Title: [236538] trunk/Source/_javascript_Core
- Revision
- 236538
- Author
- mark....@apple.com
- Date
- 2018-09-26 21:36:42 -0700 (Wed, 26 Sep 2018)
Log Message
Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
https://bugs.webkit.org/show_bug.cgi?id=190022
<rdar://problem/44800928>
Reviewed by Saam Barati.
* jit/ExecutableAllocator.cpp:
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
* jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (236537 => 236538)
--- trunk/Source/_javascript_Core/ChangeLog 2018-09-27 02:00:32 UTC (rev 236537)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-09-27 04:36:42 UTC (rev 236538)
@@ -1,5 +1,21 @@
2018-09-26 Mark Lam <mark....@apple.com>
+ Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
+ https://bugs.webkit.org/show_bug.cgi?id=190022
+ <rdar://problem/44800928>
+
+ Reviewed by Saam Barati.
+
+ * jit/ExecutableAllocator.cpp:
+ (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
+ (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
+ * jit/ExecutableAllocator.h:
+ (JSC::performJITMemcpy):
+ * runtime/Options.cpp:
+ (JSC::recomputeDependentOptions):
+
+2018-09-26 Mark Lam <mark....@apple.com>
+
Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64.
https://bugs.webkit.org/show_bug.cgi?id=190016
<rdar://problem/44802875>
Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocator.cpp (236537 => 236538)
--- trunk/Source/_javascript_Core/jit/ExecutableAllocator.cpp 2018-09-27 02:00:32 UTC (rev 236537)
+++ trunk/Source/_javascript_Core/jit/ExecutableAllocator.cpp 2018-09-27 04:36:42 UTC (rev 236538)
@@ -106,9 +106,11 @@
JS_EXPORT_PRIVATE void* taggedStartOfFixedExecutableMemoryPool;
JS_EXPORT_PRIVATE void* taggedEndOfFixedExecutableMemoryPool;
+
+#if !ENABLE(FAST_JIT_PERMISSIONS) || !CPU(ARM64E)
JS_EXPORT_PRIVATE bool useFastPermisionsJITCopy { false };
-
JS_EXPORT_PRIVATE JITWriteSeparateHeapsFunction jitWriteSeparateHeapsFunction;
+#endif
#if !USE(EXECUTE_ONLY_JIT_WRITE_FUNCTION) && HAVE(REMAP_JIT)
static uintptr_t startOfFixedWritableMemoryPool;
@@ -143,6 +145,11 @@
ASSERT(m_reservation.size() == reservationSize);
void* reservationBase = m_reservation.base();
+#if ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E)
+ RELEASE_ASSERT(os_thread_self_restrict_rwx_is_supported());
+ os_thread_self_restrict_rwx_to_rx();
+
+#else // not ENABLE(FAST_JIT_PERMISSIONS) or not CPU(ARM64E)
#if ENABLE(FAST_JIT_PERMISSIONS)
if (os_thread_self_restrict_rwx_is_supported()) {
useFastPermisionsJITCopy = true;
@@ -156,6 +163,7 @@
reservationSize -= pageSize();
initializeSeparatedWXHeaps(m_reservation.base(), pageSize(), reservationBase, reservationSize);
}
+#endif // not ENABLE(FAST_JIT_PERMISSIONS) or not CPU(ARM64E)
addFreshFreeSpace(reservationBase, reservationSize);
@@ -244,7 +252,9 @@
// Zero out writableAddr to avoid leaking the address of the writable mapping.
memset_s(&writableAddr, sizeof(writableAddr), 0, sizeof(writableAddr));
+#if !ENABLE(FAST_JIT_PERMISSIONS) || !CPU(ARM64E)
jitWriteSeparateHeapsFunction = reinterpret_cast<JITWriteSeparateHeapsFunction>(writeThunk.code().executableAddress());
+#endif
}
#if CPU(ARM64) && USE(EXECUTE_ONLY_JIT_WRITE_FUNCTION)
Modified: trunk/Source/_javascript_Core/jit/ExecutableAllocator.h (236537 => 236538)
--- trunk/Source/_javascript_Core/jit/ExecutableAllocator.h 2018-09-27 02:00:32 UTC (rev 236537)
+++ trunk/Source/_javascript_Core/jit/ExecutableAllocator.h 2018-09-27 04:36:42 UTC (rev 236538)
@@ -81,11 +81,14 @@
return startOfFixedExecutableMemoryPool() <= pc && pc < endOfFixedExecutableMemoryPool();
}
+#if !ENABLE(FAST_JIT_PERMISSIONS) || !CPU(ARM64E)
+
typedef void (*JITWriteSeparateHeapsFunction)(off_t, const void*, size_t);
extern JS_EXPORT_PRIVATE JITWriteSeparateHeapsFunction jitWriteSeparateHeapsFunction;
-
extern JS_EXPORT_PRIVATE bool useFastPermisionsJITCopy;
+#endif // !ENABLE(FAST_JIT_PERMISSIONS) || !CPU(ARM64E)
+
static inline void* performJITMemcpy(void *dst, const void *src, size_t n)
{
#if CPU(ARM64)
@@ -96,14 +99,18 @@
if (dst >= startOfFixedExecutableMemoryPool() && dst < endOfFixedExecutableMemoryPool()) {
RELEASE_ASSERT(reinterpret_cast<uint8_t*>(dst) + n <= endOfFixedExecutableMemoryPool());
#if ENABLE(FAST_JIT_PERMISSIONS)
- if (useFastPermisionsJITCopy) {
+#if !CPU(ARM64E)
+ if (useFastPermisionsJITCopy)
+#endif
+ {
os_thread_self_restrict_rwx_to_rw();
memcpy(dst, src, n);
os_thread_self_restrict_rwx_to_rx();
return dst;
}
-#endif
+#endif // ENABLE(FAST_JIT_PERMISSIONS)
+#if !ENABLE(FAST_JIT_PERMISSIONS) || !CPU(ARM64E)
if (jitWriteSeparateHeapsFunction) {
// Use execute-only write thunk for writes inside the JIT region. This is a variant of
// memcpy that takes an offset into the JIT region as its destination (first) parameter.
@@ -111,6 +118,7 @@
retagCodePtr<JITThunkPtrTag, CFunctionPtrTag>(jitWriteSeparateHeapsFunction)(offset, src, n);
return dst;
}
+#endif
}
// Use regular memcpy for writes outside the JIT region.
Modified: trunk/Source/_javascript_Core/runtime/Options.cpp (236537 => 236538)
--- trunk/Source/_javascript_Core/runtime/Options.cpp 2018-09-27 02:00:32 UTC (rev 236537)
+++ trunk/Source/_javascript_Core/runtime/Options.cpp 2018-09-27 04:36:42 UTC (rev 236538)
@@ -459,7 +459,7 @@
Options::useOSREntryToFTL() = false;
}
-#if PLATFORM(IOS) && CPU(ARM64)
+#if PLATFORM(IOS) && CPU(ARM64) && !CPU(ARM64E)
// Override globally for now. Longer term we'll just make the default
// be to have this option enabled, and have platforms that don't support
// it just silently use a single mapping.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
