- Revision
- 196658
- Author
- [email protected]
- Date
- 2016-02-16 14:01:37 -0800 (Tue, 16 Feb 2016)
Log Message
SamplingProfiler still fails with ASan enabled
https://bugs.webkit.org/show_bug.cgi?id=154301
<rdar://problem/24679502>
Reviewed by Filip Pizlo.
To fix this issue, I've come up with unsafe versions
of all operations that load memory from the thread's call
frame. All these new unsafe methods are marked with SUPPRESS_ASAN.
* interpreter/CallFrame.cpp:
(JSC::CallFrame::callSiteAsRawBits):
(JSC::CallFrame::unsafeCallSiteAsRawBits):
(JSC::CallFrame::callSiteIndex):
(JSC::CallFrame::unsafeCallSiteIndex):
(JSC::CallFrame::stack):
(JSC::CallFrame::callerFrame):
(JSC::CallFrame::unsafeCallerFrame):
(JSC::CallFrame::friendlyFunctionName):
* interpreter/CallFrame.h:
(JSC::ExecState::calleeAsValue):
(JSC::ExecState::callee):
(JSC::ExecState::unsafeCallee):
(JSC::ExecState::codeBlock):
(JSC::ExecState::unsafeCodeBlock):
(JSC::ExecState::scope):
(JSC::ExecState::callerFrame):
(JSC::ExecState::callerFrameOrVMEntryFrame):
(JSC::ExecState::unsafeCallerFrameOrVMEntryFrame):
(JSC::ExecState::callerFrameOffset):
(JSC::ExecState::callerFrameAndPC):
(JSC::ExecState::unsafeCallerFrameAndPC):
* interpreter/Register.h:
(JSC::Register::codeBlock):
(JSC::Register::asanUnsafeCodeBlock):
(JSC::Register::unboxedInt32):
(JSC::Register::tag):
(JSC::Register::unsafeTag):
(JSC::Register::payload):
* interpreter/VMEntryRecord.h:
(JSC::VMEntryRecord::prevTopCallFrame):
(JSC::VMEntryRecord::unsafePrevTopCallFrame):
(JSC::VMEntryRecord::prevTopVMEntryFrame):
(JSC::VMEntryRecord::unsafePrevTopVMEntryFrame):
* runtime/SamplingProfiler.cpp:
(JSC::FrameWalker::walk):
(JSC::FrameWalker::advanceToParentFrame):
(JSC::FrameWalker::isAtTop):
(JSC::FrameWalker::resetAtMachineFrame):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (196657 => 196658)
--- trunk/Source/_javascript_Core/ChangeLog 2016-02-16 21:42:26 UTC (rev 196657)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-02-16 22:01:37 UTC (rev 196658)
@@ -1,3 +1,55 @@
+2016-02-16 Saam barati <[email protected]>
+
+ SamplingProfiler still fails with ASan enabled
+ https://bugs.webkit.org/show_bug.cgi?id=154301
+ <rdar://problem/24679502>
+
+ Reviewed by Filip Pizlo.
+
+ To fix this issue, I've come up with unsafe versions
+ of all operations that load memory from the thread's call
+ frame. All these new unsafe methods are marked with SUPPRESS_ASAN.
+
+ * interpreter/CallFrame.cpp:
+ (JSC::CallFrame::callSiteAsRawBits):
+ (JSC::CallFrame::unsafeCallSiteAsRawBits):
+ (JSC::CallFrame::callSiteIndex):
+ (JSC::CallFrame::unsafeCallSiteIndex):
+ (JSC::CallFrame::stack):
+ (JSC::CallFrame::callerFrame):
+ (JSC::CallFrame::unsafeCallerFrame):
+ (JSC::CallFrame::friendlyFunctionName):
+ * interpreter/CallFrame.h:
+ (JSC::ExecState::calleeAsValue):
+ (JSC::ExecState::callee):
+ (JSC::ExecState::unsafeCallee):
+ (JSC::ExecState::codeBlock):
+ (JSC::ExecState::unsafeCodeBlock):
+ (JSC::ExecState::scope):
+ (JSC::ExecState::callerFrame):
+ (JSC::ExecState::callerFrameOrVMEntryFrame):
+ (JSC::ExecState::unsafeCallerFrameOrVMEntryFrame):
+ (JSC::ExecState::callerFrameOffset):
+ (JSC::ExecState::callerFrameAndPC):
+ (JSC::ExecState::unsafeCallerFrameAndPC):
+ * interpreter/Register.h:
+ (JSC::Register::codeBlock):
+ (JSC::Register::asanUnsafeCodeBlock):
+ (JSC::Register::unboxedInt32):
+ (JSC::Register::tag):
+ (JSC::Register::unsafeTag):
+ (JSC::Register::payload):
+ * interpreter/VMEntryRecord.h:
+ (JSC::VMEntryRecord::prevTopCallFrame):
+ (JSC::VMEntryRecord::unsafePrevTopCallFrame):
+ (JSC::VMEntryRecord::prevTopVMEntryFrame):
+ (JSC::VMEntryRecord::unsafePrevTopVMEntryFrame):
+ * runtime/SamplingProfiler.cpp:
+ (JSC::FrameWalker::walk):
+ (JSC::FrameWalker::advanceToParentFrame):
+ (JSC::FrameWalker::isAtTop):
+ (JSC::FrameWalker::resetAtMachineFrame):
+
2016-02-16 Filip Pizlo <[email protected]>
FTL should support NewTypedArray
Modified: trunk/Source/_javascript_Core/interpreter/CallFrame.cpp (196657 => 196658)
--- trunk/Source/_javascript_Core/interpreter/CallFrame.cpp 2016-02-16 21:42:26 UTC (rev 196657)
+++ trunk/Source/_javascript_Core/interpreter/CallFrame.cpp 2016-02-16 22:01:37 UTC (rev 196658)
@@ -79,11 +79,21 @@
return this[JSStack::ArgumentCount].tag();
}
+SUPPRESS_ASAN unsigned CallFrame::unsafeCallSiteAsRawBits() const
+{
+ return this[JSStack::ArgumentCount].unsafeTag();
+}
+
CallSiteIndex CallFrame::callSiteIndex() const
{
return CallSiteIndex(callSiteAsRawBits());
}
+SUPPRESS_ASAN CallSiteIndex CallFrame::unsafeCallSiteIndex() const
+{
+ return CallSiteIndex(unsafeCallSiteAsRawBits());
+}
+
#ifndef NDEBUG
JSStack* CallFrame::stack()
{
@@ -194,6 +204,16 @@
return static_cast<CallFrame*>(callerFrameOrVMEntryFrame());
}
+SUPPRESS_ASAN CallFrame* CallFrame::unsafeCallerFrame(VMEntryFrame*& currVMEntryFrame)
+{
+ if (unsafeCallerFrameOrVMEntryFrame() == currVMEntryFrame) {
+ VMEntryRecord* currVMEntryRecord = vmEntryRecord(currVMEntryFrame);
+ currVMEntryFrame = currVMEntryRecord->unsafePrevTopVMEntryFrame();
+ return currVMEntryRecord->unsafePrevTopCallFrame();
+ }
+ return static_cast<CallFrame*>(unsafeCallerFrameOrVMEntryFrame());
+}
+
String CallFrame::friendlyFunctionName()
{
CodeBlock* codeBlock = this->codeBlock();
Modified: trunk/Source/_javascript_Core/interpreter/CallFrame.h (196657 => 196658)
--- trunk/Source/_javascript_Core/interpreter/CallFrame.h 2016-02-16 21:42:26 UTC (rev 196657)
+++ trunk/Source/_javascript_Core/interpreter/CallFrame.h 2016-02-16 22:01:37 UTC (rev 196658)
@@ -66,8 +66,9 @@
public:
JSValue calleeAsValue() const { return this[JSStack::Callee].jsValue(); }
JSObject* callee() const { return this[JSStack::Callee].object(); }
- JSValue unsafeCallee() const { return this[JSStack::Callee].asanUnsafeJSValue(); }
+ SUPPRESS_ASAN JSValue unsafeCallee() const { return this[JSStack::Callee].asanUnsafeJSValue(); }
CodeBlock* codeBlock() const { return this[JSStack::CodeBlock].Register::codeBlock(); }
+ SUPPRESS_ASAN CodeBlock* unsafeCodeBlock() const { return this[JSStack::CodeBlock].Register::asanUnsafeCodeBlock(); }
JSScope* scope(int scopeRegisterOffset) const
{
ASSERT(this[scopeRegisterOffset].Register::scope());
@@ -115,7 +116,9 @@
CallFrame* callerFrame() const { return static_cast<CallFrame*>(callerFrameOrVMEntryFrame()); }
void* callerFrameOrVMEntryFrame() const { return callerFrameAndPC().callerFrame; }
+ SUPPRESS_ASAN void* unsafeCallerFrameOrVMEntryFrame() const { return unsafeCallerFrameAndPC().callerFrame; }
+ CallFrame* unsafeCallerFrame(VMEntryFrame*&);
JS_EXPORT_PRIVATE CallFrame* callerFrame(VMEntryFrame*&);
static ptrdiff_t callerFrameOffset() { return OBJECT_OFFSETOF(CallerFrameAndPC, callerFrame); }
@@ -130,7 +133,9 @@
bool callSiteBitsAreCodeOriginIndex() const;
unsigned callSiteAsRawBits() const;
+ unsigned unsafeCallSiteAsRawBits() const;
CallSiteIndex callSiteIndex() const;
+ CallSiteIndex unsafeCallSiteIndex() const;
private:
