[Webkit-unassigned] [Bug 154841] regress/script-tests/double-pollution-putbyoffset.js.ftl-eager timed out because of a lock ordering deadlock involving InferredType and CodeBlock
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 29 16:56:17 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=154841
--- Comment #1 from Filip Pizlo <fpizlo at apple.com> ---
Here's the deadlock:
Main thread:
1) Change an InferredType. This acquires InferredType::m_lock.
2) Fire watchpoint set. This triggers CodeBlock invalidation, which acquires CodeBlock::m_lock.
DFG thread:
1) Iterate over the information in a CodeBlock. This acquires CodeBlock::m_lock.
2) Ask an InferredType for its descriptor(). This acquires InferredType::m_lock.
I think that the DFG thread's ordering should be legal, because the best logic for lock hierarchies is that locks that protect the largest set of stuff should be acquired first.
This means that the main thread shouldn't be holding the InferredType::m_lock when firing watchpoint sets. I think that we already do magic for this in other places.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160301/e61978f7/attachment.html>
More information about the webkit-unassigned
mailing list