[webkit-reviews] review requested: [Bug 178298] JSRunLoopTimer: reduce likely race when used improperly : [Attachment 323757] patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 13 15:35:03 PDT 2017
JF Bastien <jfbastien at apple.com> has asked for review:
Bug 178298: JSRunLoopTimer: reduce likely race when used improperly
https://bugs.webkit.org/show_bug.cgi?id=178298
Attachment 323757: patch
https://bugs.webkit.org/attachment.cgi?id=323757&action=review
--- Comment #2 from JF Bastien <jfbastien at apple.com> ---
Created attachment 323757
--> https://bugs.webkit.org/attachment.cgi?id=323757&action=review
patch
Just to confirm, the assembly now looks like this:
__ZN3JSC14JSRunLoopTimer12timerDidFireEv:
__ZN3JSC14JSRunLoopTimer12timerDidFireEv:
sub sp, sp, #0x30
sub sp, sp, #0x40
stp x22, x21, [sp, #0x10]
stp x20, x19, [sp, #0x10]
stp x20, x19, [sp, #0x20]
stp x29, x30, [sp, #0x20]
stp x29, x30, [sp, #0x30]
add x29, sp, #0x20
add x29, sp, #0x30
mov x20, x0
mov x21, x0
ldr x0, [x20, #0x18]
ldr x19, [x21, #0x18]
cbz x19, 0x???
mov x0, x19
bl 0x???
bl 0x???
ldr x0, [x20, #0x18]
ldr x19, [x0, #0x20]
ldr x20, [x19, #0x20]
cbz x19, 0x???
cbz x20, 0x???
ldaxr w8, [x19]
ldaxr w8, [x20]
The main safeguard is the acquisition of m_apiLock, though.
More information about the webkit-reviews
mailing list