148976 2015-09-08 13:36:46 -0700 GC stack scan should include ABI red zone 2015-09-08 17:26:51 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Local Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mark.lam mark.lam benjamin cmarcelo commit-queue fpizlo ggaren keith_miller kling msaboff saam oldest_to_newest 1124371 0 mark.lam 2015-09-08 13:36:46 -0700 The x86_64 ABI section 3.2.2 (http://people.freebsd.org/~obrien/amd64-elf-abi.pdf) and ARM64 ABI (https://developer.apple.com/library/ios/documentation/Xcode/Conceptual/iPhoneOSABIReference/Articles/ARM64FunctionCallingConventions.html#//apple_ref/doc/uid/TP40013702-SW7) both states that there is a 128 byte red zone below the stack pointer (reserved by the OS), and that "functions may use this area for temporary data that is not needed across function calls". Hence, it is possible for a thread to store JSCell pointers in the red zone area, and the conservative GC thread scanner needs to scan that area as well. 1124373 1 mark.lam 2015-09-08 13:38:46 -0700 For the record, this issue was reported by Andreas Kling. 1124384 2 260790 mark.lam 2015-09-08 13:59:24 -0700 Created attachment 260790 the fix. 1124385 3 260790 mark.lam 2015-09-08 14:04:37 -0700 Comment on attachment 260790 the fix. View in context: https://bugs.webkit.org/attachment.cgi?id=260790&action=review > Source/JavaScriptCore/ChangeLog:14 > + Hence, it is possible for a thread to store JSCell pointers in the red zone > + area, and the conservative GC thread scanner needs to scan that area as well. Note: the red zone should not be scanned for the GC thread (in gatherFromCurrentThread()). This because the we're guaranteed that there will be GC frames on top of the top most frame that we need to scan. Hence, we are guaranteed that there are no red zone areas there containing JSObject pointers of relevance. Hmm, maybe I should add this detail into the ChangeLog as well. 1124387 4 260790 ggaren 2015-09-08 14:09:59 -0700 Comment on attachment 260790 the fix. Is this adjustment valid even if execution has extended the stack to its limit? In other words, does the OS reported stack limit include or exclude the red zone? 1124442 5 260803 mark.lam 2015-09-08 16:11:54 -0700 Created attachment 260803 fix 2 To address Geoff's question, I wasn't able to find any details of whether the OS will reserve some amount of stack memory for the red zone size (and the interrupt stack frames that it pushes on top of it). A search of the OSX pthread library shows that pthread_get_stacksize_np() actually returns the size value used to allocate the stack of the thread. There's no padding for a red zone region. This means that pthread makes no attempt to hold its user back from using the OS red zone region. Based on this, I don't think it is safe to assume that the OS will some how reserve the red zone size (it may or may not). To be cautious, I added a check to ensure that we do not scan beyond the end of the stack. 