Diff
Modified: branches/safari-606-branch/JSTests/ChangeLog (237372 => 237373)
--- branches/safari-606-branch/JSTests/ChangeLog 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/JSTests/ChangeLog 2018-10-23 23:52:18 UTC (rev 237373)
@@ -1,3 +1,79 @@
+2018-10-23 Kocsen Chung <[email protected]>
+
+ Cherry-pick r236589. rdar://problem/45285669
+
+ Verify the contents of AssemblerBuffer on arm64e
+ https://bugs.webkit.org/show_bug.cgi?id=190057
+ <rdar://problem/38916630>
+
+ Reviewed by Mark Lam.
+
+ JSTests:
+
+ * stress/regress-189132.js:
+
+ Source/_javascript_Core:
+
+ * assembler/ARM64Assembler.h:
+ (JSC::ARM64Assembler::ARM64Assembler):
+ (JSC::ARM64Assembler::fillNops):
+ (JSC::ARM64Assembler::link):
+ (JSC::ARM64Assembler::linkJumpOrCall):
+ (JSC::ARM64Assembler::linkCompareAndBranch):
+ (JSC::ARM64Assembler::linkConditionalBranch):
+ (JSC::ARM64Assembler::linkTestAndBranch):
+ (JSC::ARM64Assembler::unlinkedCode): Deleted.
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::fillNops):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::unlinkedCode): Deleted.
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::emitNops):
+ (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
+ * assembler/AssemblerBuffer.h:
+ (JSC::ARM64EHash::ARM64EHash):
+ (JSC::ARM64EHash::update):
+ (JSC::ARM64EHash::hash const):
+ (JSC::ARM64EHash::randomSeed const):
+ (JSC::AssemblerBuffer::AssemblerBuffer):
+ (JSC::AssemblerBuffer::putShort):
+ (JSC::AssemblerBuffer::putIntUnchecked):
+ (JSC::AssemblerBuffer::putInt):
+ (JSC::AssemblerBuffer::hash const):
+ (JSC::AssemblerBuffer::data const):
+ (JSC::AssemblerBuffer::putIntegralUnchecked):
+ (JSC::AssemblerBuffer::append): Deleted.
+ * assembler/LinkBuffer.cpp:
+ (JSC::LinkBuffer::copyCompactAndLinkCode):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::fillNops):
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::jumpsToLink):
+ (JSC::MacroAssemblerARM64::link):
+ (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::jumpsToLink):
+ (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::fillNops):
+
+ Source/WTF:
+
+ * wtf/PtrTag.h:
+ (WTF::tagInt):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236589 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-09-27 Saam barati <[email protected]>
+
+ Verify the contents of AssemblerBuffer on arm64e
+ https://bugs.webkit.org/show_bug.cgi?id=190057
+ <rdar://problem/38916630>
+
+ Reviewed by Mark Lam.
+
+ * stress/regress-189132.js:
+
2018-10-21 Babak Shafiei <[email protected]>
Cherry-pick r236804. rdar://problem/45285687
Modified: branches/safari-606-branch/Source/_javascript_Core/ChangeLog (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/ChangeLog 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/ChangeLog 2018-10-23 23:52:18 UTC (rev 237373)
@@ -1,5 +1,122 @@
2018-10-23 Kocsen Chung <[email protected]>
+ Cherry-pick r236589. rdar://problem/45285669
+
+ Verify the contents of AssemblerBuffer on arm64e
+ https://bugs.webkit.org/show_bug.cgi?id=190057
+ <rdar://problem/38916630>
+
+ Reviewed by Mark Lam.
+
+ JSTests:
+
+ * stress/regress-189132.js:
+
+ Source/_javascript_Core:
+
+ * assembler/ARM64Assembler.h:
+ (JSC::ARM64Assembler::ARM64Assembler):
+ (JSC::ARM64Assembler::fillNops):
+ (JSC::ARM64Assembler::link):
+ (JSC::ARM64Assembler::linkJumpOrCall):
+ (JSC::ARM64Assembler::linkCompareAndBranch):
+ (JSC::ARM64Assembler::linkConditionalBranch):
+ (JSC::ARM64Assembler::linkTestAndBranch):
+ (JSC::ARM64Assembler::unlinkedCode): Deleted.
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::fillNops):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::unlinkedCode): Deleted.
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::emitNops):
+ (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
+ * assembler/AssemblerBuffer.h:
+ (JSC::ARM64EHash::ARM64EHash):
+ (JSC::ARM64EHash::update):
+ (JSC::ARM64EHash::hash const):
+ (JSC::ARM64EHash::randomSeed const):
+ (JSC::AssemblerBuffer::AssemblerBuffer):
+ (JSC::AssemblerBuffer::putShort):
+ (JSC::AssemblerBuffer::putIntUnchecked):
+ (JSC::AssemblerBuffer::putInt):
+ (JSC::AssemblerBuffer::hash const):
+ (JSC::AssemblerBuffer::data const):
+ (JSC::AssemblerBuffer::putIntegralUnchecked):
+ (JSC::AssemblerBuffer::append): Deleted.
+ * assembler/LinkBuffer.cpp:
+ (JSC::LinkBuffer::copyCompactAndLinkCode):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::fillNops):
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::jumpsToLink):
+ (JSC::MacroAssemblerARM64::link):
+ (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::jumpsToLink):
+ (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::fillNops):
+
+ Source/WTF:
+
+ * wtf/PtrTag.h:
+ (WTF::tagInt):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236589 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-09-27 Saam barati <[email protected]>
+
+ Verify the contents of AssemblerBuffer on arm64e
+ https://bugs.webkit.org/show_bug.cgi?id=190057
+ <rdar://problem/38916630>
+
+ Reviewed by Mark Lam.
