197809 – [JSC] ArrayAllocationProfile should not access to butterfly in concurrent compiler

Bug 197809 - [JSC] ArrayAllocationProfile should not access to butterfly in concurrent compiler

Summary: [JSC] ArrayAllocationProfile should not access to butterfly in concurrent com...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Yusuke Suzuki

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2019-05-10 18:39 PDT by Yusuke Suzuki
Modified:	2019-05-22 18:22 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (7.34 KB, patch) 2019-05-10 18:40 PDT, Yusuke Suzuki	no flags	Details \| Formatted Diff \| Diff
Patch (10.27 KB, patch) 2019-05-22 15:48 PDT, Yusuke Suzuki	no flags	Details \| Formatted Diff \| Diff
Patch (9.80 KB, patch) 2019-05-22 15:51 PDT, Yusuke Suzuki	msaboff: review+	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yusuke Suzuki 2019-05-10 18:39:35 PDT

[JSC] ArrayAllocationProfile should not access to butterfly in concurrent compiler

Comment 1 Yusuke Suzuki 2019-05-10 18:40:07 PDT

Created attachment 369632 [details]
Patch

Comment 2 Yusuke Suzuki 2019-05-22 14:59:12 PDT

<rdar://problem/50536594>

Comment 3 Yusuke Suzuki 2019-05-22 15:48:56 PDT

Created attachment 370456 [details]
Patch

Comment 4 Yusuke Suzuki 2019-05-22 15:51:08 PDT

Comment on attachment 370456 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=370456&action=review

> Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp:68
> +        if (!isCompilationThread())

I'll drop this, and putting ASSERT for this in the prologue of this function.

Comment 5 Yusuke Suzuki 2019-05-22 15:51:17 PDT

Created attachment 370457 [details]
Patch

Comment 6 Michael Saboff 2019-05-22 15:55:01 PDT

Comment on attachment 370457 [details]
Patch

r=me

Comment 7 Yusuke Suzuki 2019-05-22 15:56:37 PDT

(In reply to Michael Saboff from comment #6)
> Comment on attachment 370457 [details]
> Patch
> 
> r=me

Thanks!

Comment 8 Yusuke Suzuki 2019-05-22 18:19:29 PDT

Comment on attachment 370457 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=370457&action=review

> JSTests/stress/array-allocation-profile-should-not-update-itself-in-concurrent-compiler.js:1
> +//@ runDefault(" --jitPolicyScale=0", "--useArrayAllocationProfiling=0")

Fix, removing space before "--jitPolicyScale=0".

Comment 9 Yusuke Suzuki 2019-05-22 18:22:38 PDT

Committed r245667: <https://trac.webkit.org/changeset/245667>