1124447 6 260803 ggaren 2015-09-08 16:16:57 -0700 Comment on attachment 260803 fix 2 r=me 1124455 7 benjamin 2015-09-08 16:32:18 -0700 View in context: https://bugs.webkit.org/attachment.cgi?id=260803&action=review > Source/JavaScriptCore/heap/MachineStackMarker.cpp:199 > - return new Thread(getCurrentPlatformThread(), wtfThreadData().stack().origin()); > + return new Thread(getCurrentPlatformThread(), wtfThreadData().stack().origin(), wtfThreadData().stack().end()); wtfThreadData() is not cheap IIRC. You should put the const StackBounds& in a temporary. > Source/JavaScriptCore/heap/MachineStackMarker.cpp:533 > + char* begin = reinterpret_cast<char*>(stackBase); > + char* end = reinterpret_cast<char*>( Shouldn't this be a reinterpret_cast_ptr()? > Source/JavaScriptCore/heap/MachineStackMarker.cpp:534 > WTF::roundUpToMultipleOf<sizeof(void*)>(reinterpret_cast<uintptr_t>(stackTop))); Could be on the previous line. > Source/JavaScriptCore/heap/MachineStackMarker.cpp:537 > + ASSERT(begin >= end); > + > + char* endWithRedZone = end + osRedZoneAdjustment(); I don't get this. The red zone is from SP, but here you are applying it from the rounded up address. > Source/JavaScriptCore/heap/MachineStackMarker.cpp:541 > + if (endWithRedZone < stackEnd) > + endWithRedZone = reinterpret_cast<char*>(stackEnd); I am quite confused by this, how could the red-zone extend past the stack end? The kernel does not enforce this? 1124472 8 mark.lam 2015-09-08 17:11:40 -0700 I've spoken with Ben offline, but will document our discussion below. (In reply to comment #7) > View in context: > https://bugs.webkit.org/attachment.cgi?id=260803&action=review > > > Source/JavaScriptCore/heap/MachineStackMarker.cpp:199 > > - return new Thread(getCurrentPlatformThread(), wtfThreadData().stack().origin()); > > + return new Thread(getCurrentPlatformThread(), wtfThreadData().stack().origin(), wtfThreadData().stack().end()); > > wtfThreadData() is not cheap IIRC. You should put the const StackBounds& in > a temporary. Done. Fixed locally. > > Source/JavaScriptCore/heap/MachineStackMarker.cpp:533 > > + char* begin = reinterpret_cast<char*>(stackBase); > > + char* end = reinterpret_cast<char*>( > > Shouldn't this be a reinterpret_cast_ptr()? Done. Fixed locally. > > Source/JavaScriptCore/heap/MachineStackMarker.cpp:534 > > WTF::roundUpToMultipleOf<sizeof(void*)>(reinterpret_cast<uintptr_t>(stackTop))); > > Could be on the previous line. Done. Fixed locally. > > Source/JavaScriptCore/heap/MachineStackMarker.cpp:537 > > + ASSERT(begin >= end); > > + > > + char* endWithRedZone = end + osRedZoneAdjustment(); > > I don't get this. The red zone is from SP, but here you are applying it from > the rounded up address. It is assumed that the osRedZoneAdjustment() value will be properly aligned. Hence, adding it to end should not break the alignment. This is asserted right after the computation of endWithRedZone. If there are stray bytes between end and stackTop, the same number of stray bytes will appear between endWithRedZone and stackTop + osRedZoneAdjustment(). Since pointers are always stored on an aligned address, it is safe to assume that those stray bytes will not contain a pointer. So, it is safe to compute endWithRedZone this way. > > Source/JavaScriptCore/heap/MachineStackMarker.cpp:541 > > + if (endWithRedZone < stackEnd) > > + endWithRedZone = reinterpret_cast<char*>(stackEnd); > > I am quite confused by this, how could the red-zone extend past the stack > end? The kernel does not enforce this? The scenario that I was thinking of is one where the function in the top most frame (bottom of the stack) does not use the red zone for locals. Hence, its topOfStack pointer can go near the end of the stack but does not necessarily leave enough room for the red zone size. This is correct behavior for that function. Our conservative scanner, on the other hand, does not know that the top function does not use the red zone. If we blindly add the red zone size without checking the stack bounds, then the GC thread could theoretically scan pass the end of the stack (and crash). The bounds check ensures that this does not happen. This is the conservative thing to do. 1124482 9 mark.lam 2015-09-08 17:20:18 -0700 Thanks for the reviews. Landed in r189517: <http://trac.webkit.org/r189517>. 1124483 10 260803 msaboff 2015-09-08 17:20:58 -0700 Comment on attachment 260803 fix 2 View in context: https://bugs.webkit.org/attachment.cgi?id=260803&action=review > Source/JavaScriptCore/heap/MachineStackMarker.cpp:526 > +#if !OS(WINDOWS) > +#if CPU(X86_64) > + // See http://people.freebsd.org/~obrien/amd64-elf-abi.pdf Section 3.2.2. > + redZoneAdjustment = -128; > +#elif CPU(ARM64) > + // See https://developer.apple.com/library/ios/documentation/Xcode/Conceptual/iPhoneOSABIReference/Articles/ARM64FunctionCallingConventions.html#//apple_ref/doc/uid/TP40013702-SW7 > + redZoneAdjustment = -128; > +#endif > +#endif // OS(DARWIN) Is this for all non Windows platforms or Darwin only? Use a consistent OS type for the #if OS() and the #endif comment. 1124488 11 mark.lam 2015-09-08 17:26:51 -0700 (In reply to comment #10) > > +#endif // OS(DARWIN) > > Is this for all non Windows platforms or Darwin only? Use a consistent OS > type for the #if OS() and the #endif comment. Eeek. Comment update fail. Thanks for catching that. Fixed in r189520: <http://trac.webkit.org/r189520>. 260790 2015-09-08 13:59:24 -0700 2015-09-08 16:11:54 -0700 the fix. bug-148976.patch text/plain 3801 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTg5NTA0KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDM2IEBA CisyMDE1LTA5LTA4ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBH QyBzdGFjayBzY2FuIHNob3VsZCBpbmNsdWRlIEFCSSByZWQgem9uZS4KKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE0ODk3NgorCisgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRoZSB4ODZfNjQgQUJJIHNlY3Rpb24g My4yLjJbMV0gYW5kIEFSTTY0IEFCSVsyXSBib3RoIHN0YXRlIHRoYXQgdGhlcmUgaXMgYQorICAg ICAgICAxMjggYnl0ZSByZWQgem9uZSBiZWxvdyB0aGUgc3RhY2sgcG9pbnRlciAocmVzZXJ2ZWQg YnkgdGhlIE9TKSwgYW5kIHRoYXQKKyAgICAgICAgImZ1bmN0aW9ucyBtYXkgdXNlIHRoaXMgYXJl YSBmb3IgdGVtcG9yYXJ5IGRhdGEgdGhhdCBpcyBub3QgbmVlZGVkIGFjcm9zcworICAgICAgICBm dW5jdGlvbiBjYWxscyIuCisKKyAgICAgICAgSGVuY2UsIGl0IGlzIHBvc3NpYmxlIGZvciBhIHRo cmVhZCB0byBzdG9yZSBKU0NlbGwgcG9pbnRlcnMgaW4gdGhlIHJlZCB6b25lCisgICAgICAgIGFy ZWEsIGFuZCB0aGUgY29uc2VydmF0aXZlIEdDIHRocmVhZCBzY2FubmVyIG5lZWRzIHRvIHNjYW4g dGhhdCBhcmVhIGFzIHdlbGwuCisKKyAgICAgICAgTm8gdGVzdCBhZGRlZCBmb3IgdGhpcyBpc3N1 ZSBiZWNhdXNlIHRoZSBpc3N1ZSByZWxpZXMgb246CisgICAgICAgIDEuIHRoZSBjb21waWxlciB0 b29sIGNoYWluIGdlbmVyYXRpbmcgY29kZSB0aGF0IHN0b3JlcyBsb2NhbCB2YXJpYWJsZXMKKyAg ICAgICAgICAgY29udGFpbmluZyB0aGUgc29sZSByZWZlcmVuY2UgdG8gYSBKUyBvYmplY3QgKHRo YXQgbmVlZHMgdG8gYmUga2VwdAorICAgICAgICAgICBhbGl2ZSkgaW4gdGhlIHN0YWNrIHJlZCB6 b25lLCBhbmQKKyAgICAgICAgMi4gR0MgaGFzIHRvIHJ1biBvbiBhbm90aGVyIHRocmVhZCB3aGls ZSB0aGF0IHJlZCB6b25lIGNvbnRhaW5pbmcgdGhlCisgICAgICAgICAgIEpTIG9iamVjdCByZWZl cmVuY2UgaXMgaW4gdXNlLiAKKworICAgICAgICBUaGVzZSBjb25kaXRpb25zIHJlcXVpcmUgYSBy YWNlIHRoYXQgY2Fubm90IGJlIHJlbGlhYmx5IHJlcHJvZHVjZWQuCisKKyAgICAgICAgWzFdOiBo dHRwOi8vcGVvcGxlLmZyZWVic2Qub3JnL35vYnJpZW4vYW1kNjQtZWxmLWFiaS5wZGYKKyAgICAg ICAgWzJdOiBodHRwczovL2RldmVsb3Blci5hcHBsZS5jb20vbGlicmFyeS9pb3MvZG9jdW1lbnRh dGlvbi9YY29kZS9Db25jZXB0dWFsL2lQaG9uZU9TQUJJUmVmZXJlbmNlL0FydGljbGVzL0FSTTY0 RnVuY3Rpb25DYWxsaW5nQ29udmVudGlvbnMuaHRtbCMvL2FwcGxlX3JlZi9kb2MvdWlkL1RQNDAw MTM3MDItU1c3CisKKyAgICAgICAgKiBoZWFwL01hY2hpbmVTdGFja01hcmtlci5jcHA6CisgICAg ICAgIChKU0M6Ok1hY2hpbmVUaHJlYWRzOjpUaHJlYWQ6OlJlZ2lzdGVyczo6c3RhY2tQb2ludGVy KToKKyAgICAgICAgKEpTQzo6TWFjaGluZVRocmVhZHM6OlRocmVhZDo6UmVnaXN0ZXJzOjpzdGFj a1BvaW50ZXJXaXRoUmVkWm9uZSk6CisgICAgICAgIChKU0M6Ok1hY2hpbmVUaHJlYWRzOjpUaHJl YWQ6OmZyZWVSZWdpc3RlcnMpOgorICAgICAgICAoSlNDOjpNYWNoaW5lVGhyZWFkczo6dHJ5Q29w eU90aGVyVGhyZWFkU3RhY2spOgorCiAyMDE1LTA5LTA4ICBZdXN1a2UgU3V6dWtpICA8dXRhdGFu ZS50ZWFAZ21haWwuY29tPgogCiAgICAgICAgIFtFUzZdIEltcGxlbWVudCBjb21wdXRlZCBhY2Nl c3NvcnMKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9oZWFwL01hY2hpbmVTdGFja01hcmtl ci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAvTWFjaGluZVN0 YWNrTWFya2VyLmNwcAkocmV2aXNpb24gMTg5NTAwKQorKysgU291cmNlL0phdmFTY3JpcHRDb3Jl L2hlYXAvTWFjaGluZVN0YWNrTWFya2VyLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMjAwLDcgKzIw MCw4IEBAIHB1YmxpYzoKIAogICAgIHN0cnVjdCBSZWdpc3RlcnMgewogICAgICAgICBpbmxpbmUg dm9pZCogc3RhY2tQb2ludGVyKCkgY29uc3Q7Ci0gICAgICAgIAorICAgICAgICBpbmxpbmUgdm9p ZCogc3RhY2tQb2ludGVyV2l0aFJlZFpvbmUoKSBjb25zdDsKKwogI2lmIE9TKERBUldJTikKICNp ZiBDUFUoWDg2KQogICAgICAgICB0eXBlZGVmIGkzODZfdGhyZWFkX3N0YXRlX3QgUGxhdGZvcm1S ZWdpc3RlcnM7CkBAIC01MDAsNiArNTAxLDIzIEBAIGlubGluZSB2b2lkKiBNYWNoaW5lVGhyZWFk czo6VGhyZWFkOjpSZWcKICNlbmRpZgogfQogCitpbmxpbmUgdm9pZCogTWFjaGluZVRocmVhZHM6 OlRocmVhZDo6UmVnaXN0ZXJzOjpzdGFja1BvaW50ZXJXaXRoUmVkWm9uZSgpIGNvbnN0Cit7Cisg ICAgdWludDhfdCogc3AgPSByZWludGVycHJldF9jYXN0PHVpbnQ4X3QqPihzdGFja1BvaW50ZXIo KSk7CisgICAgaW50IHJlZFpvbmVBZGp1c3RtZW50ID0gMDsKKyNpZiBPUyhEQVJXSU4pCisjaWYg Q1BVKFg4Nl82NCkKKyAgICAvLyBTZWUgaHR0cDovL3Blb3BsZS5mcmVlYnNkLm9yZy9+b2JyaWVu L2FtZDY0LWVsZi1hYmkucGRmIFNlY3Rpb24gMy4yLjIuCisgICAgcmVkWm9uZUFkanVzdG1lbnQg PSAtMTI4OworI2VsaWYgQ1BVKEFSTTY0KQorICAgIC8vIFNlZSBodHRwczovL2RldmVsb3Blci5h cHBsZS5jb20vbGlicmFyeS9pb3MvZG9jdW1lbnRhdGlvbi9YY29kZS9Db25jZXB0dWFsL2lQaG9u ZU9TQUJJUmVmZXJlbmNlL0FydGljbGVzL0FSTTY0RnVuY3Rpb25DYWxsaW5nQ29udmVudGlvbnMu aHRtbCMvL2FwcGxlX3JlZi9kb2MvdWlkL1RQNDAwMTM3MDItU1c3CisgICAgcmVkWm9uZUFkanVz dG1lbnQgPSAtMTI4OworI2VuZGlmCisjZW5kaWYgLy8gT1MoREFSV0lOKQorICAgIAorICAgIHJl dHVybiBzcCArIHJlZFpvbmVBZGp1c3RtZW50OworfQorCiB2b2lkIE1hY2hpbmVUaHJlYWRzOjpU aHJlYWQ6OmZyZWVSZWdpc3RlcnMoTWFjaGluZVRocmVhZHM6OlRocmVhZDo6UmVnaXN0ZXJzJiBy ZWdpc3RlcnMpCiB7CiAgICAgVGhyZWFkOjpSZWdpc3RlcnM6OlBsYXRmb3JtUmVnaXN0ZXJzJiBy ZWdzID0gcmVnaXN0ZXJzLnJlZ3M7CkBAIC01NTEsNyArNTY5LDcgQEAgdm9pZCBNYWNoaW5lVGhy ZWFkczo6dHJ5Q29weU90aGVyVGhyZWFkUwogewogICAgIFRocmVhZDo6UmVnaXN0ZXJzIHJlZ2lz dGVyczsKICAgICBzaXplX3QgcmVnaXN0ZXJzU2l6ZSA9IHRocmVhZC0+Z2V0UmVnaXN0ZXJzKHJl Z2lzdGVycyk7Ci0gICAgc3RkOjpwYWlyPHZvaWQqLCBzaXplX3Q+IHN0YWNrID0gdGhyZWFkLT5j YXB0dXJlU3RhY2socmVnaXN0ZXJzLnN0YWNrUG9pbnRlcigpKTsKKyAgICBzdGQ6OnBhaXI8dm9p ZCosIHNpemVfdD4gc3RhY2sgPSB0aHJlYWQtPmNhcHR1cmVTdGFjayhyZWdpc3RlcnMuc3RhY2tQ b2ludGVyV2l0aFJlZFpvbmUoKSk7CiAKICAgICBib29sIGNhbkNvcHkgPSAqc2l6ZSArIHJlZ2lz dGVyc1NpemUgKyBzdGFjay5zZWNvbmQgPD0gY2FwYWNpdHk7CiAK 260803 2015-09-08 16:11:54 -0700 2015-09-08 16:16:57 -0700 fix 2 bug-148976.patch text/plain 6243 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTg5NTEyKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDQzIEBA CisyMDE1LTA5LTA4ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBH QyBzdGFjayBzY2FuIHNob3VsZCBpbmNsdWRlIEFCSSByZWQgem9uZS4KKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE0ODk3NgorCisgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRoZSB4ODZfNjQgQUJJIHNlY3Rpb24g My4yLjJbMV0gYW5kIEFSTTY0IEFCSVsyXSBib3RoIHN0YXRlIHRoYXQgdGhlcmUgaXMgYQorICAg ICAgICAxMjggYnl0ZSByZWQgem9uZSBiZWxvdyB0aGUgc3RhY2sgcG9pbnRlciAocmVzZXJ2ZWQg YnkgdGhlIE9TKSwgYW5kIHRoYXQKKyAgICAgICAgImZ1bmN0aW9ucyBtYXkgdXNlIHRoaXMgYXJl YSBmb3IgdGVtcG9yYXJ5IGRhdGEgdGhhdCBpcyBub3QgbmVlZGVkIGFjcm9zcworICAgICAgICBm dW5jdGlvbiBjYWxscyIuCisKKyAgICAgICAgSGVuY2UsIGl0IGlzIHBvc3NpYmxlIGZvciBhIHRo cmVhZCB0byBzdG9yZSBKU0NlbGwgcG9pbnRlcnMgaW4gdGhlIHJlZCB6b25lCisgICAgICAgIGFy ZWEsIGFuZCB0aGUgY29uc2VydmF0aXZlIEdDIHRocmVhZCBzY2FubmVyIG5lZWRzIHRvIHNjYW4g dGhhdCBhcmVhIGFzIHdlbGwuCisKKyAgICAgICAgTm90ZTogdGhlIHJlZCB6b25lIHNob3VsZCBu b3QgYmUgc2Nhbm5lZCBmb3IgdGhlIEdDIHRocmVhZCBpdHNlbGYgKGluCisgICAgICAgIGdhdGhl ckZyb21DdXJyZW50VGhyZWFkKCkpLiAgVGhpcyBiZWNhdXNlIHdlJ3JlIGd1YXJhbnRlZWQgdGhh dCB0aGVyZSB3aWxsCisgICAgICAgIGJlIEdDIGZyYW1lcyBiZWxvdyB0aGUgbG93ZXN0ICh0b3Ag b2Ygc3RhY2spIGZyYW1lIHRoYXQgd2UgbmVlZCB0byBzY2FuLgorICAgICAgICBIZW5jZSwgd2Ug YXJlIGd1YXJhbnRlZWQgdGhhdCB0aGVyZSBhcmUgbm8gcmVkIHpvbmUgYXJlYXMgdGhlcmUgY29u dGFpbmluZworICAgICAgICBKU09iamVjdCBwb2ludGVycyBvZiByZWxldmFuY2UuCisKKyAgICAg ICAgTm8gdGVzdCBhZGRlZCBmb3IgdGhpcyBpc3N1ZSBiZWNhdXNlIHRoZSBpc3N1ZSByZWxpZXMg b246CisgICAgICAgIDEuIHRoZSBjb21waWxlciB0b29sIGNoYWluIGdlbmVyYXRpbmcgY29kZSB0 aGF0IHN0b3JlcyBsb2NhbCB2YXJpYWJsZXMKKyAgICAgICAgICAgY29udGFpbmluZyB0aGUgc29s ZSByZWZlcmVuY2UgdG8gYSBKUyBvYmplY3QgKHRoYXQgbmVlZHMgdG8gYmUga2VwdAorICAgICAg ICAgICBhbGl2ZSkgaW4gdGhlIHN0YWNrIHJlZCB6b25lLCBhbmQKKyAgICAgICAgMi4gR0MgaGFz IHRvIHJ1biBvbiBhbm90aGVyIHRocmVhZCB3aGlsZSB0aGF0IHJlZCB6b25lIGNvbnRhaW5pbmcg dGhlCisgICAgICAgICAgIEpTIG9iamVjdCByZWZlcmVuY2UgaXMgaW4gdXNlLiAKKworICAgICAg ICBUaGVzZSBjb25kaXRpb25zIHJlcXVpcmUgYSByYWNlIHRoYXQgY2Fubm90IGJlIHJlbGlhYmx5 IHJlcHJvZHVjZWQuCisKKyAgICAgICAgWzFdOiBodHRwOi8vcGVvcGxlLmZyZWVic2Qub3JnL35v YnJpZW4vYW1kNjQtZWxmLWFiaS5wZGYKKyAgICAgICAgWzJdOiBodHRwczovL2RldmVsb3Blci5h cHBsZS5jb20vbGlicmFyeS9pb3MvZG9jdW1lbnRhdGlvbi9YY29kZS9Db25jZXB0dWFsL2lQaG9u ZU9TQUJJUmVmZXJlbmNlL0FydGljbGVzL0FSTTY0RnVuY3Rpb25DYWxsaW5nQ29udmVudGlvbnMu aHRtbCMvL2FwcGxlX3JlZi9kb2MvdWlkL1RQNDAwMTM3MDItU1c3CisKKyAgICAgICAgKiBoZWFw L01hY2hpbmVTdGFja01hcmtlci5jcHA6CisgICAgICAgIChKU0M6Ok1hY2hpbmVUaHJlYWRzOjpU aHJlYWQ6OlRocmVhZCk6CisgICAgICAgIChKU0M6Ok1hY2hpbmVUaHJlYWRzOjpUaHJlYWQ6OmNy ZWF0ZUZvckN1cnJlbnRUaHJlYWQpOgorICAgICAgICAoSlNDOjpNYWNoaW5lVGhyZWFkczo6VGhy ZWFkOjpmcmVlUmVnaXN0ZXJzKToKKyAgICAgICAgKEpTQzo6b3NSZWRab25lQWRqdXN0bWVudCk6 CisgICAgICAgIChKU0M6Ok1hY2hpbmVUaHJlYWRzOjpUaHJlYWQ6OmNhcHR1cmVTdGFjayk6CisK IDIwMTUtMDktMDggIFBlciBBcm5lIFZvbGxhbiAgPHBlYXZvQG91dGxvb2suY29tPgogCiAgICAg ICAgIFtXaW5dIENvbXBpbGUgZXJyb3JzIGluIGluc3BlY3RvciBjb2RlLgpJbmRleDogU291cmNl L0phdmFTY3JpcHRDb3JlL2hlYXAvTWFjaGluZVN0YWNrTWFya2VyLmNwcAo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0t LSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvaGVhcC9NYWNoaW5lU3RhY2tNYXJrZXIuY3BwCShyZXZp c2lvbiAxODk1MDApCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvaGVhcC9NYWNoaW5lU3RhY2tN YXJrZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xNjAsOSArMTYwLDEwIEBAIHN0YXRpYyBpbmxp bmUgUGxhdGZvcm1UaHJlYWQgZ2V0Q3VycmVudFAKIGNsYXNzIE1hY2hpbmVUaHJlYWRzOjpUaHJl YWQgewogICAgIFdURl9NQUtFX0ZBU1RfQUxMT0NBVEVEOwogCi0gICAgVGhyZWFkKGNvbnN0IFBs YXRmb3JtVGhyZWFkJiBwbGF0VGhyZWFkLCB2b2lkKiBiYXNlKQorICAgIFRocmVhZChjb25zdCBQ bGF0Zm9ybVRocmVhZCYgcGxhdFRocmVhZCwgdm9pZCogYmFzZSwgdm9pZCogZW5kKQogICAgICAg ICA6IHBsYXRmb3JtVGhyZWFkKHBsYXRUaHJlYWQpCiAgICAgICAgICwgc3RhY2tCYXNlKGJhc2Up CisgICAgICAgICwgc3RhY2tFbmQoZW5kKQogICAgIHsKICNpZiBVU0UoUFRIUkVBRFMpICYmICFP UyhXSU5ET1dTKSAmJiAhT1MoREFSV0lOKSAmJiBkZWZpbmVkKFNBX1JFU1RBUlQpCiAgICAgICAg IC8vIGlmIHdlIGhhdmUgU0FfUkVTVEFSVCwgZW5hYmxlIFNJR1VTUjIgZGVidWdnaW5nIG1lY2hh bmlzbQpAQCAtMTk1LDcgKzE5Niw3IEBAIHB1YmxpYzoKIAogICAgIHN0YXRpYyBUaHJlYWQqIGNy ZWF0ZUZvckN1cnJlbnRUaHJlYWQoKQogICAgIHsKLSAgICAgICAgcmV0dXJuIG5ldyBUaHJlYWQo Z2V0Q3VycmVudFBsYXRmb3JtVGhyZWFkKCksIHd0ZlRocmVhZERhdGEoKS5zdGFjaygpLm9yaWdp bigpKTsKKyAgICAgICAgcmV0dXJuIG5ldyBUaHJlYWQoZ2V0Q3VycmVudFBsYXRmb3JtVGhyZWFk KCksIHd0ZlRocmVhZERhdGEoKS5zdGFjaygpLm9yaWdpbigpLCB3dGZUaHJlYWREYXRhKCkuc3Rh Y2soKS5lbmQoKSk7CiAgICAgfQogCiAgICAgc3RydWN0IFJlZ2lzdGVycyB7CkBAIC0yNDEsNiAr MjQyLDcgQEAgcHVibGljOgogICAgIFRocmVhZCogbmV4dDsKICAgICBQbGF0Zm9ybVRocmVhZCBw bGF0Zm9ybVRocmVhZDsKICAgICB2b2lkKiBzdGFja0Jhc2U7CisgICAgdm9pZCogc3RhY2tFbmQ7 CiAjaWYgT1MoV0lORE9XUykKICAgICBIQU5ETEUgcGxhdGZvcm1UaHJlYWRIYW5kbGU7CiAjZW5k aWYKQEAgLTUxMCwxNCArNTEyLDM2IEBAIHZvaWQgTWFjaGluZVRocmVhZHM6OlRocmVhZDo6ZnJl ZVJlZ2lzdGUKICNlbmRpZgogfQogCitzdGF0aWMgaW5saW5lIGludCBvc1JlZFpvbmVBZGp1c3Rt ZW50KCkKK3sKKyAgICBpbnQgcmVkWm9uZUFkanVzdG1lbnQgPSAwOworI2lmICFPUyhXSU5ET1dT KQorI2lmIENQVShYODZfNjQpCisgICAgLy8gU2VlIGh0dHA6Ly9wZW9wbGUuZnJlZWJzZC5vcmcv fm9icmllbi9hbWQ2NC1lbGYtYWJpLnBkZiBTZWN0aW9uIDMuMi4yLgorICAgIHJlZFpvbmVBZGp1 c3RtZW50ID0gLTEyODsKKyNlbGlmIENQVShBUk02NCkKKyAgICAvLyBTZWUgaHR0cHM6Ly9kZXZl bG9wZXIuYXBwbGUuY29tL2xpYnJhcnkvaW9zL2RvY3VtZW50YXRpb24vWGNvZGUvQ29uY2VwdHVh bC9pUGhvbmVPU0FCSVJlZmVyZW5jZS9BcnRpY2xlcy9BUk02NEZ1bmN0aW9uQ2FsbGluZ0NvbnZl bnRpb25zLmh0bWwjLy9hcHBsZV9yZWYvZG9jL3VpZC9UUDQwMDEzNzAyLVNXNworICAgIHJlZFpv bmVBZGp1c3RtZW50ID0gLTEyODsKKyNlbmRpZgorI2VuZGlmIC8vIE9TKERBUldJTikKKyAgICBy ZXR1cm4gcmVkWm9uZUFkanVzdG1lbnQ7Cit9CisKIHN0ZDo6cGFpcjx2b2lkKiwgc2l6ZV90PiBN YWNoaW5lVGhyZWFkczo6VGhyZWFkOjpjYXB0dXJlU3RhY2sodm9pZCogc3RhY2tUb3ApCiB7Ci0g ICAgdm9pZCogYmVnaW4gPSBzdGFja0Jhc2U7Ci0gICAgdm9pZCogZW5kID0gcmVpbnRlcnByZXRf Y2FzdDx2b2lkKj4oCisgICAgY2hhciogYmVnaW4gPSByZWludGVycHJldF9jYXN0PGNoYXIqPihz dGFja0Jhc2UpOworICAgIGNoYXIqIGVuZCA9IHJlaW50ZXJwcmV0X2Nhc3Q8Y2hhcio+KAogICAg ICAgICBXVEY6OnJvdW5kVXBUb011bHRpcGxlT2Y8c2l6ZW9mKHZvaWQqKT4ocmVpbnRlcnByZXRf Y2FzdDx1aW50cHRyX3Q+KHN0YWNrVG9wKSkpOwotICAgIGlmIChiZWdpbiA+IGVuZCkKLSAgICAg ICAgc3RkOjpzd2FwKGJlZ2luLCBlbmQpOwotICAgIHJldHVybiBzdGQ6Om1ha2VfcGFpcihiZWdp biwgc3RhdGljX2Nhc3Q8Y2hhcio+KGVuZCkgLSBzdGF0aWNfY2FzdDxjaGFyKj4oYmVnaW4pKTsK KyAgICBBU1NFUlQoYmVnaW4gPj0gZW5kKTsKKworICAgIGNoYXIqIGVuZFdpdGhSZWRab25lID0g ZW5kICsgb3NSZWRab25lQWRqdXN0bWVudCgpOworICAgIEFTU0VSVChXVEY6OnJvdW5kVXBUb011 bHRpcGxlT2Y8c2l6ZW9mKHZvaWQqKT4ocmVpbnRlcnByZXRfY2FzdDx1aW50cHRyX3Q+KGVuZFdp dGhSZWRab25lKSkgPT0gcmVpbnRlcnByZXRfY2FzdDx1aW50cHRyX3Q+KGVuZFdpdGhSZWRab25l KSk7CisKKyAgICBpZiAoZW5kV2l0aFJlZFpvbmUgPCBzdGFja0VuZCkKKyAgICAgICAgZW5kV2l0 aFJlZFpvbmUgPSByZWludGVycHJldF9jYXN0PGNoYXIqPihzdGFja0VuZCk7CisKKyAgICBzdGQ6 OnN3YXAoYmVnaW4sIGVuZFdpdGhSZWRab25lKTsKKyAgICByZXR1cm4gc3RkOjptYWtlX3BhaXIo YmVnaW4sIGVuZFdpdGhSZWRab25lIC0gYmVnaW4pOwogfQogCiBTVVBQUkVTU19BU0FOCkluZGV4 OiBTb3VyY2UvV1RGL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV1RGL0NoYW5nZUxv ZwkocmV2aXNpb24gMTg5NTEyKQorKysgU291cmNlL1dURi9DaGFuZ2VMb2cJKHdvcmtpbmcgY29w eSkKQEAgLTEsMyArMSwxNSBAQAorMjAxNS0wOS0wOCAgTWFyayBMYW0gIDxtYXJrLmxhbUBhcHBs ZS5jb20+CisKKyAgICAgICAgR0Mgc3RhY2sgc2NhbiBzaG91bGQgaW5jbHVkZSBBQkkgcmVkIHpv bmUuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNDg5 NzYKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIHd0 Zi9TdGFja0JvdW5kcy5oOgorICAgICAgICAoV1RGOjpTdGFja0JvdW5kczo6b3JpZ2luKToKKyAg ICAgICAgKFdURjo6U3RhY2tCb3VuZHM6OmVuZCk6CisgICAgICAgIChXVEY6OlN0YWNrQm91bmRz OjpzaXplKToKKwogMjAxNS0wOS0wNCAgQ3NhYmEgT3N6dHJvZ29uw6FjICA8b3NzeUB3ZWJraXQu b3JnPgogCiAgICAgICAgIEVuYWJsZSByZWZlcmVuY2UgcXVhbGlmaWVkIGZ1bmN0aW9ucyBmb3Ig R0NDCkluZGV4OiBTb3VyY2UvV1RGL3d0Zi9TdGFja0JvdW5kcy5oCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNv dXJjZS9XVEYvd3RmL1N0YWNrQm91bmRzLmgJKHJldmlzaW9uIDE4OTUwMCkKKysrIFNvdXJjZS9X VEYvd3RmL1N0YWNrQm91bmRzLmgJKHdvcmtpbmcgY29weSkKQEAgLTU0LDYgKzU0LDEyIEBAIHB1 YmxpYzoKICAgICAgICAgcmV0dXJuIG1fb3JpZ2luOwogICAgIH0KIAorICAgIHZvaWQqIGVuZCgp IGNvbnN0CisgICAgeworICAgICAgICBBU1NFUlQobV9ib3VuZCk7CisgICAgICAgIHJldHVybiBt X2JvdW5kOworICAgIH0KKyAgICAKICAgICBzaXplX3Qgc2l6ZSgpIGNvbnN0CiAgICAgewogICAg ICAgICBpZiAoaXNHcm93aW5nRG93bndhcmQoKSkK