Diff
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/ChangeLog (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/ChangeLog 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/ChangeLog 2020-08-04 17:18:47 UTC (rev 265250)
@@ -1,3 +1,33 @@
+2020-08-04 Alan Coon <alanc...@apple.com>
+
+ Cherry-pick r265186. rdar://problem/66528563
+
+ Unreviewed, reverting r265151.
+ https://bugs.webkit.org/show_bug.cgi?id=215074
+
+ Broke ARM64E JSC tests
+
+ Reverted changeset:
+
+ "validate untagArrayPtr"
+ https://bugs.webkit.org/show_bug.cgi?id=214953
+ https://trac.webkit.org/changeset/265151
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@265186 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-08-02 Commit Queue <commit-qu...@webkit.org>
+
+ Unreviewed, reverting r265151.
+ https://bugs.webkit.org/show_bug.cgi?id=215074
+
+ Broke ARM64E JSC tests
+
+ Reverted changeset:
+
+ "validate untagArrayPtr"
+ https://bugs.webkit.org/show_bug.cgi?id=214953
+ https://trac.webkit.org/changeset/265151
+
2020-08-01 Commit Queue <commit-qu...@webkit.org>
Unreviewed, reverting r265097, r265113, and r265122.
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64E.h (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64E.h 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64E.h 2020-08-04 17:18:47 UTC (rev 265250)
@@ -90,52 +90,21 @@
m_assembler.pacdb(target, length);
}
- ALWAYS_INLINE void untagArrayPtr(RegisterID length, RegisterID target, bool validateAuth, RegisterID scratch)
+ ALWAYS_INLINE void untagArrayPtr(RegisterID length, RegisterID target)
{
- if (validateAuth) {
- ASSERT(scratch != InvalidGPRReg);
- move(target, scratch);
- }
-
m_assembler.autdb(target, length);
-
- if (validateAuth) {
- ASSERT(target != ARM64Registers::sp);
- ASSERT(scratch != ARM64Registers::sp);
- removeArrayPtrTag(scratch);
- auto isValidPtr = branch64(Equal, scratch, target);
- breakpoint(0xabcd);
- isValidPtr.link(this);
- }
}
- ALWAYS_INLINE void untagArrayPtr(Address length, RegisterID target, bool validateAuth)
+ ALWAYS_INLINE void untagArrayPtr(Address length, RegisterID target)
{
auto lengthGPR = getCachedDataTempRegisterIDAndInvalidate();
load32(length, lengthGPR);
- auto scratch = InvalidGPRReg;
- if (validateAuth) {
- scratch = getCachedMemoryTempRegisterIDAndInvalidate();
- move(target, scratch);
- }
-
m_assembler.autdb(target, lengthGPR);
-
- if (validateAuth) {
- ASSERT(target != ARM64Registers::sp);
- removeArrayPtrTag(scratch);
- auto isValidPtr = branch64(Equal, scratch, target);
- breakpoint(0xabcd);
- isValidPtr.link(this);
- }
}
ALWAYS_INLINE void removeArrayPtrTag(RegisterID target)
{
- // If we couldn't fit this into a single instruction, we'd be better
- // off emitting two shifts to mask off the top bits.
