Bug 238827

Summary: [JSC] Strictly annotate pointers with TrustedImmPtr in CCallHelpers
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
ews-feeder: commit-queue-
Patch mark.lam: review+

Description Yusuke Suzuki 2022-04-05 12:40:37 PDT 
[JSC] Strictly annotate pointers with TrustedImmPtr in CCallHelpers
Comment 1 Yusuke Suzuki 2022-04-05 12:41:49 PDT 
Created attachment 456731 [details]
Patch
Comment 2 Yusuke Suzuki 2022-04-05 12:57:42 PDT 
Created attachment 456734 [details]
Patch
Comment 3 Yusuke Suzuki 2022-04-05 13:30:13 PDT 
Created attachment 456738 [details]
Patch
Comment 4 Mark Lam 2022-04-05 14:04:09 PDT 
Comment on attachment 456738 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=456738&action=review

r=me

> Source/JavaScriptCore/dfg/DFGArrayifySlowPathGenerator.h:97
> +            jit->callOperation(operationEnsureInt32, m_tempGPR, SpeculativeJIT::TrustedImmPtr(&vm), m_baseGPR);

Why "SpeculativeJIT::" instead of "MacroAssembler::"?  We use "MacroAssembler::" above.  Would be good to be consistent everywhere.  Ditto below.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3528
> +    jit.loadDouble(SpeculativeJIT::TrustedImmPtr(&zero), scratch);

Why not use MacroAssembler:: qualifier instead?
Comment 5 Yusuke Suzuki 2022-04-05 14:22:14 PDT 
Comment on attachment 456738 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=456738&action=review

>> Source/JavaScriptCore/dfg/DFGArrayifySlowPathGenerator.h:97
>> +            jit->callOperation(operationEnsureInt32, m_tempGPR, SpeculativeJIT::TrustedImmPtr(&vm), m_baseGPR);
> 
> Why "SpeculativeJIT::" instead of "MacroAssembler::"?  We use "MacroAssembler::" above.  Would be good to be consistent everywhere.  Ditto below.

Because SpeculativeJIT::TrustedImmPtr is different from MacroAssembler::TrustedImmPtr. It has some more extra checks.

>> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3528
>> +    jit.loadDouble(SpeculativeJIT::TrustedImmPtr(&zero), scratch);
> 
> Why not use MacroAssembler:: qualifier instead?

Ditto.
Comment 6 Yusuke Suzuki 2022-04-05 17:54:17 PDT 
Committed r292445 (?): <https://commits.webkit.org/r292445>
Comment 7 Radar WebKit Bug Importer 2022-04-05 17:55:20 PDT 
<rdar://problem/91327271>