217261 – [JSC] Introduce JITOperationList to validate JIT-caged pointers

Bug 217261 - [JSC] Introduce JITOperationList to validate JIT-caged pointers

Summary: [JSC] Introduce JITOperationList to validate JIT-caged pointers

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Yusuke Suzuki

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-10-02 17:50 PDT by Yusuke Suzuki
Modified:	2020-10-05 16:29 PDT (History)
CC List:	14 users (show)

See Also:

Attachments
Patch (82.86 KB, patch) 2020-10-02 17:52 PDT, Yusuke Suzuki	ews-feeder: commit-queue-	Details \| Formatted Diff \| Diff
Patch (83.11 KB, patch) 2020-10-02 17:55 PDT, Yusuke Suzuki	ews-feeder: commit-queue-	Details \| Formatted Diff \| Diff
Patch (87.75 KB, patch) 2020-10-02 18:21 PDT, Yusuke Suzuki	no flags	Details \| Formatted Diff \| Diff
Patch (86.02 KB, patch) 2020-10-02 18:22 PDT, Yusuke Suzuki	saam: review+ ews-feeder: commit-queue-	Details \| Formatted Diff \| Diff
Patch (88.68 KB, patch) 2020-10-02 19:24 PDT, Yusuke Suzuki	no flags	Details \| Formatted Diff \| Diff
Patch (88.70 KB, patch) 2020-10-02 19:27 PDT, Yusuke Suzuki	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (4) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yusuke Suzuki 2020-10-02 17:50:28 PDT

[JSC] Introduce JITOperationList to validate JIT-caged pointers

Comment 1 Yusuke Suzuki 2020-10-02 17:52:35 PDT

Created attachment 410393 [details]
Patch

Comment 2 Yusuke Suzuki 2020-10-02 17:55:29 PDT

Created attachment 410394 [details]
Patch

Comment 3 Yusuke Suzuki 2020-10-02 18:21:19 PDT

Created attachment 410396 [details]
Patch

Comment 4 Yusuke Suzuki 2020-10-02 18:22:58 PDT

Created attachment 410398 [details]
Patch

Comment 5 Saam Barati 2020-10-02 19:06:40 PDT

Comment on attachment 410398 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=410398&action=review

r=me

> Source/JavaScriptCore/assembler/JITOperationList.h:50
> +    JS_EXPORT_PRIVATE static void populatePointersInEmbedder1(const uintptr_t* beginHost, const uintptr_t* endHost, const uintptr_t* beginOperations, const uintptr_t* endOperations);
> +    JS_EXPORT_PRIVATE static void populatePointersInEmbedder2(const uintptr_t* beginHost, const uintptr_t* endHost, const uintptr_t* beginOperations, const uintptr_t* endOperations);

let's do what we  talked  about on slack of just a  single function

> Source/WebKitLegacy/mac/WebView/WebPreferences.mm:380
> +    WebCore::populateJITOperations();

could we have a version of "initialize" per library that calls the necessary initialize functions blow it?

e.g, JSC::initialize,
WebCore::initilziae, that calls JSC::initialize and calls WebCore::populateJITOperations
WebKit::initialize, that calls WebCore::initialize, and WebKit::populateJITOperations

Comment 6 Yusuke Suzuki 2020-10-02 19:24:56 PDT

Created attachment 410404 [details]
Patch

Comment 7 Yusuke Suzuki 2020-10-02 19:27:26 PDT

Created attachment 410405 [details]
Patch

Comment 8 EWS 2020-10-03 16:51:17 PDT

Committed r267938: <https://trac.webkit.org/changeset/267938>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 410405 [details].

Comment 9 Radar WebKit Bug Importer 2020-10-03 16:52:16 PDT

<rdar://problem/69921874>

Comment 10 Yusuke Suzuki 2020-10-05 16:29:26 PDT

Committed r268013: <https://trac.webkit.org/changeset/268013>