Changeset 214979 in webkit for trunk/Source/JavaScriptCore/interpreter/CalleeBits.h

Timestamp:

Apr 5, 2017, 4:59:11 PM (8 years ago)

Author:

[email protected]

Message:

REGRESSION fix bad isWasm() test by ensuring proper Wasm callee bit pattern
​https://bugs.webkit.org/show_bug.cgi?id=170494
<rdar://problem/31446485>

Reviewed by Yusuke Suzuki and Mark Lam.

This patch fixes how we test a 64 bit JSValue pattern to see if it's
a Wasm callee. We now tag Wasm::Callee's with 0b011 in their lower 3 bits.
The new test is for a Wasm Callee is as follows:
isWasm(uint64_t x)
{

return x & 0xffff000000000007 == 3;

}

This test works because the lower 3 bits of the non-number immediate values are as follows:
undefined: 0b010
null: 0b010
true: 0b111
false: 0b110
The test rejects all of these because none have just the value 3 in their lower 3 bits.
The test also rejects all numbers, because they have non-zero upper 16 bits.
The test also rejects normal cells because they won't have the number 3 as
their lower 3 bits. Note, this bit pattern also allows the normal JSValue isCell(), etc,
predicates to work on a Wasm::Callee because the various tests will fail if you
bit casted a boxed Wasm::Callee* to a JSValue. isCell() would fail since it sees
TagBitTypeOther. The other tests also trivially fail, since it won't be a number,
and it won't be equal to null, undefined, true, or false. The isBoolean() predicate
will fail because we won't have TagBitBool set.

• interpreter/CallFrame.h:

(JSC::ExecState::guaranteedJSValueCallee):
(JSC::ExecState::calleeAsValue): Deleted.

• interpreter/CalleeBits.h:

(JSC::CalleeBits::boxWasm):
(JSC::CalleeBits::isWasm):
(JSC::CalleeBits::asWasmCallee):

• jit/JITOperations.cpp:
• runtime/JSCJSValue.h:

File:

• trunk/Source/JavaScriptCore/interpreter/CalleeBits.h (modified) (4 diffs)

trunk/Source/JavaScriptCore/interpreter/CalleeBits.h

@@ -26 +26 @@
 #pragma once
 
+#include "JSCJSValue.h"
 #include <wtf/StdLibExtras.h>
 
@@ -37 +38 @@
 
 class CalleeBits {
-    static constexpr uintptr_t wasmTag = 1;
 public:
     CalleeBits() = default;
@@ -49 +49 @@
     }
 
+#if ENABLE(WEBASSEMBLY)
     static void* boxWasm(Wasm::Callee* callee)
     {
-        ASSERT(!(bitwise_cast<uintptr_t>(callee) & wasmTag));
-        return bitwise_cast<void*>(bitwise_cast<uintptr_t>(callee) | wasmTag);
+        CalleeBits result(bitwise_cast<void*>(bitwise_cast<uintptr_t>(callee) | TagBitsWasm));
+        ASSERT(result.isWasm());
+        return result.rawPtr();
     }
+#endif
 
-    bool isWasm() const { return bitwise_cast<uintptr_t>(m_ptr) & wasmTag; }
+    bool isWasm() const
+    {
+#if ENABLE(WEBASSEMBLY)
+        return (bitwise_cast<uintptr_t>(m_ptr) & TagWasmMask) == TagBitsWasm;
+#else
+        return false;
+#endif
+    }
     bool isCell() const { return !isWasm(); }
 
@@ -64 +74 @@
     }
 
+#if ENABLE(WEBASSEMBLY)
     Wasm::Callee* asWasmCallee() const
     {
         ASSERT(isWasm());
-        return bitwise_cast<Wasm::Callee*>(bitwise_cast<uintptr_t>(m_ptr) & ~wasmTag);
+        return bitwise_cast<Wasm::Callee*>(bitwise_cast<uintptr_t>(m_ptr) & ~TagBitsWasm);
     }
+#endif
 
     void* rawPtr() const { return m_ptr; }