[webkit-changes] [188997] branches/safari-601.1.46-branch

[bshafiei]

Title: [188997] branches/safari-601.1.46-branch

Revision

188997

Author

bshaf...@apple.com

Date

2015-08-26 15:22:29 -0700 (Wed, 26 Aug 2015)

Log Message

Merged r188311.  rdar://problem/22410806

Modified Paths

branches/safari-601.1.46-branch/Source/_javascript_Core/ChangeLog
branches/safari-601.1.46-branch/Source/_javascript_Core/dfg/DFGOSREntry.cpp
branches/safari-601.1.46-branch/Source/_javascript_Core/ftl/FTLOSREntry.cpp
branches/safari-601.1.46-branch/Source/_javascript_Core/heap/ConservativeRoots.cpp
branches/safari-601.1.46-branch/Source/_javascript_Core/heap/MachineStackMarker.cpp
branches/safari-601.1.46-branch/Source/_javascript_Core/interpreter/Register.h
branches/safari-601.1.46-branch/Source/WTF/wtf/Compiler.h
branches/safari-601.1.46-branch/Tools/ChangeLog
branches/safari-601.1.46-branch/Tools/asan/asan.xcconfig


Removed Paths

branches/safari-601.1.46-branch/Tools/asan/webkit-asan-ignore.txt

Diff

Modified: branches/safari-601.1.46-branch/Source/_javascript_Core/ChangeLog (188996 => 188997)

--- branches/safari-601.1.46-branch/Source/_javascript_Core/ChangeLog	2015-08-26 22:20:03 UTC (rev 188996)
+++ branches/safari-601.1.46-branch/Source/_javascript_Core/ChangeLog	2015-08-26 22:22:29 UTC (rev 188997)
@@ -1,3 +1,33 @@
+2015-08-26  Babak Shafiei  <bshaf...@apple.com>
+
+        Merge r188311.
+
+    2015-08-11  Alexey Proskuryakov  <a...@apple.com>
+
+            Make ASan build not depend on asan.xcconfig
+            https://bugs.webkit.org/show_bug.cgi?id=147840
+            rdar://problem/21093702
+
+            Reviewed by Daniel Bates.
+
+            * dfg/DFGOSREntry.cpp:
+            (JSC::DFG::OSREntryData::dump):
+            (JSC::DFG::prepareOSREntry):
+            * ftl/FTLOSREntry.cpp:
+            (JSC::FTL::prepareOSREntry):
+            * heap/ConservativeRoots.cpp:
+            (JSC::ConservativeRoots::genericAddPointer):
+            (JSC::ConservativeRoots::genericAddSpan):
+            * heap/MachineStackMarker.cpp:
+            (JSC::MachineThreads::removeThreadIfFound):
+            (JSC::MachineThreads::gatherFromCurrentThread):
+            (JSC::MachineThreads::Thread::captureStack):
+            (JSC::copyMemory):
+            * interpreter/Register.h:
+            (JSC::Register::operator=):
+            (JSC::Register::asanUnsafeJSValue):
+            (JSC::Register::jsValue):
+
 2015-08-21  Babak Shafiei  <bshaf...@apple.com>
 
         Merge r188067.

Modified: branches/safari-601.1.46-branch/Source/_javascript_Core/dfg/DFGOSREntry.cpp (188996 => 188997)

--- branches/safari-601.1.46-branch/Source/_javascript_Core/dfg/DFGOSREntry.cpp	2015-08-26 22:20:03 UTC (rev 188996)
+++ branches/safari-601.1.46-branch/Source/_javascript_Core/dfg/DFGOSREntry.cpp	2015-08-26 22:22:29 UTC (rev 188997)
@@ -90,6 +90,7 @@
     dumpInContext(out, nullptr);
 }
 