- ASSERT(LogicalImmediate::create64(nonPACBitsMask).isValid());
- and64(TrustedImmPtr(nonPACBitsMask), target);
+ m_assembler.xpacd(target);
}
static constexpr RegisterID InvalidGPR = static_cast<RegisterID>(-1);
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/assembler/testmasm.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/assembler/testmasm.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/assembler/testmasm.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -2460,7 +2460,7 @@
RELEASE_ASSERT(!Gigacage::disablingPrimitiveGigacageIsForbidden());
auto cage = compile([] (CCallHelpers& jit) {
emitFunctionPrologue(jit);
- jit.cageConditionallyAndUntag(Gigacage::Primitive, GPRInfo::argumentGPR0, GPRInfo::argumentGPR1, GPRInfo::argumentGPR2);
+ jit.cageConditionally(Gigacage::Primitive, GPRInfo::argumentGPR0, GPRInfo::argumentGPR1, GPRInfo::argumentGPR2);
jit.move(GPRInfo::argumentGPR0, GPRInfo::returnValueGPR);
emitFunctionEpilogue(jit);
jit.ret();
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/bytecode/AccessCase.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/bytecode/AccessCase.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/bytecode/AccessCase.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -1021,7 +1021,7 @@
jit, ScratchRegisterAllocator::ExtraStackSpace::NoExtraSpace);
jit.loadPtr(CCallHelpers::Address(baseGPR, JSArrayBufferView::offsetOfVector()), scratch2GPR);
- jit.cageConditionallyAndUntag(Gigacage::Primitive, scratch2GPR, scratchGPR, scratchGPR, false);
+ jit.cageConditionally(Gigacage::Primitive, scratch2GPR, scratchGPR, scratchGPR);
jit.signExtend32ToPtr(propertyGPR, scratchGPR);
if (isInt(type)) {
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -7239,13 +7239,12 @@
storageResult(storageGPR, node);
}
-void SpeculativeJIT::cageTypedArrayStorage(GPRReg baseReg, GPRReg storageReg, bool validateAuth)
+void SpeculativeJIT::cageTypedArrayStorage(GPRReg baseReg, GPRReg storageReg)
{
auto untagArrayPtr = [&]() {
#if CPU(ARM64E)
- m_jit.untagArrayPtr(MacroAssembler::Address(baseReg, JSArrayBufferView::offsetOfLength()), storageReg, validateAuth);
+ m_jit.untagArrayPtr(MacroAssembler::Address(baseReg, JSArrayBufferView::offsetOfLength()), storageReg);
#else
- UNUSED_PARAM(validateAuth);
UNUSED_PARAM(baseReg);
UNUSED_PARAM(storageReg);
#endif
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2020-08-04 17:18:47 UTC (rev 265250)
@@ -1660,7 +1660,7 @@
template<bool strict>
GPRReg fillSpeculateInt32Internal(Edge, DataFormat& returnFormat);
- void cageTypedArrayStorage(GPRReg, GPRReg, bool validateAuth = true);
+ void cageTypedArrayStorage(GPRReg, GPRReg);
void recordSetLocal(
Operand bytecodeReg, VirtualRegister machineReg, DataFormat format)
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -5123,7 +5123,7 @@
m_jit.branch64(MacroAssembler::AboveOrEqual, t2, t1));
m_jit.loadPtr(JITCompiler::Address(dataViewGPR, JSArrayBufferView::offsetOfVector()), t2);
- cageTypedArrayStorage(dataViewGPR, t2, false);
+ cageTypedArrayStorage(dataViewGPR, t2);
m_jit.zeroExtend32ToWord(indexGPR, t1);
auto baseIndex = JITCompiler::BaseIndex(t2, t1, MacroAssembler::TimesOne);
@@ -5324,7 +5324,7 @@
m_jit.branch64(MacroAssembler::AboveOrEqual, t2, t1));
m_jit.loadPtr(JITCompiler::Address(dataViewGPR, JSArrayBufferView::offsetOfVector()), t2);
- cageTypedArrayStorage(dataViewGPR, t2, false);
+ cageTypedArrayStorage(dataViewGPR, t2);
m_jit.zeroExtend32ToWord(indexGPR, t1);
auto baseIndex = JITCompiler::BaseIndex(t2, t1, MacroAssembler::TimesOne);
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -15946,10 +15946,9 @@
PatchpointValue* authenticate = m_out.patchpoint(pointerType());
authenticate->appendSomeRegister(ptr);
authenticate->append(size, B3::ValueRep(B3::ValueRep::SomeLateRegister));
- authenticate->numGPScratchRegisters = 1;
authenticate->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
jit.move(params[1].gpr(), params[0].gpr());
- jit.untagArrayPtr(params[2].gpr(), params[0].gpr(), true, params.gpScratch(0));
+ jit.untagArrayPtr(params[2].gpr(), params[0].gpr());
});
return authenticate;
#else
@@ -16003,11 +16002,6 @@
LValue masked = m_out.bitAnd(ptr, mask);
LValue result = m_out.add(masked, basePtr);
-#if CPU(ARM64E)
- result = m_out.select(
- m_out.equal(ptr, m_out.constIntPtr(JSArrayBufferView::nullVectorPtr())),
- ptr, result);
-#endif
#if CPU(ARM64E)
if (kind == Gigacage::Primitive) {
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/jit/AssemblyHelpers.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/jit/AssemblyHelpers.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/jit/AssemblyHelpers.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -1139,85 +1139,6 @@
storePtr(scratch, vm.addressOfLastStackTop());
}
-void AssemblyHelpers::cageWithoutUntagging(Gigacage::Kind kind, GPRReg storage)
-{
-#if GIGACAGE_ENABLED
- if (!Gigacage::isEnabled(kind))
- return;
-
-#if CPU(ARM64E)
- RegisterID tempReg = InvalidGPRReg;
- Jump skip;
- if (kind == Gigacage::Primitive) {
- skip = branchPtr(Equal, storage, TrustedImmPtr(JSArrayBufferView::nullVectorPtr()));
- tempReg = getCachedMemoryTempRegisterIDAndInvalidate();
- move(storage, tempReg);
- // Flip the registers since bitFieldInsert only inserts into the low bits.
