Changeset 268241 in webkit for trunk/Source/JavaScriptCore/jit/Repatch.cpp

Timestamp:

Oct 8, 2020, 6:18:14 PM (5 years ago)

Author:

[email protected]

Message:

Unreviewed, reverting r268170 and r268190.
​https://bugs.webkit.org/show_bug.cgi?id=217502

Crash on ARM64E exclusively

Reverted changesets:

"[JSC] Restrict more ptr-tagging and avoid using
OperationPtrTag for JIT code"
​https://bugs.webkit.org/show_bug.cgi?id=217460
​https://trac.webkit.org/changeset/268170

"Unreviewed, build fix for ARM64E"
​https://bugs.webkit.org/show_bug.cgi?id=217460
​https://trac.webkit.org/changeset/268190

File:

• trunk/Source/JavaScriptCore/jit/Repatch.cpp (modified) (5 diffs)

trunk/Source/JavaScriptCore/jit/Repatch.cpp

@@ -74 +74 @@
 static FunctionPtr<CFunctionPtrTag> readPutICCallTarget(CodeBlock* codeBlock, CodeLocationCall<JSInternalPtrTag> call)
 {
+    FunctionPtr<OperationPtrTag> target = MacroAssembler::readCallTarget<OperationPtrTag>(call);
 #if ENABLE(FTL_JIT)
     if (codeBlock->jitType() == JITType::FTLJIT) {
-        FunctionPtr<JITThunkPtrTag> target = MacroAssembler::readCallTarget<JITThunkPtrTag>(call);
-        MacroAssemblerCodePtr<JITThunkPtrTag> thunk = MacroAssemblerCodePtr<JITThunkPtrTag>::createFromExecutableAddress(target.executableAddress());
+        MacroAssemblerCodePtr<JITThunkPtrTag> thunk = MacroAssemblerCodePtr<OperationPtrTag>::createFromExecutableAddress(target.executableAddress()).retagged<JITThunkPtrTag>();
         return codeBlock->vm().ftlThunks->keyForSlowPathCallThunk(thunk).callTarget().retagged<CFunctionPtrTag>();
     }
@@ -83 +83 @@
     UNUSED_PARAM(codeBlock);
 #endif // ENABLE(FTL_JIT)
-    FunctionPtr<OperationPtrTag> target = MacroAssembler::readCallTarget<OperationPtrTag>(call);
     return target.retagged<CFunctionPtrTag>();
 }
@@ -93 +92 @@
         VM& vm = codeBlock->vm();
         FTL::Thunks& thunks = *vm.ftlThunks;
-        FunctionPtr<JITThunkPtrTag> target = MacroAssembler::readCallTarget<JITThunkPtrTag>(call);
-        auto slowPathThunk = MacroAssemblerCodePtr<JITThunkPtrTag>::createFromExecutableAddress(target.executableAddress());
+        FunctionPtr<OperationPtrTag> target = MacroAssembler::readCallTarget<OperationPtrTag>(call);
+        auto slowPathThunk = MacroAssemblerCodePtr<JITThunkPtrTag>::createFromExecutableAddress(target.retaggedExecutableAddress<JITThunkPtrTag>());
         FTL::SlowPathCallKey key = thunks.keyForSlowPathCallThunk(slowPathThunk);
         key = key.withCallTarget(newCalleeFunction);
@@ -407 +406 @@
                     newCase = GetterSetterAccessCase::create(
                         vm, codeBlock, type, propertyName, offset, structure, conditionSet, loadTargetFromProxy,
-                        slot.watchpointSet(), slot.isCacheableCustom() ? FunctionPtr<OperationPtrTag>(slot.customGetter()) : nullptr,
+                        slot.watchpointSet(), slot.isCacheableCustom() ? slot.customGetter() : nullptr,
                         slot.isCacheableCustom() && slot.slotBase() != baseValue ? slot.slotBase() : nullptr,
                         domAttribute, WTFMove(prototypeAccessChain));
@@ -743 +742 @@
                 newCase = GetterSetterAccessCase::create(
                     vm, codeBlock, slot.isCustomAccessor() ? AccessCase::CustomAccessorSetter : AccessCase::CustomValueSetter, oldStructure, propertyName,
-                    invalidOffset, conditionSet, WTFMove(prototypeAccessChain), isProxy, slot.customSetter().retagged<OperationPtrTag>(), slot.base() != baseValue ? slot.base() : nullptr);
+                    invalidOffset, conditionSet, WTFMove(prototypeAccessChain), isProxy, slot.customSetter(), slot.base() != baseValue ? slot.base() : nullptr);
             } else {
                 ASSERT(slot.isCacheableSetter());