Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (239363 => 239364)
--- trunk/Source/_javascript_Core/ChangeLog 2018-12-19 02:11:58 UTC (rev 239363)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-12-19 02:27:00 UTC (rev 239364)
@@ -1,3 +1,26 @@
+2018-12-18 Saam Barati <sbar...@apple.com>
+
+ Update ARM64EHash
+ https://bugs.webkit.org/show_bug.cgi?id=192823
+ <rdar://problem/45468257>
+
+ Reviewed by Mark Lam.
+
+ * assembler/ARM64Assembler.h:
+ (JSC::ARM64Assembler::ARM64Assembler):
+ * assembler/AbstractMacroAssembler.h:
+ (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
+ * assembler/AssemblerBuffer.h:
+ (JSC::ARM64EHash::update):
+ (JSC::ARM64EHash::finalHash const):
+ (JSC::AssemblerBuffer::AssemblerBuffer):
+ (JSC::AssemblerBuffer::putIntegralUnchecked):
+ (JSC::ARM64EHash::ARM64EHash): Deleted.
+ (JSC::ARM64EHash::hash const): Deleted.
+ (JSC::ARM64EHash::randomSeed const): Deleted.
+ * assembler/LinkBuffer.cpp:
+ (JSC::LinkBuffer::copyCompactAndLinkCode):
+
2018-12-18 Mark Lam <mark....@apple.com>
JSON.stringify() should throw OOM on StringBuilder overflows.
Modified: trunk/Source/_javascript_Core/assembler/ARM64Assembler.h (239363 => 239364)
--- trunk/Source/_javascript_Core/assembler/ARM64Assembler.h 2018-12-19 02:11:58 UTC (rev 239363)
+++ trunk/Source/_javascript_Core/assembler/ARM64Assembler.h 2018-12-19 02:27:00 UTC (rev 239364)
@@ -326,17 +326,9 @@
static constexpr bool isZr(RegisterID reg) { return ARM64Registers::isZr(reg); }
public:
- ARM64Assembler(
-#if CPU(ARM64E)
- unsigned randomNumber
-#endif
- )
+ ARM64Assembler()
: m_indexOfLastWatchpoint(INT_MIN)
, m_indexOfTailOfLastWatchpoint(INT_MIN)
-#if CPU(ARM64E)
- , m_buffer(randomNumber)
-#endif
-
{
}
Modified: trunk/Source/_javascript_Core/assembler/AbstractMacroAssembler.h (239363 => 239364)
--- trunk/Source/_javascript_Core/assembler/AbstractMacroAssembler.h 2018-12-19 02:11:58 UTC (rev 239363)
+++ trunk/Source/_javascript_Core/assembler/AbstractMacroAssembler.h 2018-12-19 02:27:00 UTC (rev 239364)
@@ -986,11 +986,7 @@
protected:
AbstractMacroAssembler()
: m_randomSource(0)
-#if CPU(ARM64E)
- , m_assembler(random())
-#else
, m_assembler()
-#endif
{
invalidateAllTempRegisters();
}
Modified: trunk/Source/_javascript_Core/assembler/AssemblerBuffer.h (239363 => 239364)
--- trunk/Source/_javascript_Core/assembler/AssemblerBuffer.h 2018-12-19 02:11:58 UTC (rev 239363)
+++ trunk/Source/_javascript_Core/assembler/AssemblerBuffer.h 2018-12-19 02:27:00 UTC (rev 239364)
@@ -149,34 +149,31 @@
#if CPU(ARM64E)
class ARM64EHash {
public:
- ARM64EHash(unsigned randomNumber)
- : m_hash(randomNumber)
- , m_randomSeed(randomNumber)
- { }
- ALWAYS_INLINE void update(unsigned value, uintptr_t index)
+ ARM64EHash() = default;
+ ALWAYS_INLINE void update(uint32_t value)
{
- m_hash = tagInt((static_cast<uintptr_t>(value) + m_hash) ^ (m_hash >> 32), static_cast<PtrTag>(index));
+ uint64_t input = value ^ m_hash;
+ uint64_t a = static_cast<uint32_t>(tagInt(input, static_cast<PtrTag>(0)) >> 39);
+ uint64_t b = tagInt(input, static_cast<PtrTag>(0xb7e151628aed2a6a)) >> 23;
+ m_hash = a | b;
}
- uintptr_t hash() const { return m_hash; }
- unsigned randomSeed() const { return m_randomSeed; }
