Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/futex-emulation.cc

Issue 2659083004: [SAB] Fix crash in Atomics.wake w/ infinite count. (Closed)
Patch Set: fix Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « src/futex-emulation.h ('k') | src/js/harmony-atomics.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 the V8 project authors. All rights reserved. 1 // Copyright 2015 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/futex-emulation.h" 5 #include "src/futex-emulation.h"
6 6
7 #include <limits> 7 #include <limits>
8 8
9 #include "src/base/macros.h" 9 #include "src/base/macros.h"
10 #include "src/base/platform/time.h" 10 #include "src/base/platform/time.h"
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after
181 181
182 // Spurious wakeup, interrupt or timeout. 182 // Spurious wakeup, interrupt or timeout.
183 } 183 }
184 184
185 wait_list_.Pointer()->RemoveNode(node); 185 wait_list_.Pointer()->RemoveNode(node);
186 node->waiting_ = false; 186 node->waiting_ = false;
187 187
188 return result; 188 return result;
189 } 189 }
190 190
191
192 Object* FutexEmulation::Wake(Isolate* isolate, 191 Object* FutexEmulation::Wake(Isolate* isolate,
193 Handle<JSArrayBuffer> array_buffer, size_t addr, 192 Handle<JSArrayBuffer> array_buffer, size_t addr,
194 int num_waiters_to_wake) { 193 uint32_t num_waiters_to_wake) {
195 DCHECK(addr < NumberToSize(array_buffer->byte_length())); 194 DCHECK(addr < NumberToSize(array_buffer->byte_length()));
196 195
197 int waiters_woken = 0; 196 int waiters_woken = 0;
198 void* backing_store = array_buffer->backing_store(); 197 void* backing_store = array_buffer->backing_store();
199 198
200 base::LockGuard<base::Mutex> lock_guard(mutex_.Pointer()); 199 base::LockGuard<base::Mutex> lock_guard(mutex_.Pointer());
201 FutexWaitListNode* node = wait_list_.Pointer()->head_; 200 FutexWaitListNode* node = wait_list_.Pointer()->head_;
202 while (node && num_waiters_to_wake > 0) { 201 while (node && num_waiters_to_wake > 0) {
203 if (backing_store == node->backing_store_ && addr == node->wait_addr_) { 202 if (backing_store == node->backing_store_ && addr == node->wait_addr_) {
204 node->waiting_ = false; 203 node->waiting_ = false;
205 node->cond_.NotifyOne(); 204 node->cond_.NotifyOne();
206 --num_waiters_to_wake; 205 if (num_waiters_to_wake != kWakeAll) {
206 --num_waiters_to_wake;
207 }
207 waiters_woken++; 208 waiters_woken++;
208 } 209 }
209 210
210 node = node->next_; 211 node = node->next_;
211 } 212 }
212 213
213 return Smi::FromInt(waiters_woken); 214 return Smi::FromInt(waiters_woken);
214 } 215 }
215 216
216 217
(...skipping 14 matching lines...) Expand all
231 } 232 }
232 233
233 node = node->next_; 234 node = node->next_;
234 } 235 }
235 236
236 return Smi::FromInt(waiters); 237 return Smi::FromInt(waiters);
237 } 238 }
238 239
239 } // namespace internal 240 } // namespace internal
240 } // namespace v8 241 } // namespace v8
OLDNEW
« no previous file with comments | « src/futex-emulation.h ('k') | src/js/harmony-atomics.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698