+
+ * assembler/ARM64Assembler.h:
+ (JSC::ARM64Assembler::ARM64Assembler):
+ (JSC::ARM64Assembler::fillNops):
+ (JSC::ARM64Assembler::link):
+ (JSC::ARM64Assembler::linkJumpOrCall):
+ (JSC::ARM64Assembler::linkCompareAndBranch):
+ (JSC::ARM64Assembler::linkConditionalBranch):
+ (JSC::ARM64Assembler::linkTestAndBranch):
+ (JSC::ARM64Assembler::unlinkedCode): Deleted.
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::fillNops):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::unlinkedCode): Deleted.
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::emitNops):
+ (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
+ * assembler/AssemblerBuffer.h:
+ (JSC::ARM64EHash::ARM64EHash):
+ (JSC::ARM64EHash::update):
+ (JSC::ARM64EHash::hash const):
+ (JSC::ARM64EHash::randomSeed const):
+ (JSC::AssemblerBuffer::AssemblerBuffer):
+ (JSC::AssemblerBuffer::putShort):
+ (JSC::AssemblerBuffer::putIntUnchecked):
+ (JSC::AssemblerBuffer::putInt):
+ (JSC::AssemblerBuffer::hash const):
+ (JSC::AssemblerBuffer::data const):
+ (JSC::AssemblerBuffer::putIntegralUnchecked):
+ (JSC::AssemblerBuffer::append): Deleted.
+ * assembler/LinkBuffer.cpp:
+ (JSC::LinkBuffer::copyCompactAndLinkCode):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::fillNops):
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::jumpsToLink):
+ (JSC::MacroAssemblerARM64::link):
+ (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::jumpsToLink):
+ (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::fillNops):
+
+2018-10-23 Kocsen Chung <[email protected]>
+
Cherry-pick r236604. rdar://problem/45285669
[JSC] [Armv7] Add a copy function argument to MacroAssemblerARMv7::link() and pass it down to the assembler's linking functions.
Modified: branches/safari-606-branch/Source/_javascript_Core/assembler/ARM64Assembler.h (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/assembler/ARM64Assembler.h 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/assembler/ARM64Assembler.h 2018-10-23 23:52:18 UTC (rev 237373)
@@ -318,9 +318,17 @@
static constexpr bool isZr(RegisterID reg) { return ARM64Registers::isZr(reg); }
public:
- ARM64Assembler()
+ ARM64Assembler(
+#if CPU(ARM64E)
+ unsigned randomNumber
+#endif
+ )
: m_indexOfLastWatchpoint(INT_MIN)
, m_indexOfTailOfLastWatchpoint(INT_MIN)
+#if CPU(ARM64E)
+ , m_buffer(randomNumber)
+#endif
+
{
}
@@ -1554,16 +1562,14 @@
insn(nopPseudo());
}
- static void fillNops(void* base, size_t size, bool isCopyingToExecutableMemory)
+ template <typename CopyFunction>
+ static void fillNops(void* base, size_t size, CopyFunction copy)
{
RELEASE_ASSERT(!(size % sizeof(int32_t)));
size_t n = size / sizeof(int32_t);
for (int32_t* ptr = static_cast<int32_t*>(base); n--;) {
int insn = nopPseudo();
- if (isCopyingToExecutableMemory)
- performJITMemcpy(ptr++, &insn, sizeof(int));
- else
- memcpy(ptr++, &insn, sizeof(int));
+ copy(ptr++, &insn, sizeof(int));
}
}
@@ -2568,7 +2574,6 @@
return b.m_offset - a.m_offset;
}
- void* unlinkedCode() { return m_buffer.data(); }
size_t codeSize() const { return m_buffer.codeSize(); }
static unsigned getCallReturnOffset(AssemblerLabel call)
@@ -2606,13 +2611,6 @@
m_jumpsToLink.append(LinkRecord(from.m_offset, to.m_offset, type, condition, bitNumber, compareRegister));
}
- void linkJump(AssemblerLabel from, void* executableCode, AssemblerLabel to)
- {
- ASSERT(from.isSet());
- ASSERT(to.isSet());
- relinkJumpOrCall<false>(addressOf(from), addressOf(executableCode, from), addressOf(to));
- }
-
static void linkJump(void* code, AssemblerLabel from, void* to)
{
ASSERT(from.isSet());
@@ -2965,30 +2963,32 @@
return m_jumpsToLink;
}
- static void ALWAYS_INLINE link(LinkRecord& record, uint8_t* from, const uint8_t* fromInstruction8, uint8_t* to)
+ typedef void* (*CopyFunction)(void*, const void*, size_t);
+
+ static void ALWAYS_INLINE link(LinkRecord& record, uint8_t* from, const uint8_t* fromInstruction8, uint8_t* to, CopyFunction copy)
{
const int* fromInstruction = reinterpret_cast<const int*>(fromInstruction8);
switch (record.linkType()) {
case LinkJumpNoCondition:
- linkJumpOrCall<false>(reinterpret_cast<int*>(from), fromInstruction, to);
+ linkJumpOrCall<false>(reinterpret_cast<int*>(from), fromInstruction, to, copy);
break;
case LinkJumpConditionDirect:
