197809 – [JSC] ArrayAllocationProfile should not access to butterfly in concurrent compiler

RESOLVED FIXED197809

[JSC] ArrayAllocationProfile should not access to butterfly in concurrent compiler

https://bugs.webkit.org/show_bug.cgi?id=197809

Summary [JSC] ArrayAllocationProfile should not access to butterfly in concurrent com...

Yusuke Suzuki

Reported 2019-05-10 18:39:35 PDT

[JSC] ArrayAllocationProfile should not access to butterfly in concurrent compiler

Attachments
Patch (7.34 KB, patch) 2019-05-10 18:40 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (10.27 KB, patch) 2019-05-22 15:48 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (9.80 KB, patch) 2019-05-22 15:51 PDT, Yusuke Suzuki	msaboff: review+	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Yusuke Suzuki

Comment 1 2019-05-10 18:40:07 PDT

Created attachment 369632 [details] Patch

Yusuke Suzuki

Comment 2 2019-05-22 14:59:12 PDT

<rdar://problem/50536594>

Yusuke Suzuki

Comment 3 2019-05-22 15:48:56 PDT

Created attachment 370456 [details] Patch

Yusuke Suzuki

Comment 4 2019-05-22 15:51:08 PDT

Comment on attachment 370456 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=370456&action=review > Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp:68 > + if (!isCompilationThread()) I'll drop this, and putting ASSERT for this in the prologue of this function.

Yusuke Suzuki

Comment 5 2019-05-22 15:51:17 PDT

Created attachment 370457 [details] Patch

Michael Saboff

Comment 6 2019-05-22 15:55:01 PDT

Comment on attachment 370457 [details] Patch r=me

Yusuke Suzuki

Comment 7 2019-05-22 15:56:37 PDT

(In reply to Michael Saboff from comment #6) > Comment on attachment 370457 [details] > Patch > > r=me Thanks!

Yusuke Suzuki

Comment 8 2019-05-22 18:19:29 PDT

Comment on attachment 370457 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=370457&action=review > JSTests/stress/array-allocation-profile-should-not-update-itself-in-concurrent-compiler.js:1 > +//@ runDefault(" --jitPolicyScale=0", "--useArrayAllocationProfiling=0") Fix, removing space before "--jitPolicyScale=0".

Yusuke Suzuki

Comment 9 2019-05-22 18:22:38 PDT

Committed r245667: <https://trac.webkit.org/changeset/245667>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Yusuke Suzuki

Reported

2019-05-10 18:39 PDT

Modified

2019-05-22 18:22 PDT History

CC List

6 users Show

URL

Keywords InRadar

Depends on

Blocks