+               Signal.cpp globals that we want to move to the WTF::Config).  Amongst other
+               things, SignalHandlers provides the abstractions for:
+
+               a. allocating memory for the SignalHandler instances.  See SignalHandlers::alloc().
+               b. iterating SignalHandler instances. See SignalHandlers::forEachHandler().
+
+               To maintain the synchronization properties of the LocklessBag,
+               SignalHandlers::alloc() uses a mutex.  In practice, this mutex will never be
+               contended on because all signal handlers are now installed at initialization
+               time before any concurrency comes into play.
+
+            5. We now initialize activeThreads() eagerly via initializeThreading.  In
+               production configurations, this does not matter because signal handler
+               installations will always trigger its initialization.  However, in debugging
+               configurations, we may end up disabling the use of all signal handlers.  As a
+               result, we need to do this eager initialization to ensure that it is done
+               before we freeze the WTF::Config.
+
+            * WTF.xcodeproj/project.pbxproj:
+            * wtf/CMakeLists.txt:
+            * wtf/Threading.cpp:
+            (WTF::initializeThreading):
+            * wtf/WTFConfig.cpp: Added.
+            (WTF::Config::disableFreezingForTesting):
+            (WTF::Config::permanentlyFreeze):
+            * wtf/WTFConfig.h: Added.
+            (WTF::Config::configureForTesting):
+            (WTF::Config::AssertNotFrozenScope::~AssertNotFrozenScope):
+            * wtf/threads/Signals.cpp:
+            (WTF::SignalHandlers::alloc):
+            (WTF::SignalHandlers::forEachHandler const):
+            (WTF::startMachExceptionHandlerThread):
+            (WTF::handleSignalsWithMach):
+            (WTF::setExceptionPorts):
+            (WTF::activeThreads):
+            (WTF::installSignalHandler):
+            (WTF::jscSignalHandler):
+            (WTF::SignalHandlers::initialize):
+            * wtf/threads/Signals.h:
+
 2020-05-07  Russell Epstein  <repstein@apple.com>
 

branches/safari-609-branch/Source/WTF/WTF.xcodeproj/project.pbxproj

@@ -182 +182 @@
                 E4A0AD391A96245500536DF6 /* WorkQueue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E4A0AD371A96245500536DF6 /* WorkQueue.cpp */; };
                 E4A0AD3D1A96253C00536DF6 /* WorkQueueCocoa.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E4A0AD3C1A96253C00536DF6 /* WorkQueueCocoa.cpp */; };
+                FE032AD22463E43B0012D7C7 /* WTFConfig.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE032AD02463E43B0012D7C7 /* WTFConfig.cpp */; };
                 FE05FAFF1FE5007500093230 /* WTFAssertions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE05FAFE1FE5007500093230 /* WTFAssertions.cpp */; };
                 FE1E2C3B2240C06600F6B729 /* PtrTag.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE1E2C392240C05400F6B729 /* PtrTag.cpp */; };
@@ -721 +722 @@
                 EF7D6CD59D8642A8A0DA86AD /* StackTrace.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StackTrace.h; sourceTree = "<group>"; };
                 F72BBDB107FA424886178B9E /* SymbolImpl.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SymbolImpl.cpp; sourceTree = "<group>"; };
+                FE032AD02463E43B0012D7C7 /* WTFConfig.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WTFConfig.cpp; sourceTree = "<group>"; };
+                FE032AD12463E43B0012D7C7 /* WTFConfig.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WTFConfig.h; sourceTree = "<group>"; };
                 FE05FAE61FDB214300093230 /* DumbPtrTraits.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DumbPtrTraits.h; sourceTree = "<group>"; };
                 FE05FAFE1FE5007500093230 /* WTFAssertions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WTFAssertions.cpp; sourceTree = "<group>"; };
@@ -1271 +1274 @@
                                 E4A0AD381A96245500536DF6 /* WorkQueue.h */,
                                 FE05FAFE1FE5007500093230 /* WTFAssertions.cpp */,
+                                FE032AD02463E43B0012D7C7 /* WTFConfig.cpp */,
+                                FE032AD12463E43B0012D7C7 /* WTFConfig.h */,
                                 A36E16F7216FF828008DD87E /* WTFSemaphore.h */,
                         );
@@ -1723 +1728 @@
                                 7AFEC6B11EB22B5900DADE36 /* UUID.cpp in Sources */,
                                 E3149A39228BB43500BFA6C7 /* Vector.cpp in Sources */,
+                                FE032AD22463E43B0012D7C7 /* WTFConfig.cpp in Sources */,
                                 0F66B2921DC97BAB004A1D3F /* WallTime.cpp in Sources */,
                                 1FA47C8A152502DA00568D1B /* WebCoreThread.cpp in Sources */,