- std::swap(storage, tempReg);
- }
-#endif
- andPtr(TrustedImmPtr(Gigacage::mask(kind)), storage);
- addPtr(TrustedImmPtr(Gigacage::basePtr(kind)), storage);
-#if CPU(ARM64E)
- if (kind == Gigacage::Primitive)
- bitFieldInsert64(storage, 0, 64 - numberOfPACBits, tempReg);
- if (skip.isSet())
- skip.link(this);
-#endif
-
-#else
- UNUSED_PARAM(kind);
- UNUSED_PARAM(storage);
-#endif
-}
-
-// length may be the same register as scratch.
-void AssemblyHelpers::cageConditionallyAndUntag(Gigacage::Kind kind, GPRReg storage, GPRReg length, GPRReg scratch, bool validateAuth)
-{
-#if GIGACAGE_ENABLED
- if (Gigacage::isEnabled(kind)) {
- if (kind != Gigacage::Primitive || Gigacage::disablingPrimitiveGigacageIsForbidden())
- cageWithoutUntagging(kind, storage);
- else {
-#if CPU(ARM64E)
- if (length == scratch)
- scratch = getCachedMemoryTempRegisterIDAndInvalidate();
-#endif
- JumpList done;
-#if CPU(ARM64E)
- done.append(branchPtr(Equal, storage, TrustedImmPtr(JSArrayBufferView::nullVectorPtr())));
-#endif
- done.append(branchTest8(NonZero, AbsoluteAddress(&Gigacage::disablePrimitiveGigacageRequested)));
-
- loadPtr(Gigacage::addressOfBasePtr(kind), scratch);
- done.append(branchTest64(Zero, scratch));
-#if CPU(ARM64E)
- GPRReg tempReg = getCachedDataTempRegisterIDAndInvalidate();
- move(storage, tempReg);
- ASSERT(LogicalImmediate::create64(Gigacage::mask(kind)).isValid());
- andPtr(TrustedImmPtr(Gigacage::mask(kind)), tempReg);
- addPtr(scratch, tempReg);
- bitFieldInsert64(tempReg, 0, 64 - numberOfPACBits, storage);
-#else
- andPtr(TrustedImmPtr(Gigacage::mask(kind)), storage);
- addPtr(scratch, storage);
-#endif // CPU(ARM64E)
- done.link(this);
- }
- }
-#endif
-
-#if CPU(ARM64E)
- if (kind == Gigacage::Primitive)
- untagArrayPtr(length, storage, validateAuth, scratch);
-#endif
- UNUSED_PARAM(validateAuth);
- UNUSED_PARAM(kind);
- UNUSED_PARAM(storage);
- UNUSED_PARAM(length);
- UNUSED_PARAM(scratch);
-}
-
} // namespace JSC
#endif // ENABLE(JIT)
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/jit/AssemblyHelpers.h (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/jit/AssemblyHelpers.h 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/jit/AssemblyHelpers.h 2020-08-04 17:18:47 UTC (rev 265250)
@@ -1732,10 +1732,77 @@
ok.link(this);
}
- JS_EXPORT_PRIVATE void cageWithoutUntagging(Gigacage::Kind, GPRReg storage);
+ void cageWithoutUntagging(Gigacage::Kind kind, GPRReg storage)
+ {
+#if GIGACAGE_ENABLED
+ if (!Gigacage::isEnabled(kind))
+ return;
+
+#if CPU(ARM64E)
+ RegisterID tempReg = InvalidGPRReg;
+ if (kind == Gigacage::Primitive) {
+ tempReg = getCachedMemoryTempRegisterIDAndInvalidate();
+ move(storage, tempReg);
+ // Flip the registers since bitFieldInsert only inserts into the low bits.