- linkConditionalBranch<true>(record.condition(), reinterpret_cast<int*>(from), fromInstruction, to);
+ linkConditionalBranch<true>(record.condition(), reinterpret_cast<int*>(from), fromInstruction, to, copy);
break;
case LinkJumpCondition:
- linkConditionalBranch<false>(record.condition(), reinterpret_cast<int*>(from) - 1, fromInstruction - 1, to);
+ linkConditionalBranch<false>(record.condition(), reinterpret_cast<int*>(from) - 1, fromInstruction - 1, to, copy);
break;
case LinkJumpCompareAndBranchDirect:
- linkCompareAndBranch<true>(record.condition(), record.is64Bit(), record.compareRegister(), reinterpret_cast<int*>(from), fromInstruction, to);
+ linkCompareAndBranch<true>(record.condition(), record.is64Bit(), record.compareRegister(), reinterpret_cast<int*>(from), fromInstruction, to, copy);
break;
case LinkJumpCompareAndBranch:
- linkCompareAndBranch<false>(record.condition(), record.is64Bit(), record.compareRegister(), reinterpret_cast<int*>(from) - 1, fromInstruction - 1, to);
+ linkCompareAndBranch<false>(record.condition(), record.is64Bit(), record.compareRegister(), reinterpret_cast<int*>(from) - 1, fromInstruction - 1, to, copy);
break;
case LinkJumpTestBitDirect:
- linkTestAndBranch<true>(record.condition(), record.bitNumber(), record.compareRegister(), reinterpret_cast<int*>(from), fromInstruction, to);
+ linkTestAndBranch<true>(record.condition(), record.bitNumber(), record.compareRegister(), reinterpret_cast<int*>(from), fromInstruction, to, copy);
break;
case LinkJumpTestBit:
- linkTestAndBranch<false>(record.condition(), record.bitNumber(), record.compareRegister(), reinterpret_cast<int*>(from) - 1, fromInstruction - 1, to);
+ linkTestAndBranch<false>(record.condition(), record.bitNumber(), record.compareRegister(), reinterpret_cast<int*>(from) - 1, fromInstruction - 1, to, copy);
break;
default:
ASSERT_NOT_REACHED();
@@ -3030,7 +3030,7 @@
}
template<bool isCall>
- static void linkJumpOrCall(int* from, const int* fromInstruction, void* to)
+ static void linkJumpOrCall(int* from, const int* fromInstruction, void* to, CopyFunction copy = performJITMemcpy)
{
bool link;
int imm26;
@@ -3046,11 +3046,11 @@
ASSERT(static_cast<int>(offset) == offset);
int insn = unconditionalBranchImmediate(isCall, static_cast<int>(offset));
- performJITMemcpy(from, &insn, sizeof(int));
+ copy(from, &insn, sizeof(int));
}
template<bool isDirect>
- static void linkCompareAndBranch(Condition condition, bool is64Bit, RegisterID rt, int* from, const int* fromInstruction, void* to)
+ static void linkCompareAndBranch(Condition condition, bool is64Bit, RegisterID rt, int* from, const int* fromInstruction, void* to, CopyFunction copy = performJITMemcpy)
{
ASSERT(!(reinterpret_cast<intptr_t>(from) & 3));
ASSERT(!(reinterpret_cast<intptr_t>(to) & 3));
@@ -3062,20 +3062,20 @@
if (useDirect || isDirect) {
int insn = compareAndBranchImmediate(is64Bit ? Datasize_64 : Datasize_32, condition == ConditionNE, static_cast<int>(offset), rt);
- performJITMemcpy(from, &insn, sizeof(int));
+ copy(from, &insn, sizeof(int));
if (!isDirect) {
insn = nopPseudo();
- performJITMemcpy(from + 1, &insn, sizeof(int));
+ copy(from + 1, &insn, sizeof(int));
}
} else {
int insn = compareAndBranchImmediate(is64Bit ? Datasize_64 : Datasize_32, invert(condition) == ConditionNE, 2, rt);
- performJITMemcpy(from, &insn, sizeof(int));
- linkJumpOrCall<false>(from + 1, fromInstruction + 1, to);
+ copy(from, &insn, sizeof(int));
+ linkJumpOrCall<false>(from + 1, fromInstruction + 1, to, copy);
}
}
template<bool isDirect>
- static void linkConditionalBranch(Condition condition, int* from, const int* fromInstruction, void* to)
+ static void linkConditionalBranch(Condition condition, int* from, const int* fromInstruction, void* to, CopyFunction copy = performJITMemcpy)
{
ASSERT(!(reinterpret_cast<intptr_t>(from) & 3));
ASSERT(!(reinterpret_cast<intptr_t>(to) & 3));
@@ -3087,20 +3087,20 @@
if (useDirect || isDirect) {
int insn = conditionalBranchImmediate(static_cast<int>(offset), condition);
- performJITMemcpy(from, &insn, sizeof(int));
+ copy(from, &insn, sizeof(int));
if (!isDirect) {
insn = nopPseudo();
- performJITMemcpy(from + 1, &insn, sizeof(int));
+ copy(from + 1, &insn, sizeof(int));
}
} else {
int insn = conditionalBranchImmediate(2, invert(condition));
- performJITMemcpy(from, &insn, sizeof(int));
