88355 2012-06-05 12:18:44 -0700 Entry into JSC should CRASH() if the Heap is busy 2012-06-06 13:32:05 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mhahnenberg mhahnenberg ggaren oldest_to_newest 641800 0 mhahnenberg 2012-06-05 12:18:44 -0700 Interpreter::execute() returns jsNull() right now if we try to enter it while the Heap is busy (e.g. with a collection), which is okay, but some code paths that call Interpreter::execute() allocate objects before checking if the Heap is busy. Attempting to execute JS code while the Heap is busy should not be allowed and should be enforced by a release-mode CRASH() to prevent vague, unhelpful backtraces later on if somebody makes a mistake. Normally, recursively executing JS code is okay, e.g. for evals, but it should not occur during a Heap allocation or collection because the Heap is not guaranteed to be in a consistent state (especially during collections). We are protected from executing JS on the same Heap concurrently on two separate threads because they must each take a JSLock first. However, we are not protected from reentrant execution of JS on the same thread because JSLock allows reentrancy. Therefore, we should fail early if we detect an entrance into JS code while the Heap is busy. 641819 1 145857 mhahnenberg 2012-06-05 13:03:25 -0700 Created attachment 145857 Patch 641832 2 145857 ggaren 2012-06-05 13:14:57 -0700 Comment on attachment 145857 Patch r=me Can we put one of these assertions into the allocation slow path as well? 641839 3 mhahnenberg 2012-06-05 13:20:15 -0700 > Can we put one of these assertions into the allocation slow path as well? Will do. 641850 4 mhahnenberg 2012-06-05 13:38:37 -0700 Committed r119518: <http://trac.webkit.org/changeset/119518> 642752 5 ggaren 2012-06-06 13:32:05 -0700 > ASSERT(!m_heap->isBusy()); Actually, I had a CRASH() on the allocation slow path in mind. 145857 2012-06-05 13:03:25 -0700 2012-06-05 13:14:56 -0700 Patch bug-88355-20120605130325.patch text/plain 6102 mhahnenberg SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTE5NTE1KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDM5IEBA CisyMDEyLTA2LTA1ICBNYXJrIEhhaG5lbmJlcmcgIDxtaGFobmVuYmVyZ0BhcHBsZS5jb20+CisK KyAgICAgICAgRW50cnkgaW50byBKU0Mgc2hvdWxkIENSQVNIKCkgaWYgdGhlIEhlYXAgaXMgYnVz eQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9ODgzNTUK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBJbnRlcnBy ZXRlcjo6ZXhlY3V0ZSgpIHJldHVybnMganNOdWxsKCkgcmlnaHQgbm93IGlmIHdlIHRyeSB0byBl bnRlciBpdCB3aGlsZSAKKyAgICAgICAgdGhlIEhlYXAgaXMgYnVzeSAoZS5nLiB3aXRoIGEgY29s bGVjdGlvbiksIHdoaWNoIGlzIG9rYXksIGJ1dCBzb21lIGNvZGUgcGF0aHMgCisgICAgICAgIHRo YXQgY2FsbCBJbnRlcnByZXRlcjo6ZXhlY3V0ZSgpIGFsbG9jYXRlIG9iamVjdHMgYmVmb3JlIGNo ZWNraW5nIGlmIHRoZSBIZWFwIAorICAgICAgICBpcyBidXN5LiBBdHRlbXB0aW5nIHRvIGV4ZWN1 dGUgSlMgY29kZSB3aGlsZSB0aGUgSGVhcCBpcyBidXN5IHNob3VsZCBub3QgYmUgCisgICAgICAg IGFsbG93ZWQgYW5kIHNob3VsZCBiZSBlbmZvcmNlZCBieSBhIHJlbGVhc2UtbW9kZSBDUkFTSCgp IHRvIHByZXZlbnQgdmFndWUsIAorICAgICAgICB1bmhlbHBmdWwgYmFja3RyYWNlcyBsYXRlciBv biBpZiBzb21lYm9keSBtYWtlcyBhIG1pc3Rha2UuIE5vcm1hbGx5LCByZWN1cnNpdmVseSAKKyAg ICAgICAgZXhlY3V0aW5nIEpTIGNvZGUgaXMgb2theSwgZS5nLiBmb3IgZXZhbHMsIGJ1dCBpdCBz aG91bGQgbm90IG9jY3VyIGR1cmluZyBhIAorICAgICAgICBIZWFwIGFsbG9jYXRpb24gb3IgY29s bGVjdGlvbiBiZWNhdXNlIHRoZSBIZWFwIGlzIG5vdCBndWFyYW50ZWVkIHRvIGJlIGluIGEgCisg ICAgICAgIGNvbnNpc3RlbnQgc3RhdGUgKGVzcGVjaWFsbHkgZHVyaW5nIGNvbGxlY3Rpb25zKS4g V2UgYXJlIHByb3RlY3RlZCBmcm9tIAorICAgICAgICBleGVjdXRpbmcgSlMgb24gdGhlIHNhbWUg SGVhcCBjb25jdXJyZW50bHkgb24gdHdvIHNlcGFyYXRlIHRocmVhZHMgYmVjYXVzZSAKKyAgICAg ICAgdGhleSBtdXN0IGVhY2ggdGFrZSBhIEpTTG9jayBmaXJzdC4gSG93ZXZlciwgd2UgYXJlIG5v dCBwcm90ZWN0ZWQgZnJvbSByZWVudHJhbnQgCisgICAgICAgIGV4ZWN1dGlvbiBvZiBKUyBvbiB0 aGUgc2FtZSB0aHJlYWQgYmVjYXVzZSBKU0xvY2sgYWxsb3dzIHJlZW50cmFuY3kuIFRoZXJlZm9y ZSwgCisgICAgICAgIHdlIHNob3VsZCBmYWlsIGVhcmx5IGlmIHdlIGRldGVjdCBhbiBlbnRyYW5j ZSBpbnRvIEpTIGNvZGUgd2hpbGUgdGhlIEhlYXAgaXMgYnVzeS4KKworICAgICAgICAqIGhlYXAv SGVhcC5jcHA6IENoYW5nZWQgSGVhcDo6Y29sbGVjdCBzbyB0aGF0IGl0IHNldHMgdGhlIG1fb3Bl cmF0aW9uSW5Qcm9ncmVzcyBmaWVsZCAKKyAgICAgICAgYXQgdGhlIGJlZ2lubmluZyBvZiBjb2xs ZWN0aW9uIGFuZCB0aGVuIHVuc2V0cyBpdCBhdCB0aGUgZW5kIHNvIHRoYXQgaXQgaXMgc2V0IGF0 IGFsbCAKKyAgICAgICAgdGltZXMgdGhyb3VnaG91dCB0aGUgZHVyYXRpb24gb2YgYSBjb2xsZWN0 aW9uIHJhdGhlciB0aGFuIHNwb3JhZGljYWxseSBkdXJpbmcgdmFyaW91cyAKKyAgICAgICAgcGhh c2VzLiBUaGVyZSBpcyBubyByZWFzb24gdG8gdW5zZXQgZHVyaW5nIGEgY29sbGVjdGlvbiBiZWNh dXNlIG91ciBjb2xsZWN0b3IgZG9lcyAKKyAgICAgICAgbm90IGN1cnJlbnRseSBzdXBwb3J0IHJ1 bm5pbmcgYWRkaXRpb25hbCBKUyBiZXR3ZWVuIHRoZSBwaGFzZXMgb2YgYSBjb2xsZWN0aW9uLgor ICAgICAgICAoSlNDOjpIZWFwOjpnZXRDb25zZXJ2YXRpdmVSZWdpc3RlclJvb3RzKToKKyAgICAg ICAgKEpTQzo6SGVhcDo6bWFya1Jvb3RzKToKKyAgICAgICAgKEpTQzo6SGVhcDo6Y29sbGVjdCk6 CisgICAgICAgICogaW50ZXJwcmV0ZXIvSW50ZXJwcmV0ZXIuY3BwOgorICAgICAgICAoSlNDOjpJ bnRlcnByZXRlcjo6ZXhlY3V0ZSk6IENyYXNoIGlmIHRoZSBIZWFwIGlzIGJ1c3kuCisgICAgICAg ICogcnVudGltZS9Db21wbGV0aW9uLmNwcDogQ3Jhc2ggaWYgdGhlIEhlYXAgaXMgYnVzeS4gV2Ug