Changeset 270988 in webkit

Timestamp:

Dec 18, 2020, 1:42:13 PM (4 years ago)

Author:

mark.lam@apple.com

Message:

Fix MacroAssemblerARM64E::validateUntaggedPtr() to account for TBI.
​https://bugs.webkit.org/show_bug.cgi?id=220021
<rdar://problem/72474809>

Reviewed by Saam Barati.

• assembler/AbstractMacroAssembler.h:
• assembler/DisallowMacroScratchRegisterUsage.h:
• templatized the DisallowMacroScratchRegisterUsage class so that we can #include it in MacroAssembler implementations.
• assembler/MacroAssemblerARM64E.h:

(JSC::MacroAssemblerARM64E::validateUntaggedPtr):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• assembler/AbstractMacroAssembler.h (modified) (2 diffs)
• assembler/DisallowMacroScratchRegisterUsage.h (modified) (2 diffs)
• assembler/MacroAssemblerARM64E.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2020-12-18  Mark Lam  <mark.lam@apple.com>
+
+        Fix MacroAssemblerARM64E::validateUntaggedPtr() to account for TBI.
+        https://bugs.webkit.org/show_bug.cgi?id=220021
+        <rdar://problem/72474809>
+
+        Reviewed by Saam Barati.
+
+        * assembler/AbstractMacroAssembler.h:
+        * assembler/DisallowMacroScratchRegisterUsage.h:
+        - templatized the DisallowMacroScratchRegisterUsage class so that we can #include
+          it in MacroAssembler implementations.
+        * assembler/MacroAssemblerARM64E.h:
+        (JSC::MacroAssemblerARM64E::validateUntaggedPtr):
+
 2020-12-17  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/assembler/AbstractMacroAssembler.h

@@ -47 +47 @@
 
 class AllowMacroScratchRegisterUsage;
-class DisallowMacroScratchRegisterUsage;
 class LinkBuffer;
 class Watchpoint;
+
+template<typename T> class DisallowMacroScratchRegisterUsage;
+
 namespace DFG {
 struct OSRExit;
@@ -1108 +1110 @@
     friend class AllowMacroScratchRegisterUsage;
     friend class AllowMacroScratchRegisterUsageIf;
-    friend class DisallowMacroScratchRegisterUsage;
+    template<typename T> friend class DisallowMacroScratchRegisterUsage;
     unsigned m_tempRegistersValidBits;
     bool m_allowScratchRegister { true };

trunk/Source/JavaScriptCore/assembler/DisallowMacroScratchRegisterUsage.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28 +28 @@
 #if ENABLE(ASSEMBLER)
 
-#include "MacroAssembler.h"
-
 namespace JSC {
 
+template<typename MacroAssembler>
 class DisallowMacroScratchRegisterUsage {
 public:

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h

@@ -28 +28 @@
 #if ENABLE(ASSEMBLER) && CPU(ARM64E)
 
+#include "DisallowMacroScratchRegisterUsage.h"
+
 // We need to include this before MacroAssemblerARM64.h because MacroAssemblerARM64
 // will be defined in terms of ARM64EAssembler for ARM64E.
@@ -84 +86 @@
         if (scratch == InvalidGPR)
             scratch = getCachedDataTempRegisterIDAndInvalidate();
-        load8(Address(target), scratch);
+
+        DisallowMacroScratchRegisterUsage disallowScope(*this);
+        rshift64(target, TrustedImm32(8), scratch);
+        and64(TrustedImm64(0xff000000000000), scratch, scratch);
+        or64(target, scratch, scratch);
+        load8(Address(scratch), scratch);
     }