Title: [238997] trunk/Source/_javascript_Core
- Revision
- 238997
- Author
- [email protected]
- Date
- 2018-12-07 17:12:57 -0800 (Fri, 07 Dec 2018)
Log Message
Align the metadata table on all platforms
https://bugs.webkit.org/show_bug.cgi?id=192050
<rdar://problem/46312674>
Reviewed by Mark Lam.
Although certain platforms don't require the metadata to be aligned,
values were being concurrently read and written to ValueProfiles,
which caused crashes since these operations are not atomic on unaligned
addresses.
* bytecode/Opcode.cpp:
(JSC::metadataAlignment):
* bytecode/Opcode.h:
* bytecode/UnlinkedMetadataTableInlines.h:
(JSC::UnlinkedMetadataTable::finalize):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (238996 => 238997)
--- trunk/Source/_javascript_Core/ChangeLog 2018-12-08 00:45:03 UTC (rev 238996)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-12-08 01:12:57 UTC (rev 238997)
@@ -1,3 +1,22 @@
+2018-12-07 Tadeu Zagallo <[email protected]>
+
+ Align the metadata table on all platforms
+ https://bugs.webkit.org/show_bug.cgi?id=192050
+ <rdar://problem/46312674>
+
+ Reviewed by Mark Lam.
+
+ Although certain platforms don't require the metadata to be aligned,
+ values were being concurrently read and written to ValueProfiles,
+ which caused crashes since these operations are not atomic on unaligned
+ addresses.
+
+ * bytecode/Opcode.cpp:
+ (JSC::metadataAlignment):
+ * bytecode/Opcode.h:
+ * bytecode/UnlinkedMetadataTableInlines.h:
+ (JSC::UnlinkedMetadataTable::finalize):
+
2018-12-05 Mark Lam <[email protected]>
speculationFromCell() should speculate non-Identifier strings as SpecString instead of SpecStringVar.
Modified: trunk/Source/_javascript_Core/bytecode/Opcode.cpp (238996 => 238997)
--- trunk/Source/_javascript_Core/bytecode/Opcode.cpp 2018-12-08 00:45:03 UTC (rev 238996)
+++ trunk/Source/_javascript_Core/bytecode/Opcode.cpp 2018-12-08 01:12:57 UTC (rev 238997)
@@ -193,7 +193,6 @@
};
-#if CPU(NEEDS_ALIGNED_ACCESS)
static unsigned metadataAlignments[] = {
#define METADATA_ALIGNMENT(size) size,
@@ -201,7 +200,6 @@
#undef METADATA_ALIGNMENT
};
-#endif
unsigned metadataSize(OpcodeID opcodeID)
{
@@ -208,12 +206,10 @@
return metadataSizes[opcodeID];
}
-#if CPU(NEEDS_ALIGNED_ACCESS)
unsigned metadataAlignment(OpcodeID opcodeID)
{
return metadataAlignments[opcodeID];
}
-#endif
} // namespace JSC
Modified: trunk/Source/_javascript_Core/bytecode/Opcode.h (238996 => 238997)
--- trunk/Source/_javascript_Core/bytecode/Opcode.h 2018-12-08 00:45:03 UTC (rev 238996)
+++ trunk/Source/_javascript_Core/bytecode/Opcode.h 2018-12-08 01:12:57 UTC (rev 238997)
@@ -251,9 +251,7 @@
}
unsigned metadataSize(OpcodeID);
-#if CPU(NEEDS_ALIGNED_ACCESS)
unsigned metadataAlignment(OpcodeID);
-#endif
} // namespace JSC
Modified: trunk/Source/_javascript_Core/bytecode/UnlinkedMetadataTableInlines.h (238996 => 238997)
--- trunk/Source/_javascript_Core/bytecode/UnlinkedMetadataTableInlines.h 2018-12-08 00:45:03 UTC (rev 238996)
+++ trunk/Source/_javascript_Core/bytecode/UnlinkedMetadataTableInlines.h 2018-12-08 01:12:57 UTC (rev 238997)
@@ -90,9 +90,7 @@
unsigned numberOfEntries = buffer()[i];
if (numberOfEntries > 0) {
-#if CPU(NEEDS_ALIGNED_ACCESS)
offset = roundUpToMultipleOf(metadataAlignment(static_cast<OpcodeID>(i)), offset);
-#endif
buffer()[i] = offset;
offset += numberOfEntries * metadataSize(static_cast<OpcodeID>(i));
} else
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