- linkJumpOrCall<false>(from + 1, fromInstruction + 1, to);
+ copy(from, &insn, sizeof(int));
+ linkJumpOrCall<false>(from + 1, fromInstruction + 1, to, copy);
}
}
template<bool isDirect>
- static void linkTestAndBranch(Condition condition, unsigned bitNumber, RegisterID rt, int* from, const int* fromInstruction, void* to)
+ static void linkTestAndBranch(Condition condition, unsigned bitNumber, RegisterID rt, int* from, const int* fromInstruction, void* to, CopyFunction copy = performJITMemcpy)
{
ASSERT(!(reinterpret_cast<intptr_t>(from) & 3));
ASSERT(!(reinterpret_cast<intptr_t>(to) & 3));
@@ -3113,15 +3113,15 @@
if (useDirect || isDirect) {
int insn = testAndBranchImmediate(condition == ConditionNE, static_cast<int>(bitNumber), static_cast<int>(offset), rt);
- performJITMemcpy(from, &insn, sizeof(int));
+ copy(from, &insn, sizeof(int));
if (!isDirect) {
insn = nopPseudo();
- performJITMemcpy(from + 1, &insn, sizeof(int));
+ copy(from + 1, &insn, sizeof(int));
}
} else {
int insn = testAndBranchImmediate(invert(condition) == ConditionNE, static_cast<int>(bitNumber), 2, rt);
- performJITMemcpy(from, &insn, sizeof(int));
- linkJumpOrCall<false>(from + 1, fromInstruction + 1, to);
+ copy(from, &insn, sizeof(int));
+ linkJumpOrCall<false>(from + 1, fromInstruction + 1, to, copy);
}
}
@@ -3179,11 +3179,6 @@
return reinterpret_cast<int*>(static_cast<char*>(code) + label.m_offset);
}
- int* addressOf(AssemblerLabel label)
- {
- return addressOf(m_buffer.data(), label);
- }
-
static RegisterID disassembleXOrSp(int reg) { return reg == 31 ? ARM64Registers::sp : static_cast<RegisterID>(reg); }
static RegisterID disassembleXOrZr(int reg) { return reg == 31 ? ARM64Registers::zr : static_cast<RegisterID>(reg); }
static RegisterID disassembleXOrZrOrSp(bool useZr, int reg) { return reg == 31 ? (useZr ? ARM64Registers::zr : ARM64Registers::sp) : static_cast<RegisterID>(reg); }
@@ -3759,10 +3754,10 @@
#endif
}
- AssemblerBuffer m_buffer;
Vector<LinkRecord, 0, UnsafeVectorOverflow> m_jumpsToLink;
int m_indexOfLastWatchpoint;
int m_indexOfTailOfLastWatchpoint;
+ AssemblerBuffer m_buffer;
public:
static constexpr ptrdiff_t MAX_POINTER_BITS = 48;
Modified: branches/safari-606-branch/Source/_javascript_Core/assembler/ARMAssembler.h (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/assembler/ARMAssembler.h 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/assembler/ARMAssembler.h 2018-10-23 23:52:18 UTC (rev 237373)
@@ -750,9 +750,10 @@
m_buffer.putInt(NOP);
}
- static void fillNops(void* base, size_t size, bool isCopyingToExecutableMemory)
+ template <typename CopyFunction>
+ static void fillNops(void* base, size_t size, CopyFunction copy)
{
- UNUSED_PARAM(isCopyingToExecutableMemory);
+ UNUSED_PARAM(copy);
RELEASE_ASSERT(!(size % sizeof(int32_t)));
int32_t* ptr = static_cast<int32_t*>(base);
Modified: branches/safari-606-branch/Source/_javascript_Core/assembler/ARMv7Assembler.h (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/assembler/ARMv7Assembler.h 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/assembler/ARMv7Assembler.h 2018-10-23 23:52:18 UTC (rev 237373)
@@ -2055,7 +2055,8 @@
return OP_NOP_T2a | (OP_NOP_T2b << 16);
}
- static void fillNops(void* base, size_t size, bool isCopyingToExecutableMemory)
+ template <typename CopyFunction>
+ static void fillNops(void* base, size_t size, CopyFunction copy)
{
RELEASE_ASSERT(!(size % sizeof(int16_t)));
@@ -2063,10 +2064,7 @@
const size_t num32s = size / sizeof(int32_t);
for (size_t i = 0; i < num32s; i++) {
const int32_t insn = nopPseudo32();
- if (isCopyingToExecutableMemory)
- performJITMemcpy(ptr, &insn, sizeof(int32_t));
- else
- memcpy(ptr, &insn, sizeof(int32_t));
+ copy(ptr, &insn, sizeof(int32_t));
ptr += sizeof(int32_t);
}
@@ -2075,10 +2073,7 @@
ASSERT(num16s * sizeof(int16_t) + num32s * sizeof(int32_t) == size);
if (num16s) {
const int16_t insn = nopPseudo16();
- if (isCopyingToExecutableMemory)
- performJITMemcpy(ptr, &insn, sizeof(int16_t));
- else
- memcpy(ptr, &insn, sizeof(int16_t));
+ copy(ptr, &insn, sizeof(int16_t));
}
}
@@ -2247,7 +2242,6 @@
}
}
- void* unlinkedCode() { return m_formatter.data(); }
size_t codeSize() const { return m_formatter.codeSize(); }
static unsigned getCallReturnOffset(AssemblerLabel call)
Modified: branches/safari-606-branch/Source/_javascript_Core/assembler/AbstractMacroAssembler.h (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/assembler/AbstractMacroAssembler.h 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/assembler/AbstractMacroAssembler.h 2018-10-23 23:52:18 UTC (rev 237373)
@@ -862,8 +862,6 @@
AssemblerType::cacheFlush(code, size);
}
- AssemblerType m_assembler;
-
template<PtrTag tag>
static void linkJump(void* code, Jump jump, CodeLocationLabel<tag> target)
{
@@ -962,13 +960,18 @@
void emitNops(size_t memoryToFillWithNopsInBytes)
{
+#if CPU(ARM64)
+ RELEASE_ASSERT(memoryToFillWithNopsInBytes % 4 == 0);
+ for (unsigned i = 0; i < memoryToFillWithNopsInBytes / 4; ++i)
+ m_assembler.nop();
+#else
AssemblerBuffer& buffer = m_assembler.buffer();
size_t startCodeSize = buffer.codeSize();
size_t targetCodeSize = startCodeSize + memoryToFillWithNopsInBytes;
buffer.ensureSpace(memoryToFillWithNopsInBytes);
- bool isCopyingToExecutableMemory = false;
- AssemblerType::fillNops(static_cast<char*>(buffer.data()) + startCodeSize, memoryToFillWithNopsInBytes, isCopyingToExecutableMemory);
+ AssemblerType::fillNops(static_cast<char*>(buffer.data()) + startCodeSize, memoryToFillWithNopsInBytes, memcpy);
buffer.setCodeSize(targetCodeSize);
+#endif
}
ALWAYS_INLINE void tagReturnAddress() { }
@@ -983,6 +986,11 @@
protected:
AbstractMacroAssembler()
: m_randomSource(0)
+#if CPU(ARM64E)
+ , m_assembler(random())
+#else
+ , m_assembler()
+#endif
{
invalidateAllTempRegisters();
}
@@ -998,6 +1006,9 @@
bool m_randomSourceIsInitialized { false };
WeakRandom m_randomSource;
+public:
+ AssemblerType m_assembler;
+protected:
#if ENABLE(DFG_REGISTER_ALLOCATION_VALIDATION)
Vector<RegisterAllocationOffset, 10> m_registerAllocationForOffsets;
Modified: branches/safari-606-branch/Source/_javascript_Core/assembler/AssemblerBuffer.h (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/assembler/AssemblerBuffer.h 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/assembler/AssemblerBuffer.h 2018-10-23 23:52:18 UTC (rev 237373)
@@ -33,10 +33,15 @@
#include <string.h>
#include <wtf/Assertions.h>
#include <wtf/FastMalloc.h>
+#if CPU(ARM64E)
+#include <wtf/PtrTag.h>
+#endif
#include <wtf/StdLibExtras.h>
namespace JSC {
+ class LinkBuffer;
+
struct AssemblerLabel {
AssemblerLabel()
: m_offset(std::numeric_limits<uint32_t>::max())
@@ -140,11 +145,37 @@
unsigned m_capacity;
};
+#if CPU(ARM64E)
+ class ARM64EHash {
+ public:
+ ARM64EHash(unsigned randomNumber)
+ : m_hash(randomNumber)
+ , m_randomSeed(randomNumber)
+ { }
+ ALWAYS_INLINE void update(unsigned value, uintptr_t index)
+ {
+ m_hash = tagInt((static_cast<uintptr_t>(value) + m_hash) ^ (m_hash >> 32), static_cast<PtrTag>(index));
+ }
+ uintptr_t hash() const { return m_hash; }
+ unsigned randomSeed() const { return m_randomSeed; }
+ private:
+ uintptr_t m_hash;
+ unsigned m_randomSeed;
+ };
+#endif
+
class AssemblerBuffer {
public:
- AssemblerBuffer()
+ AssemblerBuffer(
+#if CPU(ARM64E)
+ unsigned randomNumber
+#endif
+ )
: m_storage()
, m_index(0)
+#if CPU(ARM64E)
+ , m_hash(randomNumber)
+#endif
{
}
@@ -164,25 +195,23 @@
return !(m_index & (alignment - 1));
}
+#if !CPU(ARM64)
void putByteUnchecked(int8_t value) { putIntegralUnchecked(value); }
void putByte(int8_t value) { putIntegral(value); }
void putShortUnchecked(int16_t value) { putIntegralUnchecked(value); }
void putShort(int16_t value) { putIntegral(value); }
+ void putInt64Unchecked(int64_t value) { putIntegralUnchecked(value); }
+ void putInt64(int64_t value) { putIntegral(value); }
+#endif
void putIntUnchecked(int32_t value) { putIntegralUnchecked(value); }
void putInt(int32_t value) { putIntegral(value); }
- void putInt64Unchecked(int64_t value) { putIntegralUnchecked(value); }
- void putInt64(int64_t value) { putIntegral(value); }
- void* data() const
- {
- return m_storage.buffer();
- }
-
size_t codeSize() const
{
return m_index;
}
+#if !CPU(ARM64)
void setCodeSize(size_t index)
{
// Warning: Only use this if you know exactly what you are doing.
@@ -191,6 +220,7 @@
m_index = index;
ASSERT(m_index <= m_storage.capacity());
}
+#endif
AssemblerLabel label() const
{
@@ -208,6 +238,7 @@
//
// LocalWriter *CANNOT* be mixed with other types of access to AssemblerBuffer.
// AssemblerBuffer cannot be used until its LocalWriter goes out of scope.
+#if !CPU(ARM64) // If we ever need to use this on arm64e, we would need to make the checksum aware of this.
class LocalWriter {
public:
LocalWriter(AssemblerBuffer& buffer, unsigned requiredSpace)
@@ -250,7 +281,17 @@
unsigned m_requiredSpace;
#endif
};
+#endif // !CPU(ARM64)
+#if CPU(ARM64E)
+ ARM64EHash hash() const { return m_hash; }
+#endif
+
+#if !CPU(ARM64) // If we were to define this on arm64e, we'd need a way to update the hash as we write directly into the buffer.
+ void* data() const { return m_storage.buffer(); }
+#endif
+
+
protected:
template<typename IntegralType>
void putIntegral(IntegralType value)
@@ -266,35 +307,38 @@
template<typename IntegralType>
void putIntegralUnchecked(IntegralType value)
{
+#if CPU(ARM64)
+ static_assert(sizeof(value) == 4, "");
+#if CPU(ARM64E)
+ m_hash.update(value, m_index);
+#endif
+#endif
ASSERT(isAvailable(sizeof(IntegralType)));
*reinterpret_cast_ptr<IntegralType*>(m_storage.buffer() + m_index) = value;
m_index += sizeof(IntegralType);
}
- void append(const char* data, int size)
- {
- if (!isAvailable(size))
- grow(size);
-
- memcpy(m_storage.buffer() + m_index, data, size);
- m_index += size;
- }
-
+ private:
void grow(int extraCapacity = 0)
{
m_storage.grow(extraCapacity);
}
- private:
NEVER_INLINE void outOfLineGrow()
{
m_storage.grow();
}
+#if !CPU(ARM64)
friend LocalWriter;
+#endif
+ friend LinkBuffer;
AssemblerData m_storage;
unsigned m_index;
+#if CPU(ARM64E)
+ ARM64EHash m_hash;
+#endif
};
} // namespace JSC
Modified: branches/safari-606-branch/Source/_javascript_Core/assembler/LinkBuffer.cpp (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/assembler/LinkBuffer.cpp 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/assembler/LinkBuffer.cpp 2018-10-23 23:52:18 UTC (rev 237373)
@@ -109,14 +109,24 @@
m_assemblerStorage = macroAssembler.m_assembler.buffer().releaseAssemblerData();
uint8_t* inData = reinterpret_cast<uint8_t*>(m_assemblerStorage.buffer());
+ uint8_t* codeOutData = m_code.dataLocation<uint8_t*>();
+#if CPU(ARM64E)
+ const ARM64EHash assemblerBufferHash = macroAssembler.m_assembler.buffer().hash();
+ ARM64EHash verifyUncompactedHash(assemblerBufferHash.randomSeed());
+ uint8_t* outData = codeOutData;
+#else
AssemblerData outBuffer(m_size);
-
uint8_t* outData = reinterpret_cast<uint8_t*>(outBuffer.buffer());
- uint8_t* codeOutData = m_code.dataLocation<uint8_t*>();
+#endif
int readPtr = 0;
int writePtr = 0;
unsigned jumpCount = jumpsToLink.size();
+
+#if CPU(ARM64E)
+ os_thread_self_restrict_rwx_to_rw();
+#endif
+
if (m_shouldPerformBranchCompaction) {
for (unsigned i = 0; i < jumpCount; ++i) {
int offset = readPtr - writePtr;
@@ -130,8 +140,18 @@
ASSERT(!(regionSize % 2));
ASSERT(!(readPtr % 2));
ASSERT(!(writePtr % 2));
- while (copySource != copyEnd)
- *copyDst++ = *copySource++;
+#if CPU(ARM64E)
+ unsigned index = readPtr;
+#endif
+ while (copySource != copyEnd) {
+ InstructionType insn = *copySource++;
+#if CPU(ARM64E)
+ static_assert(sizeof(InstructionType) == 4, "");
+ verifyUncompactedHash.update(insn, index);
+ index += sizeof(InstructionType);
+#endif
+ *copyDst++ = insn;
+ }
recordLinkOffsets(m_assemblerStorage, readPtr, jumpsToLink[i].from(), offset);
readPtr += regionSize;
writePtr += regionSize;
@@ -162,30 +182,77 @@
ASSERT(!MacroAssembler::canCompact(jumpsToLink[i].type()));
}
}
+
// Copy everything after the last jump
- memcpy(outData + writePtr, inData + readPtr, initialSize - readPtr);
+ {
+ InstructionType* dst = bitwise_cast<InstructionType*>(outData + writePtr);
+ InstructionType* src = "" + readPtr);
+ size_t bytes = initialSize - readPtr;
+
+ RELEASE_ASSERT(bitwise_cast<uintptr_t>(dst) % sizeof(InstructionType) == 0);
+ RELEASE_ASSERT(bitwise_cast<uintptr_t>(src) % sizeof(InstructionType) == 0);
+ RELEASE_ASSERT(bytes % sizeof(InstructionType) == 0);
+
+#if CPU(ARM64E)
+ unsigned index = readPtr;
+#endif
+
+ for (size_t i = 0; i < bytes; i += sizeof(InstructionType)) {
+ InstructionType insn = *src++;
+#if CPU(ARM64E)
+ verifyUncompactedHash.update(insn, index);
+ index += sizeof(InstructionType);
+#endif
+ *dst++ = insn;
+ }
+ }
+
+#if CPU(ARM64E)
+ if (verifyUncompactedHash.hash() != assemblerBufferHash.hash()) {
+ dataLogLn("Hashes don't match: ", RawPointer(bitwise_cast<void*>(verifyUncompactedHash.hash())), " ", RawPointer(bitwise_cast<void*>(assemblerBufferHash.hash())));
+ dataLogLn("Crashing!");
+ CRASH();
+ }
+#endif
+
recordLinkOffsets(m_assemblerStorage, readPtr, initialSize, readPtr - writePtr);
for (unsigned i = 0; i < jumpCount; ++i) {
+#if CPU(ARM64E)
+ auto memcpyFunction = memcpy;
+#else
+ auto memcpyFunction = performJITMemcpy;
+#endif
+
uint8_t* location = codeOutData + jumpsToLink[i].from();
uint8_t* target = codeOutData + jumpsToLink[i].to() - executableOffsetFor(jumpsToLink[i].to());
- MacroAssembler::link(jumpsToLink[i], outData + jumpsToLink[i].from(), location, target);
+ MacroAssembler::link(jumpsToLink[i], outData + jumpsToLink[i].from(), location, target, memcpyFunction);
}
- jumpsToLink.clear();
+ size_t compactSize = writePtr + initialSize - readPtr;
+ if (!m_executableMemory) {
+ size_t nopSizeInBytes = initialSize - compactSize;
+ MacroAssembler::AssemblerType_T::fillNops(outData + compactSize, nopSizeInBytes, memcpy);
+ }
- size_t compactSize = writePtr + initialSize - readPtr;
+#if CPU(ARM64E)
+ os_thread_self_restrict_rwx_to_rx();
+#endif
+
if (m_executableMemory) {
m_size = compactSize;
m_executableMemory->shrink(m_size);
- } else {
- size_t nopSizeInBytes = initialSize - compactSize;
- bool isCopyingToExecutableMemory = false;
- MacroAssembler::AssemblerType_T::fillNops(outData + compactSize, nopSizeInBytes, isCopyingToExecutableMemory);
}
+#if !CPU(ARM64E)
+ ASSERT(codeOutData != outData);
performJITMemcpy(codeOutData, outData, m_size);
+#else
+ ASSERT(codeOutData == outData);
+#endif
+ jumpsToLink.clear();
+
#if DUMP_LINK_STATISTICS
dumpLinkStatistics(codeOutData, initialSize, m_size);
#endif
Modified: branches/safari-606-branch/Source/_javascript_Core/assembler/MIPSAssembler.h (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/assembler/MIPSAssembler.h 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/assembler/MIPSAssembler.h 2018-10-23 23:52:18 UTC (rev 237373)
@@ -264,9 +264,10 @@
emitInst(0x00000000);
}
- static void fillNops(void* base, size_t size, bool isCopyingToExecutableMemory)
+ template <typename CopyFunction>
+ static void fillNops(void* base, size_t size, CopyFunction copy)
{
- UNUSED_PARAM(isCopyingToExecutableMemory);
+ UNUSED_PARAM(copy);
RELEASE_ASSERT(!(size % sizeof(int32_t)));
int32_t* ptr = static_cast<int32_t*>(base);
Modified: branches/safari-606-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64.h (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64.h 2018-10-23 23:52:18 UTC (rev 237373)
@@ -79,12 +79,12 @@
static const Assembler::JumpType DefaultJump = Assembler::JumpNoConditionFixedSize;
Vector<LinkRecord, 0, UnsafeVectorOverflow>& jumpsToLink() { return m_assembler.jumpsToLink(); }
- void* unlinkedCode() { return m_assembler.unlinkedCode(); }
static bool canCompact(JumpType jumpType) { return Assembler::canCompact(jumpType); }
static JumpLinkType computeJumpType(JumpType jumpType, const uint8_t* from, const uint8_t* to) { return Assembler::computeJumpType(jumpType, from, to); }
static JumpLinkType computeJumpType(LinkRecord& record, const uint8_t* from, const uint8_t* to) { return Assembler::computeJumpType(record, from, to); }
static int jumpSizeDelta(JumpType jumpType, JumpLinkType jumpLinkType) { return Assembler::jumpSizeDelta(jumpType, jumpLinkType); }
- static void link(LinkRecord& record, uint8_t* from, const uint8_t* fromInstruction, uint8_t* to) { return Assembler::link(record, from, fromInstruction, to); }
+ template <typename CopyFunction>
+ static void link(LinkRecord& record, uint8_t* from, const uint8_t* fromInstruction, uint8_t* to, CopyFunction copy) { return Assembler::link(record, from, fromInstruction, to, copy); }
static const Scale ScalePtr = TimesEight;
Modified: branches/safari-606-branch/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/assembler/MacroAssemblerARMv7.h 2018-10-23 23:52:18 UTC (rev 237373)
@@ -65,7 +65,6 @@
}
Vector<LinkRecord, 0, UnsafeVectorOverflow>& jumpsToLink() { return m_assembler.jumpsToLink(); }
- void* unlinkedCode() { return m_assembler.unlinkedCode(); }
static bool canCompact(JumpType jumpType) { return ARMv7Assembler::canCompact(jumpType); }
static JumpLinkType computeJumpType(JumpType jumpType, const uint8_t* from, const uint8_t* to) { return ARMv7Assembler::computeJumpType(jumpType, from, to); }
static JumpLinkType computeJumpType(LinkRecord& record, const uint8_t* from, const uint8_t* to) { return ARMv7Assembler::computeJumpType(record, from, to); }
Modified: branches/safari-606-branch/Source/_javascript_Core/assembler/X86Assembler.h (237372 => 237373)
--- branches/safari-606-branch/Source/_javascript_Core/assembler/X86Assembler.h 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/_javascript_Core/assembler/X86Assembler.h 2018-10-23 23:52:18 UTC (rev 237373)
@@ -3902,9 +3902,10 @@
m_formatter.oneByteOp(OP_NOP);
}
- static void fillNops(void* base, size_t size, bool isCopyingToExecutableMemory)
+ template <typename CopyFunction>
+ static void fillNops(void* base, size_t size, CopyFunction copy)
{
- UNUSED_PARAM(isCopyingToExecutableMemory);
+ UNUSED_PARAM(copy);
#if CPU(X86_64)
static const uint8_t nops[10][10] = {
// nop
Modified: branches/safari-606-branch/Source/WTF/ChangeLog (237372 => 237373)
--- branches/safari-606-branch/Source/WTF/ChangeLog 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/WTF/ChangeLog 2018-10-23 23:52:18 UTC (rev 237373)
@@ -1,3 +1,80 @@
+2018-10-23 Kocsen Chung <[email protected]>
+
+ Cherry-pick r236589. rdar://problem/45285669
+
+ Verify the contents of AssemblerBuffer on arm64e
+ https://bugs.webkit.org/show_bug.cgi?id=190057
+ <rdar://problem/38916630>
+
+ Reviewed by Mark Lam.
+
+ JSTests:
+
+ * stress/regress-189132.js:
+
+ Source/_javascript_Core:
+
+ * assembler/ARM64Assembler.h:
+ (JSC::ARM64Assembler::ARM64Assembler):
+ (JSC::ARM64Assembler::fillNops):
+ (JSC::ARM64Assembler::link):
+ (JSC::ARM64Assembler::linkJumpOrCall):
+ (JSC::ARM64Assembler::linkCompareAndBranch):
+ (JSC::ARM64Assembler::linkConditionalBranch):
+ (JSC::ARM64Assembler::linkTestAndBranch):
+ (JSC::ARM64Assembler::unlinkedCode): Deleted.
+ * assembler/ARMAssembler.h:
+ (JSC::ARMAssembler::fillNops):
+ * assembler/ARMv7Assembler.h:
+ (JSC::ARMv7Assembler::unlinkedCode): Deleted.
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::emitNops):
+ (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
+ * assembler/AssemblerBuffer.h:
+ (JSC::ARM64EHash::ARM64EHash):
+ (JSC::ARM64EHash::update):
+ (JSC::ARM64EHash::hash const):
+ (JSC::ARM64EHash::randomSeed const):
+ (JSC::AssemblerBuffer::AssemblerBuffer):
+ (JSC::AssemblerBuffer::putShort):
+ (JSC::AssemblerBuffer::putIntUnchecked):
+ (JSC::AssemblerBuffer::putInt):
+ (JSC::AssemblerBuffer::hash const):
+ (JSC::AssemblerBuffer::data const):
+ (JSC::AssemblerBuffer::putIntegralUnchecked):
+ (JSC::AssemblerBuffer::append): Deleted.
+ * assembler/LinkBuffer.cpp:
+ (JSC::LinkBuffer::copyCompactAndLinkCode):
+ * assembler/MIPSAssembler.h:
+ (JSC::MIPSAssembler::fillNops):
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::jumpsToLink):
+ (JSC::MacroAssemblerARM64::link):
+ (JSC::MacroAssemblerARM64::unlinkedCode): Deleted.
+ * assembler/MacroAssemblerARMv7.h:
+ (JSC::MacroAssemblerARMv7::jumpsToLink):
+ (JSC::MacroAssemblerARMv7::unlinkedCode): Deleted.
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::fillNops):
+
+ Source/WTF:
+
+ * wtf/PtrTag.h:
+ (WTF::tagInt):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236589 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-09-27 Saam barati <[email protected]>
+
+ Verify the contents of AssemblerBuffer on arm64e
+ https://bugs.webkit.org/show_bug.cgi?id=190057
+ <rdar://problem/38916630>
+
+ Reviewed by Mark Lam.
+
+ * wtf/PtrTag.h:
+ (WTF::tagInt):
+
2018-10-21 Babak Shafiei <[email protected]>
Cherry-pick r236969. rdar://problem/45285687
Modified: branches/safari-606-branch/Source/WTF/wtf/PtrTag.h (237372 => 237373)
--- branches/safari-606-branch/Source/WTF/wtf/PtrTag.h 2018-10-23 23:52:12 UTC (rev 237372)
+++ branches/safari-606-branch/Source/WTF/wtf/PtrTag.h 2018-10-23 23:52:18 UTC (rev 237373)
@@ -147,6 +147,13 @@
template<PtrTag, typename PtrType, typename = std::enable_if_t<std::is_pointer<PtrType>::value>>
inline PtrType untagCFunctionPtr(PtrType ptr) { return ptr; }
+template <typename IntType>
+inline IntType tagInt(IntType ptrInt, PtrTag)
+{
+ static_assert(sizeof(IntType) == sizeof(uintptr_t), "");
+ return ptrInt;
+}
+
template<typename PtrType> void assertIsCFunctionPtr(PtrType) { }
template<typename PtrType> void assertIsNullOrCFunctionPtr(PtrType) { }
@@ -184,6 +191,7 @@
using WTF::removeCodePtrTag;
using WTF::tagCFunctionPtr;
using WTF::untagCFunctionPtr;
+using WTF::tagInt;
using WTF::assertIsCFunctionPtr;
using WTF::assertIsNullOrCFunctionPtr;
