[MERGE #5213 @sigatrev] OS#17384939: avoid race condition when writing callback info IDL

sigatrev · sigatrev · commit 249b4af2ba63 · 2018-05-22T22:27:54.000-07:00
Merge pull request #5213 from sigatrev:callbackrace original setup would add elements to the front of the list when profiling instructions, and would iterator over the whole list while writing the IDL. If an element was added between creating the IDL array and beginning the iteration, too many elements would be written and we'd AV. This changes the setup to add new elements to the end of the list, and limit the number of iterations based on the size of the IDL array created. This should allow elements to be safely added to the list after creating the array. Elements are never removed from the list.
diff --git a/lib/Backend/JITTimeProfileInfo.cpp b/lib/Backend/JITTimeProfileInfo.cpp
@@ -93,20 +93,22 @@ JITTimeProfileInfo::InitializeJITProfileData(
     else
     {
         data->profiledCallbackCount = static_cast<Js::ProfileId>(callbackInfoList->Count());
-        data->callbackData = AnewArrayZ(alloc, CallbackInfoIDL, data->profiledCallbackCount);
-
-        size_t callbackInfoIndex = 0;
-        FOREACH_SLIST_ENTRY(Field(Js::CallbackInfo *), callbackInfo, callbackInfoList)
+        if (data->profiledCallbackCount > 0)
         {
-            memcpy_s(
-                &data->callbackData[callbackInfoIndex],
-                sizeof(CallbackInfoIDL),
-                callbackInfo,
-                sizeof(Js::CallbackInfo)
-            );
-            ++callbackInfoIndex;
+            data->callbackData = AnewArrayZ(alloc, CallbackInfoIDL, data->profiledCallbackCount);
+            Js::CallbackInfoList::Iterator iter = callbackInfoList->GetIterator();
+            for (Js::ProfileId callbackInfoIndex = 0; callbackInfoIndex < data->profiledCallbackCount; ++callbackInfoIndex)
+            {
+                iter.Next();
+                Js::CallbackInfo * info = iter.Data();
+                memcpy_s(
+                    &data->callbackData[callbackInfoIndex],
+                    sizeof(CallbackInfoIDL),
+                    info,
+                    sizeof(Js::CallbackInfo)
+                );
+            }
         }
-        NEXT_SLIST_ENTRY
     }
 
     CompileAssert(sizeof(BVUnitIDL) == sizeof(BVUnit));
diff --git a/lib/Runtime/Language/DynamicProfileInfo.cpp b/lib/Runtime/Language/DynamicProfileInfo.cpp
@@ -476,6 +476,20 @@ namespace Js
         }
     }
 
+    CallbackInfoList::EditingIterator TryFindCallbackInfoIterator(CallbackInfoList * list, ProfileId callSiteId)
+    {
+        CallbackInfoList::EditingIterator iter = list->GetEditingIterator();
+        while (iter.Next())
+        {
+            if (iter.Data()->callSiteId == callSiteId)
+            {
+                return iter;
+            }
+        }
+
+        return iter;
+    }
+
     CallbackInfo * DynamicProfileInfo::FindCallbackInfo(FunctionBody * funcBody, ProfileId callSiteId)
     {
         CallbackInfoList * list = funcBody->GetCallbackInfoList();
@@ -484,14 +498,11 @@ namespace Js
             return nullptr;
         }
 
-        FOREACH_SLIST_ENTRY(Field(CallbackInfo *), callbackInfo, list)
+        CallbackInfoList::EditingIterator iter = TryFindCallbackInfoIterator(list, callSiteId);
+        if (iter.IsValid())
         {
-            if (callbackInfo->callSiteId == callSiteId)
-            {
-                return callbackInfo;
-            }
+            return iter.Data();
         }
-        NEXT_SLIST_ENTRY;
 
         return nullptr;
     }
@@ -506,16 +517,19 @@ namespace Js
             funcBody->SetCallbackInfoList(list);
         }
 
