Title: [261326] trunk/Source/_javascript_Core
- Revision
- 261326
- Author
- commit-qu...@webkit.org
- Date
- 2020-05-07 12:30:28 -0700 (Thu, 07 May 2020)
Log Message
REGRESSION(r251875): Crash in JSC::StructureIDTable::get on ppc64le: gcSafeMemcpy broken on JSVALUE64 platforms other than x86_64 and aarch64
https://bugs.webkit.org/show_bug.cgi?id=210685
Patch by Daniel Kolesa <dan...@octaforge.org> on 2020-05-07
Reviewed by Michael Catanzaro.
Fix gcSafeMemcpy on non-x86_64/aarch64 64-bit architectures.
We were hitting an incorrect x86_64 assertion on values larger than
mediumCutoff on JSVALUE64 architectures other than x86_64 and aarch64,
as the control flow is wrong.
* heap/GCMemoryOperations.h:
(JSC::gcSafeMemcpy):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (261325 => 261326)
--- trunk/Source/_javascript_Core/ChangeLog 2020-05-07 19:25:32 UTC (rev 261325)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-05-07 19:30:28 UTC (rev 261326)
@@ -1,3 +1,19 @@
+2020-05-07 Daniel Kolesa <dan...@octaforge.org>
+
+ REGRESSION(r251875): Crash in JSC::StructureIDTable::get on ppc64le: gcSafeMemcpy broken on JSVALUE64 platforms other than x86_64 and aarch64
+ https://bugs.webkit.org/show_bug.cgi?id=210685
+
+ Reviewed by Michael Catanzaro.
+
+ Fix gcSafeMemcpy on non-x86_64/aarch64 64-bit architectures.
+
+ We were hitting an incorrect x86_64 assertion on values larger than
+ mediumCutoff on JSVALUE64 architectures other than x86_64 and aarch64,
+ as the control flow is wrong.
+
+ * heap/GCMemoryOperations.h:
+ (JSC::gcSafeMemcpy):
+
2020-05-07 Mark Lam <mark....@apple.com>
Add stack checks to the DFG and FTL bytecode parser.
Modified: trunk/Source/_javascript_Core/heap/GCMemoryOperations.h (261325 => 261326)
--- trunk/Source/_javascript_Core/heap/GCMemoryOperations.h 2020-05-07 19:25:32 UTC (rev 261325)
+++ trunk/Source/_javascript_Core/heap/GCMemoryOperations.h 2020-05-07 19:30:28 UTC (rev 261326)
@@ -53,7 +53,7 @@
bitwise_cast<volatile uint64_t*>(dst)[i] = bitwise_cast<volatile uint64_t*>(src)[i];
};
-#if COMPILER(GCC_COMPATIBLE) && USE(JSVALUE64)
+#if COMPILER(GCC_COMPATIBLE) && (CPU(X86_64) || CPU(ARM64))
if (bytes <= smallCutoff)
slowPathForwardMemcpy();
else if (isARM64() || bytes <= mediumCutoff) {
@@ -121,8 +121,6 @@
:
: "d0", "d1", "memory"
);
-#else
- slowPathForwardMemcpy();
#endif // CPU(X86_64)
} else {
RELEASE_ASSERT(isX86_64());
@@ -139,7 +137,7 @@
}
#else
slowPathForwardMemcpy();
-#endif // COMPILER(GCC_COMPATIBLE)
+#endif // COMPILER(GCC_COMPATIBLE) && (CPU(X86_64) || CPU(ARM64))
#else
memcpy(dst, src, bytes);
#endif // USE(JSVALUE64)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