+ std::swap(storage, tempReg);
+ }
+#endif
+ andPtr(TrustedImmPtr(Gigacage::mask(kind)), storage);
+ addPtr(TrustedImmPtr(Gigacage::basePtr(kind)), storage);
+#if CPU(ARM64E)
+ if (kind == Gigacage::Primitive)
+ bitFieldInsert64(storage, 0, 64 - numberOfPACBits, tempReg);
+#endif
+
+#else
+ UNUSED_PARAM(kind);
+ UNUSED_PARAM(storage);
+#endif
+ }
+
// length may be the same register as scratch.
- JS_EXPORT_PRIVATE void cageConditionallyAndUntag(Gigacage::Kind, GPRReg storage, GPRReg length, GPRReg scratch, bool validateAuth = true);
+ void cageConditionally(Gigacage::Kind kind, GPRReg storage, GPRReg length, GPRReg scratch)
+ {
+#if GIGACAGE_ENABLED
+ if (Gigacage::isEnabled(kind)) {
+ if (kind != Gigacage::Primitive || Gigacage::disablingPrimitiveGigacageIsForbidden())
+ cageWithoutUntagging(kind, storage);
+ else {
+#if CPU(ARM64E)
+ if (length == scratch)
+ scratch = getCachedMemoryTempRegisterIDAndInvalidate();
+#endif
+ JumpList done;
+ done.append(branchTest8(NonZero, AbsoluteAddress(&Gigacage::disablePrimitiveGigacageRequested)));
+ loadPtr(Gigacage::addressOfBasePtr(kind), scratch);
+ done.append(branchTest64(Zero, scratch));
+#if CPU(ARM64E)
+ GPRReg tempReg = getCachedDataTempRegisterIDAndInvalidate();
+ move(storage, tempReg);
+ ASSERT(LogicalImmediate::create64(Gigacage::mask(kind)).isValid());
+ andPtr(TrustedImmPtr(Gigacage::mask(kind)), tempReg);
+ addPtr(scratch, tempReg);
+ bitFieldInsert64(tempReg, 0, 64 - numberOfPACBits, storage);
+#else
+ andPtr(TrustedImmPtr(Gigacage::mask(kind)), storage);
+ addPtr(scratch, storage);
+#endif // CPU(ARM64E)
+ done.link(this);
+ }
+ }
+#endif
+
+#if CPU(ARM64E)
+ if (kind == Gigacage::Primitive)
+ untagArrayPtr(length, storage);
+#endif
+ UNUSED_PARAM(kind);
+ UNUSED_PARAM(storage);
+ UNUSED_PARAM(length);
+ UNUSED_PARAM(scratch);
+ }
+
void emitComputeButterflyIndexingMask(GPRReg vectorLengthGPR, GPRReg scratchGPR, GPRReg resultGPR)
{
ASSERT(scratchGPR != resultGPR);
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/jit/JITPropertyAccess.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -1630,7 +1630,7 @@
// We would be loading this into base as in get_by_val, except that the slow
// path expects the base to be unclobbered.
loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), lateScratch);
- cageConditionallyAndUntag(Gigacage::Primitive, lateScratch, lateScratch2, lateScratch2, false);
+ cageConditionally(Gigacage::Primitive, lateScratch, lateScratch2, lateScratch2);
if (isClamped(type)) {
ASSERT(elementSize(type) == 1);
@@ -1719,7 +1719,7 @@
// We would be loading this into base as in get_by_val, except that the slow
// path expects the base to be unclobbered.
loadPtr(Address(base, JSArrayBufferView::offsetOfVector()), lateScratch);
- cageConditionallyAndUntag(Gigacage::Primitive, lateScratch, lateScratch2, lateScratch2, false);
+ cageConditionally(Gigacage::Primitive, lateScratch, lateScratch2, lateScratch2);
switch (elementSize(type)) {
case 4:
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/WasmAirIRGenerator.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -954,7 +954,7 @@
jit.loadPtr(CCallHelpers::Address(params[0].gpr(), Instance::offsetOfCachedMemorySize()), pinnedRegs->sizeRegister);
jit.loadPtr(CCallHelpers::Address(params[0].gpr(), Instance::offsetOfCachedMemory()), baseMemory);
- jit.cageConditionallyAndUntag(Gigacage::Primitive, baseMemory, pinnedRegs->sizeRegister, scratchOrSize);
+ jit.cageConditionally(Gigacage::Primitive, baseMemory, pinnedRegs->sizeRegister, scratchOrSize);
});
emitPatchpoint(block, patchpoint, Tmp(), instance);
@@ -2300,7 +2300,7 @@
jit.loadPtr(CCallHelpers::Address(newContextInstance, Instance::offsetOfCachedMemorySize()), pinnedRegs.sizeRegister); // Memory size.
jit.loadPtr(CCallHelpers::Address(newContextInstance, Instance::offsetOfCachedMemory()), baseMemory); // Memory::void*.
