Changeset 267938 in webkit for trunk/Source/JavaScriptCore/runtime/VM.cpp

Timestamp:

Oct 3, 2020, 4:51:12 PM (5 years ago)

Author:

[email protected]

Message:

[JSC] Introduce JITOperationList to validate JIT-caged pointers
​https://bugs.webkit.org/show_bug.cgi?id=217261

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch adds JITOperationList, which manages all the host-function & jit-operation pointers.
And we can now query whether the given pointer is registered in this table.
Currently, as a test, we are verifying that host-function is registered in this table when creating NativeExecutable in debug build.

• CMakeLists.txt:
• JavaScriptCore.xcodeproj/project.pbxproj:
• Sources.txt:
• assembler/JITOperationList.cpp: Added.

(JSC::JITOperationList::initialize):
(JSC::addPointers):
(JSC::JITOperationList::populatePointersInJavaScriptCore):
(JSC::JITOperationList::populatePointersInEmbedder):

• assembler/JITOperationList.h: Added.

(JSC::JITOperationList::contains const):
(JSC::JITOperationList::assertIsHostFunction):
(JSC::JITOperationList::assertIsJITOperation):
(JSC::JITOperationList::instance):

• assembler/MacroAssemblerARM64.cpp:
• assembler/MacroAssemblerARMv7.cpp:
• assembler/MacroAssemblerMIPS.cpp:
• assembler/MacroAssemblerX86Common.cpp:
• jsc.cpp:

(jscmain):

• runtime/InitializeThreading.cpp:

(JSC::initialize):

• runtime/JSGenericTypedArrayViewPrototypeFunctions.h:

(JSC::genericTypedArrayViewProtoFuncSet):
(JSC::genericTypedArrayViewProtoFuncCopyWithin):
(JSC::genericTypedArrayViewProtoFuncIncludes):
(JSC::genericTypedArrayViewProtoFuncIndexOf):
(JSC::genericTypedArrayViewProtoFuncJoin):
(JSC::genericTypedArrayViewProtoFuncLastIndexOf):
(JSC::genericTypedArrayViewProtoGetterFuncBuffer):
(JSC::genericTypedArrayViewProtoGetterFuncLength):
(JSC::genericTypedArrayViewProtoGetterFuncByteLength):
(JSC::genericTypedArrayViewProtoGetterFuncByteOffset):
(JSC::genericTypedArrayViewProtoFuncReverse):
(JSC::genericTypedArrayViewPrivateFuncSort):
(JSC::genericTypedArrayViewProtoFuncSlice):
(JSC::genericTypedArrayViewPrivateFuncSubarrayCreate):
(JSC::JSC_DEFINE_HOST_FUNCTION): Deleted.

• runtime/VM.cpp:

(JSC::VM::getHostFunction):

Source/WebCore:

We should have WebCore::initialize(). It is filed in ​https://bugs.webkit.org/show_bug.cgi?id=217270.

• Headers.cmake:
• Sources.txt:
• WebCore.xcodeproj/project.pbxproj:
• bindings/js/JSDOMBuiltinConstructor.h:
• bindings/js/JSDOMConstructor.h:
• bindings/js/JSDOMLegacyFactoryFunction.h:
• bindings/js/ScriptController.cpp:

(WebCore::ScriptController::initializeMainThread):

• bindings/js/WebCoreJITOperations.cpp: Copied from Source/WebKit/Shared/WebKit2Initialize.cpp.

(WebCore::populateJITOperations):

• bindings/js/WebCoreJITOperations.h: Copied from Source/WebKit/Shared/WebKit2Initialize.cpp.
• bindings/scripts/CodeGeneratorJS.pm:

(GenerateConstructorDefinitions):

• bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
• bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
• bridge/objc/WebScriptObject.mm:

(+[WebScriptObject initialize]):

• domjit/JSDocumentDOMJIT.cpp:
• platform/cocoa/SharedBufferCocoa.mm:

(+[WebCoreSharedBufferData initialize]):

• platform/ios/wak/WebCoreThread.mm:

(RunWebThread):

Source/WebKit:

• Shared/API/c/WKString.cpp:

(WKStringCopyJSString):

• Shared/Cocoa/WebKit2InitializeCocoa.mm:

(WebKit::runInitializationCode):

• Shared/WebKit2Initialize.cpp:

(WebKit::InitializeWebKit2):

• Shared/WebKitJITOperations.cpp: Copied from Source/WebKit/Shared/WebKit2Initialize.cpp.

(WebKit::populateJITOperations):

• Shared/WebKitJITOperations.h: Copied from Source/WebKit/Shared/WebKit2Initialize.cpp.
• Sources.txt:
• WebKit.xcodeproj/project.pbxproj:

Source/WebKitLegacy/mac:

• History/WebBackForwardList.mm:

(+[WebBackForwardList initialize]):

• History/WebHistoryItem.mm:

(+[WebHistoryItem initialize]):

• Misc/WebCache.mm:

(+[WebCache initialize]):

• Misc/WebElementDictionary.mm:

(+[WebElementDictionary initialize]):

• Misc/WebIconDatabase.mm:
• Misc/WebStringTruncator.mm:

(+[WebStringTruncator initialize]):

• Plugins/Hosted/WebHostedNetscapePluginView.mm:

(+[WebHostedNetscapePluginView initialize]):

• Plugins/WebBaseNetscapePluginView.mm:
• Plugins/WebBasePluginPackage.mm:

(+[WebBasePluginPackage initialize]):

• Plugins/WebNetscapePluginView.mm:

(+[WebNetscapePluginView initialize]):

• WebCoreSupport/WebEditorClient.mm:

(+[WebUndoStep initialize]):

• WebCoreSupport/WebFrameLoaderClient.mm:

(+[WebFramePolicyListener initialize]):

• WebView/WebArchive.mm:

(+[WebArchivePrivate initialize]):

• WebView/WebDataSource.mm:

(+[WebDataSource initialize]):

• WebView/WebHTMLView.mm:

(+[WebHTMLViewPrivate initialize]):
(+[WebHTMLView initialize]):

• WebView/WebPreferences.mm:

(+[WebPreferences initialize]):

• WebView/WebResource.mm:

(+[WebResourcePrivate initialize]):

• WebView/WebTextIterator.mm:

(+[WebTextIteratorPrivate initialize]):

• WebView/WebView.mm:

(+[WebView initialize]):

• WebView/WebViewData.mm:

(+[WebViewPrivate initialize]):

Source/WebKitLegacy/win:

• WebKitClassFactory.cpp:

(WebKitClassFactory::WebKitClassFactory):

• WebView.cpp:

(WebView::WebView):

Source/WTF:

• wtf/PlatformCallingConventions.h:
• wtf/PlatformEnable.h:

File:

• trunk/Source/JavaScriptCore/runtime/VM.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/runtime/VM.cpp

@@ -79 +79 @@
 #include "IsoInlinedHeapCellType.h"
 #include "JITCode.h"
+#include "JITOperationList.h"
 #include "JITThunks.h"
 #include "JITWorklist.h"
@@ -832 +833 @@
 #if ENABLE(JIT)
     if (Options::useJIT()) {
+        JITOperationList::assertIsHostFunction(function);
         return jitStubs->hostFunctionStub(
             *this, function, constructor,