Skip to site navigation (Press enter)

[webkit-changes] [239118] tags/Safari-607.1.16.2/Source/JavaScriptCore

kocsen_chung Wed, 12 Dec 2018 10:54:25 -0800

Title: [239118] tags/Safari-607.1.16.2/Source/_javascript_Core

Revision: 239118
Author: [email protected]
Date: 2018-12-12 10:52:47 -0800 (Wed, 12 Dec 2018)

Log Message

Cherry-pick r238997. rdar://problem/46312674


    Align the metadata table on all platforms
    https://bugs.webkit.org/show_bug.cgi?id=192050
    <rdar://problem/46312674>

    Reviewed by Mark Lam.

    Although certain platforms don't require the metadata to be aligned,
    values were being concurrently read and written to ValueProfiles,
    which caused crashes since these operations are not atomic on unaligned
    addresses.

    * bytecode/Opcode.cpp:
    (JSC::metadataAlignment):
    * bytecode/Opcode.h:
    * bytecode/UnlinkedMetadataTableInlines.h:
    (JSC::UnlinkedMetadataTable::finalize):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@238997 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

tags/Safari-607.1.16.2/Source/_javascript_Core/ChangeLog
tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/Opcode.cpp
tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/Opcode.h
tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/UnlinkedMetadataTableInlines.h

Diff

Modified: tags/Safari-607.1.16.2/Source/_javascript_Core/ChangeLog (239117 => 239118)


--- tags/Safari-607.1.16.2/Source/_javascript_Core/ChangeLog	2018-12-12 18:52:42 UTC (rev 239117)
+++ tags/Safari-607.1.16.2/Source/_javascript_Core/ChangeLog	2018-12-12 18:52:47 UTC (rev 239118)
@@ -1,3 +1,46 @@
+2018-12-12  Kocsen Chung  <[email protected]>
+
+        Cherry-pick r238997. rdar://problem/46312674
+
+    Align the metadata table on all platforms
+    https://bugs.webkit.org/show_bug.cgi?id=192050
+    <rdar://problem/46312674>
+    
+    Reviewed by Mark Lam.
+    
+    Although certain platforms don't require the metadata to be aligned,
+    values were being concurrently read and written to ValueProfiles,
+    which caused crashes since these operations are not atomic on unaligned
+    addresses.
+    
+    * bytecode/Opcode.cpp:
+    (JSC::metadataAlignment):
+    * bytecode/Opcode.h:
+    * bytecode/UnlinkedMetadataTableInlines.h:
+    (JSC::UnlinkedMetadataTable::finalize):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@238997 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2018-12-07  Tadeu Zagallo  <[email protected]>
+
+            Align the metadata table on all platforms
+            https://bugs.webkit.org/show_bug.cgi?id=192050
+            <rdar://problem/46312674>
+
+            Reviewed by Mark Lam.
+
+            Although certain platforms don't require the metadata to be aligned,
+            values were being concurrently read and written to ValueProfiles,
+            which caused crashes since these operations are not atomic on unaligned
+            addresses.
+
+            * bytecode/Opcode.cpp:
+            (JSC::metadataAlignment):
+            * bytecode/Opcode.h:
+            * bytecode/UnlinkedMetadataTableInlines.h:
+            (JSC::UnlinkedMetadataTable::finalize):
+
 2018-12-02  Zalan Bujtas  <[email protected]>
 
         Add a runtime feature flag for LayoutFormattingContext.

Modified: tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/Opcode.cpp (239117 => 239118)


--- tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/Opcode.cpp	2018-12-12 18:52:42 UTC (rev 239117)
+++ tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/Opcode.cpp	2018-12-12 18:52:47 UTC (rev 239118)
@@ -193,7 +193,6 @@
 
 };
 
-#if CPU(NEEDS_ALIGNED_ACCESS)
 static unsigned metadataAlignments[] = {
 
 #define METADATA_ALIGNMENT(size) size,
@@ -201,7 +200,6 @@
 #undef METADATA_ALIGNMENT
 
 };
-#endif
 
 unsigned metadataSize(OpcodeID opcodeID)
 {
@@ -208,12 +206,10 @@
     return metadataSizes[opcodeID];
 }
 
-#if CPU(NEEDS_ALIGNED_ACCESS)
 unsigned metadataAlignment(OpcodeID opcodeID)
 {
     return metadataAlignments[opcodeID];
 }
-#endif
 
 } // namespace JSC

Modified: tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/Opcode.h (239117 => 239118)


--- tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/Opcode.h	2018-12-12 18:52:42 UTC (rev 239117)
+++ tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/Opcode.h	2018-12-12 18:52:47 UTC (rev 239118)
@@ -251,9 +251,7 @@
 }
 
 unsigned metadataSize(OpcodeID);
-#if CPU(NEEDS_ALIGNED_ACCESS)
 unsigned metadataAlignment(OpcodeID);
-#endif
 
 } // namespace JSC

Modified: tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/UnlinkedMetadataTableInlines.h (239117 => 239118)


--- tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/UnlinkedMetadataTableInlines.h	2018-12-12 18:52:42 UTC (rev 239117)
+++ tags/Safari-607.1.16.2/Source/_javascript_Core/bytecode/UnlinkedMetadataTableInlines.h	2018-12-12 18:52:47 UTC (rev 239118)
@@ -90,9 +90,7 @@
         unsigned numberOfEntries = buffer()[i];
 
         if (numberOfEntries > 0) {
-#if CPU(NEEDS_ALIGNED_ACCESS)
             offset = roundUpToMultipleOf(metadataAlignment(static_cast<OpcodeID>(i)), offset);
-#endif
             buffer()[i] = offset;
             offset += numberOfEntries * metadataSize(static_cast<OpcodeID>(i));
         } else

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes