Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (246037 => 246038)
--- trunk/Source/_javascript_Core/ChangeLog 2019-06-03 16:37:27 UTC (rev 246037)
+++ trunk/Source/_javascript_Core/ChangeLog 2019-06-03 16:48:01 UTC (rev 246038)
@@ -1,3 +1,17 @@
+2019-06-03 Commit Queue <[email protected]>
+
+ Unreviewed, rolling out r246022.
+ https://bugs.webkit.org/show_bug.cgi?id=198486
+
+ Causing Internal build failures and JSC test failures
+ (Requested by ShawnRoberts on #webkit).
+
+ Reverted changeset:
+
+ "Reenable Gigacage on ARM64."
+ https://bugs.webkit.org/show_bug.cgi?id=198453
+ https://trac.webkit.org/changeset/246022
+
2019-06-03 Darin Adler <[email protected]>
Finish cleanup of String::number for floating point
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (246037 => 246038)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2019-06-03 16:37:27 UTC (rev 246037)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2019-06-03 16:48:01 UTC (rev 246038)
@@ -2873,7 +2873,7 @@
TrustedImm32(WastefulTypedArray));
JITCompiler::Jump hasNullVector;
-#if CPU(ARM64E)
+#if !GIGACAGE_ENABLED && CPU(ARM64E)
{
GPRReg scratch = m_jit.scratchRegister();
DisallowMacroScratchRegisterUsage disallowScratch(m_jit);
@@ -2882,7 +2882,7 @@
m_jit.removeArrayPtrTag(scratch);
hasNullVector = m_jit.branchTestPtr(MacroAssembler::Zero, scratch);
}
-#else // CPU(ARM64E)
+#else // !GIGACAGE_ENABLED && CPU(ARM64E)
hasNullVector = m_jit.branchTestPtr(
MacroAssembler::Zero,
MacroAssembler::Address(base, JSArrayBufferView::offsetOfVector()));
@@ -6719,14 +6719,6 @@
void SpeculativeJIT::cageTypedArrayStorage(GPRReg baseReg, GPRReg storageReg)
{
-#if CPU(ARM64E)
- m_jit.untagArrayPtr(MacroAssembler::Address(baseReg, JSArrayBufferView::offsetOfLength()), storageReg);
- m_jit.loadPtr(storageReg, m_jit.scratchRegister());
-#else
- UNUSED_PARAM(baseReg);
- UNUSED_PARAM(storageReg);
-#endif
-
#if GIGACAGE_ENABLED
UNUSED_PARAM(baseReg);
if (!Gigacage::shouldBeEnabled())
@@ -6740,6 +6732,11 @@
}
m_jit.cage(Gigacage::Primitive, storageReg);
+#elif CPU(ARM64E)
+ m_jit.untagArrayPtr(MacroAssembler::Address(baseReg, JSArrayBufferView::offsetOfLength()), storageReg);
+#else
+ UNUSED_PARAM(baseReg);
+ UNUSED_PARAM(storageReg);
#endif
}
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (246037 => 246038)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2019-06-03 16:37:27 UTC (rev 246037)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2019-06-03 16:48:01 UTC (rev 246038)
@@ -6463,7 +6463,7 @@
m_out.int64Zero,
m_heaps.typedArrayProperties);
-#if CPU(ARM64E)
+#if !GIGACAGE_ENABLED && CPU(ARM64E)
{
LValue sizePtr = m_out.zeroExtPtr(size);
PatchpointValue* authenticate = m_out.patchpoint(pointerType());
@@ -14108,12 +14108,9 @@
PatchpointValue* authenticate = m_out.patchpoint(pointerType());
authenticate->appendSomeRegister(ptr);
authenticate->append(size, B3::ValueRep(B3::ValueRep::SomeLateRegister));
- authenticate->numGPScratchRegisters = 1;
authenticate->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) {
jit.move(params[1].gpr(), params[0].gpr());
jit.untagArrayPtr(params[2].gpr(), params[0].gpr());
- // Force a load to check authentication. before it is cleared by Gigacaging later.
