[webkit-changes] [WebKit/WebKit] 596c35: Make [JSManagedValue initWithValue:] more robust a...

Keith Miller noreply at github.com
Mon Oct 28 10:36:18 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 596c3527f5dd10be50fc1af5a0662ff0ab6cf5d9
      https://github.com/WebKit/WebKit/commit/596c3527f5dd10be50fc1af5a0662ff0ab6cf5d9
  Author: Keith Miller <keith_miller at apple.com>
  Date:   2024-10-28 (Mon, 28 Oct 2024)

  Changed paths:
    M Source/JavaScriptCore/API/JSManagedValue.mm
    M Source/JavaScriptCore/API/glib/JSCClass.cpp
    M Source/JavaScriptCore/API/glib/JSCWeakValue.cpp
    M Source/JavaScriptCore/heap/WeakSetInlines.h
    M Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp
    M Source/JavaScriptCore/runtime/JSLock.h
    M Source/WebCore/bindings/js/JSLazyEventListener.cpp

  Log Message:
  -----------
  Make [JSManagedValue initWithValue:] more robust against clients using it from non-main threads
https://bugs.webkit.org/show_bug.cgi?id=281648
rdar://138037948

Reviewed by Mark Lam.

[JSManagedValue initWithValue:] does not currently acquire the JS API lock because it expects to
only be called on the JS main thread.  However, it's easy for clients to make mistakes can call
it from different threads.  We should make [JSManagedValue initWithValue:] more robust by simply
making it acquire the JS API lock for its VM.

Also change [JSManagedValue value:] to not acquire the JS API lock twice.  It was first acquiring
the lock with a WTF::Locker, and subsequently with a JSC::JSLockHolder.  The only added value of
the JSC::JSLockHolder is that it refs the VM using a RefPtr.  So, instead of using the
JSC::JSLockHolder, we can just use a RefPtr to store the VM instead of the raw VM* it was using
before.  With that, the use of the JSC::JSLockHolder becomes completely redundant.

This issue is caught by existing tests now that WeakSet::allocate asserts currentThreadIsHoldingAPILock.

* Source/JavaScriptCore/API/JSManagedValue.mm:
(-[JSManagedValue initWithValue:]):
(-[JSManagedValue value]):
* Source/JavaScriptCore/heap/WeakSetInlines.h:
(JSC::WeakSet::allocate):
* Source/JavaScriptCore/runtime/JSLock.h:

Canonical link: https://commits.webkit.org/285771@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list