Wasm should cage the memory base pointers in structs
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 17 May 2019 02:21:51 +0000 (02:21 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 17 May 2019 02:21:51 +0000 (02:21 +0000)
commite64c44210ecc04cd69ed31f3431f07451d23aa66
treeefdfbfd56353644821c3c227c194308720eac7fe
parenta8f212fde80a248863067c2c223593d19d8e8cd6
Wasm should cage the memory base pointers in structs
https://bugs.webkit.org/show_bug.cgi?id=197620

Reviewed by Saam Barati.

Source/bmalloc:

Fix signature to take Gigacage::Kind, which matches GIGACAGE_ENABLED build.

* bmalloc/Gigacage.h:
(Gigacage::isEnabled):

Source/JavaScriptCore:

Currently, we use cageConditionally; this only matters for API
users since the web content process cannot disable primitive
gigacage. This patch also adds a set helper for union/intersection
of RegisterSets.

* assembler/CPU.h:
(JSC::isARM64E):
* jit/RegisterSet.h:
(JSC::RegisterSet::set):
* wasm/WasmAirIRGenerator.cpp:
(JSC::Wasm::AirIRGenerator::restoreWebAssemblyGlobalState):
(JSC::Wasm::AirIRGenerator::addCallIndirect):
* wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState):
(JSC::Wasm::B3IRGenerator::addCallIndirect):
* wasm/WasmBinding.cpp:
(JSC::Wasm::wasmToWasm):
* wasm/WasmInstance.h:
(JSC::Wasm::Instance::cachedMemory const):
(JSC::Wasm::Instance::updateCachedMemory):
* wasm/WasmMemory.cpp:
(JSC::Wasm::Memory::grow):
* wasm/WasmMemory.h:
(JSC::Wasm::Memory::memory const):
* wasm/js/JSToWasm.cpp:
(JSC::Wasm::createJSToWasmWrapper):
* wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::jsCallEntrypointSlow):

Source/WTF:

Rename reauthenticate to recage.

* wtf/CagedPtr.h:
(WTF::CagedPtr::recage):
(WTF::CagedPtr::reauthenticate): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@245432 268f45cc-cd09-0410-ab3c-d52691b4dbfc
15 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/assembler/CPU.h
Source/JavaScriptCore/jit/RegisterSet.h
Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp
Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
Source/JavaScriptCore/wasm/WasmBinding.cpp
Source/JavaScriptCore/wasm/WasmInstance.h
Source/JavaScriptCore/wasm/WasmMemory.cpp
Source/JavaScriptCore/wasm/WasmMemory.h
Source/JavaScriptCore/wasm/js/JSToWasm.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp
Source/WTF/ChangeLog
Source/WTF/wtf/CagedPtr.h
Source/bmalloc/ChangeLog
Source/bmalloc/bmalloc/Gigacage.h