[Webkit-unassigned] [Bug 185438] New: Deferred firing of structure transition watchpoints are racy

Tue May 8 11:44:08 PDT 2018

https://bugs.webkit.org/show_bug.cgi?id=185438

            Bug ID: 185438
           Summary: Deferred firing of structure transition watchpoints
                    are racy
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: msaboff at apple.com

Currently, the RAII DeferredStructureTransitionWatchpointFire class will fire deferred watchpoints when processing the destructor.  Suppose that another thread is compiling code wants to see that the transition watchpoint has fired, by seeing that they are invalidated.  Given that the compilation occurs on separate threads and the code executing the watchpoint transition may block on GC or for other reasons, the watchpoints won't necessarily have fired.

The watchpoint deferral needs to invalidate the watchpoints and then fire them when able.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180508/dfca8e36/attachment.html>