Ignore:
Timestamp:
Feb 14, 2018, 3:25:52 PM (7 years ago)
Author:
[email protected]
Message:

Setting a VMTrap shouldn't look at topCallFrame since that may imply we're in C code and holding the malloc lock
https://bugs.webkit.org/show_bug.cgi?id=182801

Reviewed by Keith Miller.

JSTests:

  • stress/watchdog-dont-malloc-when-in-c-code.js: Added.

Source/JavaScriptCore:

VMTraps would sometimes install traps when it paused the JS thread when it
was in C code. This is wrong, as installing traps mallocs, and the JS thread
may have been holding the malloc lock while in C code. This could lead to a
deadlock when C code was holding the malloc lock.

This patch makes it so that we only install traps when we've proven the PC
is in JIT or LLInt code. If we're in JIT/LLInt code, we are guaranteed that
we're not holding the malloc lock.

  • jsc.cpp:

(GlobalObject::finishCreation):
(functionMallocInALoop):

  • runtime/VMTraps.cpp:

(JSC::VMTraps::tryInstallTrapBreakpoints):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jsc.cpp

    r227898 r228488  
    343343static EncodedJSValue JSC_HOST_CALL functionFlashHeapAccess(ExecState*);
    344344static EncodedJSValue JSC_HOST_CALL functionDisableRichSourceInfo(ExecState*);
     345static EncodedJSValue JSC_HOST_CALL functionMallocInALoop(ExecState*);
    345346
    346347struct Script {
     
    600601
    601602        addFunction(vm, "disableRichSourceInfo", functionDisableRichSourceInfo, 0);
     603        addFunction(vm, "mallocInALoop", functionMallocInALoop, 0);
    602604    }
    603605   
     
    17491751}
    17501752
     1753EncodedJSValue JSC_HOST_CALL functionMallocInALoop(ExecState*)
     1754{
     1755    Vector<void*> ptrs;
     1756    for (unsigned i = 0; i < 5000; ++i)
     1757        ptrs.append(fastMalloc(1024 * 2));
     1758    for (void* ptr : ptrs)
     1759        fastFree(ptr);
     1760    return JSValue::encode(jsUndefined());
     1761}
     1762
    17511763template<typename ValueType>
    17521764typename std::enable_if<!std::is_fundamental<ValueType>::value>::type addOption(VM&, JSObject*, Identifier, ValueType) { }
Note: See TracChangeset for help on using the changeset viewer.