branches/safari-609-branch/Source/WTF/wtf/CMakeLists.txt

@@ -271 +271 @@
     VectorHash.h
     VectorTraits.h
+    WTFConfig.h
     WTFSemaphore.h
     WallTime.h
@@ -429 +430 @@
     Vector.cpp
     WTFAssertions.cpp
+    WTFConfig.cpp
     WallTime.cpp
     WordLock.cpp

branches/safari-609-branch/Source/WTF/wtf/Threading.cpp

@@ -37 +37 @@
 #include <wtf/ThreadMessage.h>
 #include <wtf/ThreadingPrimitives.h>
+#include <wtf/WTFConfig.h>
 #include <wtf/text/AtomStringTable.h>
 #include <wtf/text/StringView.h>
+#include <wtf/threads/Signals.h>
 
 #if HAVE(QOS_CLASSES)
@@ -338 +340 @@
     static std::once_flag onceKey;
     std::call_once(onceKey, [] {
+        Config::AssertNotFrozenScope assertScope;
         initializeRandomNumberGenerator();
 #if !HAVE(FAST_TLS) && !OS(WINDOWS)
@@ -344 +347 @@
         initializeDates();
         Thread::initializePlatformThreading();
+#if USE(PTHREADS) && HAVE(MACHINE_CONTEXT)
+        SignalHandlers::initialize();
+#endif
     });
 }

branches/safari-609-branch/Source/WTF/wtf/WTFConfig.h

@@ -35 +35 @@
 namespace WTF {
 
-constexpr size_t ConfigSizeToProtect = CeilingOnPageSize;
+#if CPU(ARM64) || PLATFORM(WATCHOS)
+constexpr size_t PageSize = 16 * KB;
+#else
+constexpr size_t PageSize = 4 * KB;
+#endif
+
+constexpr size_t ConfigSizeToProtect = PageSize;
 
 struct Config {

branches/safari-609-branch/Source/WTF/wtf/threads/Signals.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -52 +52 @@
 #include <wtf/ThreadMessage.h>
 #include <wtf/Threading.h>
-
+#include <wtf/WTFConfig.h>
 
 namespace WTF {
 
-    
-static LazyNeverDestroyed<LocklessBag<SignalHandler>> handlers[static_cast<size_t>(Signal::NumberOfSignals)] = { };
-static std::once_flag initializeOnceFlags[static_cast<size_t>(Signal::NumberOfSignals)];
-static struct sigaction oldActions[static_cast<size_t>(Signal::NumberOfSignals)];
+void SignalHandlers::add(Signal signal, SignalHandler&& handler)
+{
+    Config::AssertNotFrozenScope assertScope;
+    static Lock lock;
+    auto locker = holdLock(lock);
+
+    size_t signalIndex = static_cast<size_t>(signal);
+    size_t nextFree = numberOfHandlers[signalIndex];
+    RELEASE_ASSERT(nextFree < maxNumberOfHandlers);
+    SignalHandlerMemory* memory = &handlers[signalIndex][nextFree];
+    new (memory) SignalHandler(WTFMove(handler));
+
+    // We deliberately do not want to increment the count until after we've
+    // fully initialized the memory. This way, forEachHandler() won't see a
+    // partially initialized handler.
+    storeStoreFence();
+    numberOfHandlers[signalIndex]++;
+    loadLoadFence();
+}
+
+template<typename Func>
+inline void SignalHandlers::forEachHandler(Signal signal, const Func& func) const
+{
+    size_t signalIndex = static_cast<size_t>(signal);
+    size_t handlerIndex = numberOfHandlers[signalIndex];
+    while (handlerIndex--) {
+        auto* memory = const_cast<SignalHandlerMemory*>(&handlers[signalIndex][handlerIndex]);
+        const SignalHandler& handler = *bitwise_cast<SignalHandler*>(memory);
+        func(handler);
+    }
+}
 