ZG8gaXQgaGVyZSBiZWZvcmUgd2UgY2FsbCAKKyAgICAgICAgSW50ZXJwcmV0ZXI6OmV4ZWN1dGUo KSBiZWNhdXNlIHdlIGRvIHNvbWUgYWxsb2NhdGlvbiBwcmlvciB0byBjYWxsaW5nIGV4ZWN1dGUo KSB3aGljaCAKKyAgICAgICAgY291bGQgY2F1c2UgSGVhcCBjb3JydXB0aW9uIGlmLCBmb3IgZXhh bXBsZSwgdGhhdCBhbGxvY2F0aW9uIGNhdXNlZCBhIGNvbGxlY3Rpb24uCisgICAgICAgIChKU0M6 OmV2YWx1YXRlKToKKwogMjAxMi0wNi0wNSAgRG9uZ3dvbyBJbSAgPGR3LmltQHNhbXN1bmcuY29t PgogCiAgICAgICAgIEFkZCAnaXNQcm90b2NvbEhhbmRsZXJSZWdpc3RlcmVkJyBhbmQgJ3VucmVn aXN0ZXJQcm90b2NvbEhhbmRsZXInLgpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAv SGVhcC5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAvSGVhcC5j cHAJKHJldmlzaW9uIDExOTUwMikKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9oZWFwL0hlYXAu Y3BwCSh3b3JraW5nIGNvcHkpCkBAIC00MDMsOSArNDAzLDYgQEAgaW5saW5lIFJlZ2lzdGVyRmls ZSYgSGVhcDo6cmVnaXN0ZXJGaWxlKAogdm9pZCBIZWFwOjpnZXRDb25zZXJ2YXRpdmVSZWdpc3Rl clJvb3RzKEhhc2hTZXQ8SlNDZWxsKj4mIHJvb3RzKQogewogICAgIEFTU0VSVChpc1ZhbGlkVGhy ZWFkU3RhdGUobV9nbG9iYWxEYXRhKSk7Ci0gICAgaWYgKG1fb3BlcmF0aW9uSW5Qcm9ncmVzcyAh PSBOb09wZXJhdGlvbikKLSAgICAgICAgQ1JBU0goKTsKLSAgICBtX29wZXJhdGlvbkluUHJvZ3Jl c3MgPSBDb2xsZWN0aW9uOwogICAgIENvbnNlcnZhdGl2ZVJvb3RzIHJlZ2lzdGVyRmlsZVJvb3Rz KCZtX29iamVjdFNwYWNlLmJsb2NrcygpLCAmbV9zdG9yYWdlU3BhY2UpOwogICAgIHJlZ2lzdGVy RmlsZSgpLmdhdGhlckNvbnNlcnZhdGl2ZVJvb3RzKHJlZ2lzdGVyRmlsZVJvb3RzKTsKICAgICBz aXplX3QgcmVnaXN0ZXJGaWxlUm9vdENvdW50ID0gcmVnaXN0ZXJGaWxlUm9vdHMuc2l6ZSgpOwpA QCAtNDE0LDcgKzQxMSw2IEBAIHZvaWQgSGVhcDo6Z2V0Q29uc2VydmF0aXZlUmVnaXN0ZXJSb290 cygKICAgICAgICAgc2V0TWFya2VkKHJlZ2lzdGVyUm9vdHNbaV0pOwogICAgICAgICByb290cy5h ZGQocmVnaXN0ZXJSb290c1tpXSk7CiAgICAgfQotICAgIG1fb3BlcmF0aW9uSW5Qcm9ncmVzcyA9 IE5vT3BlcmF0aW9uOwogfQogCiB2b2lkIEhlYXA6Om1hcmtSb290cyhib29sIGZ1bGxHQykKQEAg LTQyNCw5ICs0MjAsNiBAQCB2b2lkIEhlYXA6Om1hcmtSb290cyhib29sIGZ1bGxHQykKICAgICBD T05EX0dDUEhBU0UoZnVsbEdDLCBNYXJrRnVsbFJvb3RzLCBNYXJrWW91bmdSb290cyk7CiAgICAg VU5VU0VEX1BBUkFNKGZ1bGxHQyk7CiAgICAgQVNTRVJUKGlzVmFsaWRUaHJlYWRTdGF0ZShtX2ds b2JhbERhdGEpKTsKLSAgICBpZiAobV9vcGVyYXRpb25JblByb2dyZXNzICE9IE5vT3BlcmF0aW9u KQotICAgICAgICBDUkFTSCgpOwotICAgIG1fb3BlcmF0aW9uSW5Qcm9ncmVzcyA9IENvbGxlY3Rp b247CiAKICAgICB2b2lkKiBkdW1teTsKICAgICAKQEAgLTU4Miw3ICs1NzUsNiBAQCB2b2lkIEhl YXA6Om1hcmtSb290cyhib29sIGZ1bGxHQykKICAgICBtX3NoYXJlZERhdGEucmVzZXQoKTsKICAg ICBtX3N0b3JhZ2VTcGFjZS5kb25lQ29weWluZygpOwogCi0gICAgbV9vcGVyYXRpb25JblByb2dy ZXNzID0gTm9PcGVyYXRpb247CiB9CiAKIHNpemVfdCBIZWFwOjpvYmplY3RDb3VudCgpCkBAIC02 NTQsNiArNjQ2LDkgQEAgdm9pZCBIZWFwOjpjb2xsZWN0KFN3ZWVwVG9nZ2xlIHN3ZWVwVG9nZwog ICAgIEFTU0VSVChnbG9iYWxEYXRhKCktPmlkZW50aWZpZXJUYWJsZSA9PSB3dGZUaHJlYWREYXRh KCkuY3VycmVudElkZW50aWZpZXJUYWJsZSgpKTsKICAgICBBU1NFUlQobV9pc1NhZmVUb0NvbGxl Y3QpOwogICAgIEpBVkFTQ1JJUFRDT1JFX0dDX0JFR0lOKCk7CisgICAgaWYgKG1fb3BlcmF0aW9u SW5Qcm9ncmVzcyAhPSBOb09wZXJhdGlvbikKKyAgICAgICAgQ1JBU0goKTsKKyAgICBtX29wZXJh dGlvbkluUHJvZ3Jlc3MgPSBDb2xsZWN0aW9uOwogCiAgICAgbV9hY3Rpdml0eUNhbGxiYWNrLT53 aWxsQ29sbGVjdCgpOwogCkBAIC03MjgsNiArNzIzLDkgQEAgdm9pZCBIZWFwOjpjb2xsZWN0KFN3 ZWVwVG9nZ2xlIHN3ZWVwVG9nZwogICAgIG1fYnl0ZXNBbGxvY2F0ZWQgPSAwOwogICAgIGRvdWJs ZSBsYXN0R0NFbmRUaW1lID0gV1RGOjpjdXJyZW50VGltZSgpOwogICAgIG1fbGFzdEdDTGVuZ3Ro ID0gbGFzdEdDRW5kVGltZSAtIGxhc3RHQ1N0YXJ0VGltZTsKKyAgICBpZiAobV9vcGVyYXRpb25J blByb2dyZXNzICE9IENvbGxlY3Rpb24pCisgICAgICAgIENSQVNIKCk7CisgICAgbV9vcGVyYXRp b25JblByb2dyZXNzID0gTm9PcGVyYXRpb247CiAgICAgSkFWQVNDUklQVENPUkVfR0NfRU5EKCk7 CiB9CiAKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9pbnRlcnByZXRlci9JbnRlcnByZXRl ci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2ludGVycHJldGVyL0lu dGVycHJldGVyLmNwcAkocmV2aXNpb24gMTE5NTAyKQorKysgU291cmNlL0phdmFTY3JpcHRDb3Jl L2ludGVycHJldGVyL0ludGVycHJldGVyLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMTA5Nyw3ICsx MDk3LDcgQEAgSlNWYWx1ZSBJbnRlcnByZXRlcjo6ZXhlY3V0ZShQcm9ncmFtRXhlYwogICAgIEFT U0VSVCghc2NvcGVDaGFpbi0+Z2xvYmFsRGF0YS0+ZXhjZXB0aW9uKTsKICAgICBBU1NFUlQoIWNh bGxGcmFtZS0+Z2xvYmFsRGF0YSgpLmlzQ29sbGVjdG9yQnVzeSgpKTsKICAgICBpZiAoY2FsbEZy YW1lLT5nbG9iYWxEYXRhKCkuaXNDb2xsZWN0b3JCdXN5KCkpCi0gICAgICAgIHJldHVybiBqc051 bGwoKTsKKyAgICAgICAgQ1JBU0goKTsKIAogICAgIGlmIChtX3JlZW50cnlEZXB0aCA+PSBNYXhT bWFsbFRocmVhZFJlZW50cnlEZXB0aCAmJiBtX3JlZW50cnlEZXB0aCA+PSBjYWxsRnJhbWUtPmds b2JhbERhdGEoKS5tYXhSZWVudHJ5RGVwdGgpCiAgICAgICAgIHJldHVybiBjaGVja2VkUmV0dXJu KHRocm93U3RhY2tPdmVyZmxvd0Vycm9yKGNhbGxGcmFtZSkpOwpJbmRleDogU291cmNlL0phdmFT Y3JpcHRDb3JlL3J1bnRpbWUvQ29tcGxldGlvbi5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0ph dmFTY3JpcHRDb3JlL3J1bnRpbWUvQ29tcGxldGlvbi5jcHAJKHJldmlzaW9uIDExOTUwMikKKysr IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL0NvbXBsZXRpb24uY3BwCSh3b3JraW5nIGNv cHkpCkBAIC01NSw2ICs1NSw4IEBAIEpTVmFsdWUgZXZhbHVhdGUoRXhlY1N0YXRlKiBleGVjLCBT Y29wZUMKIHsKICAgICBKU0xvY2sgbG9jayhleGVjKTsKICAgICBBU1NFUlQoZXhlYy0+Z2xvYmFs RGF0YSgpLmlkZW50aWZpZXJUYWJsZSA9PSB3dGZUaHJlYWREYXRhKCkuY3VycmVudElkZW50aWZp ZXJUYWJsZSgpKTsKKyAgICBpZiAoZXhlYy0+Z2xvYmFsRGF0YSgpLmlzQ29sbGVjdG9yQnVzeSgp KQorICAgICAgICBDUkFTSCgpOwogCiAgICAgQ29kZVByb2ZpbGluZyBwcm9maWxlKHNvdXJjZSk7 CiAK