[webkit-reviews] review requested: [Bug 178298] JSRunLoopTimer: reduce likely race when used improperly : [Attachment 323757] patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 13 15:35:03 PDT 2017


JF Bastien <jfbastien at apple.com> has asked  for review:
Bug 178298: JSRunLoopTimer: reduce likely race when used improperly
https://bugs.webkit.org/show_bug.cgi?id=178298

Attachment 323757: patch

https://bugs.webkit.org/attachment.cgi?id=323757&action=review




--- Comment #2 from JF Bastien <jfbastien at apple.com> ---
Created attachment 323757

  --> https://bugs.webkit.org/attachment.cgi?id=323757&action=review

patch

Just to confirm, the assembly now looks like this:

__ZN3JSC14JSRunLoopTimer12timerDidFireEv:				       
		      __ZN3JSC14JSRunLoopTimer12timerDidFireEv: 	       
					   
	sub	sp, sp, #0x30						       
			      sub     sp, sp, #0x40			       
					   
									       
			      stp     x22, x21, [sp, #0x10]		       
					   
	stp	x20, x19, [sp, #0x10]					       
			      stp     x20, x19, [sp, #0x20]		       
					   
	stp	x29, x30, [sp, #0x20]					       
			      stp     x29, x30, [sp, #0x30]		       
					   
	add	x29, sp, #0x20						       
			      add     x29, sp, #0x30			       
					   
	mov	 x20, x0						       
			      mov      x21, x0				       
					   
	ldr	x0, [x20, #0x18]					       
			      ldr     x19, [x21, #0x18] 		       
					   
									       
			      cbz     x19, 0x???			       
					   
									       
			      mov      x0, x19				       
					   
	bl	0x???							       
			      bl      0x???				       
					   
	ldr	x0, [x20, #0x18]					       
									       
					   
	ldr	x19, [x0, #0x20]					       
			      ldr     x20, [x19, #0x20] 		       
					   
	cbz	x19, 0x???						       
			      cbz     x20, 0x???			       
					   
	ldaxr	w8, [x19]						       
			      ldaxr   w8, [x20] 			       
					   


The main safeguard is the acquisition of m_apiLock, though.


More information about the webkit-reviews mailing list