[d8] Don't call WaitForRunningWorkers in quit()
There are problems calling WaitForRunningWorkers when we call quit(). First, suppose the main thread first calls quit(), and the worker thread calls quit() after the main thread calls quit(), then sched_yield to wait for quit_once_ updated to ONCE_STATE_DONE. However the main thread is WaitForRunningWorkers to wait for the worker thread to join, thus causing deadlock. Second, suppose the worker thread calls quit() and empty the running_workers_ by WaitForRunningWorkers, then the main thread calls `onExit(isolate, true)` to dispose the platform and other global data, which will crash other running workers. Bug: v8:12219 Change-Id: I333e5aad431daefb1c163f69e66d8e9d5e9bf754 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3518908 Reviewed-by: Marja Hölttä <marja@chromium.org> Commit-Queue: Marja Hölttä <marja@chromium.org> Cr-Commit-Position: refs/heads/main@{#79525}
This commit is contained in:
parent
95b8cb9ccc
commit
d8c9b08925
@ -2629,7 +2629,6 @@ void Shell::QuitOnce(v8::FunctionCallbackInfo<v8::Value>* args) {
|
||||
int exit_code = (*args)[0]
|
||||
->Int32Value(args->GetIsolate()->GetCurrentContext())
|
||||
.FromMaybe(0);
|
||||
WaitForRunningWorkers();
|
||||
Isolate* isolate = args->GetIsolate();
|
||||
isolate->Exit();
|
||||
|
||||
|
11
test/mjsunit/regress/regress-v8-12219.js
Normal file
11
test/mjsunit/regress/regress-v8-12219.js
Normal file
@ -0,0 +1,11 @@
|
||||
// Copyright 2022 the V8 project authors. All rights reserved.
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
function quitInWorker() {
|
||||
quit();
|
||||
};
|
||||
|
||||
for(let i = 0; i < 10; i++){
|
||||
new Worker(quitInWorker, ({type : 'function', arguments : []}));
|
||||
}
|
Loading…
Reference in New Issue
Block a user