- jit.loadPtr(params[0].gpr(), params.gpScratch(0));
});
return authenticate;
#else
@@ -14138,16 +14135,6 @@
LValue caged(Gigacage::Kind kind, LValue ptr, LValue base)
{
-#if CPU(ARM64E)
- if (kind == Gigacage::Primitive) {
- LValue size = m_out.load32(base, m_heaps.JSArrayBufferView_length);
- ptr = untagArrayPtr(ptr, size);
- }
-#else
- UNUSED_PARAM(kind);
- UNUSED_PARAM(base);
-#endif
-
#if GIGACAGE_ENABLED
UNUSED_PARAM(base);
if (!Gigacage::isEnabled(kind))
@@ -14178,6 +14165,17 @@
// and possibly other smart things if we want to be able to remove this opaque.
// https://bugs.webkit.org/show_bug.cgi?id=175493
return m_out.opaque(result);
+#elif CPU(ARM64E)
+ if (kind == Gigacage::Primitive) {
+ LValue size = m_out.load32(base, m_heaps.JSArrayBufferView_length);
+ return untagArrayPtr(ptr, size);
+ }
+
+ return ptr;
+#else
+ UNUSED_PARAM(kind);
+ UNUSED_PARAM(base);
+ return ptr;
#endif
}
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (246037 => 246038)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2019-06-03 16:37:27 UTC (rev 246037)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2019-06-03 16:48:01 UTC (rev 246038)
@@ -1571,18 +1571,6 @@
void cageConditionally(Gigacage::Kind kind, GPRReg storage, GPRReg scratchOrLength)
{
-#if CPU(ARM64E)
- if (kind == Gigacage::Primitive) {
- untagArrayPtr(scratchOrLength, storage);
- // Force a load to trap on authentication failure. storage shouldn't be null here.
- loadPtr(storage, scratchOrLength);
- }
-#else
- UNUSED_PARAM(kind);
- UNUSED_PARAM(storage);
- UNUSED_PARAM(scratchOrLength);
-#endif
-
#if GIGACAGE_ENABLED
if (!Gigacage::isEnabled(kind))
return;
@@ -1595,6 +1583,13 @@
andPtr(TrustedImmPtr(Gigacage::mask(kind)), storage);
addPtr(scratchOrLength, storage);
done.link(this);
+#elif CPU(ARM64E)
+ if (kind == Gigacage::Primitive)
+ untagArrayPtr(scratchOrLength, storage);
+#else
+ UNUSED_PARAM(kind);
+ UNUSED_PARAM(storage);
+ UNUSED_PARAM(scratchOrLength);
#endif
}
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (246037 => 246038)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2019-06-03 16:37:27 UTC (rev 246037)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2019-06-03 16:48:01 UTC (rev 246038)
@@ -434,13 +434,10 @@
macro loadCagedPrimitive(source, dest, scratchOrLength)
loadp source, dest
- if ARM64E
- untagArrayPtr scratchOrLength, dest
- # Force a load to check PAC before we clear it below.
- loadp [dest], scratchOrLength
- end
if GIGACAGE_ENABLED
uncage(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, dest, scratchOrLength)
+ elsif ARM64E
+ untagArrayPtr scratchOrLength, dest
end
end
Modified: trunk/Source/WTF/ChangeLog (246037 => 246038)
--- trunk/Source/WTF/ChangeLog 2019-06-03 16:37:27 UTC (rev 246037)
+++ trunk/Source/WTF/ChangeLog 2019-06-03 16:48:01 UTC (rev 246038)
@@ -1,3 +1,17 @@
+2019-06-03 Commit Queue <[email protected]>
+
+ Unreviewed, rolling out r246022.
+ https://bugs.webkit.org/show_bug.cgi?id=198486
+
+ Causing Internal build failures and JSC test failures
+ (Requested by ShawnRoberts on #webkit).
+
+ Reverted changeset:
+
+ "Reenable Gigacage on ARM64."
+ https://bugs.webkit.org/show_bug.cgi?id=198453
+ https://trac.webkit.org/changeset/246022
+
2019-06-03 Darin Adler <[email protected]>
Finish cleanup of String::number for floating point
Modified: trunk/Source/WTF/wtf/CagedPtr.h (246037 => 246038)
--- trunk/Source/WTF/wtf/CagedPtr.h 2019-06-03 16:37:27 UTC (rev 246037)
+++ trunk/Source/WTF/wtf/CagedPtr.h 2019-06-03 16:48:01 UTC (rev 246038)
@@ -35,18 +35,6 @@
template<Gigacage::Kind passedKind, typename T, bool shouldTag = false, typename PtrTraits = DumbPtrTraits<T>>
class CagedPtr {
-#if CPU(ARM64E)
- static void authenticatingLoad(T* ptr)
- {
- double result;
- asm volatile("ldr %[out], [%[in]]"
- : [out] "=&r"(result)
- : [in] "r"(ptr) :);
- }
-#else
- static void authenticatingLoad(T*) { }
-#endif
-
public:
static constexpr Gigacage::Kind kind = passedKind;
@@ -64,10 +52,8 @@
{
ASSERT(m_ptr);
T* ptr = PtrTraits::unwrap(m_ptr);
- if (shouldTag) {
+ if (shouldTag)
ptr = untagArrayPtr(ptr, size);
- authenticatingLoad(ptr);
- }
return Gigacage::caged(kind, ptr);
}
@@ -74,11 +60,8 @@
T* getMayBeNull(unsigned size) const
{
T* ptr = PtrTraits::unwrap(m_ptr);
- if (shouldTag) {
+ if (shouldTag)
ptr = untagArrayPtr(ptr, size);
- if (ptr)
- authenticatingLoad(ptr);
- }
return Gigacage::cagedMayBeNull(kind, ptr);
}
Modified: trunk/Source/bmalloc/ChangeLog (246037 => 246038)
--- trunk/Source/bmalloc/ChangeLog 2019-06-03 16:37:27 UTC (rev 246037)
+++ trunk/Source/bmalloc/ChangeLog 2019-06-03 16:48:01 UTC (rev 246038)
@@ -1,3 +1,17 @@
+2019-06-03 Commit Queue <[email protected]>
+
+ Unreviewed, rolling out r246022.
+ https://bugs.webkit.org/show_bug.cgi?id=198486
+
+ Causing Internal build failures and JSC test failures
+ (Requested by ShawnRoberts on #webkit).
+
+ Reverted changeset:
+
+ "Reenable Gigacage on ARM64."
+ https://bugs.webkit.org/show_bug.cgi?id=198453
+ https://trac.webkit.org/changeset/246022
+
2019-06-02 Keith Miller <[email protected]>
Reenable Gigacage on ARM64.
Modified: trunk/Source/bmalloc/bmalloc/Gigacage.h (246037 => 246038)
--- trunk/Source/bmalloc/bmalloc/Gigacage.h 2019-06-03 16:37:27 UTC (rev 246037)
+++ trunk/Source/bmalloc/bmalloc/Gigacage.h 2019-06-03 16:48:01 UTC (rev 246038)
@@ -34,8 +34,7 @@
#include <cstddef>
#include <inttypes.h>
-#if ((BOS(DARWIN) || BOS(LINUX)) && \
- (BCPU(X86_64) || (BCPU(ARM64) && !defined(__ILP32__) && (!BPLATFORM(IOS_FAMILY) || BPLATFORM(IOS)))))
+#if ((BOS(DARWIN) || BOS(LINUX)) && BCPU(X86_64))
#define GIGACAGE_ENABLED 1
#else
#define GIGACAGE_ENABLED 0
