[webkit-changes] [249858] trunk/Source/JavaScriptCore

Fri, 13 Sep 2019 16:46:41 -0700

Title: [249858] trunk/Source/_javascript_Core
Revision
249858
Author
mark....@apple.com
Date
2019-09-13 16:45:16 -0700 (Fri, 13 Sep 2019)

Log Message

performJITMemcpy() should do its !Gigacage assertion on exit.
https://bugs.webkit.org/show_bug.cgi?id=201780
<rdar://problem/55354867>

Reviewed by Robin Morisset.

Re-doing previous fix.

* jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
(JSC::GigacageAssertScope::GigacageAssertScope): Deleted.
(JSC::GigacageAssertScope::~GigacageAssertScope): Deleted.

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (249857 => 249858)


--- trunk/Source/_javascript_Core/ChangeLog	2019-09-13 23:18:51 UTC (rev 249857)
+++ trunk/Source/_javascript_Core/ChangeLog	2019-09-13 23:45:16 UTC (rev 249858)
@@ -6,7 +6,22 @@
 
         Reviewed by Robin Morisset.
 
+        Re-doing previous fix.
+
         * jit/ExecutableAllocator.h:
+        (JSC::performJITMemcpy):
+        (JSC::GigacageAssertScope::GigacageAssertScope): Deleted.
+        (JSC::GigacageAssertScope::~GigacageAssertScope): Deleted.
+
+2019-09-13  Mark Lam  <mark....@apple.com>
+
+        performJITMemcpy() should do its !Gigacage assertion on exit.
+        https://bugs.webkit.org/show_bug.cgi?id=201780
+        <rdar://problem/55354867>
+
+        Reviewed by Robin Morisset.
+
+        * jit/ExecutableAllocator.h:
         (JSC::GigacageAssertScope::GigacageAssertScope):
         (JSC::GigacageAssertScope::~GigacageAssertScope):
         (JSC::performJITMemcpy):

Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocator.h (249857 => 249858)


--- trunk/Source/_javascript_Core/jit/ExecutableAllocator.h	2019-09-13 23:18:51 UTC (rev 249857)
+++ trunk/Source/_javascript_Core/jit/ExecutableAllocator.h	2019-09-13 23:45:16 UTC (rev 249858)
@@ -116,17 +116,8 @@
 
 JS_EXPORT_PRIVATE void dumpJITMemory(const void*, const void*, size_t);
 
-struct GigacageAssertScope {
-    GigacageAssertScope(const void *src)
-        : src(src)
-    { }
-    ~GigacageAssertScope() { RELEASE_ASSERT(!Gigacage::contains(src)); }
-    const void* src;
-};
-
 static ALWAYS_INLINE void* performJITMemcpy(void *dst, const void *src, size_t n)
 {
-    GigacageAssertScope assertScope(src);
 #if CPU(ARM64)
     static constexpr size_t instructionSize = sizeof(unsigned);
     RELEASE_ASSERT(roundUpToMultipleOf<instructionSize>(dst) == dst);
@@ -144,6 +135,7 @@
         {
             os_thread_self_restrict_rwx_to_rw();
             memcpy(dst, src, n);
+            RELEASE_ASSERT(!Gigacage::contains(src));
             os_thread_self_restrict_rwx_to_rx();
             return dst;
         }
@@ -155,6 +147,7 @@
             // memcpy that takes an offset into the JIT region as its destination (first) parameter.
             off_t offset = (off_t)((uintptr_t)dst - startOfFixedExecutableMemoryPool<uintptr_t>());
             retagCodePtr<JITThunkPtrTag, CFunctionPtrTag>(g_jscConfig.jitWriteSeparateHeaps)(offset, src, n);
+            RELEASE_ASSERT(!Gigacage::contains(src));
             return dst;
         }
 #endif

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to