Changeset 64608 in webkit for trunk/JavaScriptCore/assembler

Timestamp:

Aug 3, 2010, 5:15:47 PM (15 years ago)

Author:

[email protected]

Message:

Bug 43390 - Do not CRASH if we run out of room for jit code.

Reviewed by Oliver Hunt.

Change the ExecutableAllocator implementations not to crash, and to return 0 if memory cannot be allocated.
The assemblers should pass this through without trying to use it in executableCopy.
Change the LinkBuffer to handle this, and to provide an allocationSuccessful() method to test for this.

Change the JIT to throw an exception if allocation fails.
Make JIT optimizations fail gracefully if memory cannot be allocated (use non-optimized path).
Change YARR JIT to fallback to PCRE

• assembler/ARMAssembler.cpp:

(JSC::ARMAssembler::executableCopy):

• assembler/ARMv7Assembler.h:

(JSC::ARMv7Assembler::executableCopy):

• assembler/LinkBuffer.h:

(JSC::LinkBuffer::allocationSuccessful):

• assembler/MIPSAssembler.h:

(JSC::MIPSAssembler::executableCopy):

• assembler/X86Assembler.h:

(JSC::X86Assembler::executableCopy):

• bytecode/StructureStubInfo.h:

(JSC::StructureStubInfo::initGetByIdProto):
(JSC::StructureStubInfo::initGetByIdChain):
(JSC::StructureStubInfo::initGetByIdSelfList):
(JSC::StructureStubInfo::initGetByIdProtoList):
(JSC::StructureStubInfo::initPutByIdTransition):

• jit/ExecutableAllocator.cpp:

(JSC::ExecutablePool::systemAlloc):

• jit/ExecutableAllocatorFixedVMPool.cpp:

(JSC::FixedVMPoolAllocator::allocInternal):

• jit/JIT.cpp:

(JSC::JIT::privateCompile):

• jit/JIT.h:

(JSC::JIT::compileGetByIdProto):
(JSC::JIT::compileGetByIdSelfList):
(JSC::JIT::compileGetByIdProtoList):
(JSC::JIT::compileGetByIdChainList):
(JSC::JIT::compileGetByIdChain):
(JSC::JIT::compilePutByIdTransition):
(JSC::JIT::compilePatchGetArrayLength):

• jit/JITOpcodes.cpp:

(JSC::JIT::privateCompileCTIMachineTrampolines):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::privateCompileCTIMachineTrampolines):
(JSC::JIT::privateCompileCTINativeCall):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::privateCompilePutByIdTransition):
(JSC::JIT::privateCompilePatchGetArrayLength):
(JSC::JIT::privateCompileGetByIdProto):
(JSC::JIT::privateCompileGetByIdSelfList):
(JSC::JIT::privateCompileGetByIdProtoList):
(JSC::JIT::privateCompileGetByIdChainList):
(JSC::JIT::privateCompileGetByIdChain):

• jit/JITStubs.cpp:

(JSC::JITThunks::tryCachePutByID):
(JSC::JITThunks::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::setupPolymorphicProtoList):

• jit/JITStubs.h:
• jit/SpecializedThunkJIT.h:

(JSC::SpecializedThunkJIT::finalize):

• runtime/ExceptionHelpers.cpp:

(JSC::createOutOfMemoryError):

• runtime/ExceptionHelpers.h:
• runtime/Executable.cpp:

(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
(JSC::FunctionExecutable::reparseExceptionInfo):
(JSC::EvalExecutable::reparseExceptionInfo):

• yarr/RegexJIT.cpp:

(JSC::Yarr::RegexGenerator::compile):

Location:

trunk/JavaScriptCore/assembler

Files:

• ARMAssembler.cpp (modified) (1 diff)
• ARMv7Assembler.h (modified) (2 diffs)
• LinkBuffer.h (modified) (5 diffs)
• MIPSAssembler.h (modified) (1 diff)
• X86Assembler.h (modified) (1 diff)

trunk/JavaScriptCore/assembler/ARMAssembler.cpp

@@ -352 +352 @@
 
     char* data = reinterpret_cast<char*>(m_buffer.executableCopy(allocator));
+    if (!data)
+        return 0;
 
     for (Jumps::Iterator iter = m_jumps.begin(); iter != m_jumps.end(); ++iter) {

trunk/JavaScriptCore/assembler/ARMv7Assembler.h

@@ -1629 +1629 @@
     {
         void* copy = m_formatter.executableCopy(allocator);
+        if (!copy)
+            return 0;
 
         unsigned jumpCount = m_jumpsToLink.size();
@@ -1638 +1640 @@
         m_jumpsToLink.clear();
 
-        ASSERT(copy);
         return copy;
     }

trunk/JavaScriptCore/assembler/LinkBuffer.h

@@ -57 +57 @@
     typedef MacroAssembler::DataLabelPtr DataLabelPtr;
 
+    enum LinkBufferState {
+        StateInit,
+        StateChecked,
+        StateFinalized,
+    };
+
 public:
     // Note: Initialization sequence is significant, since executablePool is a PassRefPtr.
@@ -66 +72 @@
         , m_size(masm->m_assembler.size())
 #ifndef NDEBUG
-        , m_completed(false)
+        , m_state(StateInit)
 #endif
     {
@@ -73 +79 @@
     ~LinkBuffer()
     {
-        ASSERT(m_completed);
+        ASSERT(m_state == StateFinalized);
+    }
+
+    // After constructing a link buffer, a client must call allocationSuccessful() to check alloc did not return 0.
+    bool allocationSuccessful()
+    {
+#ifndef NDEBUG
+        ASSERT(m_state == StateInit);
+        m_state = StateChecked;
+#endif
+
+        return m_code;
     }
 
@@ -171 +188 @@
     {
 #ifndef NDEBUG
-        ASSERT(!m_completed);
-        m_completed = true;
+        ASSERT(m_state == StateChecked);
+        m_state = StateFinalized;
 #endif
 
@@ -183 +200 @@
     size_t m_size;
 #ifndef NDEBUG
-    bool m_completed;
+    LinkBufferState m_state;
 #endif
 };

trunk/JavaScriptCore/assembler/MIPSAssembler.h

@@ -690 +690 @@
     {
         void *result = m_buffer.executableCopy(allocator);
-        if (!result)
-            return 0;
-
-        relocateJumps(m_buffer.data(), result);
+        if (result)
+            relocateJumps(m_buffer.data(), result);
         return result;
     }

trunk/JavaScriptCore/assembler/X86Assembler.h

@@ -1627 +1627 @@
     void* executableCopy(ExecutablePool* allocator)
     {
-        void* copy = m_formatter.executableCopy(allocator);
-        ASSERT(copy);
-        return copy;
+        return m_formatter.executableCopy(allocator);
     }