[webkit-reviews] review granted: [Bug 185438] Deferred firing of structure transition watchpoints is racy : [Attachment 339886] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 8 15:34:35 PDT 2018
Saam Barati <sbarati at apple.com> has granted Michael Saboff
<msaboff at apple.com>'s request for review:
Bug 185438: Deferred firing of structure transition watchpoints is racy
https://bugs.webkit.org/show_bug.cgi?id=185438
Attachment 339886: Patch
https://bugs.webkit.org/attachment.cgi?id=339886&action=review
--- Comment #3 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 339886
--> https://bugs.webkit.org/attachment.cgi?id=339886
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=339886&action=review
r=me
Seems reasonable. Can you add a test even if it's racy?
> Source/JavaScriptCore/bytecode/Watchpoint.cpp:101
> + m_state = IsInvalidated; // Do after moving watchpoints to deferred to
transfer original.
I don't follow this comment here. Maybe:
"Do after moving watchpoints to deferredWatchpoints so deferredWatchpoints gets
our current state."
That said, we always know state will be IsWatched
> Source/JavaScriptCore/bytecode/Watchpoint.h:332
> + void fireAll(VM& vm, DeferredWatchpointFire* deferred)
> + {
> + if (isFat()) {
> + fat()->fireAll(vm, deferred);
> + return;
> + }
> + if (decodeState(m_data) == ClearWatchpoint)
> + return;
> + m_data = encodeState(IsInvalidated);
> + WTF::storeStoreFence();
> + }
Maybe this can be templatized or abstracted since it's almost identical to
above fireAll?
> Source/JavaScriptCore/runtime/Structure.cpp:-204
> -
please revert
More information about the webkit-reviews
mailing list