Changeset 238997 in webkit


Ignore:
Timestamp:
Dec 7, 2018 5:12:57 PM (5 years ago)
Author:
Tadeu Zagallo
Message:

Align the metadata table on all platforms
https://bugs.webkit.org/show_bug.cgi?id=192050
<rdar://problem/46312674>

Reviewed by Mark Lam.

Although certain platforms don't require the metadata to be aligned,
values were being concurrently read and written to ValueProfiles,
which caused crashes since these operations are not atomic on unaligned
addresses.

  • bytecode/Opcode.cpp:

(JSC::metadataAlignment):

  • bytecode/Opcode.h:
  • bytecode/UnlinkedMetadataTableInlines.h:

(JSC::UnlinkedMetadataTable::finalize):

Location:
trunk/Source/JavaScriptCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r238923 r238997  
     12018-12-07  Tadeu Zagallo  <tzagallo@apple.com>
     2
     3        Align the metadata table on all platforms
     4        https://bugs.webkit.org/show_bug.cgi?id=192050
     5        <rdar://problem/46312674>
     6
     7        Reviewed by Mark Lam.
     8
     9        Although certain platforms don't require the metadata to be aligned,
     10        values were being concurrently read and written to ValueProfiles,
     11        which caused crashes since these operations are not atomic on unaligned
     12        addresses.
     13
     14        * bytecode/Opcode.cpp:
     15        (JSC::metadataAlignment):
     16        * bytecode/Opcode.h:
     17        * bytecode/UnlinkedMetadataTableInlines.h:
     18        (JSC::UnlinkedMetadataTable::finalize):
     19
    1202018-12-05  Mark Lam  <mark.lam@apple.com>
    221

  • trunk/Source/JavaScriptCore/bytecode/Opcode.cpp

    r237638 r238997  
    194194};
    195195
    196 #if CPU(NEEDS_ALIGNED_ACCESS)
    197196static unsigned metadataAlignments[] = {
    198197
     
    202201
    203202};
    204 #endif
    205203
    206204unsigned metadataSize(OpcodeID opcodeID)
     
    209207}
    210208
    211 #if CPU(NEEDS_ALIGNED_ACCESS)
    212209unsigned metadataAlignment(OpcodeID opcodeID)
    213210{
    214211    return metadataAlignments[opcodeID];
    215212}
    216 #endif
    217213
    218214} // namespace JSC

  • trunk/Source/JavaScriptCore/bytecode/Opcode.h

    r238732 r238997  
    252252
    253253unsigned metadataSize(OpcodeID);
    254 #if CPU(NEEDS_ALIGNED_ACCESS)
    255254unsigned metadataAlignment(OpcodeID);
    256 #endif
    257255
    258256} // namespace JSC

  • trunk/Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h

    r237987 r238997  
    9191
    9292        if (numberOfEntries > 0) {
    93 #if CPU(NEEDS_ALIGNED_ACCESS)
    9493            offset = roundUpToMultipleOf(metadataAlignment(static_cast<OpcodeID>(i)), offset);
    95 #endif
    9694            buffer()[i] = offset;
    9795            offset += numberOfEntries * metadataSize(static_cast<OpcodeID>(i));
Note: See TracChangeset for help on using the changeset viewer.