+SUPPRESS_ASAN
 void* prepareOSREntry(ExecState* exec, CodeBlock* codeBlock, unsigned bytecodeIndex)
 {
     ASSERT(JITCode::isOptimizingJIT(codeBlock->jitType()));
@@ -202,33 +203,33 @@
     for (size_t local = 0; local < entry->m_expectedValues.numberOfLocals(); ++local) {
         int localOffset = virtualRegisterForLocal(local).offset();
         if (entry->m_localsForcedDouble.get(local)) {
-            if (!exec->registers()[localOffset].jsValue().isNumber()) {
+            if (!exec->registers()[localOffset].asanUnsafeJSValue().isNumber()) {
                 if (Options::verboseOSR()) {
                     dataLog(
                         "    OSR failed because variable ", localOffset, " is ",
-                        exec->registers()[localOffset].jsValue(), ", expected number.\n");
+                        exec->registers()[localOffset].asanUnsafeJSValue(), ", expected number.\n");
                 }
                 return 0;
             }
             continue;
         }
         if (entry->m_localsForcedMachineInt.get(local)) {
-            if (!exec->registers()[localOffset].jsValue().isMachineInt()) {
+            if (!exec->registers()[localOffset].asanUnsafeJSValue().isMachineInt()) {
                 if (Options::verboseOSR()) {
                     dataLog(
                         "    OSR failed because variable ", localOffset, " is ",
-                        exec->registers()[localOffset].jsValue(), ", expected ",
+                        exec->registers()[localOffset].asanUnsafeJSValue(), ", expected ",
                         "machine int.\n");
                 }
                 return 0;
             }
             continue;
         }
-        if (!entry->m_expectedValues.local(local).validate(exec->registers()[localOffset].jsValue())) {
+        if (!entry->m_expectedValues.local(local).validate(exec->registers()[localOffset].asanUnsafeJSValue())) {
             if (Options::verboseOSR()) {
                 dataLog(
                     "    OSR failed because variable ", localOffset, " is ",
-                    exec->registers()[localOffset].jsValue(), ", expected ",
+                    exec->registers()[localOffset].asanUnsafeJSValue(), ", expected ",
                     entry->m_expectedValues.local(local), ".\n");
             }
             return 0;
@@ -280,23 +281,23 @@
         
         if (reg.isLocal()) {
             if (entry->m_localsForcedDouble.get(reg.toLocal())) {
-                *bitwise_cast<double*>(pivot + index) = exec->registers()[reg.offset()].jsValue().asNumber();
+                *bitwise_cast<double*>(pivot + index) = exec->registers()[reg.offset()].asanUnsafeJSValue().asNumber();
                 continue;
             }
             
             if (entry->m_localsForcedMachineInt.get(reg.toLocal())) {
-                *bitwise_cast<int64_t*>(pivot + index) = exec->registers()[reg.offset()].jsValue().asMachineInt() << JSValue::int52ShiftAmount;
+                *bitwise_cast<int64_t*>(pivot + index) = exec->registers()[reg.offset()].asanUnsafeJSValue().asMachineInt() << JSValue::int52ShiftAmount;
                 continue;
             }
         }
         
-        pivot[index] = exec->registers()[reg.offset()].jsValue();
+        pivot[index] = exec->registers()[reg.offset()].asanUnsafeJSValue();
     }
     
     // 4) Reshuffle those registers that need reshuffling.
     Vector<JSValue> temporaryLocals(entry->m_reshufflings.size());
     for (unsigned i = entry->m_reshufflings.size(); i--;)
-        temporaryLocals[i] = pivot[VirtualRegister(entry->m_reshufflings[i].fromOffset).toLocal()].jsValue();
+        temporaryLocals[i] = pivot[VirtualRegister(entry->m_reshufflings[i].fromOffset).toLocal()].asanUnsafeJSValue();
     for (unsigned i = entry->m_reshufflings.size(); i--;)
         pivot[VirtualRegister(entry->m_reshufflings[i].toOffset).toLocal()] = temporaryLocals[i];
     

Modified: branches/safari-601.1.46-branch/Source/_javascript_Core/ftl/FTLOSREntry.cpp (188996 => 188997)

