Ignore:
Timestamp:
Feb 1, 2022, 9:33:58 AM (3 years ago)
Author:
[email protected]
Message:

Enhance sanitizeStackForVM() to assist with crash analysis.
https://bugs.webkit.org/show_bug.cgi?id=235752
rdar://81014601

Reviewed by Michael Saboff.

Source/JavaScriptCore:

  1. Remove the AssemblyHelpers version of sanitizeStack. Instead, make the 3 JIT operation functions call sanitizeStackForVM() instead. This ensures that sanitizeStack crashes are not obscured as generic JIT crashes.
  1. Add sanity check RELEASE_ASSERTs to VM::setLastStackTop() with a capture of the relevant variables for crash analysis.
  1. Fix logSanitizeStack() so that it no longer relies on vm.topCallFrame. vm.topCallFrame may not be properly initialized at all the places that sanitizeStackForVM() is called.
  1. Add a JSLock check to sanitizeStackForVM(), and return early if not owned by the current thread. If the JSLock is not owned by the current thread, we can't rely on vm.lastStackTop() being a sane value. Hence, it's not possible to do stack sanitization correctly.

Add sanity check RELEASE_ASSERTs to sanitizeStackForVM() with a capture of
the relevant variables for crash analysis.

  • jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::sanitizeStackInline): Deleted.

  • jit/AssemblyHelpers.h:
  • jit/JITOperations.cpp:

(JSC::JSC_DEFINE_JIT_OPERATION):

  • jit/ThunkGenerators.cpp:

(JSC::slowPathFor):

  • runtime/JSLock.cpp:

(JSC::JSLock::didAcquireLock):
(JSC::JSLock::grabAllLocks):

  • runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::setLastStackTop):
(JSC::logSanitizeStack):
(JSC::sanitizeStackForVM):

  • runtime/VM.h:

Source/WTF:

  • wtf/Threading.h:

(WTF::Thread::savedStackPointerAtVMEntry const):
(WTF::Thread::savedLastStackTop const):
(WTF::Thread::savedStackPointerAtVMEntry): Deleted.
(WTF::Thread::savedLastStackTop): Deleted.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/VM.h

    r288815 r288885  
    11/*
    2  * Copyright (C) 2008-2021 Apple Inc. All rights reserved.
     2 * Copyright (C) 2008-2022 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    775775    void** addressOfLastStackTop() { return &m_lastStackTop; }
    776776    void* lastStackTop() { return m_lastStackTop; }
    777     void setLastStackTop(void*);
     777    void setLastStackTop(const Thread&);
    778778   
    779779    void firePrimitiveGigacageEnabledIfNecessary()
     
    11631163
    11641164JS_EXPORT_PRIVATE void sanitizeStackForVM(VM&);
    1165 void logSanitizeStack(VM&);
    11661165
    11671166} // namespace JSC
Note: See TracChangeset for help on using the changeset viewer.