Changeset 81525 in webkit for trunk/Source/JavaScriptCore/profiler

Timestamp:

Mar 18, 2011, 4:07:16 PM (14 years ago)

Author:

[email protected]

Message:

2011-03-18 Geoffrey Garen <​[email protected]>

Reviewed by Oliver Hunt.

[GTK] JSC crashes in 32bit Release bots after r80743
​https://bugs.webkit.org/show_bug.cgi?id=56180

The crash was caused by referencing GC memory from a GC destructor. This
is not safe because destruction time / order is not guaranteed.

• profiler/ProfileGenerator.cpp: (JSC::ProfileGenerator::create): (JSC::ProfileGenerator::ProfileGenerator): (JSC::ProfileGenerator::willExecute): (JSC::ProfileGenerator::didExecute):
• profiler/ProfileGenerator.h: (JSC::ProfileGenerator::origin): Made ExecState* the first argument, to match the rest of this class and JSC.

Use a JSGlobalObject* instead of an ExecState* with an indirect reference
to a JSGlobalObject* to track our origin. This is simpler and more
efficient, and it removes the destruction order dependency that was causing
our crash.

• profiler/Profiler.cpp: (JSC::Profiler::startProfiling): Updated for change to JSGlobalObject*. (JSC::Profiler::stopProfiling): New function for stopping all profiles for a given global object. This is more straight-forward than multiplexing through the old function.

(JSC::dispatchFunctionToProfiles): Updated for change to JSGlobalObject*.

• profiler/Profiler.h: Ditto.

• runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::~JSGlobalObject): Ditto.

Location:

trunk/Source/JavaScriptCore/profiler

Files:

• ProfileGenerator.cpp (modified) (3 diffs)
• ProfileGenerator.h (modified) (4 diffs)
• Profiler.cpp (modified) (3 diffs)
• Profiler.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/profiler/ProfileGenerator.cpp

@@ -41 +41 @@
 static const char* NonJSExecution = "(idle)";
 
-PassRefPtr<ProfileGenerator> ProfileGenerator::create(const UString& title, ExecState* originatingExec, unsigned uid)
+PassRefPtr<ProfileGenerator> ProfileGenerator::create(ExecState* exec, const UString& title, unsigned uid)
 {
-    return adoptRef(new ProfileGenerator(title, originatingExec, uid));
+    return adoptRef(new ProfileGenerator(exec, title, uid));
 }
 
-ProfileGenerator::ProfileGenerator(const UString& title, ExecState* originatingExec, unsigned uid)
-    : m_originatingGlobalExec(originatingExec ? originatingExec->lexicalGlobalObject()->globalExec() : 0)
-    , m_profileGroup(originatingExec ? originatingExec->lexicalGlobalObject()->profileGroup() : 0)
+ProfileGenerator::ProfileGenerator(ExecState* exec, const UString& title, unsigned uid)
+    : m_origin(exec ? exec->lexicalGlobalObject() : 0)
+    , m_profileGroup(exec ? exec->lexicalGlobalObject()->profileGroup() : 0)
 {
     m_profile = Profile::create(title, uid);
     m_currentNode = m_head = m_profile->head();
-    if (originatingExec)
-        addParentForConsoleStart(originatingExec);
+    if (exec)
+        addParentForConsoleStart(exec);
 }
 
@@ -81 +81 @@
     }
 
-    if (!m_originatingGlobalExec)
+    if (!m_origin)
         return;
 
@@ -96 +96 @@
     }
 
-    if (!m_originatingGlobalExec)
+    if (!m_origin)
         return;
 

trunk/Source/JavaScriptCore/profiler/ProfileGenerator.h

@@ -35 +35 @@
 
     class ExecState;
+    class JSGlobalObject;
     class Profile;
     class ProfileNode;
@@ -42 +43 @@
     class ProfileGenerator : public RefCounted<ProfileGenerator>  {
     public:
-        static PassRefPtr<ProfileGenerator> create(const UString& title, ExecState* originatingExec, unsigned uid);
+        static PassRefPtr<ProfileGenerator> create(ExecState*, const UString& title, unsigned uid);
 
         // Members
         const UString& title() const;
         PassRefPtr<Profile> profile() const { return m_profile; }
-        ExecState* originatingGlobalExec() const { return m_originatingGlobalExec; }
+        JSGlobalObject* origin() const { return m_origin; }
         unsigned profileGroup() const { return m_profileGroup; }
 
