[webkit-changes] [212908] trunk/Source/JavaScriptCore

[mark . lam]

Title: [212908] trunk/Source/_javascript_Core

Revision

212908

Author

mark....@apple.com

Date

2017-02-23 11:42:58 -0800 (Thu, 23 Feb 2017)

Log Message

Ensure that the end of the last invalidation point does not extend beyond the end of the buffer.
https://bugs.webkit.org/show_bug.cgi?id=168786

Reviewed by Filip Pizlo.

In practice, we will always have multiple instructions after invalidation points,
and have enough room in the JIT buffer for the invalidation point to work with.
However, as a precaution, we can guarantee that there's enough room by always
emitting a label just before we link the buffer.  The label will emit nop padding
if needed.

* assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::linkCode):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (212907 => 212908)

--- trunk/Source/_javascript_Core/ChangeLog	2017-02-23 19:25:10 UTC (rev 212907)
+++ trunk/Source/_javascript_Core/ChangeLog	2017-02-23 19:42:58 UTC (rev 212908)
@@ -1,3 +1,19 @@
+2017-02-23  Mark Lam  <mark....@apple.com>
+
+        Ensure that the end of the last invalidation point does not extend beyond the end of the buffer.
+        https://bugs.webkit.org/show_bug.cgi?id=168786
+
+        Reviewed by Filip Pizlo.
+
+        In practice, we will always have multiple instructions after invalidation points,
+        and have enough room in the JIT buffer for the invalidation point to work with.
+        However, as a precaution, we can guarantee that there's enough room by always
+        emitting a label just before we link the buffer.  The label will emit nop padding
+        if needed.
+
+        * assembler/LinkBuffer.cpp:
+        (JSC::LinkBuffer::linkCode):
+
 2017-02-23  Keith Miller  <keith_mil...@apple.com>
 
         Unreviewed, fix the cloop build. Needed a #if.

Modified: trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp (212907 => 212908)

--- trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp	2017-02-23 19:25:10 UTC (rev 212907)
+++ trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp	2017-02-23 19:42:58 UTC (rev 212908)
@@ -196,6 +196,9 @@
 
 void LinkBuffer::linkCode(MacroAssembler& macroAssembler, void* ownerUID, JITCompilationEffort effort)
 {
+    // Ensure that the end of the last invalidation point does not extend beyond the end of the buffer.
+    macroAssembler.label();
+
 #if !ENABLE(BRANCH_COMPACTION)
 #if defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL
     macroAssembler.m_assembler.buffer().flushConstantPool(false);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes