WebKit Bugzilla
Attachment 371192 Details for
Bug 198486
: REGRESSION(r246022): Causing Internal build failures and JSC test failures (Requested by ShawnRoberts on #webkit).
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
ROLLOUT of r246022
bug-198486-20190603094510.patch (text/plain), 10.76 KB, created by
WebKit Commit Bot
on 2019-06-03 09:45:10 PDT
(
hide
)
Description:
ROLLOUT of r246022
Filename:
MIME Type:
Creator:
WebKit Commit Bot
Created:
2019-06-03 09:45:10 PDT
Size:
10.76 KB
patch
obsolete
>Subversion Revision: 246037 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 3c0c9187a00d94e0346c8b7ff9441b173ed31fa8..12cd2c11cdfd9c5804deac59f30627b18b8de718 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,17 @@ >+2019-06-03 Commit Queue <commit-queue@webkit.org> >+ >+ Unreviewed, rolling out r246022. >+ https://bugs.webkit.org/show_bug.cgi?id=198486 >+ >+ Causing Internal build failures and JSC test failures >+ (Requested by ShawnRoberts on #webkit). >+ >+ Reverted changeset: >+ >+ "Reenable Gigacage on ARM64." >+ https://bugs.webkit.org/show_bug.cgi?id=198453 >+ https://trac.webkit.org/changeset/246022 >+ > 2019-06-03 Darin Adler <darin@apple.com> > > Finish cleanup of String::number for floating point >diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog >index 1c0a101da1b2f2df1b105318072a1ac8f0d44aee..7147b2acbd991af9ba7ef96a064abdf3c1eb6181 100644 >--- a/Source/WTF/ChangeLog >+++ b/Source/WTF/ChangeLog >@@ -1,3 +1,17 @@ >+2019-06-03 Commit Queue <commit-queue@webkit.org> >+ >+ Unreviewed, rolling out r246022. >+ https://bugs.webkit.org/show_bug.cgi?id=198486 >+ >+ Causing Internal build failures and JSC test failures >+ (Requested by ShawnRoberts on #webkit). >+ >+ Reverted changeset: >+ >+ "Reenable Gigacage on ARM64." >+ https://bugs.webkit.org/show_bug.cgi?id=198453 >+ https://trac.webkit.org/changeset/246022 >+ > 2019-06-03 Darin Adler <darin@apple.com> > > Finish cleanup of String::number for floating point >diff --git a/Source/bmalloc/ChangeLog b/Source/bmalloc/ChangeLog >index 813d572fac77a5d1eebfe376df7e9e5cb1f02e53..a7e8000845babca6d1f4edb417123de758014ec8 100644 >--- a/Source/bmalloc/ChangeLog >+++ b/Source/bmalloc/ChangeLog >@@ -1,3 +1,17 @@ >+2019-06-03 Commit Queue <commit-queue@webkit.org> >+ >+ Unreviewed, rolling out r246022. >+ https://bugs.webkit.org/show_bug.cgi?id=198486 >+ >+ Causing Internal build failures and JSC test failures >+ (Requested by ShawnRoberts on #webkit). >+ >+ Reverted changeset: >+ >+ "Reenable Gigacage on ARM64." >+ https://bugs.webkit.org/show_bug.cgi?id=198453 >+ https://trac.webkit.org/changeset/246022 >+ > 2019-06-02 Keith Miller <keith_miller@apple.com> > > Reenable Gigacage on ARM64. >diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >index 522214a704c61b4708d7df45d141321da95c373b..d0410b35d39017f80db5905ed492d3e33868bc5c 100644 >--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >@@ -2873,7 +2873,7 @@ JITCompiler::Jump SpeculativeJIT::jumpForTypedArrayIsNeuteredIfOutOfBounds(Node* > TrustedImm32(WastefulTypedArray)); > > JITCompiler::Jump hasNullVector; >-#if CPU(ARM64E) >+#if !GIGACAGE_ENABLED && CPU(ARM64E) > { > GPRReg scratch = m_jit.scratchRegister(); > DisallowMacroScratchRegisterUsage disallowScratch(m_jit); >@@ -2882,7 +2882,7 @@ JITCompiler::Jump SpeculativeJIT::jumpForTypedArrayIsNeuteredIfOutOfBounds(Node* > m_jit.removeArrayPtrTag(scratch); > hasNullVector = m_jit.branchTestPtr(MacroAssembler::Zero, scratch); > } >-#else // CPU(ARM64E) >+#else // !GIGACAGE_ENABLED && CPU(ARM64E) > hasNullVector = m_jit.branchTestPtr( > MacroAssembler::Zero, > MacroAssembler::Address(base, JSArrayBufferView::offsetOfVector())); >@@ -6719,14 +6719,6 @@ void SpeculativeJIT::compileConstantStoragePointer(Node* node) > > void SpeculativeJIT::cageTypedArrayStorage(GPRReg baseReg, GPRReg storageReg) > { >-#if CPU(ARM64E) >- m_jit.untagArrayPtr(MacroAssembler::Address(baseReg, JSArrayBufferView::offsetOfLength()), storageReg); >- m_jit.loadPtr(storageReg, m_jit.scratchRegister()); >-#else >- UNUSED_PARAM(baseReg); >- UNUSED_PARAM(storageReg); >-#endif >- > #if GIGACAGE_ENABLED > UNUSED_PARAM(baseReg); > if (!Gigacage::shouldBeEnabled()) >@@ -6740,6 +6732,11 @@ void SpeculativeJIT::cageTypedArrayStorage(GPRReg baseReg, GPRReg storageReg) > } > > m_jit.cage(Gigacage::Primitive, storageReg); >+#elif CPU(ARM64E) >+ m_jit.untagArrayPtr(MacroAssembler::Address(baseReg, JSArrayBufferView::offsetOfLength()), storageReg); >+#else >+ UNUSED_PARAM(baseReg); >+ UNUSED_PARAM(storageReg); > #endif > } > >diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >index 145132f023d21536a707629368bf356dedfaaee5..5e28a1a232b1771b5a8291234f476cfb31b28f95 100644 >--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >@@ -6463,7 +6463,7 @@ private: > m_out.int64Zero, > m_heaps.typedArrayProperties); > >-#if CPU(ARM64E) >+#if !GIGACAGE_ENABLED && CPU(ARM64E) > { > LValue sizePtr = m_out.zeroExtPtr(size); > PatchpointValue* authenticate = m_out.patchpoint(pointerType()); >@@ -14108,12 +14108,9 @@ private: > PatchpointValue* authenticate = m_out.patchpoint(pointerType()); > authenticate->appendSomeRegister(ptr); > authenticate->append(size, B3::ValueRep(B3::ValueRep::SomeLateRegister)); >- authenticate->numGPScratchRegisters = 1; > authenticate->setGenerator([=] (CCallHelpers& jit, const StackmapGenerationParams& params) { > jit.move(params[1].gpr(), params[0].gpr()); > jit.untagArrayPtr(params[2].gpr(), params[0].gpr()); >- // Force a load to check authentication. before it is cleared by Gigacaging later. >- jit.loadPtr(params[0].gpr(), params.gpScratch(0)); > }); > return authenticate; > #else >@@ -14138,16 +14135,6 @@ private: > > LValue caged(Gigacage::Kind kind, LValue ptr, LValue base) > { >-#if CPU(ARM64E) >- if (kind == Gigacage::Primitive) { >- LValue size = m_out.load32(base, m_heaps.JSArrayBufferView_length); >- ptr = untagArrayPtr(ptr, size); >- } >-#else >- UNUSED_PARAM(kind); >- UNUSED_PARAM(base); >-#endif >- > #if GIGACAGE_ENABLED > UNUSED_PARAM(base); > if (!Gigacage::isEnabled(kind)) >@@ -14178,6 +14165,17 @@ private: > // and possibly other smart things if we want to be able to remove this opaque. > // https://bugs.webkit.org/show_bug.cgi?id=175493 > return m_out.opaque(result); >+#elif CPU(ARM64E) >+ if (kind == Gigacage::Primitive) { >+ LValue size = m_out.load32(base, m_heaps.JSArrayBufferView_length); >+ return untagArrayPtr(ptr, size); >+ } >+ >+ return ptr; >+#else >+ UNUSED_PARAM(kind); >+ UNUSED_PARAM(base); >+ return ptr; > #endif > } > >diff --git a/Source/JavaScriptCore/jit/AssemblyHelpers.h b/Source/JavaScriptCore/jit/AssemblyHelpers.h >index 6075071ddf08da3d0e5b312d1f48815b83bfb249..d9268e83691421ffedc1541217c867f351edb8d4 100644 >--- a/Source/JavaScriptCore/jit/AssemblyHelpers.h >+++ b/Source/JavaScriptCore/jit/AssemblyHelpers.h >@@ -1571,18 +1571,6 @@ public: > > void cageConditionally(Gigacage::Kind kind, GPRReg storage, GPRReg scratchOrLength) > { >-#if CPU(ARM64E) >- if (kind == Gigacage::Primitive) { >- untagArrayPtr(scratchOrLength, storage); >- // Force a load to trap on authentication failure. storage shouldn't be null here. >- loadPtr(storage, scratchOrLength); >- } >-#else >- UNUSED_PARAM(kind); >- UNUSED_PARAM(storage); >- UNUSED_PARAM(scratchOrLength); >-#endif >- > #if GIGACAGE_ENABLED > if (!Gigacage::isEnabled(kind)) > return; >@@ -1595,6 +1583,13 @@ public: > andPtr(TrustedImmPtr(Gigacage::mask(kind)), storage); > addPtr(scratchOrLength, storage); > done.link(this); >+#elif CPU(ARM64E) >+ if (kind == Gigacage::Primitive) >+ untagArrayPtr(scratchOrLength, storage); >+#else >+ UNUSED_PARAM(kind); >+ UNUSED_PARAM(storage); >+ UNUSED_PARAM(scratchOrLength); > #endif > } > >diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm >index 4ce82d8e619ae2146bed15e175e0036b6945a2e4..6aaf0dd10c3eb8af6b277713419ac40e3d878397 100644 >--- a/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm >+++ b/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm >@@ -434,13 +434,10 @@ end > > macro loadCagedPrimitive(source, dest, scratchOrLength) > loadp source, dest >- if ARM64E >- untagArrayPtr scratchOrLength, dest >- # Force a load to check PAC before we clear it below. >- loadp [dest], scratchOrLength >- end > if GIGACAGE_ENABLED > uncage(_g_gigacageBasePtrs + Gigacage::BasePtrs::primitive, constexpr Gigacage::primitiveGigacageMask, dest, scratchOrLength) >+ elsif ARM64E >+ untagArrayPtr scratchOrLength, dest > end > end > >diff --git a/Source/WTF/wtf/CagedPtr.h b/Source/WTF/wtf/CagedPtr.h >index ecc9e00407a9227153240523eec5d7a6fb9230ff..71ec51e2947b5b2ca06ea2c4056dadceb938df6e 100644 >--- a/Source/WTF/wtf/CagedPtr.h >+++ b/Source/WTF/wtf/CagedPtr.h >@@ -35,18 +35,6 @@ constexpr bool tagCagedPtr = true; > > template<Gigacage::Kind passedKind, typename T, bool shouldTag = false, typename PtrTraits = DumbPtrTraits<T>> > class CagedPtr { >-#if CPU(ARM64E) >- static void authenticatingLoad(T* ptr) >- { >- double result; >- asm volatile("ldr %[out], [%[in]]" >- : [out] "=&r"(result) >- : [in] "r"(ptr) :); >- } >-#else >- static void authenticatingLoad(T*) { } >-#endif >- > public: > static constexpr Gigacage::Kind kind = passedKind; > >@@ -64,21 +52,16 @@ public: > { > ASSERT(m_ptr); > T* ptr = PtrTraits::unwrap(m_ptr); >- if (shouldTag) { >+ if (shouldTag) > ptr = untagArrayPtr(ptr, size); >- authenticatingLoad(ptr); >- } > return Gigacage::caged(kind, ptr); > } > > T* getMayBeNull(unsigned size) const > { > T* ptr = PtrTraits::unwrap(m_ptr); >- if (shouldTag) { >+ if (shouldTag) > ptr = untagArrayPtr(ptr, size); >- if (ptr) >- authenticatingLoad(ptr); >- } > return Gigacage::cagedMayBeNull(kind, ptr); > } > >diff --git a/Source/bmalloc/bmalloc/Gigacage.h b/Source/bmalloc/bmalloc/Gigacage.h >index a37d0baf9979deecc2e9e2542a8c2958ddf86b57..76d72df74a136f0219155cf208f7c77958c4e996 100644 >--- a/Source/bmalloc/bmalloc/Gigacage.h >+++ b/Source/bmalloc/bmalloc/Gigacage.h >@@ -34,8 +34,7 @@ > #include <cstddef> > #include <inttypes.h> > >-#if ((BOS(DARWIN) || BOS(LINUX)) && \ >- (BCPU(X86_64) || (BCPU(ARM64) && !defined(__ILP32__) && (!BPLATFORM(IOS_FAMILY) || BPLATFORM(IOS))))) >+#if ((BOS(DARWIN) || BOS(LINUX)) && BCPU(X86_64)) > #define GIGACAGE_ENABLED 1 > #else > #define GIGACAGE_ENABLED 0
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=371192">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198486
: 371192