Bug 88449 - Worker tear-down can re-enter JSC during GC finalization
Summary: Worker tear-down can re-enter JSC during GC finalization
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Hahnenberg
URL:
Keywords:
Depends on: 88472
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-06 13:23 PDT by Mark Hahnenberg
Modified: 2012-06-07 11:32 PDT (History)
5 users (show)

See Also:


Attachments
Patch (2.25 KB, patch)
2012-06-06 14:53 PDT, Mark Hahnenberg
no flags Details | Formatted Diff | Diff
Patch (1.23 KB, patch)
2012-06-06 18:01 PDT, Mark Hahnenberg
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Hahnenberg 2012-06-06 13:23:52 PDT
~AbstractWorker can enter JS during GC finalization due to attempting to update the Web Inspector when the worker is being torn down, which is not allowed by JSC.

~Worker has a similar story. Both of these should be fixed to prevent this.
Comment 1 Mark Hahnenberg 2012-06-06 14:53:30 PDT
Created attachment 146116 [details]
Patch
Comment 2 Mark Hahnenberg 2012-06-06 15:06:32 PDT
> ~AbstractWorker can enter JS during GC finalization due to attempting to update the Web Inspector when the worker is being torn down, which is not allowed by JSC.

To make this more clear:

~AbstractWorker can re-enter JS during GC finalization, which is not allowed by JSC, due to attempting to update the Web Inspector when the worker is being torn down.
Comment 3 Geoffrey Garen 2012-06-06 15:21:17 PDT
Comment on attachment 146116 [details]
Patch

r=me
Comment 4 Mark Hahnenberg 2012-06-06 15:29:07 PDT
Committed r119624: <http://trac.webkit.org/changeset/119624>
Comment 6 WebKit Review Bot 2012-06-06 17:04:40 PDT
Re-opened since this is blocked by 88472
Comment 7 Mark Hahnenberg 2012-06-06 18:01:39 PDT
Created attachment 146165 [details]
Patch
Comment 8 Mark Hahnenberg 2012-06-06 18:02:11 PDT
Let's try landing each piece of the patch separately to determine which half caused the regression. I think this first patch is the safer of the two.
Comment 9 Geoffrey Garen 2012-06-07 11:11:18 PDT
Comment on attachment 146165 [details]
Patch

r=me
Comment 10 WebKit Review Bot 2012-06-07 11:32:08 PDT
Comment on attachment 146165 [details]
Patch

Clearing flags on attachment: 146165

Committed r119740: <http://trac.webkit.org/changeset/119740>
Comment 11 WebKit Review Bot 2012-06-07 11:32:13 PDT
All reviewed patches have been landed.  Closing bug.