Bug 99226

Summary: Race condition during copying phase can lead to deadlock
Product: WebKit Reporter: Mark Hahnenberg <mhahnenberg>
Component: JavaScriptCoreAssignee: Mark Hahnenberg <mhahnenberg>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Mark Hahnenberg 2012-10-12 18:02:13 PDT
The main thread calls startCopying() for each of the GCThreads at the beginning of the copy phase. It then proceeds to start copying. If copying completes before one of the GCThreads wakes up, the main thread will set m_currentPhase back to NoPhase, the GCThread will wake up, see that there's nothing to do, and then it will go back to sleep without ever calling CopyVisitor::doneCopying() to return its borrowed block to the CopiedSpace. CopiedSpace::doneCopying() will then sleep forever waiting on the block.

The fix for this is to make sure we call CopiedSpace::doneCopying() on the main thread before we call GCThreadSharedData::didFinishCopying(), which sets the m_currentPhase flag to NoPhase. This way we will wait until all threads have woken up and given back their borrowed blocks before clearing the flag.
Comment 1 Mark Hahnenberg 2012-10-12 18:11:00 PDT
Committed r131244: <http://trac.webkit.org/changeset/131244>