Changeset 235071 in webkit

Timestamp:

Aug 20, 2018 7:07:52 AM (6 years ago)

Author:

Carlos Garcia Campos

Message:

Merge r235018 - [WTF] Add WTF::unalignedLoad and WTF::unalignedStore
​https://bugs.webkit.org/show_bug.cgi?id=188716

Reviewed by Darin Adler.

Source/JavaScriptCore:

Use WTF::unalignedLoad and WTF::unalignedStore to avoid undefined behavior.
The compiler can emit appropriate mov operations in x86 even if we use these
helper functions.

• assembler/AssemblerBuffer.h:

(JSC::AssemblerBuffer::LocalWriter::putIntegralUnchecked):
(JSC::AssemblerBuffer::putIntegral):
(JSC::AssemblerBuffer::putIntegralUnchecked):

• assembler/MacroAssemblerX86.h:

(JSC::MacroAssemblerX86::readCallTarget):

• assembler/X86Assembler.h:

(JSC::X86Assembler::linkJump):
(JSC::X86Assembler::readPointer):
(JSC::X86Assembler::replaceWithHlt):
(JSC::X86Assembler::replaceWithJump):
(JSC::X86Assembler::setPointer):
(JSC::X86Assembler::setInt32):
(JSC::X86Assembler::setInt8):

• interpreter/InterpreterInlines.h:

(JSC::Interpreter::getOpcodeID): Embedded opcode may be misaligned. Actually UBSan detects misaligned accesses here.

Source/WTF:

While some CPUs allow unaligned accesses to memory, doing it in C++ with reinterpret_cast<> is
undefined behavior. This patch adds WTF::{unalignedLoad,unalignedStore} helper functions, which
can load from and store to the pointer in an unaligned manner.
Actual implementation uses memcpy. This can be optimized to direct unaligned access operations
in supported CPUs like x86. Even though a CPU does not support unaligned accesses, memcpy is still
safe and the compiler emits appropriate code.

We name these functions unalignedLoad and unalignedStore instead of loadUnaligned and storeUnaligned
in order to align them to atomicLoad and atomicStore.

• WTF.xcodeproj/project.pbxproj:
• wtf/CMakeLists.txt:
• wtf/UnalignedAccess.h: Added.

(WTF::unalignedLoad):
(WTF::unalignedStore):

• wtf/text/StringCommon.h:

(WTF::equal):
(WTF::loadUnaligned): Deleted.

Location:

releases/WebKitGTK/webkit-2.22/Source

Files:

• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/assembler/AssemblerBuffer.h (modified) (4 diffs)
• JavaScriptCore/assembler/MacroAssemblerX86.h (modified) (1 diff)
• JavaScriptCore/assembler/X86Assembler.h (modified) (3 diffs)
• JavaScriptCore/interpreter/InterpreterInlines.h (modified) (2 diffs)
• WTF/ChangeLog (modified) (1 diff)
• WTF/WTF.xcodeproj/project.pbxproj (modified) (2 diffs)
• WTF/wtf/CMakeLists.txt (modified) (1 diff)
• WTF/wtf/UnalignedAccess.h (added)
• WTF/wtf/text/StringCommon.h (modified) (9 diffs)

releases/WebKitGTK/webkit-2.22/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2018-08-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
+
+        [WTF] Add WTF::unalignedLoad and WTF::unalignedStore
+        https://bugs.webkit.org/show_bug.cgi?id=188716
+
+        Reviewed by Darin Adler.
+
+        Use WTF::unalignedLoad and WTF::unalignedStore to avoid undefined behavior.
+        The compiler can emit appropriate mov operations in x86 even if we use these
+        helper functions.
+
+        * assembler/AssemblerBuffer.h:
+        (JSC::AssemblerBuffer::LocalWriter::putIntegralUnchecked):
+        (JSC::AssemblerBuffer::putIntegral):
+        (JSC::AssemblerBuffer::putIntegralUnchecked):
+        * assembler/MacroAssemblerX86.h:
+        (JSC::MacroAssemblerX86::readCallTarget):
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::linkJump):
+        (JSC::X86Assembler::readPointer):
+        (JSC::X86Assembler::replaceWithHlt):
+        (JSC::X86Assembler::replaceWithJump):
+        (JSC::X86Assembler::setPointer):
+        (JSC::X86Assembler::setInt32):
+        (JSC::X86Assembler::setInt8):
+        * interpreter/InterpreterInlines.h:
+        (JSC::Interpreter::getOpcodeID): Embedded opcode may be misaligned. Actually UBSan detects misaligned accesses here.
+
 2018-08-17  Saam barati  <sbarati@apple.com>
 