-        CallbackInfo * info = FindCallbackInfo(funcBody, callSiteId);
-        if (info == nullptr)
+        CallbackInfoList::EditingIterator iter = TryFindCallbackInfoIterator(list, callSiteId);
+        if (iter.IsValid())
         {
-            info = RecyclerNewStructZ(funcBody->GetScriptContext()->GetRecycler(), CallbackInfo);
-            info->callSiteId = callSiteId;
-            info->sourceId = NoSourceId;
-            info->canInlineCallback = true;
-            list->Prepend(info);
+            return iter.Data();
         }
 
+        // Callsite is not already in the list, so add it to the end.
+        CallbackInfo * info = info = RecyclerNewStructZ(funcBody->GetScriptContext()->GetRecycler(), CallbackInfo);
+        info->callSiteId = callSiteId;
+        info->sourceId = NoSourceId;
+        info->canInlineCallback = true;
+
+        iter.InsertBefore(info);
         return info;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -476,6 +476,20 @@ namespace Js`
`476`	`476`	`}`
`477`	`477`	`}`
`478`	`478`
	`479`	`+ CallbackInfoList::EditingIterator TryFindCallbackInfoIterator(CallbackInfoList * list, ProfileId callSiteId)`
	`480`	`+ {`
	`481`	`+ CallbackInfoList::EditingIterator iter = list->GetEditingIterator();`
	`482`	`+ while (iter.Next())`
	`483`	`+ {`
	`484`	`+ if (iter.Data()->callSiteId == callSiteId)`
	`485`	`+ {`
	`486`	`+ return iter;`
	`487`	`+ }`
	`488`	`+ }`
	`489`	`+`
	`490`	`+ return iter;`
	`491`	`+ }`
	`492`	`+`
`479`	`493`	`CallbackInfo * DynamicProfileInfo::FindCallbackInfo(FunctionBody * funcBody, ProfileId callSiteId)`
`480`	`494`	`{`
`481`	`495`	`CallbackInfoList * list = funcBody->GetCallbackInfoList();`
`@@ -484,14 +498,11 @@ namespace Js`
`484`	`498`	`return nullptr;`
`485`	`499`	`}`
`486`	`500`
`487`		`- FOREACH_SLIST_ENTRY(Field(CallbackInfo *), callbackInfo, list)`
	`501`	`+ CallbackInfoList::EditingIterator iter = TryFindCallbackInfoIterator(list, callSiteId);`
	`502`	`+ if (iter.IsValid())`
`488`	`503`	`{`
`489`		`- if (callbackInfo->callSiteId == callSiteId)`
`490`		`- {`
`491`		`- return callbackInfo;`
`492`		`- }`
	`504`	`+ return iter.Data();`
`493`	`505`	`}`
`494`		`- NEXT_SLIST_ENTRY;`
`495`	`506`
`496`	`507`	`return nullptr;`
`497`	`508`	`}`
`@@ -506,16 +517,19 @@ namespace Js`
`506`	`517`	`funcBody->SetCallbackInfoList(list);`
`507`	`518`	`}`
`508`	`519`
`509`		`- CallbackInfo * info = FindCallbackInfo(funcBody, callSiteId);`
`510`		`- if (info == nullptr)`
	`520`	`+ CallbackInfoList::EditingIterator iter = TryFindCallbackInfoIterator(list, callSiteId);`
	`521`	`+ if (iter.IsValid())`
`511`	`522`	`{`
`512`		`- info = RecyclerNewStructZ(funcBody->GetScriptContext()->GetRecycler(), CallbackInfo);`
`513`		`- info->callSiteId = callSiteId;`
`514`		`- info->sourceId = NoSourceId;`
`515`		`- info->canInlineCallback = true;`
`516`		`- list->Prepend(info);`
	`523`	`+ return iter.Data();`
`517`	`524`	`}`
`518`	`525`
	`526`	`+ // Callsite is not already in the list, so add it to the end.`
	`527`	`+ CallbackInfo * info = info = RecyclerNewStructZ(funcBody->GetScriptContext()->GetRecycler(), CallbackInfo);`
	`528`	`+ info->callSiteId = callSiteId;`
	`529`	`+ info->sourceId = NoSourceId;`
	`530`	`+ info->canInlineCallback = true;`
	`531`	`+`
	`532`	`+ iter.InsertBefore(info);`
`519`	`533`	`return info;`
`520`	`534`	`}`
`521`	`535`