Bug 143898 - Fix assertion failure and race condition in Options::dumpSourceAtDFGTime().
Summary: Fix assertion failure and race condition in Options::dumpSourceAtDFGTime().
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-17 14:30 PDT by Mark Lam
Modified: 2015-04-22 19:30 PDT (History)
7 users (show)

See Also:

Attachments
the patch. (3.21 KB, patch)
2015-04-17 14:35 PDT, Mark Lam 		ggaren: review-
Details | Formatted Diff | Diff
patch 2: a new fix with no race condition as requested. (20.47 KB, patch)
2015-04-18 03:36 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
patch 3: no race condition + build file fixes (23.31 KB, patch)
2015-04-18 03:54 PDT, Mark Lam 		mark.lam: review+
Details | Formatted Diff | Diff
patch 4: applied Geoff's feedback. (23.63 KB, patch)
2015-04-20 12:01 PDT, Mark Lam 		fpizlo: review+
Details | Formatted Diff | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Lam 2015-04-17 14:30:29 PDT 
CodeBlock::dumpSource() will access SourceCode strings in a way that requires ref'ing of the underlying StringImpls. This is unsafe to do from arbitrary compilation threads because StringImpls are not thread safe. There is an assertion in StringImpl code that checks for this.

However, Options::dumpSourceAtDFGTime() is only used for DFG debugging. For its purpose, we can live with the race condition introduced in the ref'ing of the SourceCode strings. Hence, we introduce an UnsafeHideCompilationScope here to temporarily and locally suppress the StringImpl assertion in order for Options::dumpSourceAtDFGTime() to also work on debug builds.
Comment 1 Mark Lam 2015-04-17 14:35:28 PDT 
Created attachment 251049 [details]
the patch.
Comment 2 Geoffrey Garen 2015-04-17 14:38:16 PDT 
Comment on attachment 251049 [details]
the patch.

I don't think we can live with the race condition. I, for one, would not want turning on source code dumping to add bugs to my code while I was debugging.
Comment 3 Mark Lam 2015-04-18 03:36:31 PDT 
Created attachment 251088 [details]
patch 2: a new fix with no race condition as requested.
Comment 4 Mark Lam 2015-04-18 03:54:14 PDT 
Created attachment 251089 [details]
patch 3: no race condition + build file fixes
Comment 5 Geoffrey Garen 2015-04-20 11:24:39 PDT 
Comment on attachment 251089 [details]
patch 3: no race condition + build file fixes

View in context: https://bugs.webkit.org/attachment.cgi?id=251089&action=review

> Source/JavaScriptCore/bytecode/DeferredCompilationCallback.cpp:39
> +    if (UNLIKELY(Options::dumpSourceAtDFGTime()))
> +        dumpCompiledSources();

It's strange that you guard this code with an options check at the call site and a null check in the callee. The two checks are redundant.

Renamed dumpCompiledSources to dumpCompiledSourcesIfNeeded, and remove the check at the call site.

> Source/JavaScriptCore/bytecode/DeferredCompilationCallback.cpp:53
> +Vector<SourceDumpInfo>& DeferredCompilationCallback::sourceDumpInfo()

This should be named "ensureSourceDumpInfo" since it is not a simple accessor.

> Source/JavaScriptCore/bytecode/SourceDumpInfo.h:36
> +class SourceDumpInfo {

Let's call this DeferredSourceDump. "Info" is a meaningless word.

> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:4043
> +        Vector<SourceDumpInfo>& dumpList = m_graph.m_plan.callback->sourceDumpInfo();

This local variable should have the same name as the accessor function that produces it. As I've said to you many times over the years, it is bad to give two names to one thing.
Comment 6 Mark Lam 2015-04-20 12:01:17 PDT 
Created attachment 251181 [details]
patch 4: applied Geoff's feedback.
Comment 7 Mark Lam 2015-04-22 19:30:42 PDT 
Thanks for the review.  Landed in r183161: <http://trac.webkit.org/r183161>.