Bug 143898

Summary: Fix assertion failure and race condition in Options::dumpSourceAtDFGTime().
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: basile_clement, benjamin, fpizlo, ggaren, mmirman, msaboff, saam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
the patch.
ggaren: review-
patch 2: a new fix with no race condition as requested.
none
patch 3: no race condition + build file fixes
mark.lam: review+
patch 4: applied Geoff's feedback. fpizlo: review+

Mark Lam
Reported 2015-04-17 14:30:29 PDT
CodeBlock::dumpSource() will access SourceCode strings in a way that requires ref'ing of the underlying StringImpls. This is unsafe to do from arbitrary compilation threads because StringImpls are not thread safe. There is an assertion in StringImpl code that checks for this. However, Options::dumpSourceAtDFGTime() is only used for DFG debugging. For its purpose, we can live with the race condition introduced in the ref'ing of the SourceCode strings. Hence, we introduce an UnsafeHideCompilationScope here to temporarily and locally suppress the StringImpl assertion in order for Options::dumpSourceAtDFGTime() to also work on debug builds.
Attachments
the patch. (3.21 KB, patch)
2015-04-17 14:35 PDT, Mark Lam 		ggaren: review-
DetailsFormatted DiffDiff
patch 2: a new fix with no race condition as requested. (20.47 KB, patch)
2015-04-18 03:36 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
patch 3: no race condition + build file fixes (23.31 KB, patch)
2015-04-18 03:54 PDT, Mark Lam 		mark.lam: review+
DetailsFormatted DiffDiff
patch 4: applied Geoff's feedback. (23.63 KB, patch)
2015-04-20 12:01 PDT, Mark Lam 		fpizlo: review+
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2015-04-17 14:35:28 PDT
Created attachment 251049 [details] the patch.
Geoffrey Garen
Comment 2 2015-04-17 14:38:16 PDT
Comment on attachment 251049 [details] the patch. I don't think we can live with the race condition. I, for one, would not want turning on source code dumping to add bugs to my code while I was debugging.
Mark Lam
Comment 3 2015-04-18 03:36:31 PDT
Created attachment 251088 [details] patch 2: a new fix with no race condition as requested.
Mark Lam
Comment 4 2015-04-18 03:54:14 PDT
Created attachment 251089 [details] patch 3: no race condition + build file fixes
Geoffrey Garen
Comment 5 2015-04-20 11:24:39 PDT
Comment on attachment 251089 [details] patch 3: no race condition + build file fixes View in context: https://bugs.webkit.org/attachment.cgi?id=251089&action=review > Source/JavaScriptCore/bytecode/DeferredCompilationCallback.cpp:39 > + if (UNLIKELY(Options::dumpSourceAtDFGTime())) > + dumpCompiledSources(); It's strange that you guard this code with an options check at the call site and a null check in the callee. The two checks are redundant. Renamed dumpCompiledSources to dumpCompiledSourcesIfNeeded, and remove the check at the call site. > Source/JavaScriptCore/bytecode/DeferredCompilationCallback.cpp:53 > +Vector<SourceDumpInfo>& DeferredCompilationCallback::sourceDumpInfo() This should be named "ensureSourceDumpInfo" since it is not a simple accessor. > Source/JavaScriptCore/bytecode/SourceDumpInfo.h:36 > +class SourceDumpInfo { Let's call this DeferredSourceDump. "Info" is a meaningless word. > Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:4043 > + Vector<SourceDumpInfo>& dumpList = m_graph.m_plan.callback->sourceDumpInfo(); This local variable should have the same name as the accessor function that produces it. As I've said to you many times over the years, it is bad to give two names to one thing.
Mark Lam
Comment 6 2015-04-20 12:01:17 PDT
Created attachment 251181 [details] patch 4: applied Geoff's feedback.
Mark Lam
Comment 7 2015-04-22 19:30:42 PDT
Thanks for the review. Landed in r183161: <http://trac.webkit.org/r183161>.
Note You need to log in before you can comment on or make changes to this bug.