The sampling should not use Strong<CodeBlock> in its machineLocation field
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 22 Sep 2018 07:28:39 +0000 (07:28 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 22 Sep 2018 07:28:39 +0000 (07:28 +0000)
commitefde68d893d74f8207c56a5beee9b067e7bc668b
treef80a38735a3a839de3fc63a69967fcd43400d4a4
parent75e86627b13f5e332cb238c933dcb734121d9025
The sampling should not use Strong<CodeBlock> in its machineLocation field
https://bugs.webkit.org/show_bug.cgi?id=189319

Reviewed by Filip Pizlo.

JSTests:

* stress/sampling-profiler-richards.js: Added.

Source/JavaScriptCore:

The sampling profiler has a CLI mode where we gather information about inline
call frames. That data structure was using a Strong<CodeBlock>. We were
constructing this Strong<CodeBlock> during GC concurrently to processing all
the Strong handles. This is a bug since we end up corrupting that data
structure. This patch fixes this by just making this data structure use the
sampling profiler's mechanism for holding onto and properly visiting heap pointers.

* inspector/agents/InspectorScriptProfilerAgent.cpp:
(Inspector::InspectorScriptProfilerAgent::trackingComplete):
* runtime/SamplingProfiler.cpp:
(JSC::SamplingProfiler::processUnverifiedStackTraces):

(JSC::SamplingProfiler::reportTopFunctions):
(JSC::SamplingProfiler::reportTopBytecodes):
These CLI helpers needed a DeferGC otherwise we may end up deadlocking when we
cause a GC to happen while already holding the sampling profiler's
lock.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236382 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/sampling-profiler-richards.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/inspector/agents/InspectorScriptProfilerAgent.cpp
Source/JavaScriptCore/runtime/SamplingProfiler.cpp
Source/JavaScriptCore/runtime/SamplingProfiler.h