WebKit Bugzilla
Attachment 340664 Details for
Bug 185753
: defaultConstructorSourceCode needs to makeSource every time it's called
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for landing
a-backup.diff (text/plain), 2.27 KB, created by
Saam Barati
on 2018-05-17 16:17:59 PDT
(
hide
)
Description:
patch for landing
Filename:
MIME Type:
Creator:
Saam Barati
Created:
2018-05-17 16:17:59 PDT
Size:
2.27 KB
patch
obsolete
>Index: Source/JavaScriptCore/ChangeLog >=================================================================== >--- Source/JavaScriptCore/ChangeLog (revision 231929) >+++ Source/JavaScriptCore/ChangeLog (working copy) >@@ -1,3 +1,18 @@ >+2018-05-17 Saam Barati <sbarati@apple.com> >+ >+ defaultConstructorSourceCode needs to makeSource every time its called >+ https://bugs.webkit.org/show_bug.cgi?id=185753 >+ >+ Rubber-stamped by Mark Lam. >+ >+ The bug here is multiple VMs can be running concurrently to one another >+ in the same process. They may each ref/deref something that isn't ThreadSafeRefCounted >+ if we copy a static SourceCode. instead, we create a new one each time >+ this function is called. >+ >+ * builtins/BuiltinExecutables.cpp: >+ (JSC::BuiltinExecutables::defaultConstructorSourceCode): >+ > 2018-05-17 Yusuke Suzuki <utatane.tea@gmail.com> > > [JSC] Use AssemblyHelpers' type checking functions as much as possible >Index: Source/JavaScriptCore/builtins/BuiltinExecutables.cpp >=================================================================== >--- Source/JavaScriptCore/builtins/BuiltinExecutables.cpp (revision 231929) >+++ Source/JavaScriptCore/builtins/BuiltinExecutables.cpp (working copy) >@@ -49,21 +49,11 @@ SourceCode BuiltinExecutables::defaultCo > break; > case ConstructorKind::Base: { > static NeverDestroyed<const String> baseConstructorCode(MAKE_STATIC_STRING_IMPL("(function () { })")); >- static LazyNeverDestroyed<SourceCode> result; >- static std::once_flag onceFlag; >- std::call_once(onceFlag, [&] { >- result.construct(makeSource(baseConstructorCode, { })); >- }); >- return result; >+ return makeSource(baseConstructorCode, { }); > } > case ConstructorKind::Extends: { > static NeverDestroyed<const String> derivedConstructorCode(MAKE_STATIC_STRING_IMPL("(function (...args) { super(...args); })")); >- static LazyNeverDestroyed<SourceCode> result; >- static std::once_flag onceFlag; >- std::call_once(onceFlag, [&] { >- result.construct(makeSource(derivedConstructorCode, { })); >- }); >- return result; >+ return makeSource(derivedConstructorCode, { }); > } > } > RELEASE_ASSERT_NOT_REACHED();
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=340664">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185753
: 340664