From 6882a04fb36642862b11efe514251d32070c3d65 Mon Sep 17 00:00:00 2001 From: Konstantin Tokarev Date: Thu, 25 Aug 2016 19:20:41 +0300 Subject: Imported QtWebKit TP3 (git b57bc6801f1876c3220d5a4bfea33d620d477443) Change-Id: I3b1d8a2808782c9f34d50240000e20cb38d3680f Reviewed-by: Konstantin Tokarev --- .../bytecode/ArrayAllocationProfile.cpp | 23 ++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp') diff --git a/Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp b/Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp index 6d9afda28..905b5bd3c 100644 --- a/Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp +++ b/Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Apple Inc. All rights reserved. + * Copyright (C) 2012, 2013 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -26,15 +26,30 @@ #include "config.h" #include "ArrayAllocationProfile.h" -#include "Operations.h" +#include "JSCInlines.h" namespace JSC { void ArrayAllocationProfile::updateIndexingType() { - if (!m_lastArray) + // This is awkwardly racy but totally sound even when executed concurrently. The + // worst cases go something like this: + // + // - Two threads race to execute this code; one of them succeeds in updating the + // m_currentIndexingType and the other either updates it again, or sees a null + // m_lastArray; if it updates it again then at worst it will cause the profile + // to "forget" some array. That's still sound, since we don't promise that + // this profile is a reflection of any kind of truth. + // + // - A concurrent thread reads m_lastArray, but that array is now dead. While + // it's possible for that array to no longer be reachable, it cannot actually + // be freed, since we require the GC to wait until all concurrent JITing + // finishes. + + JSArray* lastArray = m_lastArray; + if (!lastArray) return; - m_currentIndexingType = leastUpperBoundOfIndexingTypes(m_currentIndexingType, m_lastArray->structure()->indexingType()); + m_currentIndexingType = leastUpperBoundOfIndexingTypes(m_currentIndexingType, lastArray->indexingType()); m_lastArray = 0; } -- cgit v1.2.1