Bug 175604

Summary: Make VM::scratchBufferForSize thread safe
Product: WebKit Reporter: Saam Barati <sbarati>
Component: JavaScriptCoreAssignee: Saam Barati <sbarati>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, buildbot, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, rmorisset, ticaiolima, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 174590    
Attachments:
Description Flags
patch ggaren: review+

Description Saam Barati 2017-08-15 16:03:36 PDT
We currently call it from many threads, but it's not thread safe ...
Comment 1 Saam Barati 2017-08-15 16:29:21 PDT
Created attachment 318196 [details]
patch
Comment 2 Build Bot 2017-08-15 16:32:08 PDT
Attachment 318196 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/runtime/VM.h:574:  The parameter name "size" adds no information, so it should be removed.  [readability/parameter_name] [5]
Total errors found: 1 in 3 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Geoffrey Garen 2017-08-15 16:48:11 PDT
Comment on attachment 318196 [details]
patch

r=me
Comment 4 Mark Lam 2017-08-15 16:50:10 PDT
Comment on attachment 318196 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=318196&action=review

r=me with issues resolved.

> Source/JavaScriptCore/runtime/VM.cpp:1025
> +        ScratchBuffer* newBuffer = ScratchBuffer::create(m_sizeOfLastScratchBuffer);

Make sure that the newly allocated buffer's activeLength is set to 0.  I'm not sure it's an issue, but I'm thinking of GC scanning it incorrectly if the active length is not set.
Comment 5 Saam Barati 2017-08-15 17:01:29 PDT
Comment on attachment 318196 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=318196&action=review

>> Source/JavaScriptCore/runtime/VM.cpp:1025
>> +        ScratchBuffer* newBuffer = ScratchBuffer::create(m_sizeOfLastScratchBuffer);
> 
> Make sure that the newly allocated buffer's activeLength is set to 0.  I'm not sure it's an issue, but I'm thinking of GC scanning it incorrectly if the active length is not set.

ScratchBuffer() already sets it to zero
Comment 6 Saam Barati 2017-08-15 17:04:16 PDT
landed in:
https://trac.webkit.org/changeset/220777/webkit
Comment 7 Radar WebKit Bug Importer 2017-08-15 17:04:48 PDT
<rdar://problem/33907882>