Ignore:
Timestamp:
Oct 7, 2020, 9:18:58 PM (5 years ago)
Author:
[email protected]
Message:

[JSC] Restrict more ptr-tagging and avoid using OperationPtrTag for JIT code
https://bugs.webkit.org/show_bug.cgi?id=217460

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch makes tagging / untagging pointer functions solid by using PtrTag in template parameter.
Later, we will introduce compile time behavior change for different kind of PtrTag so that we can insert OperationPtrTag validation
when tagging a function with OperationPtrTag.

We also found that FTL is tagging JIT code with OperationPtrTag wrongly. We should tag it with JITThunkPtrTag.

  • assembler/AbstractMacroAssembler.h:

(JSC::AbstractMacroAssembler::getLinkerAddress):

  • assembler/AssemblerBuffer.h:

(JSC::ARM64EHash::update):
(JSC::ARM64EHash::finalHash const):

  • assembler/JITOperationList.cpp:

(JSC::addPointers):

  • assembler/MacroAssemblerARM64.cpp:

(JSC::MacroAssembler::probe):

  • assembler/MacroAssemblerCodeRef.h:

(JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
(JSC::MacroAssemblerCodePtr::createFromExecutableAddress):

  • assembler/testmasm.cpp:

(JSC::testProbeModifiesProgramCounter):

  • b3/air/testair.cpp:
  • ftl/FTLOutput.h:

(JSC::FTL::Output::callWithoutSideEffects):
(JSC::FTL::Output::operation):

  • ftl/FTLSlowPathCall.cpp:

(JSC::FTL::SlowPathCallContext::makeCall):

  • jit/JITCode.cpp:

(JSC::JITCodeWithCodeRef::executableAddressAtOffset):

  • jit/JITExceptions.cpp:

(JSC::genericUnwind):

  • jit/JITOperations.cpp:
  • jit/Repatch.cpp:

(JSC::readPutICCallTarget):
(JSC::ftlThunkAwareRepatchCall):
(JSC::tryCacheGetBy):
(JSC::tryCachePutByID):

  • llint/LLIntData.cpp:

(JSC::LLInt::initialize):

  • llint/LLIntPCRanges.h:

(JSC::LLInt::isLLIntPC):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::setUpCall):

  • llint/LLIntThunks.cpp:

(JSC::LLInt::generateThunkWithJumpTo):

  • runtime/MachineContext.h:

(JSC::MachineContext::instructionPointer):

  • runtime/NativeExecutable.cpp:

(JSC::NativeExecutable::finishCreation):

  • runtime/PutPropertySlot.h:

(JSC::PutPropertySlot::setCustomValue):
(JSC::PutPropertySlot::setCustomAccessor):
(JSC::PutPropertySlot::customSetter const):

  • wasm/WasmAirIRGenerator.cpp:

(JSC::Wasm::AirIRGenerator::emitCCall):

  • wasm/WasmSlowPaths.cpp:

Source/WTF:

  • wtf/PlatformRegisters.cpp:

(WTF::threadStateLRInternal):
(WTF::threadStatePCInternal):

  • wtf/PtrTag.h:

(WTF::tagCFunctionPtr):
(WTF::tagCFunction):
(WTF::untagCFunctionPtr):
(WTF::tagInt):
(WTF::isTaggedWith):
(WTF::assertIsTaggedWith):
(WTF::assertIsNullOrTaggedWith):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r268165 r268170  
     12020-10-07  Yusuke Suzuki  <[email protected]>
     2
     3        [JSC] Restrict more ptr-tagging and avoid using OperationPtrTag for JIT code
     4        https://bugs.webkit.org/show_bug.cgi?id=217460
     5
     6        Reviewed by Saam Barati.
     7
     8        This patch makes tagging / untagging pointer functions solid by using PtrTag in template parameter.
     9        Later, we will introduce compile time behavior change for different kind of PtrTag so that we can insert OperationPtrTag validation
     10        when tagging a function with OperationPtrTag.
     11
     12        We also found that FTL is tagging JIT code with OperationPtrTag wrongly. We should tag it with JITThunkPtrTag.
     13
     14        * assembler/AbstractMacroAssembler.h:
     15        (JSC::AbstractMacroAssembler::getLinkerAddress):
     16        * assembler/AssemblerBuffer.h:
     17        (JSC::ARM64EHash::update):
     18        (JSC::ARM64EHash::finalHash const):
     19        * assembler/JITOperationList.cpp:
     20        (JSC::addPointers):
     21        * assembler/MacroAssemblerARM64.cpp:
     22        (JSC::MacroAssembler::probe):
     23        * assembler/MacroAssemblerCodeRef.h:
     24        (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr):
     25        (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
     26        * assembler/testmasm.cpp:
     27        (JSC::testProbeModifiesProgramCounter):
     28        * b3/air/testair.cpp:
     29        * ftl/FTLOutput.h:
     30        (JSC::FTL::Output::callWithoutSideEffects):
     31        (JSC::FTL::Output::operation):
     32        * ftl/FTLSlowPathCall.cpp:
     33        (JSC::FTL::SlowPathCallContext::makeCall):
     34        * jit/JITCode.cpp:
     35        (JSC::JITCodeWithCodeRef::executableAddressAtOffset):
     36        * jit/JITExceptions.cpp:
     37        (JSC::genericUnwind):
     38        * jit/JITOperations.cpp:
     39        * jit/Repatch.cpp:
     40        (JSC::readPutICCallTarget):
     41        (JSC::ftlThunkAwareRepatchCall):
     42        (JSC::tryCacheGetBy):
     43        (JSC::tryCachePutByID):
     44        * llint/LLIntData.cpp:
     45        (JSC::LLInt::initialize):
     46        * llint/LLIntPCRanges.h:
     47        (JSC::LLInt::isLLIntPC):
     48        * llint/LLIntSlowPaths.cpp:
     49        (JSC::LLInt::setUpCall):
     50        * llint/LLIntThunks.cpp:
     51        (JSC::LLInt::generateThunkWithJumpTo):
     52        * runtime/MachineContext.h:
     53        (JSC::MachineContext::instructionPointer):
     54        * runtime/NativeExecutable.cpp:
     55        (JSC::NativeExecutable::finishCreation):
     56        * runtime/PutPropertySlot.h:
     57        (JSC::PutPropertySlot::setCustomValue):
     58        (JSC::PutPropertySlot::setCustomAccessor):
     59        (JSC::PutPropertySlot::customSetter const):
     60        * wasm/WasmAirIRGenerator.cpp:
     61        (JSC::Wasm::AirIRGenerator::emitCCall):
     62        * wasm/WasmSlowPaths.cpp:
     63
    1642020-10-07  Ross Kirsling  <[email protected]>
    265
Note: See TracChangeset for help on using the changeset viewer.