Bug 114733

Summary: releaseExecutableMemory() should canonicalize cell liveness data before it scans the GC roots.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: fpizlo, ggaren, mhahnenberg, msaboff, oliver
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
the patch. mhahnenberg: review+

Mark Lam
Reported 2013-04-17 05:20:32 PDT
Not doing this resulted in a runtime assertion failure due to a MarkedBlock being in the FreeListed state while releaseExecutableMemory() is calling Heap::getConservativeRegisterRoots(). This was encountered while testing script timeout code (which uses releaseExecutableMemory()). Patch forthcoming.
Attachments
the patch. (2.47 KB, patch)
2013-04-17 05:23 PDT, Mark Lam 		mhahnenberg: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2013-04-17 05:23:12 PDT
Created attachment 198500 [details] the patch.
Mark Hahnenberg
Comment 2 2013-04-17 08:48:49 PDT
Comment on attachment 198500 [details] the patch. r=me. Maybe we should add an assertion that the Heap has been canonicalized whenever we're doing anything with root scanning (i.e. inside getConservativeRegisterRoots, gatherConservativeRoots, etc.)
Oliver Hunt
Comment 3 2013-04-17 09:30:12 PDT
(In reply to comment #2) > (From update of attachment 198500 [details]) > r=me. Maybe we should add an assertion that the Heap has been canonicalized whenever we're doing anything with root scanning (i.e. inside getConservativeRegisterRoots, gatherConservativeRoots, etc.) i'd r+ patch that did that
Mark Lam
Comment 4 2013-04-17 09:31:59 PDT
(In reply to comment #3) > (In reply to comment #2) > > (From update of attachment 198500 [details] [details]) > > r=me. Maybe we should add an assertion that the Heap has been canonicalized whenever we're doing anything with root scanning (i.e. inside getConservativeRegisterRoots, gatherConservativeRoots, etc.) > > i'd r+ patch that did that How does one assert that the heap has be canonicalized without actually doing a canonicalizing pass?
Mark Lam
Comment 5 2013-04-17 09:32:53 PDT
Thanks for the review. Landed in r148616: <http://trac.webkit.org/changeset/148616>.
Oliver Hunt
Comment 6 2013-04-17 09:33:31 PDT
(In reply to comment #4) > (In reply to comment #3) > > (In reply to comment #2) > > > (From update of attachment 198500 [details] [details] [details]) > > > r=me. Maybe we should add an assertion that the Heap has been canonicalized whenever we're doing anything with root scanning (i.e. inside getConservativeRegisterRoots, gatherConservativeRoots, etc.) > > > > i'd r+ patch that did that > > How does one assert that the heap has be canonicalized without actually doing a canonicalizing pass? No idea, that's why i said i'd r+ it rather than write it :D
Mark Hahnenberg
Comment 7 2013-04-17 09:36:20 PDT
(In reply to comment #4) > (In reply to comment #3) > > (In reply to comment #2) > > > (From update of attachment 198500 [details] [details] [details]) > > > r=me. Maybe we should add an assertion that the Heap has been canonicalized whenever we're doing anything with root scanning (i.e. inside getConservativeRegisterRoots, gatherConservativeRoots, etc.) > > > > i'd r+ patch that did that > > How does one assert that the heap has be canonicalized without actually doing a canonicalizing pass? There's a number of ways. One would be to add a flag that states whether the Heap (or the MarkedSpace) is in the "Canonicalized" state. You would then set this flag whenever canonicalize gets called and unset it whenever allocation caused us to leave the "Canonicalized" state. You could also just ask all of the MarkedAllocators if their internal state matches that of being canonicalized (i.e. their FreeLists are empty and their m_currentBlock == 0).
Note You need to log in before you can comment on or make changes to this bug.