[JSC] sampling-profiler can see garbage Wasm::Callee* pointer which is HashTable...
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 7 Aug 2019 02:48:07 +0000 (02:48 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 7 Aug 2019 02:48:07 +0000 (02:48 +0000)
commitd5c5f26e7cd13d5623e7c674bc6ac09b40b06103
tree31b6ce3eba170c30d45cdd1c9a0518b69343eb42
parentb6dcf0f8aec170100c22cc0f42c52ea155c5de4b
[JSC] sampling-profiler can see garbage Wasm::Callee* pointer which is HashTable deleted / empty values
https://bugs.webkit.org/show_bug.cgi?id=200494

Reviewed by Saam Barati.

The sampling-profiler can see a garbage pointer which is like Wasm::Callee*. This can be filtered by HashSet<Callee*>.
But this is safe only when the garbage pointer is not deleted / empty values. We saw occasional crash with JetStream2/tsf-wasm.
This patch filters out these values with `HashSet<Callee*>::isValidValue`.

* wasm/WasmCalleeRegistry.h:
(JSC::Wasm::CalleeRegistry::isValidCallee):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248337 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/wasm/WasmCalleeRegistry.h