WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
201664
[JSC] CodeBlock::calleeSaveRegisters should not see half-baked JITData
https://bugs.webkit.org/show_bug.cgi?id=201664
Summary
[JSC] CodeBlock::calleeSaveRegisters should not see half-baked JITData
Yusuke Suzuki
Reported
2019-09-10 16:01:41 PDT
[JSC] CodeBlock::calleeSaveRegisters should not see half-baked JITData
Attachments
Patch
(3.30 KB, patch)
2019-09-10 16:07 PDT
,
Yusuke Suzuki
tzagallo
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1
2019-09-10 16:07:34 PDT
Created
attachment 378505
[details]
Patch
Yusuke Suzuki
Comment 2
2019-09-10 16:07:36 PDT
<
rdar://problem/52126927
>
Yusuke Suzuki
Comment 3
2019-09-10 16:09:18 PDT
Comment on
attachment 378505
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=378505&action=review
> Source/JavaScriptCore/ChangeLog:25 > + (JSC::CodeBlock::ensureJITDataSlow):
This crash exists so long time since previously we are seeing half-baked CodeBlock::m_calleeSaveRegisters instead of JITData.
Yusuke Suzuki
Comment 4
2019-09-10 16:18:19 PDT
Committed
r249740
: <
https://trac.webkit.org/changeset/249740
>
Saam Barati
Comment 5
2019-09-10 20:58:50 PDT
Comment on
attachment 378505
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=378505&action=review
> Source/JavaScriptCore/bytecode/CodeBlock.cpp:1349 > + // But we should not see garbage pointer in that case. We ensure JITData::m_calleeSaveRegisters is initialized as nullptr before exposing it to BaselineJIT by store-store-fence.
do the compiler threads check for nullptr? We're seeing this crash on ARM only?
Yusuke Suzuki
Comment 6
2019-09-10 21:24:47 PDT
(In reply to Saam Barati from
comment #5
)
> Comment on
attachment 378505
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=378505&action=review
> > > Source/JavaScriptCore/bytecode/CodeBlock.cpp:1349 > > + // But we should not see garbage pointer in that case. We ensure JITData::m_calleeSaveRegisters is initialized as nullptr before exposing it to BaselineJIT by store-store-fence. > > do the compiler threads check for nullptr?
Yes, compiler thread is checking nullptr.
> > We're seeing this crash on ARM only?
Yes, this crash is happening only on ARM devices, because x86 offers TSO. Theoretically, we can see x86 crash if clang emits the code storing JITData pointer to CodeBlock before null-ing that field.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug