Changeset 165128 in webkit


Ignore:
Timestamp:
Mar 5, 2014 1:57:26 PM (10 years ago)
Author:
commit-queue@webkit.org
Message:

[Win32][LLINT] Crash when running JSC stress tests.
https://bugs.webkit.org/show_bug.cgi?id=129429

Source/JavaScriptCore:

On Windows the reserved stack space consists of committed memory, a guard page, and uncommitted memory,
where the guard page is a barrier between committed and uncommitted memory.
When data from the guard page is read or written, the guard page is moved, and memory is committed.
This is how the system grows the stack.
When using the C stack on Windows we need to precommit the needed stack space.
Otherwise we might crash later if we access uncommitted stack memory.
This can happen if we allocate stack space larger than the page guard size (4K).
The system does not get the chance to move the guard page, and commit more memory,
and we crash if uncommitted memory is accessed.
The MSVC compiler fixes this by inserting a call to the _chkstk() function,
when needed, see http://support.microsoft.com/kb/100775.

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-03-05
Reviewed by Geoffrey Garen.

  • JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh: Enable LLINT.
  • jit/Repatch.cpp:

(JSC::writeBarrier): Compile fix when DFG_JIT is not enabled.

  • offlineasm/x86.rb: Compile fix, and small simplification.
  • runtime/VM.cpp:

(JSC::preCommitStackMemory): Added function to precommit stack memory.
(JSC::VM::updateStackLimit): Call function to precommit stack memory when stack limit is updated.

Source/WTF:

Patch by peavo@outlook.com <peavo@outlook.com> on 2014-03-05
Reviewed by Geoffrey Garen.

  • wtf/Platform.h: Enable LLINT on Win32.
Location:
trunk/Source
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r165121 r165128  
     12014-03-05  peavo@outlook.com  <peavo@outlook.com>
     2
     3        [Win32][LLINT] Crash when running JSC stress tests.
     4        https://bugs.webkit.org/show_bug.cgi?id=129429
     5
     6        On Windows the reserved stack space consists of committed memory, a guard page, and uncommitted memory,
     7        where the guard page is a barrier between committed and uncommitted memory.
     8        When data from the guard page is read or written, the guard page is moved, and memory is committed.
     9        This is how the system grows the stack.
     10        When using the C stack on Windows we need to precommit the needed stack space.
     11        Otherwise we might crash later if we access uncommitted stack memory.
     12        This can happen if we allocate stack space larger than the page guard size (4K).
     13        The system does not get the chance to move the guard page, and commit more memory,
     14        and we crash if uncommitted memory is accessed.
     15        The MSVC compiler fixes this by inserting a call to the _chkstk() function,
     16        when needed, see http://support.microsoft.com/kb/100775.
     17
     18        Reviewed by Geoffrey Garen.
     19
     20        * JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh: Enable LLINT.
     21        * jit/Repatch.cpp:
     22        (JSC::writeBarrier): Compile fix when DFG_JIT is not enabled.
     23        * offlineasm/x86.rb: Compile fix, and small simplification.
     24        * runtime/VM.cpp:
     25        (JSC::preCommitStackMemory): Added function to precommit stack memory.
     26        (JSC::VM::updateStackLimit): Call function to precommit stack memory when stack limit is updated.
     27
    1282014-03-05  Michael Saboff  <msaboff@apple.com>
    229
  • trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/LLInt/LLIntAssembly/build-LLIntAssembly.sh

    r164164 r165128  
    3030# When enabling LLINT and switching to the x86 backend, use "LowLevelInterpreterWin.asm" as output file when running asm.rb.
    3131
    32 /usr/bin/env ruby "${SRCROOT}/offlineasm/asm.rb" "${SRCROOT}/llint/LowLevelInterpreter.asm" "${BUILT_PRODUCTS_DIR}/LLIntOffsetsExtractor/LLIntOffsetsExtractor${3}.exe" "LLIntAssembly.h" || exit 1
     32/usr/bin/env ruby "${SRCROOT}/offlineasm/asm.rb" "${SRCROOT}/llint/LowLevelInterpreter.asm" "${BUILT_PRODUCTS_DIR}/LLIntOffsetsExtractor/LLIntOffsetsExtractor${3}.exe" "LowLevelInterpreterWin.asm" || exit 1
  • trunk/Source/JavaScriptCore/jit/Repatch.cpp

    r164971 r165128  
    825825    ASSERT(owner != scratch2);
    826826
     827#if ENABLE(DFG_JIT)
    827828    MacroAssembler::Jump definitelyNotMarked = DFG::SpeculativeJIT::genericWriteBarrier(jit, owner);
     829#endif
    828830    MacroAssembler::Call call = storeToWriteBarrierBuffer(jit, owner, scratch1, scratch2, allocator);
     831#if ENABLE(DFG_JIT)
    829832    definitelyNotMarked.link(&jit);
     833#endif
    830834    return call;
    831835}
  • trunk/Source/JavaScriptCore/offlineasm/x86.rb

    r164612 r165128  
    415415   
    416416    def x86Operand(kind)
    417         if !isIntelSyntax || kind != :double
     417        if !isIntelSyntax
    418418            x86AddressOperand(:ptr)
    419419        else
     
    13271327            end
    13281328            op = operands[0].x86CallOperand(:ptr)
    1329             if isMSVC && (/\Allint_/.match(op) || /\Aslow_path/.match(op))
     1329            if isMSVC && (operands[0].is_a? LabelReference)
    13301330                writeSymbolToFile(op)
    13311331            end
  • trunk/Source/JavaScriptCore/runtime/VM.cpp

    r165005 r165128  
    750750}
    751751
     752#if PLATFORM(WIN)
     753// On Windows the reserved stack space consists of committed memory, a guard page, and uncommitted memory,
     754// where the guard page is a barrier between committed and uncommitted memory.
     755// When data from the guard page is read or written, the guard page is moved, and memory is committed.
     756// This is how the system grows the stack.
     757// When using the C stack on Windows we need to precommit the needed stack space.
     758// Otherwise we might crash later if we access uncommitted stack memory.
     759// This can happen if we allocate stack space larger than the page guard size (4K).
     760// The system does not get the chance to move the guard page, and commit more memory,
     761// and we crash if uncommitted memory is accessed.
     762// The MSVC compiler fixes this by inserting a call to the _chkstk() function,
     763// when needed, see http://support.microsoft.com/kb/100775.
     764// By touching every page up to the stack limit with a dummy operation,
     765// we force the system to move the guard page, and commit memory.
     766
     767static void preCommitStackMemory(void* stackLimit)
     768{
     769    const int pageSize = 4096;
     770    for (volatile char* p = reinterpret_cast<char*>(&stackLimit); p > stackLimit; p -= pageSize) {
     771        char ch = *p;
     772        *p = ch;
     773    }
     774}
     775#endif
     776
    752777inline void VM::updateStackLimit()
    753778{
     779#if PLATFORM(WIN)
     780    void* lastStackLimit = m_stackLimit;
     781#endif
     782
    754783    if (m_stackPointerAtVMEntry) {
    755784        ASSERT(wtfThreadData().stack().isGrowingDownward());
     
    770799    }
    771800
     801#if PLATFORM(WIN)
     802    if (lastStackLimit != m_stackLimit)
     803        preCommitStackMemory(m_stackLimit);
     804#endif
    772805}
    773806
  • trunk/Source/WTF/ChangeLog

    r165067 r165128  
     12014-03-05  peavo@outlook.com  <peavo@outlook.com>
     2
     3        [Win32][LLINT] Crash when running JSC stress tests.
     4        https://bugs.webkit.org/show_bug.cgi?id=129429
     5
     6        Reviewed by Geoffrey Garen.
     7
     8        * wtf/Platform.h: Enable LLINT on Win32.
     9
    1102014-03-04  Zan Dobersek  <zdobersek@igalia.com>
    211
  • trunk/Source/WTF/wtf/Platform.h

    r165067 r165128  
    641641    && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)) \
    642642    && !OS(WINCE) \
    643     && !OS(WINDOWS)
     643    && !(OS(WINDOWS) && CPU(X86_64))
    644644#define ENABLE_JIT 1
    645645#endif
     
    694694#if !defined(ENABLE_LLINT) \
    695695    && ENABLE(JIT) \
    696     && (OS(DARWIN) || OS(LINUX) || OS(FREEBSD)) \
    697     && ((OS(DARWIN) && !PLATFORM(EFL)) || PLATFORM(GTK)) \
     696    && (OS(DARWIN) || OS(LINUX) || OS(FREEBSD) || OS(WINDOWS)) \
     697    && ((OS(DARWIN) && !PLATFORM(EFL)) || PLATFORM(GTK) || PLATFORM(WIN)) \
    698698    && (CPU(X86) || CPU(X86_64) || CPU(ARM_THUMB2) || CPU(ARM_TRADITIONAL) || CPU(ARM64) || CPU(MIPS) || CPU(SH4))
    699699#define ENABLE_LLINT 1
     
    784784
    785785/* Configure the interpreter */
    786 #if COMPILER(GCC)
     786#if COMPILER(GCC) || COMPILER(MSVC)
    787787#define HAVE_COMPUTED_GOTO 1
    788788#endif
Note: See TracChangeset for help on using the changeset viewer.