Helper thread tasks can get deleted while they are still running
Categories
(Core :: JavaScript Engine, enhancement, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox82 | --- | fixed |
People
(Reporter: jonco, Assigned: jonco)
References
Details
Attachments
(2 files)
In a few cases, helper thread task structures can be deleted while they are still running (before HelperThreadTask::runTaskLocked returns). This is not currently a problem because in these cases the structures are never accessed after the point at which they are deleted. However it is surprising, and it makes things hard for the refactoring of the helper thread system in bug 1651322 which would like to be able to treat these tasks uniformly.
This affects wasm tier2 compilation and off thread promise tasks.
|
Assignee | |
Comment 1•5 years ago
|
||
Currently wasm uses its own mutex for off-thread compilation. This leads to the
sitation where the CompileTask structure can be freed while the helper thread
is still running (the ModuleGenerator destructor synchronises on its mutex, but
the helper thread run method releases this mutex before it returns).
Using the helper thread lock here makes sense. The helper thread lock is
already required to start the compiation task so I don't think there's much
gain from using a separate mutex.
|
|
Assignee | |
Comment 2•5 years ago
|
||
This changes the off-thread promise helper code from using its own mutex to
using the helper thread lock for synchronisation.
For promise tasks executed on helper threads there's little benefit from using
a separate mutex as we already have to wait on the helper thread lock to start
the task. The changes ensure we don't delete the OffThreadPromiseTask while the
helper thread system thinks it's still running.
Depends on D89471
|
||
Comment 4•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/e4342a12fdc0
https://hg.mozilla.org/mozilla-central/rev/895697dddb99
Description
•