Bug 220021

Summary: Fix MacroAssemblerARM64E::validateUntaggedPtr() to account for TBI.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, fpizlo, keith_miller, msaboff, rmorisset, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch.
saam: review+
patch for landing. none

Mark Lam
Reported 2020-12-18 11:30:42 PST
Patch coming.
Attachments
proposed patch. (1.39 KB, patch)
2020-12-18 11:37 PST, Mark Lam 		saam: review+
DetailsFormatted DiffDiff
patch for landing. (3.70 KB, patch)
2020-12-18 12:34 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-12-18 11:31:24 PST
<rdar://problem/72474809>
Mark Lam
Comment 2 2020-12-18 11:37:49 PST
Created attachment 416537 [details] proposed patch.
Saam Barati
Comment 3 2020-12-18 11:47:49 PST
Comment on attachment 416537 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=416537&action=review > Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h:-86 > - load8(Address(target), scratch); We should DisallowScratch here, to make sure we're not relying on it. It'd kill your scratch > Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h:87 > + and64(TrustedImm64(0xff000000000000), scratch, scratch); 0x0f000000000000, right?
Saam Barati
Comment 4 2020-12-18 12:04:46 PST
Comment on attachment 416537 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=416537&action=review >> Source/JavaScriptCore/assembler/MacroAssemblerARM64E.h:87 >> + and64(TrustedImm64(0xff000000000000), scratch, scratch); > > 0x0f000000000000, right? ignore this
Mark Lam
Comment 5 2020-12-18 12:34:06 PST
Created attachment 416540 [details] patch for landing. Thanks for the review.
Mark Lam
Comment 6 2020-12-18 13:43:11 PST
Landed in r270988: <http://trac.webkit.org/r270988>.
Mark Lam
Comment 7 2020-12-18 16:01:21 PST
Also landed a build fix in r270993: <http://trac.webkit.org/r270993>.
Note You need to log in before you can comment on or make changes to this bug.