Changeset 239290 in webkit
- Timestamp:
- Dec 17, 2018 2:46:50 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 4 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/stress/out-of-frame-stack-accesses-due-to-probe-based-osr-exits.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/dfg/DFGOSRExit.cpp (modified) (7 diffs)
-
Source/JavaScriptCore/interpreter/Register.h (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r239287 r239290 1 2018-12-17 Mark Lam <mark.lam@apple.com> 2 3 Suppress ASAN on valid stack accesses in Probe-based OSRExit::executeOSRExit(). 4 https://bugs.webkit.org/show_bug.cgi?id=192776 5 <rdar://problem/46772368> 6 7 Reviewed by Keith Miller. 8 9 * stress/out-of-frame-stack-accesses-due-to-probe-based-osr-exits.js: Added. 10 1 11 2018-12-17 Mark Lam <mark.lam@apple.com> 2 12 -
trunk/Source/JavaScriptCore/ChangeLog
r239287 r239290 1 2018-12-17 Mark Lam <mark.lam@apple.com> 2 3 Suppress ASAN on valid stack accesses in Probe-based OSRExit::executeOSRExit(). 4 https://bugs.webkit.org/show_bug.cgi?id=192776 5 <rdar://problem/46772368> 6 7 Reviewed by Keith Miller. 8 9 1. Add some asanUnsafe methods to the Register class. 10 2. Update the probe-based OSRExit::executeOSRExit() to use these asanUnsafe methods. 11 12 * dfg/DFGOSRExit.cpp: 13 (JSC::DFG::OSRExit::executeOSRExit): 14 * interpreter/Register.h: 15 (JSC::Register::asanUnsafeUnboxedInt32 const): 16 (JSC::Register::asanUnsafeUnboxedInt52 const): 17 (JSC::Register::asanUnsafeUnboxedStrictInt52 const): 18 (JSC::Register::asanUnsafeUnboxedDouble const): 19 (JSC::Register::asanUnsafeUnboxedCell const): 20 1 21 2018-12-17 Mark Lam <mark.lam@apple.com> 2 22 -
trunk/Source/JavaScriptCore/dfg/DFGOSRExit.cpp
r238414 r239290 570 570 switch (recovery.technique()) { 571 571 case DisplacedInJSStack: 572 frame.setOperand(operand, exec->r(recovery.virtualRegister()). jsValue());572 frame.setOperand(operand, exec->r(recovery.virtualRegister()).asanUnsafeJSValue()); 573 573 break; 574 574 … … 592 592 593 593 case CellDisplacedInJSStack: 594 frame.setOperand(operand, JSValue(exec->r(recovery.virtualRegister()). unboxedCell()));594 frame.setOperand(operand, JSValue(exec->r(recovery.virtualRegister()).asanUnsafeUnboxedCell())); 595 595 break; 596 596 … … 603 603 case BooleanDisplacedInJSStack: 604 604 #if USE(JSVALUE64) 605 frame.setOperand(operand, exec->r(recovery.virtualRegister()). jsValue());605 frame.setOperand(operand, exec->r(recovery.virtualRegister()).asanUnsafeJSValue()); 606 606 #else 607 frame.setOperand(operand, jsBoolean(exec->r(recovery.virtualRegister()). jsValue().payload()));607 frame.setOperand(operand, jsBoolean(exec->r(recovery.virtualRegister()).asanUnsafeJSValue().payload())); 608 608 #endif 609 609 break; … … 614 614 615 615 case Int32DisplacedInJSStack: 616 frame.setOperand(operand, JSValue(exec->r(recovery.virtualRegister()). unboxedInt32()));616 frame.setOperand(operand, JSValue(exec->r(recovery.virtualRegister()).asanUnsafeUnboxedInt32())); 617 617 break; 618 618 … … 623 623 624 624 case Int52DisplacedInJSStack: 625 frame.setOperand(operand, JSValue(exec->r(recovery.virtualRegister()). unboxedInt52()));625 frame.setOperand(operand, JSValue(exec->r(recovery.virtualRegister()).asanUnsafeUnboxedInt52())); 626 626 break; 627 627 … … 631 631 632 632 case StrictInt52DisplacedInJSStack: 633 frame.setOperand(operand, JSValue(exec->r(recovery.virtualRegister()). unboxedStrictInt52()));633 frame.setOperand(operand, JSValue(exec->r(recovery.virtualRegister()).asanUnsafeUnboxedStrictInt52())); 634 634 break; 635 635 #endif … … 640 640 641 641 case DoubleDisplacedInJSStack: 642 frame.setOperand(operand, JSValue(JSValue::EncodeAsDouble, purifyNaN(exec->r(recovery.virtualRegister()). unboxedDouble())));642 frame.setOperand(operand, JSValue(JSValue::EncodeAsDouble, purifyNaN(exec->r(recovery.virtualRegister()).asanUnsafeUnboxedDouble()))); 643 643 break; 644 644 -
trunk/Source/JavaScriptCore/interpreter/Register.h
r235603 r239290 66 66 JSScope* scope() const; 67 67 int32_t unboxedInt32() const; 68 int32_t asanUnsafeUnboxedInt32() const; 68 69 int64_t unboxedInt52() const; 70 int64_t asanUnsafeUnboxedInt52() const; 69 71 int64_t unboxedStrictInt52() const; 72 int64_t asanUnsafeUnboxedStrictInt52() const; 70 73 bool unboxedBoolean() const; 71 74 double unboxedDouble() const; 75 double asanUnsafeUnboxedDouble() const; 72 76 JSCell* unboxedCell() const; 77 JSCell* asanUnsafeUnboxedCell() const; 73 78 int32_t payload() const; 74 79 int32_t tag() const; … … 171 176 } 172 177 178 SUPPRESS_ASAN ALWAYS_INLINE int32_t Register::asanUnsafeUnboxedInt32() const 179 { 180 return unsafePayload(); 181 } 182 173 183 ALWAYS_INLINE int64_t Register::unboxedInt52() const 174 184 { … … 176 186 } 177 187 188 SUPPRESS_ASAN ALWAYS_INLINE int64_t Register::asanUnsafeUnboxedInt52() const 189 { 190 return u.integer >> JSValue::int52ShiftAmount; 191 } 192 178 193 ALWAYS_INLINE int64_t Register::unboxedStrictInt52() const 179 194 { … … 181 196 } 182 197 198 SUPPRESS_ASAN ALWAYS_INLINE int64_t Register::asanUnsafeUnboxedStrictInt52() const 199 { 200 return u.integer; 201 } 202 183 203 ALWAYS_INLINE bool Register::unboxedBoolean() const 184 204 { … … 191 211 } 192 212 213 SUPPRESS_ASAN ALWAYS_INLINE double Register::asanUnsafeUnboxedDouble() const 214 { 215 return u.number; 216 } 217 193 218 ALWAYS_INLINE JSCell* Register::unboxedCell() const 194 219 { … … 200 225 } 201 226 227 SUPPRESS_ASAN ALWAYS_INLINE JSCell* Register::asanUnsafeUnboxedCell() const 228 { 229 #if USE(JSVALUE64) 230 return u.encodedValue.ptr; 231 #else 232 return bitwise_cast<JSCell*>(payload()); 233 #endif 234 } 235 202 236 ALWAYS_INLINE void* Register::pointer() const 203 237 {
Note: See TracChangeset
for help on using the changeset viewer.
