Attachment 356847 Details for Bug 192050 – Patch

[patch] Patch

bug-192050-20181208004955.patch (text/plain), 3.17 KB, created by Tadeu Zagallo on 2018-12-07 15:49:57 PST

(hide)

Description:

Filename:

MIME Type:

Creator: Tadeu Zagallo

Created: 2018-12-07 15:49:57 PST

Size: 3.17 KB

patch

obsolete

>Subversion Revision: 238927
>diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
>index ac53c4cf7c1eb23870742f6de68a16f3b43f3bbd..62f383af24187f33465f319bacc0388a44eafd0e 100644
>--- a/Source/JavaScriptCore/ChangeLog
>+++ b/Source/JavaScriptCore/ChangeLog
>@@ -1,3 +1,22 @@
>+2018-12-07  Tadeu Zagallo  <tzagallo@apple.com>
>+
>+        Align the metadata table on all platforms
>+        https://bugs.webkit.org/show_bug.cgi?id=192050
>+        <rdar://problem/46312674>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Although certain platforms don't require the metadata to be aligned,
>+        values were being concurrently read and written to ValueProfiles,
>+        which caused crashes since these operations are not atomic on unaligned
>+        addresses.
>+
>+        * bytecode/Opcode.cpp:
>+        (JSC::metadataAlignment):
>+        * bytecode/Opcode.h:
>+        * bytecode/UnlinkedMetadataTableInlines.h:
>+        (JSC::UnlinkedMetadataTable::finalize):
>+
> 2018-12-05  Mark Lam  <mark.lam@apple.com>
> 
>         speculationFromCell() should speculate non-Identifier strings as SpecString instead of SpecStringVar.
>diff --git a/Source/JavaScriptCore/bytecode/Opcode.cpp b/Source/JavaScriptCore/bytecode/Opcode.cpp
>index 9fac45314305995b7a6d281cb0cc5aa2e54229e7..97d47d45ecc71229e0b78019a8cf881be4a5eb6e 100644
>--- a/Source/JavaScriptCore/bytecode/Opcode.cpp
>+++ b/Source/JavaScriptCore/bytecode/Opcode.cpp
>@@ -193,7 +193,6 @@ static unsigned metadataSizes[] = {
> 
> };
> 
>-#if CPU(NEEDS_ALIGNED_ACCESS)
> static unsigned metadataAlignments[] = {
> 
> #define METADATA_ALIGNMENT(size) size,
>@@ -201,19 +200,16 @@ static unsigned metadataAlignments[] = {
> #undef METADATA_ALIGNMENT
> 
> };
>-#endif
> 
> unsigned metadataSize(OpcodeID opcodeID)
> {
>     return metadataSizes[opcodeID];
> }
> 
>-#if CPU(NEEDS_ALIGNED_ACCESS)
> unsigned metadataAlignment(OpcodeID opcodeID)
> {
>     return metadataAlignments[opcodeID];
> }
>-#endif
> 
> } // namespace JSC
> 
>diff --git a/Source/JavaScriptCore/bytecode/Opcode.h b/Source/JavaScriptCore/bytecode/Opcode.h
>index 38bdfe2db61e65a35d9863ecca778b139e92300a..1f39b7f9d9c32008edaeeaee64b5297691da28a5 100644
>--- a/Source/JavaScriptCore/bytecode/Opcode.h
>+++ b/Source/JavaScriptCore/bytecode/Opcode.h
>@@ -251,9 +251,7 @@ inline bool isThrow(OpcodeID opcodeID)
> }
> 
> unsigned metadataSize(OpcodeID);
>-#if CPU(NEEDS_ALIGNED_ACCESS)
> unsigned metadataAlignment(OpcodeID);
>-#endif
> 
> } // namespace JSC
> 
>diff --git a/Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h b/Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h
>index ac8acca136ed42101e7494bfbf223556da1005ae..05fb04b790cfed2aac09412510a2f9037b637bf2 100644
>--- a/Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h
>+++ b/Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h
>@@ -90,9 +90,7 @@ ALWAYS_INLINE void UnlinkedMetadataTable::finalize()
>         unsigned numberOfEntries = buffer()[i];
> 
>         if (numberOfEntries > 0) {
>-#if CPU(NEEDS_ALIGNED_ACCESS)
>             offset = roundUpToMultipleOf(metadataAlignment(static_cast<OpcodeID>(i)), offset);
>-#endif
>             buffer()[i] = offset;
>             offset += numberOfEntries * metadataSize(static_cast<OpcodeID>(i));
>         } else

Actions: View | Formatted Diff | Diff

Attachments on bug 192050: 356414 | 356462 | 356512 | 356744 | 356758 | 356768 | 356847