Apply poisoning to more pointers in JSC.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Jan 2018 21:05:17 +0000 (21:05 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 8 Jan 2018 21:05:17 +0000 (21:05 +0000)
commit3681aacfcfaaa5dae1548861651863ea27115e35
tree1f7f00bc7cb4f7e38b5c5e9de1ea617451765ad5
parent06474928360e1e9c9a1e2e2b02bc22ea9a345641
Apply poisoning to more pointers in JSC.
https://bugs.webkit.org/show_bug.cgi?id=181096
<rdar://problem/36182970>

Reviewed by JF Bastien.

Source/JavaScriptCore:

* assembler/MacroAssembler.h:
(JSC::MacroAssembler::xorPtr):
* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::xor64):
* assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::xor64):
- Add xorPtr implementation.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::inferredName const):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::visitWeakly):
(JSC::CodeBlock::visitChildren):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::WeakReferenceHarvester::visitWeakReferences):
(JSC::CodeBlock::finalizeLLIntInlineCaches):
(JSC::CodeBlock::finalizeBaselineJITInlineCaches):
(JSC::CodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
(JSC::CodeBlock::jettison):
(JSC::CodeBlock::predictedMachineCodeSize):
(JSC::CodeBlock::findPC):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::UnconditionalFinalizer::UnconditionalFinalizer):
(JSC::CodeBlock::WeakReferenceHarvester::WeakReferenceHarvester):
(JSC::CodeBlock::stubInfoBegin):
(JSC::CodeBlock::stubInfoEnd):
(JSC::CodeBlock::callLinkInfosBegin):
(JSC::CodeBlock::callLinkInfosEnd):
(JSC::CodeBlock::instructions):
(JSC::CodeBlock::instructions const):
(JSC::CodeBlock::vm const):
* dfg/DFGOSRExitCompilerCommon.h:
(JSC::DFG::adjustFrameAndStackInOSRExitCompilerThunk):
* jit/JIT.h:
* llint/LLIntOfflineAsmConfig.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter64.asm:
* parser/UnlinkedSourceCode.h:
* runtime/JSCPoison.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* runtime/JSGlobalObject.h:
* runtime/JSScriptFetchParameters.h:
* runtime/JSScriptFetcher.h:
* runtime/StructureTransitionTable.h:
* wasm/js/JSWebAssemblyCodeBlock.cpp:
(JSC::JSWebAssemblyCodeBlock::JSWebAssemblyCodeBlock):
(JSC::JSWebAssemblyCodeBlock::visitChildren):
(JSC::JSWebAssemblyCodeBlock::UnconditionalFinalizer::finalizeUnconditionally):
* wasm/js/JSWebAssemblyCodeBlock.h:

Source/WTF:

Added support for PoisonedBag and PoisonedRefCountedArray.

* wtf/Bag.h:
(WTF::Private::BagNode::BagNode):
(WTF::Bag::Bag):
(WTF::Bag::operator=):
(WTF::Bag::clear):
(WTF::Bag::add):
(WTF::Bag::begin):
(WTF::Bag::unwrappedHead):
(WTF::Bag::Node::Node): Deleted.
* wtf/BagToHashMap.h:
(WTF::toHashMap):
* wtf/Poisoned.h:
(WTF::constExprPoisonRandom):
(WTF::makeConstExprPoison):
* wtf/RefCountedArray.h:
(WTF::RefCountedArray::RefCountedArray):
(WTF::RefCountedArray::clone const):
(WTF::RefCountedArray::operator=):
(WTF::RefCountedArray::~RefCountedArray):
(WTF::RefCountedArray::refCount const):
(WTF::RefCountedArray::size const):
(WTF::RefCountedArray::data):
(WTF::RefCountedArray::begin):
(WTF::RefCountedArray::end):
(WTF::RefCountedArray::data const):
(WTF::RefCountedArray::begin const):
(WTF::RefCountedArray::operator== const):
(WTF::RefCountedArray::Header::fromPayload):
* wtf/WTFAssertions.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@226530 268f45cc-cd09-0410-ab3c-d52691b4dbfc
26 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/assembler/MacroAssembler.h
Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/CodeBlock.h
Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h
Source/JavaScriptCore/jit/JIT.h
Source/JavaScriptCore/llint/LLIntOfflineAsmConfig.h
Source/JavaScriptCore/llint/LowLevelInterpreter.asm
Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
Source/JavaScriptCore/parser/UnlinkedSourceCode.h
Source/JavaScriptCore/runtime/JSCPoison.h
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.h
Source/JavaScriptCore/runtime/JSScriptFetchParameters.h
Source/JavaScriptCore/runtime/JSScriptFetcher.h
Source/JavaScriptCore/runtime/StructureTransitionTable.h
Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h
Source/WTF/ChangeLog
Source/WTF/wtf/Bag.h
Source/WTF/wtf/BagToHashMap.h
Source/WTF/wtf/Poisoned.h
Source/WTF/wtf/RefCountedArray.h
Source/WTF/wtf/WTFAssertions.cpp