Bug 196359 - CodeBlock::jettison() should disallow repatching its own calls
Summary: CodeBlock::jettison() should disallow repatching its own calls
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Tadeu Zagallo
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-03-28 11:45 PDT by Tadeu Zagallo
Modified: 2019-03-28 15:05 PDT (History)
7 users (show)

See Also:

Attachments
Patch (8.53 KB, patch)
2019-03-28 12:05 PDT, Tadeu Zagallo 		no flags Details | Formatted Diff | Diff
Patch for landing (8.68 KB, patch)
2019-03-28 14:25 PDT, Tadeu Zagallo 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tadeu Zagallo 2019-03-28 11:45:23 PDT 
<rdar://problem/48973663>
Comment 1 Tadeu Zagallo 2019-03-28 12:05:07 PDT 
Created attachment 366192 [details]
Patch
Comment 2 Saam Barati 2019-03-28 13:29:35 PDT 
Comment on attachment 366192 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=366192&action=review

> Source/JavaScriptCore/ChangeLog:12
> +        OSR exit address while unlinking all the incoming CallLinkInfos latter in

latter => later
Comment 3 Saam Barati 2019-03-28 13:33:58 PDT 
Comment on attachment 366192 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=366192&action=review

> Source/JavaScriptCore/ChangeLog:17
> +        Change it so that we set a flag, `clearedByJettison`, in all the CallLinkInfos
> +        owned by the CodeBlock being jettisoned. If the flag is set, we will avoid
> +        repatching the call during unlinking.

It took me a few minutes to agree that this is safe, but maybe it's worth expanding on in a sentence or two. The beginning of this call should never be reachable again after the CodeBlock is jettisoned.
Comment 4 Saam Barati 2019-03-28 13:34:24 PDT 
Comment on attachment 366192 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=366192&action=review

> JSTests/stress/call-link-info-osrexit-repatch.js:3
> +function foo(a, b) {

style nit: use 4 space indent
Comment 5 Tadeu Zagallo 2019-03-28 14:25:57 PDT 
Created attachment 366203 [details]
Patch for landing
Comment 6 WebKit Commit Bot 2019-03-28 15:05:40 PDT 
Comment on attachment 366203 [details]
Patch for landing

Clearing flags on attachment: 366203

Committed r243626: <https://trac.webkit.org/changeset/243626>
Comment 7 WebKit Commit Bot 2019-03-28 15:05:42 PDT 
All reviewed patches have been landed.  Closing bug.