Bug 175037

Created attachment 317476 [details]
the patch

Created attachment 317479 [details]
the patch

Created attachment 317486 [details]
more

Hopefully fixes things.

Comment on attachment 317486 [details]
more

View in context: https://bugs.webkit.org/attachment.cgi?id=317486&action=review

r=me with suggestions.

> Source/JavaScriptCore/jit/AssemblyHelpers.h:1322
> +        if (!Gigacage::shouldBeEnabled())
> +            return;
> +        
> +#if GIGACAGE_ENABLED
> +        andPtr(TrustedImmPtr(static_cast<size_t>(GIGACAGE_MASK)), storage);
> +        addPtr(TrustedImmPtr(Gigacage::basePtr(kind)), storage);
> +#endif

You can move the #if GIGACAGE_ENABLED before the "if (!Gigacage::shouldBeEnabled())" check.  Need to add UNUSED_PARAM for kind and storage in the #else case though.

> Source/JavaScriptCore/jit/AssemblyHelpers.h:1339
> +        if (!Gigacage::shouldBeEnabled())
> +            return;
> +        
> +        if (kind != Gigacage::Primitive || Gigacage::isDisablingPrimitiveGigacageDisabled())
> +            return cage(kind, storage);
> +        
> +        loadPtr(Gigacage::basePtr(kind), scratch);
> +        Jump done = branchTestPtr(Zero, scratch);
> +#if GIGACAGE_ENABLED
> +        andPtr(TrustedImmPtr(static_cast<size_t>(GIGACAGE_MASK)), storage);
> +        addPtr(scratch, storage);
> +#endif
> +        done.link(this);

You can move the #if GIGACAGE_ENABLED before the "if (!Gigacage::shouldBeEnabled())" check.  Need to add UNUSED_PARAM for kind, storage, and scratch in the #else case though.

(In reply to Mark Lam from comment #4)
> Comment on attachment 317486 [details]
> more
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=317486&action=review
> 
> r=me with suggestions.
> 
> > Source/JavaScriptCore/jit/AssemblyHelpers.h:1322
> > +        if (!Gigacage::shouldBeEnabled())
> > +            return;
> > +        
> > +#if GIGACAGE_ENABLED
> > +        andPtr(TrustedImmPtr(static_cast<size_t>(GIGACAGE_MASK)), storage);
> > +        addPtr(TrustedImmPtr(Gigacage::basePtr(kind)), storage);
> > +#endif
> 
> You can move the #if GIGACAGE_ENABLED before the "if
> (!Gigacage::shouldBeEnabled())" check.  Need to add UNUSED_PARAM for kind
> and storage in the #else case though.
> 
> > Source/JavaScriptCore/jit/AssemblyHelpers.h:1339
> > +        if (!Gigacage::shouldBeEnabled())
> > +            return;
> > +        
> > +        if (kind != Gigacage::Primitive || Gigacage::isDisablingPrimitiveGigacageDisabled())
> > +            return cage(kind, storage);
> > +        
> > +        loadPtr(Gigacage::basePtr(kind), scratch);
> > +        Jump done = branchTestPtr(Zero, scratch);
> > +#if GIGACAGE_ENABLED
> > +        andPtr(TrustedImmPtr(static_cast<size_t>(GIGACAGE_MASK)), storage);
> > +        addPtr(scratch, storage);
> > +#endif
> > +        done.link(this);
> 
> You can move the #if GIGACAGE_ENABLED before the "if
> (!Gigacage::shouldBeEnabled())" check.  Need to add UNUSED_PARAM for kind,
> storage, and scratch in the #else case though.

SGTM, I'll make those changes.  Thanks!

Landed in https://trac.webkit.org/changeset/220368/webkit

<rdar://problem/33764948>

Reverted r220368 for reason:

This change caused WK1 tests to exit early with crashes.

Committed r220404: <http://trac.webkit.org/changeset/220404>

(In reply to Ryan Haddad from comment #8)
> Reverted r220368 for reason:
> 
> This change caused WK1 tests to exit early with crashes.
> 
> Committed r220404: <http://trac.webkit.org/changeset/220404>
Link to test run that exhibits the crashes:

https://build.webkit.org/builders/Apple%20Sierra%20Release%20WK1%20%28Tests%29/builds/3717

Relanded in after fixing cageConditionally() for non-WK2/jsc: https://trac.webkit.org/changeset/220416/webkit

Relanded in after fixing cageConditionally() for non-WK2/jsc: https://trac.webkit.org/changeset/220416/webkit