130156 – Allocate the data section on the heap again for FTL on ARM64

RESOLVED FIXED 130156

Allocate the data section on the heap again for FTL on ARM64

https://bugs.webkit.org/show_bug.cgi?id=130156

Summary Allocate the data section on the heap again for FTL on ARM64

Juergen Ributzka

Reported 2014-03-12 13:36:38 PDT

Revert the temporary workaround that allocated data section in executable memory. This is no longer required, because the MCJIT supports now the large code model for ARM64.

Attachments
Patch (4.19 KB, patch) 2014-03-12 13:38 PDT, Juergen Ributzka	ggaren: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Juergen Ributzka

Comment 1 2014-03-12 13:38:17 PDT

Created attachment 226549 [details] Patch

Geoffrey Garen

Comment 2 2014-03-12 23:42:26 PDT

Comment on attachment 226549 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=226549&action=review r=me > Source/JavaScriptCore/ftl/FTLCompile.cpp:84 > + // Allocate the GOT in the code section to make it reachable for all code. > + if (!strcmp(sectionName, "__got")) > + return mmAllocateCodeSection(opaqueState, size, alignment, sectionID, sectionName); As a follow-up, we'll need to allocate the GOT outside executable memory -- otherwise we're still subject to "JIT spray" attacks.

Filip Pizlo

Comment 3 2014-03-13 07:12:42 PDT

(In reply to comment #2) > (From update of attachment 226549 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=226549&action=review > > r=me > > > Source/JavaScriptCore/ftl/FTLCompile.cpp:84 > > + // Allocate the GOT in the code section to make it reachable for all code. > > + if (!strcmp(sectionName, "__got")) > > + return mmAllocateCodeSection(opaqueState, size, alignment, sectionID, sectionName); > > As a follow-up, we'll need to allocate the GOT outside executable memory -- otherwise we're still subject to "JIT spray" attacks. No it won't. The GOT is just a table of pointers. We control it entirely.

Filip Pizlo

Comment 4 2014-03-13 10:43:52 PDT

Comment on attachment 226549 [details] Patch Let's not land this yet. We want to first verify the LLVM changes and give everyone time to start building with the new LLVM that has the code model changes.

Filip Pizlo

Comment 5 2014-04-16 16:30:50 PDT

Landed in http://trac.webkit.org/changeset/167397

Filip Pizlo

Comment 6 2014-04-29 14:45:05 PDT

*** Bug 129756 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P1

Severity Critical

Classification Unclassified

Version 528+ (Nightly build)

Hardware iPhone / iPad

OS iOS 7.0

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2014-03-12 13:36 PDT

Modified

2014-04-29 14:45 PDT History

CC List

4 users Show

URL

Keywords

Duplicates (1)

129756 View as bug list

Depends on

Blocks

112840

Dependencies

tree graph