<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[184302] branches/safari-600.5.17-branch/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/184302">184302</a></dd>
<dt>Author</dt> <dd>bshafiei@apple.com</dd>
<dt>Date</dt> <dd>2015-05-13 13:40:21 -0700 (Wed, 13 May 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merged <a href="http://trac.webkit.org/projects/webkit/changeset/184229">r184229</a>. rdar://problem/18736465</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari600517branchSourceJavaScriptCoreChangeLog">branches/safari-600.5.17-branch/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchessafari600517branchSourceJavaScriptCoreheapMachineStackMarkercpp">branches/safari-600.5.17-branch/Source/JavaScriptCore/heap/MachineStackMarker.cpp</a></li>
<li><a href="#branchessafari600517branchSourceJavaScriptCoreheapMachineStackMarkerh">branches/safari-600.5.17-branch/Source/JavaScriptCore/heap/MachineStackMarker.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari600517branchSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-600.5.17-branch/Source/JavaScriptCore/ChangeLog (184301 => 184302)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.5.17-branch/Source/JavaScriptCore/ChangeLog 2015-05-13 20:10:18 UTC (rev 184301)
+++ branches/safari-600.5.17-branch/Source/JavaScriptCore/ChangeLog 2015-05-13 20:40:21 UTC (rev 184302)
</span><span class="lines">@@ -1,3 +1,49 @@
</span><ins>+2015-05-13 Babak Shafiei <bshafiei@apple.com>
+
+ Merge r184229.
+
+ 2015-05-12 Mark Lam <mark.lam@apple.com>
+
+ Windows: Cannot use HANDLE from GetCurrentThread() to get the CONTEXT of another thread.
+ https://bugs.webkit.org/show_bug.cgi?id=144924
+
+ Reviewed by Alex Christensen.
+
+ The present stack scanning code in the Windows port is expecting that the
+ GetCurrentThread() API will provide a unique HANDLE for each thread. The code
+ then saves and later uses that HANDLE with GetThreadContext() to get the
+ runtime state of the target thread from the GC thread. According to
+ https://msdn.microsoft.com/en-us/library/windows/desktop/ms683182(v=vs.85).aspx,
+ GetCurrentThread() does not provide this unique HANDLE that we expect:
+
+ "The function cannot be used by one thread to create a handle that can
+ be used by other threads to refer to the first thread. The handle is
+ always interpreted as referring to the thread that is using it. A
+ thread can create a "real" handle to itself that can be used by other
+ threads, or inherited by other processes, by specifying the pseudo
+ handle as the source handle in a call to the DuplicateHandle function."
+
+ As a result of this, GetCurrentThread() always returns the same HANDLE value, and
+ we end up never scanning the stacks of other threads because we wrongly think that
+ they are all equal (in identity) to the scanning thread. This, in turn, results
+ in crashes due to objects that are incorrectly collected.
+
+ The fix is to call DuplicateHandle() to create a HANDLE that we can use. The
+ MachineThreads::Thread class already accurately tracks the period of time when
+ we need that HANDLE for the VM. Hence, the life-cycle of the HANDLE can be tied
+ to the life-cycle of the MachineThreads::Thread object for the corresponding thread.
+
+ * heap/MachineStackMarker.cpp:
+ (JSC::MachineThreads::Thread::Thread):
+ (JSC::MachineThreads::Thread::~Thread):
+ (JSC::getCurrentPlatformThread):
+ (JSC::suspendThread):
+ (JSC::resumeThread):
+ (JSC::getPlatformThreadRegisters):
+ (JSC::MachineThreads::gatherFromOtherThread):
+ (JSC::MachineThreads::gatherConservativeRoots):
+ * heap/MachineStackMarker.h:
+
</ins><span class="cx"> 2015-04-07 Babak Shafiei <bshafiei@apple.com>
</span><span class="cx">
</span><span class="cx"> Merge r181628.
