[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.15.1-1414-gc69ee75

eric at webkit.org eric at webkit.org
Thu Oct 29 20:43:01 UTC 2009 

The following commit has been merged in the webkit-1.1 branch:
commit 85ac4cf1c68530e5cc3144a83c7eee4c10915d9f
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Sun Oct 11 22:17:16 2009 +0000

    2009-10-11  Dominic Cooney  <dominicc at google.com>
    
            Reviewed by Adam Barth.
    
            Sets a 500K stack limit for JavaScript workers in Chromium.
            https://bugs.webkit.org/show_bug.cgi?id=29797
    
            Runaway recursion in JavaScript workers crashes the Chromium
            worker process on OS X. This is because V8's default stack limit
            is 512K on ia32 or 1M on x64, but the worker process runs workers
            on a thread with the OS X default stack size--512K. Because there
            are already some C++ frames on the stack when V8 establishes its
            512K default stack limit, and V8 doesn't precisely enforce the
            stack limit, runaway recursion in V8 workers overflows the OS
            stack and segfaults, killing the worker process. This is described
            in Chromium bug 21653 <http://crbug.com/21653>.
    
            This patch sets the V8 stack limit for worker JavaScript in
            Chromium to a more conservative 500K on all platforms. This allows
            some "headroom" for the C++ stack in use when the limit is set up,
            and some "legroom" for the V8 helper functions which in practice
            briefly flout the V8 stack limit.
    
            Test: LayoutTests/fast/workers/use-machine-stack.html
    
            * bindings/v8/WorkerContextExecutionProxy.cpp:
            (WebCore::WorkerContextExecutionProxy::initV8IfNeeded):
            * bindings/v8/WorkerContextExecutionProxy.h:
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@49427 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 4339ef9..fabba1d 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,32 @@
+2009-10-11  Dominic Cooney  <dominicc at google.com>
+
+        Reviewed by Adam Barth.
+
+        Sets a 500K stack limit for JavaScript workers in Chromium.
+        https://bugs.webkit.org/show_bug.cgi?id=29797
+
+        Runaway recursion in JavaScript workers crashes the Chromium
+        worker process on OS X. This is because V8's default stack limit
+        is 512K on ia32 or 1M on x64, but the worker process runs workers
+        on a thread with the OS X default stack size--512K. Because there
+        are already some C++ frames on the stack when V8 establishes its
+        512K default stack limit, and V8 doesn't precisely enforce the
+        stack limit, runaway recursion in V8 workers overflows the OS
+        stack and segfaults, killing the worker process. This is described
+        in Chromium bug 21653 <http://crbug.com/21653>.
+
+        This patch sets the V8 stack limit for worker JavaScript in
+        Chromium to a more conservative 500K on all platforms. This allows
+        some "headroom" for the C++ stack in use when the limit is set up,
+        and some "legroom" for the V8 helper functions which in practice
+        briefly flout the V8 stack limit.
+
+        Test: LayoutTests/fast/workers/use-machine-stack.html
+
+        * bindings/v8/WorkerContextExecutionProxy.cpp:
+        (WebCore::WorkerContextExecutionProxy::initV8IfNeeded):
+        * bindings/v8/WorkerContextExecutionProxy.h:
+
 2009-10-11  Kevin Ollivier  <kevino at theolliviers.com>
 
         wx build fix for wxMac 2.9, use wxGC API for measuring text.
diff --git a/WebCore/bindings/v8/WorkerContextExecutionProxy.cpp b/WebCore/bindings/v8/WorkerContextExecutionProxy.cpp
index 37c65cd..839411b 100644
--- a/WebCore/bindings/v8/WorkerContextExecutionProxy.cpp
+++ b/WebCore/bindings/v8/WorkerContextExecutionProxy.cpp
@@ -125,6 +125,11 @@ void WorkerContextExecutionProxy::initV8IfNeeded()
     v8::V8::IgnoreOutOfMemoryException();
     v8::V8::SetFatalErrorHandler(reportFatalErrorInV8);
 
+    v8::ResourceConstraints resource_constraints;
+    uint32_t here;
+    resource_constraints.set_stack_limit(&here - kWorkerMaxStackSize / sizeof(uint32_t*));
+    v8::SetResourceConstraints(&resource_constraints);
+
     v8Initialized = true;
 }
 
diff --git a/WebCore/bindings/v8/WorkerContextExecutionProxy.h b/WebCore/bindings/v8/WorkerContextExecutionProxy.h
index a08395c..e723bc6 100644
--- a/WebCore/bindings/v8/WorkerContextExecutionProxy.h
+++ b/WebCore/bindings/v8/WorkerContextExecutionProxy.h
@@ -107,6 +107,8 @@ namespace WebCore {
 
         static bool forgetV8EventObject(Event*);
 
+        static const int kWorkerMaxStackSize = 500 * 1024;
+
         WorkerContext* m_workerContext;
         v8::Persistent<v8::Context> m_context;
         int m_recursion;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list