--- branches/safari-601.1.46-branch/Source/_javascript_Core/ftl/FTLOSREntry.cpp	2015-08-26 22:20:03 UTC (rev 188996)
+++ branches/safari-601.1.46-branch/Source/_javascript_Core/ftl/FTLOSREntry.cpp	2015-08-26 22:22:29 UTC (rev 188997)
@@ -38,6 +38,7 @@
 
 namespace JSC { namespace FTL {
 
+SUPPRESS_ASAN
 void* prepareOSREntry(
     ExecState* exec, CodeBlock* dfgCodeBlock, CodeBlock* entryCodeBlock,
     unsigned bytecodeIndex, unsigned streamIndex)
@@ -71,7 +72,7 @@
         dataLog("    Values at entry: ", values, "\n");
     
     for (int argument = values.numberOfArguments(); argument--;) {
-        JSValue valueOnStack = exec->r(virtualRegisterForArgument(argument).offset()).jsValue();
+        JSValue valueOnStack = exec->r(virtualRegisterForArgument(argument).offset()).asanUnsafeJSValue();
         JSValue reconstructedValue = values.argument(argument);
         if (valueOnStack == reconstructedValue || !argument)
             continue;

Modified: branches/safari-601.1.46-branch/Source/_javascript_Core/heap/ConservativeRoots.cpp (188996 => 188997)

--- branches/safari-601.1.46-branch/Source/_javascript_Core/heap/ConservativeRoots.cpp	2015-08-26 22:20:03 UTC (rev 188996)
+++ branches/safari-601.1.46-branch/Source/_javascript_Core/heap/ConservativeRoots.cpp	2015-08-26 22:22:29 UTC (rev 188997)
@@ -92,6 +92,7 @@
 }
 
 template<typename MarkHook>
+SUPPRESS_ASAN
 void ConservativeRoots::genericAddSpan(void* begin, void* end, MarkHook& markHook)
 {
     if (begin > end) {

Modified: branches/safari-601.1.46-branch/Source/_javascript_Core/heap/MachineStackMarker.cpp (188996 => 188997)

--- branches/safari-601.1.46-branch/Source/_javascript_Core/heap/MachineStackMarker.cpp	2015-08-26 22:20:03 UTC (rev 188996)
+++ branches/safari-601.1.46-branch/Source/_javascript_Core/heap/MachineStackMarker.cpp	2015-08-26 22:22:29 UTC (rev 188997)
@@ -335,7 +335,8 @@
         delete t;
     }
 }
-    
+
+SUPPRESS_ASAN
 void MachineThreads::gatherFromCurrentThread(ConservativeRoots& conservativeRoots, JITStubRoutineSet& jitStubRoutines, CodeBlockSet& codeBlocks, void* stackOrigin, void* stackTop, RegisterState& calleeSavedRegisters)
 {
     void* registersBegin = &calleeSavedRegisters;
@@ -519,6 +520,7 @@
     return std::make_pair(begin, static_cast<char*>(end) - static_cast<char*>(begin));
 }
 
+SUPPRESS_ASAN
 static void copyMemory(void* dst, const void* src, size_t size)
 {
     size_t dstAsSize = reinterpret_cast<size_t>(dst);

Modified: branches/safari-601.1.46-branch/Source/_javascript_Core/interpreter/Register.h (188996 => 188997)

--- branches/safari-601.1.46-branch/Source/_javascript_Core/interpreter/Register.h	2015-08-26 22:20:03 UTC (rev 188996)
+++ branches/safari-601.1.46-branch/Source/_javascript_Core/interpreter/Register.h	2015-08-26 22:22:29 UTC (rev 188997)
@@ -51,6 +51,7 @@
         Register(const JSValue&);
         Register& operator=(const JSValue&);
         JSValue jsValue() const;
+        JSValue asanUnsafeJSValue() const;
         EncodedJSValue encodedJSValue() const;
         
         Register& operator=(CallFrame*);
@@ -110,6 +111,12 @@
         return *this;
     }
 
