[webkit-reviews] review granted: [Bug 186954] ObjectPropertyCondition and Graph::tryGetConstantProperty should lock the structure before calling getDirect : [Attachment 343405] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jun 22 17:54:36 PDT 2018
Saam Barati <sbarati at apple.com> has granted Keith Miller
<keith_miller at apple.com>'s request for review:
Bug 186954: ObjectPropertyCondition and Graph::tryGetConstantProperty should
lock the structure before calling getDirect
https://bugs.webkit.org/show_bug.cgi?id=186954
Attachment 343405: Patch
https://bugs.webkit.org/attachment.cgi?id=343405&action=review
--- Comment #2 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 343405
--> https://bugs.webkit.org/attachment.cgi?id=343405
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=343405&action=review
> Source/JavaScriptCore/bytecode/PropertyCondition.cpp:400
> + // If we are flattening the structure at this time we might shrink
the butterfly and read garbage.
> + ConcurrentJSLocker locker(structure->lock());
> + if (!structure->isValidOffset(offset()))
> + return PropertyCondition();
> + value = base->getDirect(offset());
Don't we know if we're doing this concurrently or not? Maybe just lock in that
scenario?
More information about the webkit-reviews
mailing list