Changeset 220416 in webkit for trunk/Source/JavaScriptCore/jsc.cpp

Timestamp:

Aug 8, 2017, 12:44:20 PM (8 years ago)

Author:

[email protected]

Message:

Baseline JIT should do caging
​https://bugs.webkit.org/show_bug.cgi?id=175037

Reviewed by Mark Lam.
Source/bmalloc:

This centralizes the notion of permanently enabling the primitive gigacage, which we only do in jsc
and WebProcess.

This saves the baseline JIT from emitting some code. Otherwise it would always have to emit enabled
checks on each typed array access.

• bmalloc/Gigacage.cpp:

(Gigacage::primitiveGigacageDisabled):
(Gigacage::disableDisablingPrimitiveGigacageIfShouldBeEnabled):
(Gigacage::isDisablingPrimitiveGigacageDisabled):

• bmalloc/Gigacage.h:

(Gigacage::isPrimitiveGigacagePermanentlyEnabled):
(Gigacage::canPrimitiveGigacageBeDisabled):

Source/JavaScriptCore:

Adds a AssemblyHelpers::cage and cageConditionally. Uses it in the baseline JIT.

Also modifies FTL caging to be more defensive when caging is disabled.

Relanded with fixed AssemblyHelpers::cageConditionally().

• bytecode/AccessCase.cpp:

(JSC::AccessCase::generateImpl):

• bytecode/InlineAccess.cpp:

(JSC::InlineAccess::dumpCacheSizesAndCrash):
(JSC::InlineAccess::generateSelfPropertyAccess):
(JSC::InlineAccess::generateSelfPropertyReplace):
(JSC::InlineAccess::generateArrayLength):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::caged):

• jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::cage):
(JSC::AssemblyHelpers::cageConditionally):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::emitDoubleLoad):
(JSC::JIT::emitContiguousLoad):
(JSC::JIT::emitArrayStorageLoad):
(JSC::JIT::emitGenericContiguousPutByVal):
(JSC::JIT::emitArrayStoragePutByVal):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitIntTypedArrayGetByVal):
(JSC::JIT::emitFloatTypedArrayGetByVal):
(JSC::JIT::emitIntTypedArrayPutByVal):
(JSC::JIT::emitFloatTypedArrayPutByVal):

• jsc.cpp:

(jscmain):
(primitiveGigacageDisabled): Deleted.

Source/WebKit:

Use a better API to disable disabling the primitive gigacage.

• WebProcess/WebProcess.cpp:

(WebKit::m_webSQLiteDatabaseTracker):
(WebKit::primitiveGigacageDisabled): Deleted.

Source/WTF:

• wtf/Gigacage.h:

(Gigacage::disableDisablingPrimitiveGigacageIfShouldBeEnabled):
(Gigacage::isDisablingPrimitiveGigacageDisabled):
(Gigacage::isPrimitiveGigacagePermanentlyEnabled):
(Gigacage::canPrimitiveGigacageBeDisabled):
(Gigacage::basePtr):

File:

• trunk/Source/JavaScriptCore/jsc.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/jsc.cpp

@@ -3803 +3803 @@
 }
 
-static void primitiveGigacageDisabled(void*)
-{
-    dataLog("Primitive gigacage disabled! Aborting.\n");
-    UNREACHABLE_FOR_PLATFORM();
-}
-
 int jscmain(int argc, char** argv)
 {
@@ -3827 +3821 @@
     JSC::Wasm::enableFastMemory();
 #endif
-    if (Gigacage::shouldBeEnabled())
-        Gigacage::addPrimitiveDisableCallback(primitiveGigacageDisabled, nullptr);
+    Gigacage::disableDisablingPrimitiveGigacageIfShouldBeEnabled();
 
     int result;