jsc shell's flashHeapAccess() should not do JS work after releasing access to the...
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 30 Nov 2017 22:51:59 +0000 (22:51 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 30 Nov 2017 22:51:59 +0000 (22:51 +0000)
https://bugs.webkit.org/show_bug.cgi?id=180219
<rdar://problem/35696536>

Reviewed by Filip Pizlo.

JSTests:

* stress/regress-180219.js: Added.

Source/JavaScriptCore:

* jsc.cpp:
(functionFlashHeapAccess):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@225352 268f45cc-cd09-0410-ab3c-d52691b4dbfc

JSTests/ChangeLog
JSTests/stress/regress-180219.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jsc.cpp

index e5586241d6206f5d09a8bc181d8e3a6d4741c97b..9d7155fe7097379338a1990ea11eff688f6d1e48 100644 (file)
@@ -1,3 +1,13 @@
+2017-11-30  Mark Lam  <mark.lam@apple.com>
+
+        jsc shell's flashHeapAccess() should not do JS work after releasing access to the heap.
+        https://bugs.webkit.org/show_bug.cgi?id=180219
+        <rdar://problem/35696536>
+
+        Reviewed by Filip Pizlo.
+
+        * stress/regress-180219.js: Added.
+
 2017-11-30  Yusuke Suzuki  <utatane.tea@gmail.com>
 
         [DFG][FTL] operationHasIndexedProperty does not consider negative int32_t
diff --git a/JSTests/stress/regress-180219.js b/JSTests/stress/regress-180219.js
new file mode 100644 (file)
index 0000000..08ebb5b
--- /dev/null
@@ -0,0 +1,3 @@
+//@ runDefault
+gc();
+flashHeapAccess({});
index 9e977f246cf1eebd5cccd12b32ae306ca912b3e0..702757bb0e72a40d74d3f38842d5dd4f68217818 100644 (file)
@@ -1,3 +1,14 @@
+2017-11-30  Mark Lam  <mark.lam@apple.com>
+
+        jsc shell's flashHeapAccess() should not do JS work after releasing access to the heap.
+        https://bugs.webkit.org/show_bug.cgi?id=180219
+        <rdar://problem/35696536>
+
+        Reviewed by Filip Pizlo.
+
+        * jsc.cpp:
+        (functionFlashHeapAccess):
+
 2017-11-30  Yusuke Suzuki  <utatane.tea@gmail.com>
 
         [DFG][FTL] operationHasIndexedProperty does not consider negative int32_t
index bf6280fb92a21f4393c3254078eba71e33ec4541..d115e93702532c1ebd866d9e44cd36b2834e7783 100644 (file)
@@ -1720,12 +1720,15 @@ EncodedJSValue JSC_HOST_CALL functionFlashHeapAccess(ExecState* exec)
     VM& vm = exec->vm();
     auto scope = DECLARE_THROW_SCOPE(vm);
     
-    vm.heap.releaseAccess();
+    double sleepTimeMs = 0;
     if (exec->argumentCount() >= 1) {
-        double ms = exec->argument(0).toNumber(exec);
+        sleepTimeMs = exec->argument(0).toNumber(exec);
         RETURN_IF_EXCEPTION(scope, encodedJSValue());
-        sleep(Seconds::fromMilliseconds(ms));
     }
+
+    vm.heap.releaseAccess();
+    if (sleepTimeMs)
+        sleep(Seconds::fromMilliseconds(sleepTimeMs));
     vm.heap.acquireAccess();
     return JSValue::encode(jsUndefined());
 }