releases/WebKitGTK/webkit-2.22/Source/JavaScriptCore/assembler/AssemblerBuffer.h

@@ -35 +35 @@
 #include <wtf/FastMalloc.h>
 #include <wtf/StdLibExtras.h>
+#include <wtf/UnalignedAccess.h>
 
 namespace JSC {
@@ -240 +241 @@
             {
                 ASSERT(m_index + sizeof(IntegralType) <= m_buffer.m_storage.capacity());
-                *reinterpret_cast_ptr<IntegralType*>(m_storageBuffer + m_index) = value;
+                WTF::unalignedStore<IntegralType>(m_storageBuffer + m_index, value);
                 m_index += sizeof(IntegralType);
             }
@@ -259 +260 @@
             if (UNLIKELY(nextIndex > m_storage.capacity()))
                 outOfLineGrow();
-            ASSERT(isAvailable(sizeof(IntegralType)));
-            *reinterpret_cast_ptr<IntegralType*>(m_storage.buffer() + m_index) = value;
-            m_index = nextIndex;
+            putIntegralUnchecked<IntegralType>(value);
         }
 
@@ -268 +267 @@
         {
             ASSERT(isAvailable(sizeof(IntegralType)));
-            *reinterpret_cast_ptr<IntegralType*>(m_storage.buffer() + m_index) = value;
+            WTF::unalignedStore<IntegralType>(m_storage.buffer() + m_index, value);
             m_index += sizeof(IntegralType);
         }

releases/WebKitGTK/webkit-2.22/Source/JavaScriptCore/assembler/MacroAssemblerX86.h

@@ -303 +303 @@
     static FunctionPtr<resultTag> readCallTarget(CodeLocationCall<locationTag> call)
     {
-        intptr_t offset = reinterpret_cast<int32_t*>(call.dataLocation())[-1];
+        intptr_t offset = WTF::unalignedLoad<int32_t>(bitwise_cast<int32_t*>(call.dataLocation()) - 1);
         return FunctionPtr<resultTag>(reinterpret_cast<void*>(reinterpret_cast<uintptr_t>(call.dataLocation()) + offset));
     }

releases/WebKitGTK/webkit-2.22/Source/JavaScriptCore/assembler/X86Assembler.h

@@ -3681 +3681 @@
 
         char* code = reinterpret_cast<char*>(m_formatter.data());
-        ASSERT(!reinterpret_cast<int32_t*>(code + from.m_offset)[-1]);
+        ASSERT(!WTF::unalignedLoad<int32_t>(bitwise_cast<int32_t*>(code + from.m_offset) - 1));
         setRel32(code + from.m_offset, code + to.m_offset);
     }
@@ -3740 +3740 @@
     static void* readPointer(void* where)
     {
-        return reinterpret_cast<void**>(where)[-1];
+        return WTF::unalignedLoad<void*>(bitwise_cast<void**>(where) - 1);
     }
 
     static void replaceWithHlt(void* instructionStart)
     {
-        uint8_t* ptr = reinterpret_cast<uint8_t*>(instructionStart);
-        ptr[0] = static_cast<uint8_t>(OP_HLT);
+        WTF::unalignedStore<uint8_t>(instructionStart, static_cast<uint8_t>(OP_HLT));
     }
 
     static void replaceWithJump(void* instructionStart, void* to)
     {
-        uint8_t* ptr = reinterpret_cast<uint8_t*>(instructionStart);
-        uint8_t* dstPtr = reinterpret_cast<uint8_t*>(to);
+        uint8_t* ptr = bitwise_cast<uint8_t*>(instructionStart);
+        uint8_t* dstPtr = bitwise_cast<uint8_t*>(to);
         intptr_t distance = (intptr_t)(dstPtr - (ptr + 5));
-        ptr[0] = static_cast<uint8_t>(OP_JMP_rel32);
-        *reinterpret_cast<int32_t*>(ptr + 1) = static_cast<int32_t>(distance);
+        WTF::unalignedStore<uint8_t>(ptr, static_cast<uint8_t>(OP_JMP_rel32));
+        WTF::unalignedStore<int32_t>(ptr + 1, static_cast<int32_t>(distance));
     }
     
