[webkit-changes] [159459] trunk/Source/JavaScriptCore

Mon, 18 Nov 2013 15:05:46 -0800

Title: [159459] trunk/Source/_javascript_Core
Revision
159459
Author
[email protected]
Date
2013-11-18 15:07:03 -0800 (Mon, 18 Nov 2013)

Log Message

APIEntryShims need some love
https://bugs.webkit.org/show_bug.cgi?id=124540

Reviewed by Filip Pizlo.

We were missing them in key places which some other hacking revealed. These could have manifested as
race conditions for VMs being used in multithreaded environments.

* API/JSContext.mm:
(-[JSContext setException:]):
(-[JSContext wrapperForObjCObject:]):
(-[JSContext wrapperForJSObject:]):
* API/JSContextRef.cpp:
(JSContextGroupRelease):
(JSGlobalContextRelease):
* API/JSManagedValue.mm:
(-[JSManagedValue initWithValue:]):
(-[JSManagedValue value]):
* API/JSObjectRef.cpp:
(JSObjectIsFunction):
(JSObjectCopyPropertyNames):
* API/JSValue.mm:
(containerValueToObject):
* API/JSWrapperMap.mm:
(tryUnwrapObjcObject):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/API/JSContext.mm (159458 => 159459)


--- trunk/Source/_javascript_Core/API/JSContext.mm	2013-11-18 22:43:06 UTC (rev 159458)
+++ trunk/Source/_javascript_Core/API/JSContext.mm	2013-11-18 23:07:03 UTC (rev 159459)
@@ -102,6 +102,7 @@
 
 - (void)setException:(JSValue *)value
 {
+    JSC::APIEntryShim entryShim(toJS(m_context));
     if (value)
         m_exception.set(toJS(m_context)->vm(), toJS(JSValueToObject(m_context, valueInternalValue(value), 0)));
     else
@@ -244,14 +245,13 @@
 
 - (JSValue *)wrapperForObjCObject:(id)object
 {
-    // Lock access to m_wrapperMap
-    JSC::JSLockHolder lock(toJS(m_context));
+    JSC::APIEntryShim entryShim(toJS(m_context));
     return [m_wrapperMap jsWrapperForObject:object];
 }
 
 - (JSValue *)wrapperForJSObject:(JSValueRef)value
 {
-    JSC::JSLockHolder lock(toJS(m_context));
+    JSC::APIEntryShim entryShim(toJS(m_context));
     return [m_wrapperMap objcWrapperForJSValueRef:value];
 }

Modified: trunk/Source/_javascript_Core/API/JSContextRef.cpp (159458 => 159459)


--- trunk/Source/_javascript_Core/API/JSContextRef.cpp	2013-11-18 22:43:06 UTC (rev 159458)
+++ trunk/Source/_javascript_Core/API/JSContextRef.cpp	2013-11-18 23:07:03 UTC (rev 159459)
@@ -68,16 +68,9 @@
 
 void JSContextGroupRelease(JSContextGroupRef group)
 {
-    IdentifierTable* savedIdentifierTable;
     VM& vm = *toJS(group);
-
-    {
-        JSLockHolder lock(vm);
-        savedIdentifierTable = wtfThreadData().setCurrentIdentifierTable(vm.identifierTable);
-        vm.deref();
-    }
-
-    wtfThreadData().setCurrentIdentifierTable(savedIdentifierTable);
+    APIEntryShim entryShim(&vm);
+    vm.deref();
 }
 
 static bool internalScriptTimeoutCallback(ExecState* exec, void* callbackPtr, void* callbackData)
@@ -165,7 +158,7 @@
     IdentifierTable* savedIdentifierTable;
     ExecState* exec = toJS(ctx);
     {
-        JSLockHolder lock(exec);
+        APIEntryShim entryShim(exec);
 
         VM& vm = exec->vm();
         savedIdentifierTable = wtfThreadData().setCurrentIdentifierTable(vm.identifierTable);

Modified: trunk/Source/_javascript_Core/API/JSManagedValue.mm (159458 => 159459)


--- trunk/Source/_javascript_Core/API/JSManagedValue.mm	2013-11-18 22:43:06 UTC (rev 159458)
+++ trunk/Source/_javascript_Core/API/JSManagedValue.mm	2013-11-18 23:07:03 UTC (rev 159459)
@@ -30,6 +30,7 @@
 #if JSC_OBJC_API_ENABLED
 
 #import "APICast.h"
+#import "APIShims.h"
 #import "Heap.h"
 #import "JSContextInternal.h"
 #import "JSValueInternal.h"
@@ -191,6 +192,7 @@
         return self;
 
     JSC::ExecState* exec = toJS([value.context JSGlobalContextRef]);
+    JSC::APIEntryShim entryShim(exec);
     JSC::JSGlobalObject* globalObject = exec->lexicalGlobalObject();
     JSC::Weak<JSC::JSGlobalObject> weak(globalObject, managedValueHandleOwner(), self);
     m_globalObject.swap(weak);
@@ -212,6 +214,7 @@
     if (m_weakValue.isClear())
         return nil;
     JSC::ExecState* exec = m_globalObject->globalExec();
+    JSC::APIEntryShim entryShim(exec);
     JSContext *context = [JSContext contextWithJSGlobalContextRef:toGlobalRef(exec)];
     JSC::JSValue value;
     if (m_weakValue.isPrimitive())

Modified: trunk/Source/_javascript_Core/API/JSObjectRef.cpp (159458 => 159459)


--- trunk/Source/_javascript_Core/API/JSObjectRef.cpp	2013-11-18 22:43:06 UTC (rev 159458)
+++ trunk/Source/_javascript_Core/API/JSObjectRef.cpp	2013-11-18 23:07:03 UTC (rev 159459)
@@ -506,10 +506,11 @@
     return false;
 }
 
-bool JSObjectIsFunction(JSContextRef, JSObjectRef object)
+bool JSObjectIsFunction(JSContextRef ctx, JSObjectRef object)
 {
     if (!object)
         return false;
+    APIEntryShim entryShim(toJS(ctx));
     CallData callData;
     JSCell* cell = toJS(object);
     return cell->methodTable()->getCallData(cell, callData) != CallTypeNone;
@@ -605,12 +606,12 @@
         ASSERT_NOT_REACHED();
         return 0;
     }
-    JSObject* jsObject = toJS(object);
     ExecState* exec = toJS(ctx);
     APIEntryShim entryShim(exec);
 
     VM* vm = &exec->vm();
 
+    JSObject* jsObject = toJS(object);
     JSPropertyNameArrayRef propertyNames = new OpaqueJSPropertyNameArray(vm);
     PropertyNameArray array(vm);
     jsObject->methodTable()->getPropertyNames(jsObject, exec, array, ExcludeDontEnumProperties);

Modified: trunk/Source/_javascript_Core/API/JSValue.mm (159458 => 159459)


--- trunk/Source/_javascript_Core/API/JSValue.mm	2013-11-18 22:43:06 UTC (rev 159458)
+++ trunk/Source/_javascript_Core/API/JSValue.mm	2013-11-18 23:07:03 UTC (rev 159459)
@@ -692,6 +692,8 @@
             ASSERT([current.objc isKindOfClass:[NSMutableDictionary class]]);
             NSMutableDictionary *dictionary = (NSMutableDictionary *)current.objc;
 
+            JSC::APIEntryShim entryShim(toJS(context));
+
             JSPropertyNameArrayRef propertyNameArray = JSObjectCopyPropertyNames(context, js);
             size_t length = JSPropertyNameArrayGetCount(propertyNameArray);

Modified: trunk/Source/_javascript_Core/API/JSWrapperMap.mm (159458 => 159459)


--- trunk/Source/_javascript_Core/API/JSWrapperMap.mm	2013-11-18 22:43:06 UTC (rev 159458)
+++ trunk/Source/_javascript_Core/API/JSWrapperMap.mm	2013-11-18 23:07:03 UTC (rev 159459)
@@ -603,6 +603,7 @@
     JSValueRef exception = 0;
     JSObjectRef object = JSValueToObject(context, value, &exception);
     ASSERT(!exception);
+    JSC::APIEntryShim entryShim(toJS(context));
     if (toJS(object)->inherits(JSC::JSCallbackObject<JSC::JSAPIWrapperObject>::info()))
         return (id)JSC::jsCast<JSC::JSAPIWrapperObject*>(toJS(object))->wrappedObject();
     if (id target = tryUnwrapConstructor(object))

Modified: trunk/Source/_javascript_Core/ChangeLog (159458 => 159459)


--- trunk/Source/_javascript_Core/ChangeLog	2013-11-18 22:43:06 UTC (rev 159458)
+++ trunk/Source/_javascript_Core/ChangeLog	2013-11-18 23:07:03 UTC (rev 159459)
@@ -1,3 +1,31 @@
+2013-11-18  Mark Hahnenberg  <[email protected]>
+
+        APIEntryShims need some love
+        https://bugs.webkit.org/show_bug.cgi?id=124540
+
+        Reviewed by Filip Pizlo.
+
+        We were missing them in key places which some other hacking revealed. These could have manifested as
+        race conditions for VMs being used in multithreaded environments.
+
+        * API/JSContext.mm:
+        (-[JSContext setException:]):
+        (-[JSContext wrapperForObjCObject:]):
+        (-[JSContext wrapperForJSObject:]):
+        * API/JSContextRef.cpp:
+        (JSContextGroupRelease):
+        (JSGlobalContextRelease):
+        * API/JSManagedValue.mm:
+        (-[JSManagedValue initWithValue:]):
+        (-[JSManagedValue value]):
+        * API/JSObjectRef.cpp:
+        (JSObjectIsFunction):
+        (JSObjectCopyPropertyNames):
+        * API/JSValue.mm:
+        (containerValueToObject):
+        * API/JSWrapperMap.mm:
+        (tryUnwrapObjcObject):
+
 2013-11-18  Filip Pizlo  <[email protected]>
 
         Allow the FTL debug dumps to include the new size field

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to