bjit: fix memory corruption

we used to destroy the ICInfo before all references to it got deleted. I run into this when using the glibc alloc instead of jemalloc

bjit: fix memory corruption
we used to destroy the ICInfo before all references to it got deleted. I run into this when using the glibc alloc instead of jemalloc
bb18ac09 · Marius Wachtler · 16210b7e · bb18ac09 · bb18ac09
Commit bb18ac09 authored Aug 12, 2016 by Marius Wachtler
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 5 deletions

src/codegen/baseline_jit.cpp src/codegen/baseline_jit.cpp +3 -3

src/codegen/baseline_jit.h src/codegen/baseline_jit.h +11 -2

No files found.
--- a/src/codegen/baseline_jit.cpp
+++ b/src/codegen/baseline_jit.cpp
@@ -168,7 +168,8 @@ JitFragmentWriter::JitFragmentWriter(CFGBlock* block, std::unique_ptr<ICInfo> ic
                                     std::unique_ptr<ICSlotRewrite> rewrite, int code_offset, int num_bytes_overlapping,
                                     void* entry_code, JitCodeBlock& code_block,
                                     llvm::DenseSet<int> known_non_null_vregs)
-    : Rewriter(std::move(rewrite), 0, {}, /* needs_invalidation_support = */ false),
+    : ICInfoManager(std::move(ic_info)),
+      Rewriter(std::move(rewrite), 0, {}, /* needs_invalidation_support = */ false),
      block(block),
      code_offset(code_offset),
      exit_info(),
@@ -176,8 +177,7 @@ JitFragmentWriter::JitFragmentWriter(CFGBlock* block, std::unique_ptr<ICInfo> ic
      entry_code(entry_code),
      code_block(code_block),
      interp(0),
-      known_non_null_vregs(std::move(known_non_null_vregs)),
-      ic_info(std::move(ic_info)) {
+      known_non_null_vregs(std::move(known_non_null_vregs)) {

    added_changing_action = true;


--- a/src/codegen/baseline_jit.h
+++ b/src/codegen/baseline_jit.h
@@ -188,7 +188,16 @@ public:
    void fragmentFinished(int bytes_witten, int num_bytes_overlapping, void* next_fragment_start, ICInfo& ic_info);
 };

-class JitFragmentWriter : public Rewriter {
+// Hold the ICInfo of the JitFragmentWriter in a separate class from which JitFragmentWriter derives.
+// This way the ICInfo will get deleted last (after the Rewriter destructor gets called) otherwise
+// we would delete the ICInfo before the Rewriter destructor gets called and this causes memory corruptions because
+// there are still accesses to it.
+class ICInfoManager {
+protected:
+    std::unique_ptr<ICInfo> ic_info;
+    ICInfoManager(std::unique_ptr<ICInfo> ic_info) : ic_info(std::move(ic_info)) {}
+};
+class JitFragmentWriter : ICInfoManager, public Rewriter {
 private:
    struct ExitInfo {
        int num_bytes;    // the number of bytes for the overwriteable jump
@@ -218,7 +227,7 @@ private:
    llvm::DenseMap<InternedString, RewriterVar*> local_syms;
    // keeps track which non block local vregs are known to have a non NULL value
    llvm::DenseSet<int> known_non_null_vregs;
-    std::unique_ptr<ICInfo> ic_info;
+
    llvm::SmallPtrSet<RewriterVar*, 4> var_is_a_python_bool;

    // Optional points to a CFGBlock and a patch location which should get patched to a direct jump if