Ignore:
Timestamp:
Oct 9, 2017, 7:48:39 PM (8 years ago)
Author:
[email protected]
Message:

JSCell::didBecomePrototype is racy
https://bugs.webkit.org/show_bug.cgi?id=178110

Reviewed by Saam Barati.

The indexing type can be modified by any thread using CAS. So, we need to use atomics when
modifying it. We don't need to use atomics when reading it though (since it's just one field).

  • runtime/JSCellInlines.h:

(JSC::JSCell::didBecomePrototype):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r223113 r223116  
     12017-10-09  Filip Pizlo  <[email protected]>
     2
     3        JSCell::didBecomePrototype is racy
     4        https://bugs.webkit.org/show_bug.cgi?id=178110
     5
     6        Reviewed by Saam Barati.
     7       
     8        The indexing type can be modified by any thread using CAS. So, we need to use atomics when
     9        modifying it. We don't need to use atomics when reading it though (since it's just one field).
     10
     11        * runtime/JSCellInlines.h:
     12        (JSC::JSCell::didBecomePrototype):
     13
    1142017-09-29  Filip Pizlo  <[email protected]>
    215
Note: See TracChangeset for help on using the changeset viewer.