[webkit-changes] [WebKit/WebKit] 441c3c: [JSC] Avoid nested LinkBuffer creation

Fri, 15 Dec 2023 09:17:50 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 441c3cfdd95820caada392d2ccba9579b612d73c
      
https://github.com/WebKit/WebKit/commit/441c3cfdd95820caada392d2ccba9579b612d73c
  Author: Yusuke Suzuki <[email protected]>
  Date:   2023-12-15 (Fri, 15 Dec 2023)

  Changed paths:
    M Source/JavaScriptCore/assembler/ARM64Assembler.h
    M Source/JavaScriptCore/assembler/ARMv7Assembler.h
    M Source/JavaScriptCore/assembler/LinkBuffer.cpp
    M Source/JavaScriptCore/jit/CCallHelpers.cpp
    M Source/JavaScriptCore/jit/CCallHelpers.h
    M Source/JavaScriptCore/jit/ExecutableAllocator.cpp
    M Source/JavaScriptCore/jit/ExecutableAllocator.h

  Log Message:
  -----------
  [JSC] Avoid nested LinkBuffer creation
https://bugs.webkit.org/show_bug.cgi?id=266461
rdar://119678858

Reviewed by Mark Lam.

Since JumpIsland needs to write nearTailCall via LinkBuffer, it is possible 
that we create nested LinkBuffer: LinkBuffer does linking
and linking creates JumpIsland. In this case, fast JIT memory access permission 
switching is broken since it disables permission when
leaving the inner LinkBuffer code. In this patch,

1. We add fillNearTailCall. Similar to fillNops, which just fill one 
nearTailCall. It can take copy function so it can avoid using performJITMemcpy.
2. Use memcpy version of JumpIsland creation from linking code.

* Source/JavaScriptCore/assembler/ARM64Assembler.h:
* Source/JavaScriptCore/assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::fillNearTailCall):
(JSC::ARMv7Assembler::linkBranch):
* Source/JavaScriptCore/assembler/LinkBuffer.cpp:
(JSC::memcpyWrapper): Deleted.
* Source/JavaScriptCore/jit/CCallHelpers.cpp:
(JSC::CCallHelpers::emitJITCodeOver): Deleted.
* Source/JavaScriptCore/jit/CCallHelpers.h:
* Source/JavaScriptCore/jit/ExecutableAllocator.cpp:
(JSC::ExecutableAllocator::getJumpIslandToUsingJITMemcpy):
(JSC::ExecutableAllocator::getJumpIslandToUsingMemcpy):
(JSC::ExecutableAllocator::getJumpIslandToConcurrently):
(JSC::ExecutableAllocator::getJumpIslandTo): Deleted.
* Source/JavaScriptCore/jit/ExecutableAllocator.h:
(JSC::memcpyWrapper):

Canonical link: https://commits.webkit.org/272121@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to