[webkit-changes] [WebKit/WebKit] dcd496: Potential race condition for m_clobberingTailCalls...

[Commit Queue]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: dcd4969cfb755efc4781ab5a942496048fe491a5
      https://github.com/WebKit/WebKit/commit/dcd4969cfb755efc4781ab5a942496048fe491a5
  Author: Yijia Huang <yijia_huang at apple.com>
  Date:   2023-01-25 (Wed, 25 Jan 2023)

  Changed paths:
    M Source/JavaScriptCore/wasm/WasmModuleInformation.h
    M Source/JavaScriptCore/wasm/WasmSectionParser.cpp
    M Source/WTF/wtf/FixedBitVector.h

  Log Message:
  -----------
  Potential race condition for m_clobberingTailCalls in WasmModuleInformation.h
https://bugs.webkit.org/show_bug.cgi?id=251124

Reviewed by Mark Lam.

There might be race condition for m_clobberingTailCalls since we update
BitVector, which may need to resize, when compiling wasm code in parallel.
To fix this, we can use FixedBitVector with fixed size and update it synchronously.

* Source/JavaScriptCore/wasm/WasmLLIntPlan.cpp:
(JSC::Wasm::LLIntPlan::didCompleteCompilation):
* Source/JavaScriptCore/wasm/WasmModuleInformation.h:
(JSC::Wasm::ModuleInformation::initializeFunctionTrackers const):
(JSC::Wasm::ModuleInformation::clobberingTailCalls const):
(JSC::Wasm::ModuleInformation::hasClobberingTailCalls const):
(JSC::Wasm::ModuleInformation::callCanClobberInstance const):
(JSC::Wasm::ModuleInformation::addClobberingTailCall):
(JSC::Wasm::ModuleInformation::initializeReferencedFunctionsTracker const): Deleted.
* Source/JavaScriptCore/wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseFunction):

Canonical link: https://commits.webkit.org/259374@main