@@ -62 +63 @@
 
     private:
-        ProfileGenerator(const UString& title, ExecState* originatingExec, unsigned uid);
+        ProfileGenerator(ExecState*, const UString& title, unsigned uid);
         void addParentForConsoleStart(ExecState*);
 
@@ -69 +70 @@
 
         RefPtr<Profile> m_profile;
-        ExecState* m_originatingGlobalExec;
+        JSGlobalObject* m_origin;
         unsigned m_profileGroup;
         RefPtr<ProfileNode> m_head;

trunk/Source/JavaScriptCore/profiler/Profiler.cpp

@@ -67 +67 @@
     // Check if we currently have a Profile for this global ExecState and title.
     // If so return early and don't create a new Profile.
-    ExecState* globalExec = exec ? exec->lexicalGlobalObject()->globalExec() : 0;
+    JSGlobalObject* origin = exec ? exec->lexicalGlobalObject() : 0;
 
     for (size_t i = 0; i < m_currentProfiles.size(); ++i) {
         ProfileGenerator* profileGenerator = m_currentProfiles[i].get();
-        if (profileGenerator->originatingGlobalExec() == globalExec && profileGenerator->title() == title)
+        if (profileGenerator->origin() == origin && profileGenerator->title() == title)
             return;
     }
 
     s_sharedEnabledProfilerReference = this;
-    RefPtr<ProfileGenerator> profileGenerator = ProfileGenerator::create(title, exec, ++ProfilesUID);
+    RefPtr<ProfileGenerator> profileGenerator = ProfileGenerator::create(exec, title, ++ProfilesUID);
     m_currentProfiles.append(profileGenerator);
 }
@@ -82 +82 @@
 PassRefPtr<Profile> Profiler::stopProfiling(ExecState* exec, const UString& title)
 {
-    ExecState* globalExec = exec ? exec->lexicalGlobalObject()->globalExec() : 0;
+    JSGlobalObject* origin = exec ? exec->lexicalGlobalObject() : 0;
     for (ptrdiff_t i = m_currentProfiles.size() - 1; i >= 0; --i) {
         ProfileGenerator* profileGenerator = m_currentProfiles[i].get();
-        if (profileGenerator->originatingGlobalExec() == globalExec && (title.isNull() || profileGenerator->title() == title)) {
+        if (profileGenerator->origin() == origin && (title.isNull() || profileGenerator->title() == title)) {
             profileGenerator->stopProfiling();
             RefPtr<Profile> returnProfile = profileGenerator->profile();
@@ -100 +100 @@
 }
 
+void Profiler::stopProfiling(JSGlobalObject* origin)
+{
+    for (ptrdiff_t i = m_currentProfiles.size() - 1; i >= 0; --i) {
+        ProfileGenerator* profileGenerator = m_currentProfiles[i].get();
+        if (profileGenerator->origin() == origin) {
+            profileGenerator->stopProfiling();
+            m_currentProfiles.remove(i);
+            if (!m_currentProfiles.size())
+                s_sharedEnabledProfilerReference = 0;
+        }
+    }
+}
+
 static inline void dispatchFunctionToProfiles(ExecState* callerOrHandlerCallFrame, const Vector<RefPtr<ProfileGenerator> >& profiles, ProfileGenerator::ProfileFunction function, const CallIdentifier& callIdentifier, unsigned currentProfileTargetGroup)
 {
     for (size_t i = 0; i < profiles.size(); ++i) {
-        if (profiles[i]->profileGroup() == currentProfileTargetGroup || !profiles[i]->originatingGlobalExec())
+        if (profiles[i]->profileGroup() == currentProfileTargetGroup || !profiles[i]->origin())
             (profiles[i].get()->*function)(callerOrHandlerCallFrame, callIdentifier);
     }

trunk/Source/JavaScriptCore/profiler/Profiler.h

@@ -39 +39 @@
     class ExecState;
     class JSGlobalData;
+    class JSGlobalObject;
     class JSObject;
     class JSValue;
@@ -58 +59 @@
         void startProfiling(ExecState*, const UString& title);
         PassRefPtr<Profile> stopProfiling(ExecState*, const UString& title);
+        void stopProfiling(JSGlobalObject*);
 
         void willExecute(ExecState* callerCallFrame, JSValue function);