+ uint32_t finalHash() const
+ {
+ uint64_t hash = m_hash;
+ uint64_t a = static_cast<uint32_t>(tagInt(hash, static_cast<PtrTag>(0xbf7158809cf4f3c7)) >> 39);
+ uint64_t b = tagInt(hash, static_cast<PtrTag>(0x62e7160f38b4da56)) >> 23;
+ return static_cast<uint32_t>(a | b);
+ }
private:
- uintptr_t m_hash;
- unsigned m_randomSeed;
+ uint32_t m_hash { 0 };
};
#endif
class AssemblerBuffer {
public:
- AssemblerBuffer(
-#if CPU(ARM64E)
- unsigned randomNumber
-#endif
- )
+ AssemblerBuffer()
: m_storage()
, m_index(0)
-#if CPU(ARM64E)
- , m_hash(randomNumber)
-#endif
{
}
@@ -309,7 +306,7 @@
#if CPU(ARM64)
static_assert(sizeof(value) == 4, "");
#if CPU(ARM64E)
- m_hash.update(value, m_index);
+ m_hash.update(value);
#endif
#endif
ASSERT(isAvailable(sizeof(IntegralType)));
Modified: trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp (239363 => 239364)
--- trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp 2018-12-19 02:11:58 UTC (rev 239363)
+++ trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp 2018-12-19 02:27:00 UTC (rev 239364)
@@ -139,8 +139,8 @@
uint8_t* codeOutData = m_code.dataLocation<uint8_t*>();
#if CPU(ARM64E) && ENABLE(FAST_JIT_PERMISSIONS)
- const ARM64EHash assemblerBufferHash = macroAssembler.m_assembler.buffer().hash();
- ARM64EHash verifyUncompactedHash(assemblerBufferHash.randomSeed());
+ const uint32_t expectedFinalHash = macroAssembler.m_assembler.buffer().hash().finalHash();
+ ARM64EHash verifyUncompactedHash;
uint8_t* outData = codeOutData;
#if ENABLE(SEPARATED_WX_HEAP)
AssemblerData outBuffer(m_size);
@@ -178,15 +178,11 @@
ASSERT(!(regionSize % 2));
ASSERT(!(readPtr % 2));
ASSERT(!(writePtr % 2));
-#if CPU(ARM64E) && ENABLE(FAST_JIT_PERMISSIONS)
- unsigned index = readPtr;
-#endif
while (copySource != copyEnd) {
InstructionType insn = *copySource++;
#if CPU(ARM64E) && ENABLE(FAST_JIT_PERMISSIONS)
static_assert(sizeof(InstructionType) == 4, "");
- verifyUncompactedHash.update(insn, index);
- index += sizeof(InstructionType);
+ verifyUncompactedHash.update(insn);
#endif
*copyDst++ = insn;
}
@@ -231,15 +227,10 @@
RELEASE_ASSERT(bitwise_cast<uintptr_t>(src) % sizeof(InstructionType) == 0);
RELEASE_ASSERT(bytes % sizeof(InstructionType) == 0);
-#if CPU(ARM64E) && ENABLE(FAST_JIT_PERMISSIONS)
- unsigned index = readPtr;
-#endif
-
for (size_t i = 0; i < bytes; i += sizeof(InstructionType)) {
InstructionType insn = *src++;
#if CPU(ARM64E) && ENABLE(FAST_JIT_PERMISSIONS)
- verifyUncompactedHash.update(insn, index);
- index += sizeof(InstructionType);
+ verifyUncompactedHash.update(insn);
#endif
*dst++ = insn;
}
@@ -246,8 +237,8 @@
}
#if CPU(ARM64E) && ENABLE(FAST_JIT_PERMISSIONS)
- if (verifyUncompactedHash.hash() != assemblerBufferHash.hash()) {
- dataLogLn("Hashes don't match: ", RawPointer(bitwise_cast<void*>(verifyUncompactedHash.hash())), " ", RawPointer(bitwise_cast<void*>(assemblerBufferHash.hash())));
+ if (verifyUncompactedHash.finalHash() != expectedFinalHash) {
+ dataLogLn("Hashes don't match: ", RawPointer(bitwise_cast<void*>(static_cast<uintptr_t>(verifyUncompactedHash.finalHash()))), " ", RawPointer(bitwise_cast<void*>(static_cast<uintptr_t>(expectedFinalHash))));
dataLogLn("Crashing!");
CRASH();
}
