RESOLVED FIXED 171707
CallLinkInfos belonging to Wasm->JS stubs need to be informed when we clearCode() from all Executables 
https://bugs.webkit.org/show_bug.cgi?id=171707
Summary CallLinkInfos belonging to Wasm->JS stubs need to be informed when we clearCo...
Saam Barati
Reported 2017-05-04 19:24:06 PDT
Otherwise, we end up with a situation like this: 1. We generate our IC which has a branch on a callee check. If the branch succeeds, we will call code for a particular CodeBlock. 2. Heap::deleteAllCodeBlocks is called. This leads the Executable to clear its various codeBlock references. 3. Wasm has no idea this happened, so now it has stale ICs that point into code from a CodeBlock no longer belonging to an Executable.
Attachments
patch (19.98 KB, patch)
2017-05-04 19:42 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
patch (20.49 KB, patch)
2017-05-05 11:13 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
patch (20.51 KB, patch)
2017-05-05 11:16 PDT, Saam Barati 		fpizlo: review+
DetailsFormatted DiffDiff
patch for landing (20.53 KB, patch)
2017-05-08 21:19 PDT, Saam Barati 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2017-05-04 19:25:18 PDT
<rdar://problem/31891649>
Saam Barati
Comment 2 2017-05-04 19:42:03 PDT
Created attachment 309130 [details] patch
Build Bot
Comment 3 2017-05-04 19:46:50 PDT
Attachment 309130 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlockSubspace.cpp:31: Alphabetical sorting problem. [build/include_order] [4] ERROR: Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlockSubspace.cpp:32: Alphabetical sorting problem. [build/include_order] [4] ERROR: Source/JavaScriptCore/heap/Heap.cpp:51: Alphabetical sorting problem. [build/include_order] [4] Total errors found: 3 in 11 files If any of these errors are false positives, please file a bug against check-webkit-style.
Saam Barati
Comment 4 2017-05-05 11:13:51 PDT
Created attachment 309189 [details] patch
Build Bot
Comment 5 2017-05-05 11:15:49 PDT
Attachment 309189 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlockSubspace.cpp:31: Alphabetical sorting problem. [build/include_order] [4] ERROR: Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlockSubspace.cpp:32: Alphabetical sorting problem. [build/include_order] [4] ERROR: Source/JavaScriptCore/heap/Heap.cpp:51: Alphabetical sorting problem. [build/include_order] [4] Total errors found: 3 in 12 files If any of these errors are false positives, please file a bug against check-webkit-style.
Saam Barati
Comment 6 2017-05-05 11:16:55 PDT
Created attachment 309190 [details] patch fix include ordering
Filip Pizlo
Comment 7 2017-05-05 20:34:29 PDT
Comment on attachment 309190 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=309190&action=review Looks good! > Source/JavaScriptCore/runtime/VM.cpp:176 > + , webAssemblyCodeBlockSubspace("JSWebAssemblyCodeBlockSubspace", heap) I've been calling these "Spaces" and not "Subspaces". It's a subspace of the heap but it's the space of web assembly code blocks. But, I don't feel very strongly about this. For example, I would be in favor of renaming all of them to have the "Subspace" suffix (including the two in WebCore). I'm a bit less sure about having the naming be inconsistent.
Saam Barati
Comment 8 2017-05-08 21:19:09 PDT
Created attachment 309465 [details] patch for landing I made Fil's naming suggestion.
WebKit Commit Bot
Comment 9 2017-05-09 00:15:05 PDT
Comment on attachment 309465 [details] patch for landing Clearing flags on attachment: 309465 Committed r216481: <http://trac.webkit.org/changeset/216481>
WebKit Commit Bot
Comment 10 2017-05-09 00:15:06 PDT
All reviewed patches have been landed. Closing bug.
Keith Miller
Comment 11 2017-05-12 15:54:48 PDT
*** Bug 165639 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.