 #if HAVE(MACH_EXCEPTIONS)
@@ -67 +94 @@
 // http://www.cs.cmu.edu/afs/cs/project/mach/public/doc/unpublished/mig.ps
 
-static mach_port_t exceptionPort;
 static constexpr size_t maxMessageSize = 1 * KB;
 
-static void startMachExceptionHandlerThread()
+void startMachExceptionHandlerThread()
 {
     static std::once_flag once;
     std::call_once(once, [] {
-        kern_return_t kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &exceptionPort);
+        Config::AssertNotFrozenScope assertScope;
+        SignalHandlers& handlers = g_wtfConfig.signalHandlers;
+        kern_return_t kr = mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &handlers.exceptionPort);
         RELEASE_ASSERT(kr == KERN_SUCCESS);
-        kr = mach_port_insert_right(mach_task_self(), exceptionPort, exceptionPort, MACH_MSG_TYPE_MAKE_SEND);
+        kr = mach_port_insert_right(mach_task_self(), handlers.exceptionPort, handlers.exceptionPort, MACH_MSG_TYPE_MAKE_SEND);
         RELEASE_ASSERT(kr == KERN_SUCCESS);
 
         dispatch_source_t source = dispatch_source_create(
-            DISPATCH_SOURCE_TYPE_MACH_RECV, exceptionPort, 0, DISPATCH_TARGET_QUEUE_DEFAULT);
+            DISPATCH_SOURCE_TYPE_MACH_RECV, handlers.exceptionPort, 0, DISPATCH_TARGET_QUEUE_DEFAULT);
         RELEASE_ASSERT(source);
 
@@ -87 +115 @@
 
             kern_return_t kr = mach_msg_server_once(
-                mach_exc_server, maxMessageSize, exceptionPort, MACH_MSG_TIMEOUT_NONE);
+                mach_exc_server, maxMessageSize, handlers.exceptionPort, MACH_MSG_TIMEOUT_NONE);
             RELEASE_ASSERT(kr == KERN_SUCCESS);
         });
@@ -146 +174 @@
     mach_msg_type_number_t* outStateCount)
 {
-    RELEASE_ASSERT(port == exceptionPort);
+    SignalHandlers& handlers = g_wtfConfig.signalHandlers;
+    RELEASE_ASSERT(port == handlers.exceptionPort);
     // If we wanted to distinguish between SIGBUS and SIGSEGV for EXC_BAD_ACCESS on Darwin we could do:
     // if (exceptionData[0] == KERN_INVALID_ADDRESS)
@@ -179 +208 @@
 
     bool didHandle = false;
-    handlers[static_cast<size_t>(signal)]->iterate([&] (const SignalHandler& handler) {
+    handlers.forEachHandler(signal, [&] (const SignalHandler& handler) {
         SignalAction handlerResult = handler(signal, info, registers);
         didHandle |= handlerResult == SignalAction::Handled;
@@ -189 +218 @@
 }
 
