Changeset 201180 in webkit for trunk/Source/JavaScriptCore/heap/HeapTimer.cpp

Timestamp:

May 19, 2016, 2:02:44 PM (9 years ago)

Author:

[email protected]

Message:

Code that null checks the VM pointer before any use should ref the VM.
​https://bugs.webkit.org/show_bug.cgi?id=157864

Reviewed by Filip Pizlo and Keith Miller.

JSLock::willReleaseLock() and HeapTimer::timerDidFire() need to reference the VM
through a RefPtr. Otherwise, there's no guarantee that the VM won't be deleted
after their null checks.

• bytecode/CodeBlock.h:

(JSC::CodeBlock::vm):
(JSC::CodeBlock::setVM): Deleted.

• Not used, and suggests that it can be changed during the lifetime of the CodeBlock (which should not be).

• heap/HeapTimer.cpp:

(JSC::HeapTimer::timerDidFire):

• runtime/JSLock.cpp:

(JSC::JSLock::willReleaseLock):

• Store the VM pointer in a RefPtr first, and null check the RefPtr instead of the raw VM pointer. This makes the null check a strong guarantee that the VM pointer is valid while these functions are using it.

File:

• trunk/Source/JavaScriptCore/heap/HeapTimer.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/heap/HeapTimer.cpp

@@ -81 +81 @@
     apiLock->lock();
 
-    VM* vm = apiLock->vm();
-    // The VM has been destroyed, so we should just give up.
+    RefPtr<VM> vm = apiLock->vm();
     if (!vm) {
+        // The VM has been destroyed, so we should just give up.
         apiLock->unlock();
         return;
@@ -99 +99 @@
 
     {
-        JSLockHolder locker(vm);
+        JSLockHolder locker(vm.get());
         heapTimer->doWork();
     }