- jit.cageConditionallyAndUntag(Gigacage::Primitive, baseMemory, pinnedRegs.sizeRegister, scratchOrSize);
+ jit.cageConditionally(Gigacage::Primitive, baseMemory, pinnedRegs.sizeRegister, scratchOrSize);
});
emitPatchpoint(doContextSwitch, patchpoint, Tmp(), newContextInstance, instanceValue());
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/WasmB3IRGenerator.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/WasmB3IRGenerator.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/WasmB3IRGenerator.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -580,7 +580,7 @@
jit.loadPtr(CCallHelpers::Address(params[0].gpr(), Instance::offsetOfCachedMemorySize()), pinnedRegs->sizeRegister);
jit.loadPtr(CCallHelpers::Address(params[0].gpr(), Instance::offsetOfCachedMemory()), baseMemory);
- jit.cageConditionallyAndUntag(Gigacage::Primitive, baseMemory, pinnedRegs->sizeRegister, scratchOrSize);
+ jit.cageConditionally(Gigacage::Primitive, baseMemory, pinnedRegs->sizeRegister, scratchOrSize);
});
}
}
@@ -1854,7 +1854,7 @@
jit.loadPtr(CCallHelpers::Address(newContextInstance, Instance::offsetOfCachedMemorySize()), pinnedRegs.sizeRegister); // Memory size.
jit.loadPtr(CCallHelpers::Address(newContextInstance, Instance::offsetOfCachedMemory()), baseMemory); // Memory::void*.
- jit.cageConditionallyAndUntag(Gigacage::Primitive, baseMemory, pinnedRegs.sizeRegister, scratchOrSize);
+ jit.cageConditionally(Gigacage::Primitive, baseMemory, pinnedRegs.sizeRegister, scratchOrSize);
});
doContextSwitch->appendNewControlValue(m_proc, Jump, origin(), continuation);
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/WasmBinding.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/WasmBinding.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/WasmBinding.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -72,7 +72,7 @@
jit.loadPtr(JIT::Address(baseMemory, Wasm::Instance::offsetOfCachedMemorySize()), pinnedRegs.sizeRegister); // Memory size.
jit.loadPtr(JIT::Address(baseMemory, Wasm::Instance::offsetOfCachedMemory()), baseMemory); // Wasm::Memory::TaggedArrayStoragePtr<void> (void*).
- jit.cageConditionallyAndUntag(Gigacage::Primitive, baseMemory, pinnedRegs.sizeRegister, scratchOrSize);
+ jit.cageConditionally(Gigacage::Primitive, baseMemory, pinnedRegs.sizeRegister, scratchOrSize);
}
// Tail call into the callee WebAssembly function.
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/js/JSToWasm.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/js/JSToWasm.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/js/JSToWasm.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -237,7 +237,7 @@
}
jit.loadPtr(CCallHelpers::Address(currentInstanceGPR, Wasm::Instance::offsetOfCachedMemory()), baseMemory);
- jit.cageConditionallyAndUntag(Gigacage::Primitive, baseMemory, scratchOrSize, scratchOrSize);
+ jit.cageConditionally(Gigacage::Primitive, baseMemory, scratchOrSize, scratchOrSize);
}
CCallHelpers::Call call = jit.threadSafePatchableNearCall();
Modified: branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp (265249 => 265250)
--- branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp 2020-08-04 17:14:10 UTC (rev 265249)
+++ branches/safari-610.1.25-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp 2020-08-04 17:18:47 UTC (rev 265250)
@@ -368,7 +368,7 @@
}
jit.loadPtr(CCallHelpers::Address(scratchGPR, Wasm::Instance::offsetOfCachedMemory()), baseMemory);
- jit.cageConditionallyAndUntag(Gigacage::Primitive, baseMemory, scratchOrSize, scratchOrSize);
+ jit.cageConditionally(Gigacage::Primitive, baseMemory, scratchOrSize, scratchOrSize);
}
// We use this callee to indicate how to unwind past these types of frames:
