haikuwebkit/JSTests/stress/hold-lock-when-resetting-st...

//@ runDefault("--jitPolicyScale=0")

function foo() {
    function bar() {
        class C {
            constructor() {
                this.x = 42;
            }
        }
        let c = new C();
        for (let i=0; i<100; i++) {
            c.x;
        }
    };
    for (let i=0; i<1000; i++) {
        bar();
    }
}

for (let i=0; i<25; i++) {
    runString(`${foo};foo();`);
}
We must hold the CodeBlock lock when calling StructureStubInfo::reset https://bugs.webkit.org/show_bug.cgi?id=214332 <rdar://problem/64940787> Reviewed by Yusuke Suzuki. JSTests: * stress/hold-lock-when-resetting-structure-stub-info.js: Added. (foo.bar.C): (foo.bar): (foo): Source/JavaScriptCore: There was a race between resetting the StructureStubInfo, and reading from it from the compiler thread. There was one place inside Repatch where we didn't hold the CodeBlock's lock when calling StructureStubInfo::reset. To make it clear which functions require the CodeBlock's lock to be held when called, I've changed all such functions to take the LockHolder as a parameter. * bytecode/CodeBlock.cpp: (JSC::CodeBlock::finalizeBaselineJITInlineCaches): * bytecode/StructureStubClearingWatchpoint.cpp: (JSC::StructureTransitionStructureStubClearingWatchpoint::fireInternal): (JSC::AdaptiveValueStructureStubClearingWatchpoint::handleFire): * bytecode/StructureStubInfo.cpp: (JSC::StructureStubInfo::initGetByIdSelf): (JSC::StructureStubInfo::initArrayLength): (JSC::StructureStubInfo::initStringLength): (JSC::StructureStubInfo::initPutByIdReplace): (JSC::StructureStubInfo::initInByIdSelf): (JSC::StructureStubInfo::addAccessCase): (JSC::StructureStubInfo::reset): (JSC::StructureStubInfo::visitWeakReferences): (JSC::StructureStubInfo::setCacheType): * bytecode/StructureStubInfo.h: * jit/Repatch.cpp: (JSC::fireWatchpointsAndClearStubIfNeeded): (JSC::tryCacheGetBy): (JSC::tryCachePutByID): (JSC::tryCacheInByID): Canonical link: https://commits.webkit.org/227141@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@264388 268f45cc-cd09-0410-ab3c-d52691b4dbfc 2020-07-15 05:54:46 +00:00			`//@ runDefault("--jitPolicyScale=0")`

			`function foo() {`
			`function bar() {`
			`class C {`
			`constructor() {`
			`this.x = 42;`
			`}`
			`}`
			`let c = new C();`
			`for (let i=0; i<100; i++) {`
			`c.x;`
			`}`
			`};`
			`for (let i=0; i<1000; i++) {`
			`bar();`
			`}`
			`}`

			`for (let i=0; i<25; i++) {`
			runString(`${foo};foo();`);
			`}`