-};
-
-static bool useMach { false };
+}; // extern "C"
+
 void handleSignalsWithMach()
 {
-    useMach = true;
-}
-
-
-exception_mask_t activeExceptions { 0 };
+    Config::AssertNotFrozenScope assertScope;
+    g_wtfConfig.signalHandlers.useMach = true;
+}
 
 inline void setExceptionPorts(const AbstractLocker& threadGroupLocker, Thread& thread)
 {
     UNUSED_PARAM(threadGroupLocker);
-    kern_return_t result = thread_set_exception_ports(thread.machThread(), activeExceptions, exceptionPort, EXCEPTION_STATE | MACH_EXCEPTION_CODES, MACHINE_THREAD_STATE);
+    SignalHandlers& handlers = g_wtfConfig.signalHandlers;
+    kern_return_t result = thread_set_exception_ports(thread.machThread(), handlers.activeExceptions, handlers.exceptionPort, EXCEPTION_STATE | MACH_EXCEPTION_CODES, MACHINE_THREAD_STATE);
     if (result != KERN_SUCCESS) {
         dataLogLn("thread set port failed due to ", mach_error_string(result));
@@ -215 +242 @@
     static ThreadGroup* activeThreadsPtr = nullptr;
     std::call_once(initializeKey, [&] {
+        Config::AssertNotFrozenScope assertScope;
         static NeverDestroyed<std::shared_ptr<ThreadGroup>> activeThreads { ThreadGroup::create() };
         activeThreadsPtr = activeThreads.get().get();
@@ -243 +271 @@
 void installSignalHandler(Signal signal, SignalHandler&& handler)
 {
+    Config::AssertNotFrozenScope assertScope;
+    SignalHandlers& handlers = g_wtfConfig.signalHandlers;
     ASSERT(signal < Signal::Unknown);
 #if HAVE(MACH_EXCEPTIONS)
-    ASSERT(!useMach || signal != Signal::Usr);
-
-    if (useMach)
+    ASSERT(!handlers.useMach || signal != Signal::Usr);
+
+    if (handlers.useMach)
         startMachExceptionHandlerThread();
 #endif
 
+    static std::once_flag initializeOnceFlags[static_cast<size_t>(Signal::NumberOfSignals)];
     std::call_once(initializeOnceFlags[static_cast<size_t>(signal)], [&] {
-        handlers[static_cast<size_t>(signal)].construct();
-
+        Config::AssertNotFrozenScope assertScope;
+#if HAVE(MACH_EXCEPTIONS)
+        bool useMach = handlers.useMach;
+#endif
         if (!useMach) {
             struct sigaction action;
@@ -264 +297 @@
             action.sa_flags = SA_SIGINFO;
             auto systemSignals = toSystemSignal(signal);
-            result = sigaction(std::get<0>(systemSignals), &action, &oldActions[offsetForSystemSignal(std::get<0>(systemSignals))]);
+            result = sigaction(std::get<0>(systemSignals), &action, &handlers.oldActions[offsetForSystemSignal(std::get<0>(systemSignals))]);
             if (std::get<1>(systemSignals))
-                result |= sigaction(*std::get<1>(systemSignals), &action, &oldActions[offsetForSystemSignal(*std::get<1>(systemSignals))]);
+                result |= sigaction(*std::get<1>(systemSignals), &action, &handlers.oldActions[offsetForSystemSignal(*std::get<1>(systemSignals))]);
             RELEASE_ASSERT(!result);
         }
-
-    });
-
-    handlers[static_cast<size_t>(signal)]->add(WTFMove(handler));
+    });
+
+    handlers.add(signal, WTFMove(handler));
 
 #if HAVE(MACH_EXCEPTIONS)
     auto locker = holdLock(activeThreads().getLock());
-    if (useMach) {
-        activeExceptions |= toMachMask(signal);
+    if (handlers.useMach) {
+        handlers.activeExceptions |= toMachMask(signal);
 
         for (auto& thread : activeThreads().threads(locker))
@@ -288 +320 @@
 {
     Signal signal = fromSystemSignal(sig);
+    SignalHandlers& handlers = g_wtfConfig.signalHandlers;
 
