Ignore:
Timestamp:
Apr 1, 2021, 4:06:51 PM (4 years ago)
Author:
[email protected]
Message:

REGRESSION(r274724): JITCage trampoline needs to be adjusted
https://bugs.webkit.org/show_bug.cgi?id=224065

Reviewed by Saam Barati.

r274724 introduced a new parameter to custom setters, but it didn't change the parameter recognization of JITCage trampolines for custom accessors.
As a result, we are jumping with the wrong pointer, and crash when custom setter is called with JITCage.

This patch fixes the above bug.

  1. Now, custom getter and custom setter have different number of parameters. We should have two different trampolines to invoke it. We remove vmEntryCustomAccessor, and add vmEntryCustomGetter/vmEntryCustomSetter.
  2. vmEntryCustomSetter should use a4 parameter as a executable address for trampoline.
  • bytecode/AccessCase.cpp:

(JSC::AccessCase::generateImpl):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileCallDOMGetter):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileCallDOMGetter):

  • llint/LLIntThunks.cpp:
  • llint/LLIntThunks.h:
  • llint/LowLevelInterpreter.asm:
  • offlineasm/arm64.rb:
  • offlineasm/registers.rb:
  • runtime/PropertySlot.h:
Location:
trunk/Source/JavaScriptCore/offlineasm
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/offlineasm/arm64.rb

    r272892 r275392  
    136136        when 't3', 'a3', 'wa3'
    137137            arm64GPRName('x3', kind)
    138         when 't4', 'wa4'
     138        when 't4', 'a4', 'wa4'
    139139            arm64GPRName('x4', kind)
    140         when 't5', 'wa5'
     140        when 't5', 'a5', 'wa5'
    141141          arm64GPRName('x5', kind)
    142         when 't6', 'wa6'
     142        when 't6', 'a6', 'wa6'
    143143          arm64GPRName('x6', kind)
    144         when 't7', 'wa7'
     144        when 't7', 'a7', 'wa7'
    145145          arm64GPRName('x7', kind)
    146146        when 'ws0'

  • trunk/Source/JavaScriptCore/offlineasm/registers.rb

    r251886 r275392  
    3939     "a2",
    4040     "a3",
     41     "a4",
     42     "a5",
     43     "a6",
     44     "a7",
    4145     "r0",
    4246     "r1",
Note: See TracChangeset for help on using the changeset viewer.