RESOLVED FIXED 128447
JSLock should not "restore" stack limit values if it did not re-grab locks
https://bugs.webkit.org/show_bug.cgi?id=128447
Summary JSLock should not "restore" stack limit values if it did not re-grab locks
Mark Lam
Reported 2014-02-07 23:32:19 PST
In the existing code, if DropAllLocks is instantiate with DontAlwaysDropLocks in a thread that does not own the JSLock, then a bug will manifest where: 1. The DropAllLocks constructor will save the VM's stackPointerAtEntry, lastStackTop, and reservedZoneSize even though it will not drop the JSLock. 2. The DropAllLocks destructor will restore those 3 values to the VM even though the JSLock will not grab its internal lock for this thread. The former only causes busy work but does not impact correctness. The latter however, will corrupt those 3 VM values which belong to the thread that actually owns the JSLock. The fix is to only save the values when the JSLock will actually drop its internal lock, and only restore the values if it did re-grab the internal lock.
Attachments
the patch. (5.07 KB, patch)
2014-02-07 23:44 PST, Mark Lam
ggaren: review+
Mark Lam
Comment 1 2014-02-07 23:44:12 PST
Created attachment 223554 [details] the patch.
Geoffrey Garen
Comment 2 2014-02-08 00:07:00 PST
Comment on attachment 223554 [details] the patch. r=me
Mark Lam
Comment 3 2014-02-08 00:19:19 PST
Comment on attachment 223554 [details] the patch. I'll land the patch manually so that I can move on to the next patch.
Mark Lam
Comment 4 2014-02-08 00:23:10 PST
Note You need to log in before you can comment on or make changes to this bug.