unsigned callSiteBitsAsBytecodeOffset() const;
public:
@@ -282,6 +287,7 @@
CallerFrameAndPC& callerFrameAndPC() { return *reinterpret_cast<CallerFrameAndPC*>(this); }
const CallerFrameAndPC& callerFrameAndPC() const { return *reinterpret_cast<const CallerFrameAndPC*>(this); }
+ SUPPRESS_ASAN const CallerFrameAndPC& unsafeCallerFrameAndPC() const { return *reinterpret_cast<const CallerFrameAndPC*>(this); }
friend class JSStack;
};
Modified: trunk/Source/_javascript_Core/interpreter/Register.h (196657 => 196658)
--- trunk/Source/_javascript_Core/interpreter/Register.h 2016-02-16 21:42:26 UTC (rev 196657)
+++ trunk/Source/_javascript_Core/interpreter/Register.h 2016-02-16 22:01:37 UTC (rev 196658)
@@ -62,6 +62,7 @@
int32_t i() const;
CallFrame* callFrame() const;
CodeBlock* codeBlock() const;
+ CodeBlock* asanUnsafeCodeBlock() const;
JSObject* object() const;
JSScope* scope() const;
int32_t unboxedInt32() const;
@@ -72,6 +73,7 @@
JSCell* unboxedCell() const;
int32_t payload() const;
int32_t tag() const;
+ int32_t unsafeTag() const;
int32_t& payload();
int32_t& tag();
@@ -155,6 +157,11 @@
return u.codeBlock;
}
+ SUPPRESS_ASAN ALWAYS_INLINE CodeBlock* Register::asanUnsafeCodeBlock() const
+ {
+ return u.codeBlock;
+ }
+
ALWAYS_INLINE int32_t Register::unboxedInt32() const
{
return payload();
@@ -199,6 +206,11 @@
return u.encodedValue.asBits.tag;
}
+ SUPPRESS_ASAN ALWAYS_INLINE int32_t Register::unsafeTag() const
+ {
+ return u.encodedValue.asBits.tag;
+ }
+
ALWAYS_INLINE int32_t& Register::payload()
{
return u.encodedValue.asBits.payload;
Modified: trunk/Source/_javascript_Core/interpreter/VMEntryRecord.h (196657 => 196658)
--- trunk/Source/_javascript_Core/interpreter/VMEntryRecord.h 2016-02-16 21:42:26 UTC (rev 196657)
+++ trunk/Source/_javascript_Core/interpreter/VMEntryRecord.h 2016-02-16 22:01:37 UTC (rev 196658)
@@ -43,8 +43,10 @@
VMEntryFrame* m_prevTopVMEntryFrame;
ExecState* prevTopCallFrame() { return m_prevTopCallFrame; }
+ SUPPRESS_ASAN ExecState* unsafePrevTopCallFrame() { return m_prevTopCallFrame; }
VMEntryFrame* prevTopVMEntryFrame() { return m_prevTopVMEntryFrame; }
+ SUPPRESS_ASAN VMEntryFrame* unsafePrevTopVMEntryFrame() { return m_prevTopVMEntryFrame; }
};
extern "C" VMEntryRecord* vmEntryRecord(VMEntryFrame*);
Modified: trunk/Source/_javascript_Core/runtime/SamplingProfiler.cpp (196657 => 196658)
--- trunk/Source/_javascript_Core/runtime/SamplingProfiler.cpp 2016-02-16 21:42:26 UTC (rev 196657)
+++ trunk/Source/_javascript_Core/runtime/SamplingProfiler.cpp 2016-02-16 22:01:37 UTC (rev 196658)
@@ -92,10 +92,10 @@
while (!isAtTop() && !m_bailingOut && m_depth < maxStackTraceSize) {
CallSiteIndex callSiteIndex;
JSValue unsafeCallee = m_callFrame->unsafeCallee();
- CodeBlock* codeBlock = m_callFrame->codeBlock();
+ CodeBlock* codeBlock = m_callFrame->unsafeCodeBlock();
if (codeBlock) {
ASSERT(isValidCodeBlock(codeBlock));
- callSiteIndex = m_callFrame->callSiteIndex();
+ callSiteIndex = m_callFrame->unsafeCallSiteIndex();
}
stackTrace[m_depth] = UnprocessedStackFrame(codeBlock, JSValue::encode(unsafeCallee), callSiteIndex);
m_depth++;
@@ -117,7 +117,7 @@
SUPPRESS_ASAN
void advanceToParentFrame()
{
- m_callFrame = m_callFrame->callerFrame(m_vmEntryFrame);
+ m_callFrame = m_callFrame->unsafeCallerFrame(m_vmEntryFrame);
}
bool isAtTop() const
@@ -139,7 +139,7 @@
return;
}
- CodeBlock* codeBlock = m_callFrame->codeBlock();
+ CodeBlock* codeBlock = m_callFrame->unsafeCodeBlock();
if (!codeBlock)
return;