@@ -3957 +3956 @@
     static void setPointer(void* where, void* value)
     {
-        reinterpret_cast<void**>(where)[-1] = value;
+        WTF::unalignedStore<void*>(bitwise_cast<void**>(where) - 1, value);
     }
 
     static void setInt32(void* where, int32_t value)
     {
-        reinterpret_cast<int32_t*>(where)[-1] = value;
+        WTF::unalignedStore<int32_t>(bitwise_cast<int32_t*>(where) - 1, value);
     }
     
     static void setInt8(void* where, int8_t value)
     {
-        reinterpret_cast<int8_t*>(where)[-1] = value;
+        WTF::unalignedStore<int8_t>(bitwise_cast<int8_t*>(where) - 1, value);
     }
 

releases/WebKitGTK/webkit-2.22/Source/JavaScriptCore/interpreter/InterpreterInlines.h

@@ -34 +34 @@
 #include "LLIntData.h"
 #include "UnlinkedCodeBlock.h"
+#include <wtf/UnalignedAccess.h>
 
 namespace JSC {
@@ -52 +53 @@
     auto codePtr = MacroAssemblerCodePtr<BytecodePtrTag>::createFromExecutableAddress(opcode);
     int32_t* opcodeIDAddress = codePtr.dataLocation<int32_t*>() - 1;
-    OpcodeID opcodeID = static_cast<OpcodeID>(*opcodeIDAddress);
+    OpcodeID opcodeID = static_cast<OpcodeID>(WTF::unalignedLoad<int32_t>(opcodeIDAddress));
     ASSERT(opcodeID < NUMBER_OF_BYTECODE_IDS);
     return opcodeID;

releases/WebKitGTK/webkit-2.22/Source/WTF/ChangeLog

@@ +1 @@
+2018-08-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>
+
+        [WTF] Add WTF::unalignedLoad and WTF::unalignedStore
+        https://bugs.webkit.org/show_bug.cgi?id=188716
+
+        Reviewed by Darin Adler.
+
+        While some CPUs allow unaligned accesses to memory, doing it in C++ with `reinterpret_cast<>` is
+        undefined behavior. This patch adds WTF::{unalignedLoad,unalignedStore} helper functions, which
+        can load from and store to the pointer in an unaligned manner.
+        Actual implementation uses `memcpy`. This can be optimized to direct unaligned access operations
+        in supported CPUs like x86. Even though a CPU does not support unaligned accesses, memcpy is still
+        safe and the compiler emits appropriate code.
+
+        We name these functions `unalignedLoad` and `unalignedStore` instead of `loadUnaligned` and `storeUnaligned`
+        in order to align them to `atomicLoad` and `atomicStore`.
+
+        * WTF.xcodeproj/project.pbxproj:
+        * wtf/CMakeLists.txt:
+        * wtf/UnalignedAccess.h: Added.
+        (WTF::unalignedLoad):
+        (WTF::unalignedStore):
+        * wtf/text/StringCommon.h:
+        (WTF::equal):
+        (WTF::loadUnaligned): Deleted.
+
 2018-08-17  David Kilzer  <ddkilzer@apple.com>
 