+    // FIXME (rdar://problem/19379214): ASan only needs to be suppressed for Register::jsValue() when called from prepareOSREntry(), but there is currently no way to express this short of adding a separate copy of the function.
+    SUPPRESS_ASAN ALWAYS_INLINE JSValue Register::asanUnsafeJSValue() const
+    {
+        return JSValue::decode(u.value);
+    }
+
     ALWAYS_INLINE JSValue Register::jsValue() const
     {
         return JSValue::decode(u.value);

Modified: branches/safari-601.1.46-branch/Source/WTF/wtf/Compiler.h (188996 => 188997)

--- branches/safari-601.1.46-branch/Source/WTF/wtf/Compiler.h	2015-08-26 22:20:03 UTC (rev 188996)
+++ branches/safari-601.1.46-branch/Source/WTF/wtf/Compiler.h	2015-08-26 22:22:29 UTC (rev 188997)
@@ -142,6 +142,12 @@
 #define ASAN_ENABLED 0
 #endif
 
+#if ASAN_ENABLED
+#define SUPPRESS_ASAN __attribute__((no_sanitize_address))
+#else
+#define SUPPRESS_ASAN
+#endif
+
 /* ==== Compiler-independent macros for various compiler features, in alphabetical order ==== */
 
 /* ALWAYS_INLINE */

Modified: branches/safari-601.1.46-branch/Tools/ChangeLog (188996 => 188997)

--- branches/safari-601.1.46-branch/Tools/ChangeLog	2015-08-26 22:20:03 UTC (rev 188996)
+++ branches/safari-601.1.46-branch/Tools/ChangeLog	2015-08-26 22:22:29 UTC (rev 188997)
@@ -1,3 +1,19 @@
+2015-08-26  Babak Shafiei  <bshaf...@apple.com>
+
+        Merge r188311.
+
+    2015-08-11  Alexey Proskuryakov  <a...@apple.com>
+
+            Make ASan build not depend on asan.xcconfig
+            https://bugs.webkit.org/show_bug.cgi?id=147840
+            rdar://problem/21093702
+
+            Reviewed by Daniel Bates.
+
+            * asan/asan.xcconfig:
+            * asan/webkit-asan-ignore.txt: Removed. It's no longer needed, as unsafe functions
+            are now marked in source code.
+
 2015-08-05  Matthew Hanson  <matthew_han...@apple.com>
 
         Merge r187962. rdar://problem/21827815

Modified: branches/safari-601.1.46-branch/Tools/asan/asan.xcconfig (188996 => 188997)

--- branches/safari-601.1.46-branch/Tools/asan/asan.xcconfig	2015-08-26 22:20:03 UTC (rev 188996)
+++ branches/safari-601.1.46-branch/Tools/asan/asan.xcconfig	2015-08-26 22:22:29 UTC (rev 188997)
@@ -12,7 +12,7 @@
 
 CLANG_ADDRESS_SANITIZER=YES
 
-ASAN_OTHER_CFLAGS = -fsanitize-blacklist=$(ASAN_IGNORE) -fno-omit-frame-pointer -g;
+ASAN_OTHER_CFLAGS = -fno-omit-frame-pointer -g;
 ASAN_OTHER_CPLUSPLUSFLAGS = $(ASAN_OTHER_CFLAGS);
 
 GCC_ENABLE_OBJC_GC = NO;

Deleted: branches/safari-601.1.46-branch/Tools/asan/webkit-asan-ignore.txt (188996 => 188997)

--- branches/safari-601.1.46-branch/Tools/asan/webkit-asan-ignore.txt	2015-08-26 22:20:03 UTC (rev 188996)
+++ branches/safari-601.1.46-branch/Tools/asan/webkit-asan-ignore.txt	2015-08-26 22:22:29 UTC (rev 188997)
@@ -1,7 +0,0 @@
-fun:*genericAddSpan*
-fun:*gatherFromCurrentThread*ConservativeRoots*
-fun:*DFG*prepareOSREntry*
-# FIXME (rdar://problem/19379214): Register::jsValue() only needs to be blacklisted when
-# called from prepareOSREntry(), but there is currently no way to express this in a blacklist.
-fun:*JSC*Register*jsValue*
-fun:*asanUnsafeMemcpy*

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes