PolymorphicCallNode should unchain itself first in unlink https://bug…#1665
Open
aoikonomopoulos wants to merge 1 commit intoWebPlatformForEmbedded:wpe-2.38from
Conversation
…s.webkit.org/show_bug.cgi?id=265475 rdar://118893186 Reviewed by Mark Lam. PolymorphicCallNode::unlinkImpl calls m_callLinkInfo->unlink. But it is possible that this CallLinkInfo is holding PolymorphicCallNode's owner stub and it may clear stub. Previously, we are always deferring this stub destruction until JITStubRoutineSet destroys it. But now, it is possible that they get deleted immediately when owner CodeBlock is dead. This means that after calling m_callLinkInfo->unlink, it is possible that PolymorphicCallNode |this| is already destroyed. This patch reorders unlink's operation in PolymorphicCallNode so that we first unlink it from linked-list. This is OK since we are not expecting that this is in the linked-list in unlink calls. So after m_callLinkInfo->unlink, we no longer touch anything in PolymorphicCallNode. * Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp: (JSC::PolymorphicCallNode::unlinkImpl): Canonical link: https://commits.webkit.org/271246@main
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…s.webkit.org/show_bug.cgi?id=265475 rdar://118893186
Reviewed by Mark Lam.
PolymorphicCallNode::unlinkImpl calls m_callLinkInfo->unlink. But it is possible that this CallLinkInfo is holding PolymorphicCallNode's owner stub and it may clear stub. Previously, we are always deferring this stub destruction until JITStubRoutineSet destroys it. But now, it is possible that they get deleted immediately when owner CodeBlock is dead. This means that after calling m_callLinkInfo->unlink, it is possible that PolymorphicCallNode |this| is already destroyed.
This patch reorders unlink's operation in PolymorphicCallNode so that we first unlink it from linked-list. This is OK since we are not expecting that this is in the linked-list in unlink calls. So after m_callLinkInfo->unlink, we no longer touch anything in PolymorphicCallNode.
Canonical link: https://commits.webkit.org/271246@main
Pull Request Template
File a Bug
All changes should be associated with a bug. The WebKit project is currently using Bugzilla as our bug tracker. Note that multiple changes may be associated with a single bug.
Provided Tooling
The WebKit Project strongly recommends contributors use
Tools/Scripts/git-webkitto generate pull requests. See Setup and Contributing Code for how to do this.Template
If a contributor wishes to file a pull request manually, the template is below. Manually-filed pull requests should contain their commit message as the pull request description, and their commit message should be formatted like the template below.
Additionally, the pull request should be mentioned on Bugzilla, labels applied to the pull request matching the component and version of the Bugzilla associated with the pull request and the pull request assigned to its author.
06a5eaf