Bug 220021

Summary: Fix MacroAssemblerARM64E::validateUntaggedPtr() to account for TBI.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, fpizlo, keith_miller, msaboff, rmorisset, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch.
saam: review+
patch for landing. none

Description Mark Lam 2020-12-18 11:30:42 PST 
Patch coming.
Comment 1 Radar WebKit Bug Importer 2020-12-18 11:31:24 PST 
<rdar://problem/72474809>
Comment 2 Mark Lam 2020-12-18 11:37:49 PST 
Created attachment 416537 [details]
proposed patch.
Comment 3 Saam Barati 2020-12-18 11:47:49 PST 
Comment on attachment 416537 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=416537&action=review

> Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h:-86
> -        load8(Address(target), scratch);

We should DisallowScratch here, to make sure we're not relying on it. It'd kill your scratch

> Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h:87
> +        and64(TrustedImm64(0xff000000000000), scratch, scratch);

0x0f000000000000, right?
Comment 4 Saam Barati 2020-12-18 12:04:46 PST 
Comment on attachment 416537 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=416537&action=review

>> Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h:87
>> +        and64(TrustedImm64(0xff000000000000), scratch, scratch);
> 
> 0x0f000000000000, right?

ignore this
Comment 5 Mark Lam 2020-12-18 12:34:06 PST 
Created attachment 416540 [details]
patch for landing.

Thanks for the review.
Comment 6 Mark Lam 2020-12-18 13:43:11 PST 
Landed in r270988: <http://trac.webkit.org/r270988>.
Comment 7 Mark Lam 2020-12-18 16:01:21 PST 
Also landed a build fix in r270993: <http://trac.webkit.org/r270993>.