RESOLVED FIXED 154841
regress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out because of a lock ordering deadlock involving InferredType and CodeBlock 
https://bugs.webkit.org/show_bug.cgi?id=154841
Summary regress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out beca...
Filip Pizlo
Reported 2016-02-29 16:48:57 PST
Yucky!
Attachments
the patch (7.09 KB, patch)
2016-02-29 17:33 PST, Filip Pizlo 		benjamin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2016-02-29 16:56:17 PST
Here's the deadlock: Main thread: 1) Change an InferredType. This acquires InferredType::m_lock. 2) Fire watchpoint set. This triggers CodeBlock invalidation, which acquires CodeBlock::m_lock. DFG thread: 1) Iterate over the information in a CodeBlock. This acquires CodeBlock::m_lock. 2) Ask an InferredType for its descriptor(). This acquires InferredType::m_lock. I think that the DFG thread's ordering should be legal, because the best logic for lock hierarchies is that locks that protect the largest set of stuff should be acquired first. This means that the main thread shouldn't be holding the InferredType::m_lock when firing watchpoint sets. I think that we already do magic for this in other places.
Filip Pizlo
Comment 2 2016-02-29 17:33:46 PST
Created attachment 272533 [details] the patch
Filip Pizlo
Comment 3 2016-02-29 19:19:18 PST
Landed in http://trac.webkit.org/changeset/197381
Note You need to log in before you can comment on or make changes to this bug.