[webkit-reviews] review requested: [Bug 135143] JSLock release should only modify the AtomicStringTable if it modified in acquire : [Attachment 235264] [PATCH] Proposed Fix
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 21 19:34:33 PDT 2014
Joseph Pecoraro <joepeck at webkit.org> has asked for review:
Bug 135143: JSLock release should only modify the AtomicStringTable if it
modified in acquire
https://bugs.webkit.org/show_bug.cgi?id=135143
Attachment 235264: [PATCH] Proposed Fix
https://bugs.webkit.org/attachment.cgi?id=235264&action=review
------- Additional Comments from Joseph Pecoraro <joepeck at webkit.org>
I have been trying to create a test for this but it is proving difficult.
My plan is to create a JSContext on a non-main thread (so a non-main
AtomicStringTable), delete the JSContext on the main thread (such that JSLock
would have unbalanced lock and release leaving the wrong AtomicStringTable).
But it seems I'm missing some complexity. In any case, the reproducible case I
have (a larger application) reproduced the issue reliably.
More information about the webkit-reviews
mailing list