Attachment 362135 Details for Bug 194714 – Patch

[patch] Patch

bug-194714-20190215112429.patch (text/plain), 3.58 KB, created by Yusuke Suzuki on 2019-02-15 11:24:29 PST

(hide)

Description:

Filename:

MIME Type:

Creator: Yusuke Suzuki

Created: 2019-02-15 11:24:29 PST

Size: 3.58 KB

patch

obsolete

>Subversion Revision: 241601
>diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
>index 03cd1a4dfc5d5b24ef35d4d268d34fede1e4be3f..0f73c10174a4c102a61d1bea2dcc027581248fd9 100644
>--- a/Source/JavaScriptCore/ChangeLog
>+++ b/Source/JavaScriptCore/ChangeLog
>@@ -1,3 +1,28 @@
>+2019-02-15  Yusuke Suzuki  <ysuzuki@apple.com>
>+
>+        [JSC] DFG, FTL, and Wasm worklist creation should be fenced
>+        https://bugs.webkit.org/show_bug.cgi?id=194714
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Let's consider about the following extreme case.
>+
>+        1. VM (A) is created.
>+        2. Another VM (B) is created on a different thread.
>+        3. (A) is being destroyed. It calls DFG::existingWorklistForIndexOrNull in a destructor.
>+        4. At the same time, (B) starts using DFG Worklist and it is instantiated in call_once.
>+        5. But (A) reads the pointer directly through DFG::existingWorklistForIndexOrNull.
>+        6. (A) sees the half-baked worklist, which may be in the middle of creation.
>+
>+        This patch puts store-store fence just before putting a pointer to a global variable.
>+        This fence is executed only three times at most, for DFG, FTL, and Wasm worklist initializations.
>+
>+        * dfg/DFGWorklist.cpp:
>+        (JSC::DFG::ensureGlobalDFGWorklist):
>+        (JSC::DFG::ensureGlobalFTLWorklist):
>+        * wasm/WasmWorklist.cpp:
>+        (JSC::Wasm::ensureWorklist):
>+
> 2019-02-15  Commit Queue  <commit-queue@webkit.org>
> 
>         Unreviewed, rolling out r241559 and r241566.
>diff --git a/Source/JavaScriptCore/dfg/DFGWorklist.cpp b/Source/JavaScriptCore/dfg/DFGWorklist.cpp
>index 8fd16efe783a55d0303ca06201745fe4ecf0efe8..d48b86b44cf05f1a86cfa2daa313f822fefb97b6 100644
>--- a/Source/JavaScriptCore/dfg/DFGWorklist.cpp
>+++ b/Source/JavaScriptCore/dfg/DFGWorklist.cpp
>@@ -570,7 +570,9 @@ Worklist& ensureGlobalDFGWorklist()
> {
>     static std::once_flag initializeGlobalWorklistOnceFlag;
>     std::call_once(initializeGlobalWorklistOnceFlag, [] {
>-        theGlobalDFGWorklist = &Worklist::create("DFG", getNumberOfDFGCompilerThreads(), Options::priorityDeltaOfDFGCompilerThreads()).leakRef();
>+        Worklist* worklist = &Worklist::create("DFG", getNumberOfDFGCompilerThreads(), Options::priorityDeltaOfDFGCompilerThreads()).leakRef();
>+        WTF::storeStoreFence();
>+        theGlobalDFGWorklist = worklist;
>     });
>     return *theGlobalDFGWorklist;
> }
>@@ -586,7 +588,9 @@ Worklist& ensureGlobalFTLWorklist()
> {
>     static std::once_flag initializeGlobalWorklistOnceFlag;
>     std::call_once(initializeGlobalWorklistOnceFlag, [] {
>-        theGlobalFTLWorklist = &Worklist::create("FTL", getNumberOfFTLCompilerThreads(), Options::priorityDeltaOfFTLCompilerThreads()).leakRef();
>+        Worklist* worklist = &Worklist::create("FTL", getNumberOfFTLCompilerThreads(), Options::priorityDeltaOfFTLCompilerThreads()).leakRef();
>+        WTF::storeStoreFence();
>+        theGlobalFTLWorklist = worklist;
>     });
>     return *theGlobalFTLWorklist;
> }
>diff --git a/Source/JavaScriptCore/wasm/WasmWorklist.cpp b/Source/JavaScriptCore/wasm/WasmWorklist.cpp
>index 51e7840d4d8c3d962f373712cda0a3cdbe6964d2..abab021e2301c9cd0786c0014fc9e88fea81b9b5 100644
>--- a/Source/JavaScriptCore/wasm/WasmWorklist.cpp
>+++ b/Source/JavaScriptCore/wasm/WasmWorklist.cpp
>@@ -232,7 +232,9 @@ Worklist& ensureWorklist()
> {
>     static std::once_flag initializeWorklist;
>     std::call_once(initializeWorklist, [] {
>-        globalWorklist = new Worklist();
>+        Worklist* worklist = new Worklist();
>+        WTF::storeStoreFence();
>+        globalWorklist = worklist;
>     });
>     return *globalWorklist;
> }

Actions: View | Formatted Diff | Diff

Attachments on bug 194714: 362135