[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-10851-g50815da

ggaren at apple.com ggaren at apple.com
Wed Dec 22 17:56:42 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit aa64ff326869273cc287c82817ca595da54ca9b0
Author: ggaren at apple.com <ggaren at apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Fri Dec 3 01:16:11 2010 +0000

    Fixed <rdar://problem/8310571> CrashTracer: 60 crashes in Photo Booth at
    com.apple.JavaScriptCore: JSC::Heap::markRoots + 746
    
    Reviewed by Gavin Barraclough.
    
    * API/APIShims.h:
    (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Call our new
    synchronize() function.
    
    * runtime/Collector.cpp:
    (JSC::Heap::activityCallback):
    * runtime/Collector.h: Added an activityCallback() accessor, for the
    call above.
    
    * runtime/GCActivityCallback.h:
    (JSC::GCActivityCallback::synchronize):
    * runtime/GCActivityCallbackCF.cpp:
    (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
    (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
    (JSC::DefaultGCActivityCallback::operator()):
    (JSC::DefaultGCActivityCallback::synchronize): Track the run loop we're
    scheduled in. If we begin/resume execution within a new run loop, reschedule
    on it. This prevents a crash when using a lockless context group on
    multiple threads -- the crash would happen if the GC timer scheduled on
    thread A, then you continued execution on thread B, then the thread A
    timer fired.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@73223 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/JavaScriptCore/API/APIShims.h b/JavaScriptCore/API/APIShims.h
index 892068d..0b49d70 100644
--- a/JavaScriptCore/API/APIShims.h
+++ b/JavaScriptCore/API/APIShims.h
@@ -27,6 +27,7 @@
 #define APIShims_h
 
 #include "CallFrame.h"
+#include "GCActivityCallback.h"
 #include "JSLock.h"
 #include <wtf/WTFThreadData.h>
 
@@ -40,6 +41,7 @@ protected:
     {
         if (registerThread)
             globalData->heap.registerThread();
+        m_globalData->heap.activityCallback()->synchronize();
         m_globalData->timeoutChecker.start();
     }
 
@@ -85,6 +87,7 @@ public:
 
     ~APICallbackShim()
     {
+        m_globalData->heap.activityCallback()->synchronize();
         wtfThreadData().setCurrentIdentifierTable(m_globalData->identifierTable);
     }
 
diff --git a/JavaScriptCore/ChangeLog b/JavaScriptCore/ChangeLog
index 6d9b74f..5723670 100644
--- a/JavaScriptCore/ChangeLog
+++ b/JavaScriptCore/ChangeLog
@@ -1,3 +1,32 @@
+2010-12-02  Geoffrey Garen  <ggaren at apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        Fixed <rdar://problem/8310571> CrashTracer: 60 crashes in Photo Booth at
+        com.apple.JavaScriptCore: JSC::Heap::markRoots + 746
+        
+        * API/APIShims.h:
+        (JSC::APIEntryShimWithoutLock::APIEntryShimWithoutLock): Call our new
+        synchronize() function.
+
+        * runtime/Collector.cpp:
+        (JSC::Heap::activityCallback):
+        * runtime/Collector.h: Added an activityCallback() accessor, for the
+        call above.
+
+        * runtime/GCActivityCallback.h:
+        (JSC::GCActivityCallback::synchronize):
+        * runtime/GCActivityCallbackCF.cpp:
+        (JSC::DefaultGCActivityCallback::DefaultGCActivityCallback):
+        (JSC::DefaultGCActivityCallback::~DefaultGCActivityCallback):
+        (JSC::DefaultGCActivityCallback::operator()):
+        (JSC::DefaultGCActivityCallback::synchronize): Track the run loop we're
+        scheduled in. If we begin/resume execution within a new run loop, reschedule
+        on it. This prevents a crash when using a lockless context group on
+        multiple threads -- the crash would happen if the GC timer scheduled on
+        thread A, then you continued execution on thread B, then the thread A
+        timer fired.
+
 2010-12-02  Darin Adler  <darin at apple.com>
 
         * wtf/ASCIICType.h: Fix wrong type from last check-in.
diff --git a/JavaScriptCore/runtime/Collector.cpp b/JavaScriptCore/runtime/Collector.cpp
index 3fbd278..3d8b583 100644
--- a/JavaScriptCore/runtime/Collector.cpp
+++ b/JavaScriptCore/runtime/Collector.cpp
@@ -1232,4 +1232,9 @@ void Heap::setActivityCallback(PassOwnPtr<GCActivityCallback> activityCallback)
     m_activityCallback = activityCallback;
 }
 
+GCActivityCallback* Heap::activityCallback()
+{
+    return m_activityCallback.get();
+}
+
 } // namespace JSC
diff --git a/JavaScriptCore/runtime/Collector.h b/JavaScriptCore/runtime/Collector.h
index 237c139..dd26bc3 100644
--- a/JavaScriptCore/runtime/Collector.h
+++ b/JavaScriptCore/runtime/Collector.h
@@ -98,6 +98,8 @@ namespace JSC {
 
         bool isBusy(); // true if an allocation or collection is in progress
         void collectAllGarbage();
+
+        GCActivityCallback* activityCallback();
         void setActivityCallback(PassOwnPtr<GCActivityCallback>);
 
         static const size_t minExtraCost = 256;
diff --git a/JavaScriptCore/runtime/GCActivityCallback.h b/JavaScriptCore/runtime/GCActivityCallback.h
index 66d56e8..862b4df 100644
--- a/JavaScriptCore/runtime/GCActivityCallback.h
+++ b/JavaScriptCore/runtime/GCActivityCallback.h
@@ -40,6 +40,7 @@ class GCActivityCallback {
 public:
     virtual ~GCActivityCallback() {}
     virtual void operator()() {}
+    virtual void synchronize() {}
 
 protected:
     GCActivityCallback() {}
@@ -55,6 +56,7 @@ public:
     ~DefaultGCActivityCallback();
 
     void operator()();
+    void synchronize();
 
 private:
     OwnPtr<DefaultGCActivityCallbackPlatformData*> d;
diff --git a/JavaScriptCore/runtime/GCActivityCallbackCF.cpp b/JavaScriptCore/runtime/GCActivityCallbackCF.cpp
index 45329ca..7168a05 100644
--- a/JavaScriptCore/runtime/GCActivityCallbackCF.cpp
+++ b/JavaScriptCore/runtime/GCActivityCallbackCF.cpp
@@ -47,10 +47,12 @@ struct DefaultGCActivityCallbackPlatformData {
     static void trigger(CFRunLoopTimerRef, void *info);
 
     RetainPtr<CFRunLoopTimerRef> timer;
+    RetainPtr<CFRunLoopRef> runLoop;
     CFRunLoopTimerContext context;
 };
 
 const CFTimeInterval decade = 60 * 60 * 24 * 365 * 10;
+const CFTimeInterval triggerInterval = 2; // seconds
 
 void DefaultGCActivityCallbackPlatformData::trigger(CFRunLoopTimerRef, void *info)
 {
@@ -65,21 +67,32 @@ DefaultGCActivityCallback::DefaultGCActivityCallback(Heap* heap)
 
     memset(&d->context, '\0', sizeof(CFRunLoopTimerContext));
     d->context.info = heap;
+    d->runLoop = CFRunLoopGetCurrent();
     d->timer.adoptCF(CFRunLoopTimerCreate(0, decade, decade, 0, 0, DefaultGCActivityCallbackPlatformData::trigger, &d->context));
-    CFRunLoopAddTimer(CFRunLoopGetCurrent(), d->timer.get(), kCFRunLoopCommonModes);
+    CFRunLoopAddTimer(d->runLoop.get(), d->timer.get(), kCFRunLoopCommonModes);
 }
 
 DefaultGCActivityCallback::~DefaultGCActivityCallback()
 {
-    CFRunLoopRemoveTimer(CFRunLoopGetCurrent(), d->timer.get(), kCFRunLoopCommonModes);
+    CFRunLoopRemoveTimer(d->runLoop.get(), d->timer.get(), kCFRunLoopCommonModes);
     CFRunLoopTimerInvalidate(d->timer.get());
     d->context.info = 0;
+    d->runLoop = 0;
     d->timer = 0;
 }
 
 void DefaultGCActivityCallback::operator()()
 {
-    CFRunLoopTimerSetNextFireDate(d->timer.get(), CFAbsoluteTimeGetCurrent() + 2);
+    CFRunLoopTimerSetNextFireDate(d->timer.get(), CFAbsoluteTimeGetCurrent() + triggerInterval);
+}
+
+void DefaultGCActivityCallback::synchronize()
+{
+    if (CFRunLoopGetCurrent() == d->runLoop.get())
+        return;
+    CFRunLoopRemoveTimer(d->runLoop.get(), d->timer.get(), kCFRunLoopCommonModes);
+    d->runLoop = CFRunLoopGetCurrent();
+    CFRunLoopAddTimer(d->runLoop.get(), d->timer.get(), kCFRunLoopCommonModes);
 }
 
 }

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list