Skip to site navigation (Press enter)

[webkit-changes] [271312] branches/safari-610.4.3.0-branch/Source/JavaScriptCore

alancoon Fri, 08 Jan 2021 12:04:47 -0800

Title: [271312] branches/safari-610.4.3.0-branch/Source/_javascript_Core

Revision: 271312
Author: [email protected]
Date: 2021-01-08 12:04:03 -0800 (Fri, 08 Jan 2021)

Log Message

Revert r271240. rdar://problem/72935204


Modified Paths

branches/safari-610.4.3.0-branch/Source/_javascript_Core/ChangeLog
branches/safari-610.4.3.0-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64E.h
branches/safari-610.4.3.0-branch/Source/_javascript_Core/jit/ThunkGenerators.cpp

Diff

Modified: branches/safari-610.4.3.0-branch/Source/_javascript_Core/ChangeLog (271311 => 271312)


--- branches/safari-610.4.3.0-branch/Source/_javascript_Core/ChangeLog	2021-01-08 19:56:10 UTC (rev 271311)
+++ branches/safari-610.4.3.0-branch/Source/_javascript_Core/ChangeLog	2021-01-08 20:04:03 UTC (rev 271312)
@@ -1,43 +1,5 @@
 2021-01-08  Kocsen Chung  <[email protected]>
 
-        Cherry-pick r271240. rdar://problem/72935204
-
-    The scratch register should be different from the target register when calling validateUntaggedPtr.
-    https://bugs.webkit.org/show_bug.cgi?id=220397
-    rdar://72771069
-    
-    Reviewed by Yusuke Suzuki.
-    
-    * assembler/MacroAssemblerARM64E.h:
-    (JSC::MacroAssemblerARM64E::validateUntaggedPtr):
-    - Added an ASSERT to enforce this invariant.
-    * jit/ThunkGenerators.cpp:
-    (JSC::emitPointerValidation):
-    - emitPointerValidation() was reusing the target register as the scratch register.
-      This is a hold over from the previous way of doing the validation (which had a
-      bug).  With the validation bug fixed, this register reuse is no longer allowed.
-    
-    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271240 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
-    2021-01-07  Mark Lam  <[email protected]>
-
-            The scratch register should be different from the target register when calling validateUntaggedPtr.
-            https://bugs.webkit.org/show_bug.cgi?id=220397
-            rdar://72771069
-
-            Reviewed by Yusuke Suzuki.
-
-            * assembler/MacroAssemblerARM64E.h:
-            (JSC::MacroAssemblerARM64E::validateUntaggedPtr):
-            - Added an ASSERT to enforce this invariant.
-            * jit/ThunkGenerators.cpp:
-            (JSC::emitPointerValidation):
-            - emitPointerValidation() was reusing the target register as the scratch register.
-              This is a hold over from the previous way of doing the validation (which had a
-              bug).  With the validation bug fixed, this register reuse is no longer allowed.
-
-2021-01-08  Kocsen Chung  <[email protected]>
-
         Cherry-pick r271144. rdar://problem/72935400
 
     propertyNameEnumerator must check it can still take the fast path after getGenericPropertyNames

Modified: branches/safari-610.4.3.0-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64E.h (271311 => 271312)


--- branches/safari-610.4.3.0-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64E.h	2021-01-08 19:56:10 UTC (rev 271311)
+++ branches/safari-610.4.3.0-branch/Source/_javascript_Core/assembler/MacroAssemblerARM64E.h	2021-01-08 20:04:03 UTC (rev 271312)
@@ -84,7 +84,6 @@
             scratch = getCachedDataTempRegisterIDAndInvalidate();
 
         DisallowMacroScratchRegisterUsage disallowScope(*this);
-        ASSERT(target != scratch);
         rshift64(target, TrustedImm32(8), scratch);
         and64(TrustedImm64(0xff000000000000), scratch, scratch);
         or64(target, scratch, scratch);

Modified: branches/safari-610.4.3.0-branch/Source/_javascript_Core/jit/ThunkGenerators.cpp (271311 => 271312)


--- branches/safari-610.4.3.0-branch/Source/_javascript_Core/jit/ThunkGenerators.cpp	2021-01-08 19:56:10 UTC (rev 271311)
+++ branches/safari-610.4.3.0-branch/Source/_javascript_Core/jit/ThunkGenerators.cpp	2021-01-08 20:04:03 UTC (rev 271312)
@@ -44,15 +44,13 @@
 {
     if (!ASSERT_ENABLED)
         return;
-    if (!Options::useJITCage()) {
-        CCallHelpers::Jump isNonZero = jit.branchTestPtr(CCallHelpers::NonZero, pointerGPR);
-        jit.abortWithReason(TGInvalidPointer);
-        isNonZero.link(&jit);
-        jit.pushToSave(pointerGPR);
-        jit.untagPtr(tag, pointerGPR);
-        jit.validateUntaggedPtr(pointerGPR);
-        jit.popToRestore(pointerGPR);
-    }
+    CCallHelpers::Jump isNonZero = jit.branchTestPtr(CCallHelpers::NonZero, pointerGPR);
+    jit.abortWithReason(TGInvalidPointer);
+    isNonZero.link(&jit);
+    jit.pushToSave(pointerGPR);
+    jit.untagPtr(tag, pointerGPR);
+    jit.validateUntaggedPtr(pointerGPR, pointerGPR);
+    jit.popToRestore(pointerGPR);
 }
 
 // We will jump here if the JIT code tries to make a call, but the

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes