Bug 217261

Summary: [JSC] Introduce JITOperationList to validate JIT-caged pointers
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: annulen, benjamin, cdumez, cmarcelo, ews-watchlist, gyuyoung.kim, keith_miller, mark.lam, msaboff, ryuan.choi, saam, sergio, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
ews-feeder: commit-queue-
Patch
ews-feeder: commit-queue-
Patch
none
Patch
saam: review+, ews-feeder: commit-queue-
Patch
none
Patch none

Description Yusuke Suzuki 2020-10-02 17:50:28 PDT 
[JSC] Introduce JITOperationList to validate JIT-caged pointers
Comment 1 Yusuke Suzuki 2020-10-02 17:52:35 PDT 
Created attachment 410393 [details]
Patch
Comment 2 Yusuke Suzuki 2020-10-02 17:55:29 PDT 
Created attachment 410394 [details]
Patch
Comment 3 Yusuke Suzuki 2020-10-02 18:21:19 PDT 
Created attachment 410396 [details]
Patch
Comment 4 Yusuke Suzuki 2020-10-02 18:22:58 PDT 
Created attachment 410398 [details]
Patch
Comment 5 Saam Barati 2020-10-02 19:06:40 PDT 
Comment on attachment 410398 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=410398&action=review

r=me

> Source/JavaScriptCore/assembler/JITOperationList.h:50
> +    JS_EXPORT_PRIVATE static void populatePointersInEmbedder1(const uintptr_t* beginHost, const uintptr_t* endHost, const uintptr_t* beginOperations, const uintptr_t* endOperations);
> +    JS_EXPORT_PRIVATE static void populatePointersInEmbedder2(const uintptr_t* beginHost, const uintptr_t* endHost, const uintptr_t* beginOperations, const uintptr_t* endOperations);

let's do what we  talked  about on slack of just a  single function

> Source/WebKitLegacy/mac/WebView/WebPreferences.mm:380
> +    WebCore::populateJITOperations();

could we have a version of "initialize" per library that calls the necessary initialize functions blow it?

e.g, JSC::initialize,
WebCore::initilziae, that calls JSC::initialize and calls WebCore::populateJITOperations
WebKit::initialize, that calls WebCore::initialize, and WebKit::populateJITOperations
Comment 6 Yusuke Suzuki 2020-10-02 19:24:56 PDT 
Created attachment 410404 [details]
Patch
Comment 7 Yusuke Suzuki 2020-10-02 19:27:26 PDT 
Created attachment 410405 [details]
Patch
Comment 8 EWS 2020-10-03 16:51:17 PDT 
Committed r267938: <https://trac.webkit.org/changeset/267938>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 410405 [details].
Comment 9 Radar WebKit Bug Importer 2020-10-03 16:52:16 PDT 
<rdar://problem/69921874>
Comment 10 Yusuke Suzuki 2020-10-05 16:29:26 PDT 
Committed r268013: <https://trac.webkit.org/changeset/268013>