releases/WebKitGTK/webkit-2.22/Source/WTF/WTF.xcodeproj/project.pbxproj

@@ -624 +624 @@
                 E3200AB41E9A536D003B59D2 /* PlatformRegisters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PlatformRegisters.h; sourceTree = "<group>"; };
                 E33D5F871FBED66700BF625E /* RecursableLambda.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RecursableLambda.h; sourceTree = "<group>"; };
+                E360C7642127B85B00C90F0E /* UnalignedAccess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UnalignedAccess.h; sourceTree = "<group>"; };
+                E360C7652127B85C00C90F0E /* Unexpected.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Unexpected.h; sourceTree = "<group>"; };
                 E388886D20C9095100E632BC /* WorkerPool.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WorkerPool.cpp; sourceTree = "<group>"; };
                 E388886E20C9095100E632BC /* WorkerPool.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WorkerPool.h; sourceTree = "<group>"; };
@@ -1118 +1120 @@
                                 149EF16216BBFE0D000A4331 /* TriState.h */,
                                 83FBA93119DF459700F30ADB /* TypeCasts.h */,
+                                E360C7642127B85B00C90F0E /* UnalignedAccess.h */,
+                                E360C7652127B85C00C90F0E /* Unexpected.h */,
                                 A8A4735C151A825B004123FF /* UnionFind.h */,
                                 E300E521203D645F00DA79BE /* UniqueArray.h */,

releases/WebKitGTK/webkit-2.22/Source/WTF/wtf/CMakeLists.txt

@@ -241 +241 @@
     TypeCasts.h
     UUID.h
+    UnalignedAccess.h
     Unexpected.h
     UniStdExtras.h

releases/WebKitGTK/webkit-2.22/Source/WTF/wtf/text/StringCommon.h

@@ -31 +31 @@
 #include <wtf/ASCIICType.h>
 #include <wtf/NotFound.h>
+#include <wtf/UnalignedAccess.h>
 
 namespace WTF {
@@ -48 +49 @@
 bool equalIgnoringASCIICase(const char*, const char*);
 template<unsigned lowercaseLettersLength> bool equalLettersIgnoringASCIICase(const char*, const char (&lowercaseLetters)[lowercaseLettersLength]);
-
-template<typename T>
-inline T loadUnaligned(const char* s)
-{
-#if COMPILER(CLANG)
-    T tmp;
-    memcpy(&tmp, s, sizeof(T));
-    return tmp;
-#else
-    // This may result in undefined behavior due to unaligned access.
-    return *reinterpret_cast<const T*>(s);
-#endif
-}
 
 // Do comparisons 8 or 4 bytes-at-a-time on architectures where it's safe.
@@ -73 +61 @@
     if (dwordLength) {
         for (unsigned i = 0; i != dwordLength; ++i) {
-            if (loadUnaligned<uint64_t>(a) != loadUnaligned<uint64_t>(b))
+            if (unalignedLoad<uint64_t>(a) != unalignedLoad<uint64_t>(b))
                 return false;
 
@@ -82 +70 @@
 
     if (length & 4) {
-        if (loadUnaligned<uint32_t>(a) != loadUnaligned<uint32_t>(b))
+        if (unalignedLoad<uint32_t>(a) != unalignedLoad<uint32_t>(b))
             return false;
 
@@ -90 +78 @@
 
     if (length & 2) {
-        if (loadUnaligned<uint16_t>(a) != loadUnaligned<uint16_t>(b))
+        if (unalignedLoad<uint16_t>(a) != unalignedLoad<uint16_t>(b))
             return false;
 
@@ -112 +100 @@
     if (dwordLength) {
         for (unsigned i = 0; i != dwordLength; ++i) {
-            if (loadUnaligned<uint64_t>(a) != loadUnaligned<uint64_t>(b))
+            if (unalignedLoad<uint64_t>(a) != unalignedLoad<uint64_t>(b))
                 return false;
 
@@ -121 +109 @@
 
     if (length & 2) {
-        if (loadUnaligned<uint32_t>(a) != loadUnaligned<uint32_t>(b))
+        if (unalignedLoad<uint32_t>(a) != unalignedLoad<uint32_t>(b))
             return false;
 
@@ -141 +129 @@
     unsigned wordLength = length >> 2;
     for (unsigned i = 0; i != wordLength; ++i) {
-        if (loadUnaligned<uint32_t>(a) != loadUnaligned<uint32_t>(b))
+        if (unalignedLoad<uint32_t>(a) != unalignedLoad<uint32_t>(b))
             return false;
         a += sizeof(uint32_t);
@@ -169 +157 @@
     unsigned wordLength = length >> 1;
     for (unsigned i = 0; i != wordLength; ++i) {
-        if (loadUnaligned<uint32_t>(a) != loadUnaligned<uint32_t>(b))
+        if (unalignedLoad<uint32_t>(a) != unalignedLoad<uint32_t>(b))
             return false;
         a += sizeof(uint32_t);