99226 – Race condition during copying phase can lead to deadlock

Bug 99226 - Race condition during copying phase can lead to deadlock

Summary: Race condition during copying phase can lead to deadlock

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Mark Hahnenberg

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-10-12 18:02 PDT by Mark Hahnenberg
Modified:	2012-10-12 18:11 PDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Hahnenberg 2012-10-12 18:02:13 PDT

The main thread calls startCopying() for each of the GCThreads at the beginning of the copy phase. It then proceeds to start copying. If copying completes before one of the GCThreads wakes up, the main thread will set m_currentPhase back to NoPhase, the GCThread will wake up, see that there's nothing to do, and then it will go back to sleep without ever calling CopyVisitor::doneCopying() to return its borrowed block to the CopiedSpace. CopiedSpace::doneCopying() will then sleep forever waiting on the block.

The fix for this is to make sure we call CopiedSpace::doneCopying() on the main thread before we call GCThreadSharedData::didFinishCopying(), which sets the m_currentPhase flag to NoPhase. This way we will wait until all threads have woken up and given back their borrowed blocks before clearing the flag.

Comment 1 Mark Hahnenberg 2012-10-12 18:11:00 PDT

Committed r131244: <http://trac.webkit.org/changeset/131244>