-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-pick 4cac792. https://bugs.webkit.org/show_bug.cgi?id=272787
[JSC] Mitigate null UnlinkedMetadataTable pointer in CodeBlock destructor https://bugs.webkit.org/show_bug.cgi?id=272787 rdar://121747906 Reviewed by Yusuke Suzuki. Attempts to fix a rare bug where the UnlinkedMetadataTable pointer accessed in the CodeBlock destructor can become null. We think this may be due to a series of thread-unsafe reference count operations that might allow the destructor to happen twice, perhaps simultaneously on two threads. This patch attempts to mitigate this by: 1. Making UnlinkedMetadataTable and MetadataTable thread-safe refcounted. 2. Checking for the presence of a null UnlinkedMetadataTable pointer in the appropriate functions, and attempting to handle it nonfatally. This means we skip updating the didOptimize state in the CodeBlock destructor, and that we intentionally leak MetadataTables if they have this null pointer. * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::~CodeBlock): * Source/JavaScriptCore/bytecode/MetadataTable.cpp: (JSC::MetadataTable::destroy): (JSC::MetadataTable::sizeInBytesForGC): * Source/JavaScriptCore/bytecode/MetadataTable.h: (JSC::MetadataTable::forEachValueProfile): (JSC::MetadataTable::valueProfileForOffset): (JSC::MetadataTable::deref): (JSC::MetadataTable::unlinkedMetadata const): (JSC::MetadataTable::totalSize const): * Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h: Canonical link: https://commits.webkit.org/272448.937@safari-7618-branch Canonical link: https://commits.webkit.org/274313.249@webkitglib/2.44
- Loading branch information
Showing
4 changed files
with
28 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters