217261 – [JSC] Introduce JITOperationList to validate JIT-caged pointers

RESOLVED FIXED 217261

[JSC] Introduce JITOperationList to validate JIT-caged pointers

https://bugs.webkit.org/show_bug.cgi?id=217261

Summary [JSC] Introduce JITOperationList to validate JIT-caged pointers

Yusuke Suzuki

Reported 2020-10-02 17:50:28 PDT

[JSC] Introduce JITOperationList to validate JIT-caged pointers

Attachments
Patch (82.86 KB, patch) 2020-10-02 17:52 PDT, Yusuke Suzuki	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (83.11 KB, patch) 2020-10-02 17:55 PDT, Yusuke Suzuki	ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (87.75 KB, patch) 2020-10-02 18:21 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (86.02 KB, patch) 2020-10-02 18:22 PDT, Yusuke Suzuki	saam: review+ ews-feeder: commit-queue-	Details Formatted Diff Diff
Patch (88.68 KB, patch) 2020-10-02 19:24 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Patch (88.70 KB, patch) 2020-10-02 19:27 PDT, Yusuke Suzuki	no flags	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Yusuke Suzuki

Comment 1 2020-10-02 17:52:35 PDT

Created attachment 410393 [details] Patch

Yusuke Suzuki

Comment 2 2020-10-02 17:55:29 PDT

Created attachment 410394 [details] Patch

Yusuke Suzuki

Comment 3 2020-10-02 18:21:19 PDT

Created attachment 410396 [details] Patch

Yusuke Suzuki

Comment 4 2020-10-02 18:22:58 PDT

Created attachment 410398 [details] Patch

Saam Barati

Comment 5 2020-10-02 19:06:40 PDT

Comment on attachment 410398 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=410398&action=review r=me > Source/JavaScriptCore/assembler/JITOperationList.h:50 > + JS_EXPORT_PRIVATE static void populatePointersInEmbedder1(const uintptr_t* beginHost, const uintptr_t* endHost, const uintptr_t* beginOperations, const uintptr_t* endOperations); > + JS_EXPORT_PRIVATE static void populatePointersInEmbedder2(const uintptr_t* beginHost, const uintptr_t* endHost, const uintptr_t* beginOperations, const uintptr_t* endOperations); let's do what we talked about on slack of just a single function > Source/WebKitLegacy/mac/WebView/WebPreferences.mm:380 > + WebCore::populateJITOperations(); could we have a version of "initialize" per library that calls the necessary initialize functions blow it? e.g, JSC::initialize, WebCore::initilziae, that calls JSC::initialize and calls WebCore::populateJITOperations WebKit::initialize, that calls WebCore::initialize, and WebKit::populateJITOperations

Yusuke Suzuki

Comment 6 2020-10-02 19:24:56 PDT

Created attachment 410404 [details] Patch

Yusuke Suzuki

Comment 7 2020-10-02 19:27:26 PDT

Created attachment 410405 [details] Patch

EWS

Comment 8 2020-10-03 16:51:17 PDT

Committed r267938: <https://trac.webkit.org/changeset/267938> All reviewed patches have been landed. Closing bug and clearing flags on attachment 410405 [details].

Radar WebKit Bug Importer

Comment 9 2020-10-03 16:52:16 PDT

<rdar://problem/69921874>

Yusuke Suzuki

Comment 10 2020-10-05 16:29:26 PDT

Committed r268013: <https://trac.webkit.org/changeset/268013>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Yusuke Suzuki

Reported

2020-10-02 17:50 PDT

Modified

2020-10-05 16:29 PDT History

CC List

14 users Show

URL

Keywords InRadar

Depends on

Blocks