Title: [99614] trunk/Source/_javascript_Core
- Revision
- 99614
- Author
- [email protected]
- Date
- 2011-11-08 13:57:16 -0800 (Tue, 08 Nov 2011)
Log Message
DFG JIT calculation of OSR entry points is not THUMB2 safe
https://bugs.webkit.org/show_bug.cgi?id=71852
Reviewed by Oliver Hunt.
Executable addresses are tagged with a low bit set to distinguish
between THUMB2 and traditional ARM.
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGJITCompiler32_64.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
* dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
* jit/JITCode.h:
(JSC::JITCode::executableAddressAtOffset):
(JSC::JITCode::start):
(JSC::JITCode::size):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (99613 => 99614)
--- trunk/Source/_javascript_Core/ChangeLog 2011-11-08 21:14:55 UTC (rev 99613)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-11-08 21:57:16 UTC (rev 99614)
@@ -1,3 +1,24 @@
+2011-11-08 Gavin Barraclough <[email protected]>
+
+ DFG JIT calculation of OSR entry points is not THUMB2 safe
+ https://bugs.webkit.org/show_bug.cgi?id=71852
+
+ Reviewed by Oliver Hunt.
+
+ Executable addresses are tagged with a low bit set to distinguish
+ between THUMB2 and traditional ARM.
+
+ * dfg/DFGJITCompiler.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGJITCompiler32_64.cpp:
+ (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
+ * dfg/DFGOSREntry.cpp:
+ (JSC::DFG::prepareOSREntry):
+ * jit/JITCode.h:
+ (JSC::JITCode::executableAddressAtOffset):
+ (JSC::JITCode::start):
+ (JSC::JITCode::size):
+
2011-11-08 Michael Saboff <[email protected]>
JSC::Parser::Parser leaks Lexer member
Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (99613 => 99614)
--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2011-11-08 21:14:55 UTC (rev 99613)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp 2011-11-08 21:57:16 UTC (rev 99614)
@@ -756,7 +756,7 @@
ASSERT(mapping);
ASSERT(mapping->m_bytecodeIndex == returnBytecodeIndex);
- void* jumpTarget = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(baselineCodeBlockForCaller->getJITCode().start()) + mapping->m_machineCodeOffset);
+ void* jumpTarget = baselineCodeBlockForCaller->getJITCode().executableAddressAtOffset(mapping->m_machineCodeOffset);
GPRReg callerFrameGPR;
if (inlineCallFrame->caller.inlineCallFrame) {
@@ -786,7 +786,7 @@
ASSERT(mapping);
ASSERT(mapping->m_bytecodeIndex == exit.m_codeOrigin.bytecodeIndex);
- void* jumpTarget = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(baselineCodeBlock->getJITCode().start()) + mapping->m_machineCodeOffset);
+ void* jumpTarget = baselineCodeBlock->getJITCode().executableAddressAtOffset(mapping->m_machineCodeOffset);
ASSERT(GPRInfo::regT1 != GPRInfo::cachedResultRegister);
Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler32_64.cpp (99613 => 99614)
--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler32_64.cpp 2011-11-08 21:14:55 UTC (rev 99613)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler32_64.cpp 2011-11-08 21:57:16 UTC (rev 99614)
@@ -512,7 +512,7 @@
ASSERT(mapping);
ASSERT(mapping->m_bytecodeIndex == returnBytecodeIndex);
- void* jumpTarget = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(baselineCodeBlockForCaller->getJITCode().start()) + mapping->m_machineCodeOffset);
+ void* jumpTarget = baselineCodeBlockForCaller->getJITCode().executableAddressAtOffset(mapping->m_machineCodeOffset);
GPRReg callerFrameGPR;
if (inlineCallFrame->caller.inlineCallFrame) {
@@ -546,7 +546,7 @@
ASSERT(mapping);
ASSERT(mapping->m_bytecodeIndex == exit.m_codeOrigin.bytecodeIndex);
- void* jumpTarget = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(baselineCodeBlock->getJITCode().start()) + mapping->m_machineCodeOffset);
+ void* jumpTarget = baselineCodeBlock->getJITCode().executableAddressAtOffset(mapping->m_machineCodeOffset);
ASSERT(GPRInfo::regT2 != GPRInfo::cachedResultRegister && GPRInfo::regT2 != GPRInfo::cachedResultRegister2);
Modified: trunk/Source/_javascript_Core/dfg/DFGOSREntry.cpp (99613 => 99614)
--- trunk/Source/_javascript_Core/dfg/DFGOSREntry.cpp 2011-11-08 21:14:55 UTC (rev 99613)
+++ trunk/Source/_javascript_Core/dfg/DFGOSREntry.cpp 2011-11-08 21:57:16 UTC (rev 99614)
@@ -138,7 +138,7 @@
// 4) Find and return the destination machine code address.
- void* result = reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(codeBlock->getJITCode().start()) + entry->m_machineCodeOffset);
+ void* result = codeBlock->getJITCode().executableAddressAtOffset(entry->m_machineCodeOffset);
#if ENABLE(JIT_VERBOSE_OSR)
printf(" OSR returning machine code address %p.\n", result);
Modified: trunk/Source/_javascript_Core/jit/JITCode.h (99613 => 99614)
--- trunk/Source/_javascript_Core/jit/JITCode.h 2011-11-08 21:14:55 UTC (rev 99613)
+++ trunk/Source/_javascript_Core/jit/JITCode.h 2011-11-08 21:57:16 UTC (rev 99614)
@@ -87,6 +87,12 @@
return m_ref.code();
}
+ void* executableAddressAtOffset(size_t offset) const
+ {
+ ASSERT(offset < size());
+ return reinterpret_cast<char*>(m_ref.code().executableAddress()) + offset;
+ }
+
// This function returns the offset in bytes of 'pointerIntoCode' into
// this block of code. The pointer provided must be a pointer into this
// block of code. It is ASSERTed that no codeblock >4gb in size.
@@ -104,12 +110,12 @@
return globalData->exception ? jsNull() : result;
}
- void* start()
+ void* start() const
{
return m_ref.code().dataLocation();
}
- size_t size()
+ size_t size() const
{
ASSERT(m_ref.code().executableAddress());
return m_ref.size();
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