</span></span></pre></div>
<a id="branchessafari600517branchSourceJavaScriptCoreheapMachineStackMarkercpp"></a>
<div class="modfile"><h4>Modified: branches/safari-600.5.17-branch/Source/JavaScriptCore/heap/MachineStackMarker.cpp (184301 => 184302)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.5.17-branch/Source/JavaScriptCore/heap/MachineStackMarker.cpp 2015-05-13 20:10:18 UTC (rev 184301)
+++ branches/safari-600.5.17-branch/Source/JavaScriptCore/heap/MachineStackMarker.cpp 2015-05-13 20:40:21 UTC (rev 184302)
</span><span class="lines">@@ -84,7 +84,7 @@
</span><span class="cx"> #if OS(DARWIN)
</span><span class="cx"> typedef mach_port_t PlatformThread;
</span><span class="cx"> #elif OS(WINDOWS)
</span><del>-typedef HANDLE PlatformThread;
</del><ins>+typedef DWORD PlatformThread;
</ins><span class="cx"> #elif USE(PTHREADS)
</span><span class="cx"> typedef pthread_t PlatformThread;
</span><span class="cx"> static const int SigThreadSuspendResume = SIGUSR2;
</span><span class="lines">@@ -119,12 +119,26 @@
</span><span class="cx"> sigemptyset(&mask);
</span><span class="cx"> sigaddset(&mask, SigThreadSuspendResume);
</span><span class="cx"> pthread_sigmask(SIG_UNBLOCK, &mask, 0);
</span><ins>+#elif OS(WINDOWS)
+ ASSERT(platformThread == GetCurrentThreadId());
+ bool isSuccessful = DuplicateHandle(GetCurrentProcess(), GetCurrentThread(), GetCurrentProcess(), &platformThreadHandle, 0, FALSE, DUPLICATE_SAME_ACCESS);
+ RELEASE_ASSERT(isSuccessful);
</ins><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ ~Thread()
+ {
+#if OS(WINDOWS)
+ CloseHandle(platformThreadHandle);
+#endif
+ }
+
</ins><span class="cx"> Thread* next;
</span><span class="cx"> PlatformThread platformThread;
</span><span class="cx"> void* stackBase;
</span><ins>+#if OS(WINDOWS)
+ HANDLE platformThreadHandle;
+#endif
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> MachineThreads::MachineThreads(Heap* heap)
</span><span class="lines">@@ -155,7 +169,7 @@
</span><span class="cx"> #if OS(DARWIN)
</span><span class="cx"> return pthread_mach_thread_np(pthread_self());
</span><span class="cx"> #elif OS(WINDOWS)
</span><del>- return GetCurrentThread();
</del><ins>+ return GetCurrentThreadId();
</ins><span class="cx"> #elif USE(PTHREADS)
</span><span class="cx"> return pthread_self();
</span><span class="cx"> #endif
</span><span class="lines">@@ -240,31 +254,31 @@
</span><span class="cx"> conservativeRoots.add(stackBegin, stackEnd, jitStubRoutines, codeBlocks);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-static inline bool suspendThread(const PlatformThread& platformThread)
</del><ins>+static inline bool suspendThread(MachineThreads::Thread* thread)
</ins><span class="cx"> {
</span><span class="cx"> #if OS(DARWIN)
</span><del>- kern_return_t result = thread_suspend(platformThread);
</del><ins>+ kern_return_t result = thread_suspend(thread->platformThread);
</ins><span class="cx"> return result == KERN_SUCCESS;
</span><span class="cx"> #elif OS(WINDOWS)
</span><del>- bool threadIsSuspended = (SuspendThread(platformThread) != (DWORD)-1);
</del><ins>+ bool threadIsSuspended = (SuspendThread(thread->platformThreadHandle) != (DWORD)-1);
</ins><span class="cx"> ASSERT(threadIsSuspended);
</span><span class="cx"> return threadIsSuspended;
</span><span class="cx"> #elif USE(PTHREADS)
</span><del>- pthread_kill(platformThread, SigThreadSuspendResume);
</del><ins>+ pthread_kill(thread->platformThread, SigThreadSuspendResume);
</ins><span class="cx"> return true;
</span><span class="cx"> #else
</span><span class="cx"> #error Need a way to suspend threads on this platform
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><del>-static inline void resumeThread(const PlatformThread& platformThread)
</del><ins>+static inline void resumeThread(MachineThreads::Thread* thread)
</ins><span class="cx"> {
</span><span class="cx"> #if OS(DARWIN)
</span><del>- thread_resume(platformThread);
</del><ins>+ thread_resume(thread->platformThread);
</ins><span class="cx"> #elif OS(WINDOWS)
</span><del>- ResumeThread(platformThread);
</del><ins>+ ResumeThread(thread->platformThreadHandle);
</ins><span class="cx"> #elif USE(PTHREADS)
</span><del>- pthread_kill(platformThread, SigThreadSuspendResume);
</del><ins>+ pthread_kill(thread->platformThread, SigThreadSuspendResume);
</ins><span class="cx"> #else
</span><span class="cx"> #error Need a way to resume threads on this platform
</span><span class="cx"> #endif
</span><span class="lines">@@ -298,7 +312,7 @@
</span><span class="cx"> #error Need a thread register struct for this platform
</span><span class="cx"> #endif
</span><span class="cx">
</span><del>-static size_t getPlatformThreadRegisters(const PlatformThread& platformThread, PlatformThreadRegisters& regs)
</del><ins>+static size_t getPlatformThreadRegisters(MachineThreads::Thread* thread, PlatformThreadRegisters& regs)
</ins><span class="cx"> {
</span><span class="cx"> #if OS(DARWIN)
</span><span class="cx">
</span><span class="lines">@@ -324,7 +338,7 @@
</span><span class="cx"> #error Unknown Architecture
</span><span class="cx"> #endif
</span><span class="cx">
</span><del>- kern_return_t result = thread_get_state(platformThread, flavor, (thread_state_t)&regs, &user_count);
</del><ins>+ kern_return_t result = thread_get_state(thread->platformThread, flavor, (thread_state_t)&regs, &user_count);
</ins><span class="cx"> if (result != KERN_SUCCESS) {
</span><span class="cx"> WTFReportFatalError(__FILE__, __LINE__, WTF_PRETTY_FUNCTION,
</span><span class="cx"> "JavaScript garbage collection failed because thread_get_state returned an error (%d). This is probably the result of running inside Rosetta, which is not supported.", result);
</span><span class="lines">@@ -335,18 +349,18 @@
</span><span class="cx">
</span><span class="cx"> #elif OS(WINDOWS)
</span><span class="cx"> regs.ContextFlags = CONTEXT_INTEGER | CONTEXT_CONTROL;
</span><del>- GetThreadContext(platformThread, &regs);
</del><ins>+ GetThreadContext(thread->platformThreadHandle, &regs);
</ins><span class="cx"> return sizeof(CONTEXT);
</span><span class="cx"> #elif USE(PTHREADS)
</span><span class="cx"> pthread_attr_init(&regs);
</span><span class="cx"> #if HAVE(PTHREAD_NP_H) || OS(NETBSD)
</span><span class="cx"> #if !OS(OPENBSD)
</span><span class="cx"> // e.g. on FreeBSD 5.4, neundorf@kde.org
</span><del>- pthread_attr_get_np(platformThread, &regs);
</del><ins>+ pthread_attr_get_np(thread->platformThread, &regs);
</ins><span class="cx"> #endif
</span><span class="cx"> #else
</span><span class="cx"> // FIXME: this function is non-portable; other POSIX systems may have different np alternatives
</span><del>- pthread_getattr_np(platformThread, &regs);
</del><ins>+ pthread_getattr_np(thread->platformThread, &regs);
</ins><span class="cx"> #endif
</span><span class="cx"> return 0;
</span><span class="cx"> #else
</span><span class="lines">@@ -434,7 +448,7 @@
</span><span class="cx"> void MachineThreads::gatherFromOtherThread(ConservativeRoots& conservativeRoots, Thread* thread, JITStubRoutineSet& jitStubRoutines, CodeBlockSet& codeBlocks)
</span><span class="cx"> {
</span><span class="cx"> PlatformThreadRegisters regs;
</span><del>- size_t regSize = getPlatformThreadRegisters(thread->platformThread, regs);
</del><ins>+ size_t regSize = getPlatformThreadRegisters(thread, regs);
</ins><span class="cx">
</span><span class="cx"> conservativeRoots.add(static_cast<void*>(&regs), static_cast<void*>(reinterpret_cast<char*>(&regs) + regSize), jitStubRoutines, codeBlocks);
</span><span class="cx">
</span><span class="lines">@@ -469,7 +483,7 @@
</span><span class="cx"> Thread* previousThread = nullptr;
</span><span class="cx"> for (Thread* thread = m_registeredThreads; thread; index++) {
</span><span class="cx"> if (!equalThread(thread->platformThread, currentPlatformThread)) {
</span><del>- bool success = suspendThread(thread->platformThread);
</del><ins>+ bool success = suspendThread(thread);
</ins><span class="cx"> #if OS(DARWIN)
</span><span class="cx"> if (!success) {
</span><span class="cx"> if (!numberOfThreads) {
</span><span class="lines">@@ -519,7 +533,7 @@
</span><span class="cx">
</span><span class="cx"> for (Thread* thread = m_registeredThreads; thread; thread = thread->next) {
</span><span class="cx"> if (!equalThread(thread->platformThread, currentPlatformThread))
</span><del>- resumeThread(thread->platformThread);
</del><ins>+ resumeThread(thread);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> #ifndef NDEBUG
</span></span></pre></div>
<a id="branchessafari600517branchSourceJavaScriptCoreheapMachineStackMarkerh"></a>
<div class="modfile"><h4>Modified: branches/safari-600.5.17-branch/Source/JavaScriptCore/heap/MachineStackMarker.h (184301 => 184302)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-600.5.17-branch/Source/JavaScriptCore/heap/MachineStackMarker.h 2015-05-13 20:10:18 UTC (rev 184301)
+++ branches/safari-600.5.17-branch/Source/JavaScriptCore/heap/MachineStackMarker.h 2015-05-13 20:40:21 UTC (rev 184302)
</span><span class="lines">@@ -47,11 +47,11 @@
</span><span class="cx"> JS_EXPORT_PRIVATE void makeUsableFromMultipleThreads();
</span><span class="cx"> JS_EXPORT_PRIVATE void addCurrentThread(); // Only needs to be called by clients that can use the same heap from multiple threads.
</span><span class="cx">
</span><ins>+ class Thread;
+
</ins><span class="cx"> private:
</span><span class="cx"> void gatherFromCurrentThread(ConservativeRoots&, JITStubRoutineSet&, CodeBlockSet&, void* stackCurrent, RegisterState& registers);
</span><span class="cx">
</span><del>- class Thread;
-
</del><span class="cx"> static void removeThread(void*);
</span><span class="cx"> void removeCurrentThread();
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>