     auto restoreDefault = [&] {
@@ -300 +333 @@
     // This shouldn't happen but we might as well be careful.
     if (signal == Signal::Unknown) {
-        dataLogLn("We somehow got called for an unknown signal ", sig, ", halp.");
+        dataLogLn("We somehow got called for an unknown signal ", sig, ", help.");
         restoreDefault();
         return;
@@ -313 +346 @@
     bool didHandle = false;
     bool restoreDefaultHandler = false;
-    handlers[static_cast<size_t>(signal)]->iterate([&] (const SignalHandler& handler) {
+    handlers.forEachHandler(signal, [&] (const SignalHandler& handler) {
         switch (handler(signal, sigInfo, registers)) {
         case SignalAction::Handled:
@@ -332 +365 @@
 
     unsigned oldActionIndex = static_cast<size_t>(signal) + (sig == SIGBUS);
-    struct sigaction& oldAction = oldActions[static_cast<size_t>(oldActionIndex)];
+    struct sigaction& oldAction = handlers.oldActions[static_cast<size_t>(oldActionIndex)];
     if (signal == Signal::Usr) {
         if (oldAction.sa_sigaction)
@@ -350 +383 @@
 }
 
+void SignalHandlers::initialize()
+{
+#if HAVE(MACH_EXCEPTIONS)
+    // In production configurations, this does not matter because signal handler
+    // installations will always trigger this initialization. However, in debugging
+    // configurations, we may end up disabling the use of all signal handlers but
+    // we still need this to be initialized. Hence, we need to initialize it
+    // eagerly to ensure that it is done before we freeze the WTF::Config.
+    activeThreads();
+#endif
+}
+
 } // namespace WTF
 

branches/safari-609-branch/Source/WTF/wtf/threads/Signals.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -31 +31 @@
 #include <tuple>
 #include <wtf/Function.h>
+#include <wtf/Lock.h>
 #include <wtf/Optional.h>
 #include <wtf/PlatformRegisters.h>
+
+#if HAVE(MACH_EXCEPTIONS)
+#include <mach/exception_types.h>
+#endif
 
 namespace WTF {
@@ -83 +88 @@
 
 using SignalHandler = Function<SignalAction(Signal, SigInfo&, PlatformRegisters&)>;
+using SignalHandlerMemory = std::aligned_storage<sizeof(SignalHandler), std::alignment_of<SignalHandler>::value>::type;
 
-// Call this method whenever you want to install a signal handler. It's ok to call this function lazily.
+struct SignalHandlers {
+    static void initialize();
+
+    void add(Signal, SignalHandler&&);
+    template<typename Func>
+    void forEachHandler(Signal, const Func&) const;
+
+    static constexpr size_t numberOfSignals = static_cast<size_t>(Signal::NumberOfSignals);
+    static constexpr size_t maxNumberOfHandlers = 2;
+
+    static_assert(numberOfSignals < std::numeric_limits<uint8_t>::max());
+
+#if HAVE(MACH_EXCEPTIONS)
+    mach_port_t exceptionPort;
+    exception_mask_t activeExceptions;
+    bool useMach;
+#endif
+    uint8_t numberOfHandlers[numberOfSignals];
+    SignalHandlerMemory handlers[numberOfSignals][maxNumberOfHandlers];
+    struct sigaction oldActions[numberOfSignals];
+};
+
+// Call this method whenever you want to install a signal handler. This function needs to be called
+// before g_wtfConfig is frozen. After the g_wtfConfig is frozen, no additional signal handlers may
+// be installed. Any attempt to do so will trigger a crash.
 // Note: Your signal handler will be called every time the handler for the desired signal is called.
 // Thus it is your responsibility to discern if the signal fired was yours.
-// This function is currently a one way street i.e. once installed, a signal handler cannot be uninstalled.
+// This function is a one way street i.e. once installed, a signal handler cannot be uninstalled.
 WTF_EXPORT_PRIVATE void installSignalHandler(Signal, SignalHandler&&);
 
@@ -94 +124 @@
 class Thread;
 void registerThreadForMachExceptionHandling(Thread&);
+void startMachExceptionHandlerThread();
 
 void handleSignalsWithMach();