Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS...
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 27 Sep 2018 04:36:42 +0000 (04:36 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 27 Sep 2018 04:36:42 +0000 (04:36 +0000)
https://bugs.webkit.org/show_bug.cgi?id=190022
<rdar://problem/44800928>

Reviewed by Saam Barati.

* jit/ExecutableAllocator.cpp:
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
(JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
* jit/ExecutableAllocator.h:
(JSC::performJITMemcpy):
* runtime/Options.cpp:
(JSC::recomputeDependentOptions):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@236538 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/ExecutableAllocator.cpp
Source/JavaScriptCore/jit/ExecutableAllocator.h
Source/JavaScriptCore/runtime/Options.cpp

index acea4ff..f150836 100644 (file)
@@ -1,5 +1,21 @@
 2018-09-26  Mark Lam  <mark.lam@apple.com>
 
+        Options::useSeparatedWXHeap() should always be false when ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E).
+        https://bugs.webkit.org/show_bug.cgi?id=190022
+        <rdar://problem/44800928>
+
+        Reviewed by Saam Barati.
+
+        * jit/ExecutableAllocator.cpp:
+        (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
+        (JSC::FixedVMPoolExecutableAllocator::initializeSeparatedWXHeaps):
+        * jit/ExecutableAllocator.h:
+        (JSC::performJITMemcpy):
+        * runtime/Options.cpp:
+        (JSC::recomputeDependentOptions):
+
+2018-09-26  Mark Lam  <mark.lam@apple.com>
+
         Assert that performJITMemcpy() is always called with instruction size aligned addresses on ARM64.
         https://bugs.webkit.org/show_bug.cgi?id=190016
         <rdar://problem/44802875>
index 4608ae6..01e6b92 100644 (file)
@@ -106,9 +106,11 @@ static const double executablePoolReservationFraction = 0.25;
 
 JS_EXPORT_PRIVATE void* taggedStartOfFixedExecutableMemoryPool;
 JS_EXPORT_PRIVATE void* taggedEndOfFixedExecutableMemoryPool;
-JS_EXPORT_PRIVATE bool useFastPermisionsJITCopy { false };
 
+#if !ENABLE(FAST_JIT_PERMISSIONS) || !CPU(ARM64E)
+JS_EXPORT_PRIVATE bool useFastPermisionsJITCopy { false };
 JS_EXPORT_PRIVATE JITWriteSeparateHeapsFunction jitWriteSeparateHeapsFunction;
+#endif
 
 #if !USE(EXECUTE_ONLY_JIT_WRITE_FUNCTION) && HAVE(REMAP_JIT)
 static uintptr_t startOfFixedWritableMemoryPool;
@@ -143,6 +145,11 @@ public:
             ASSERT(m_reservation.size() == reservationSize);
             void* reservationBase = m_reservation.base();
 
+#if ENABLE(FAST_JIT_PERMISSIONS) && CPU(ARM64E)
+            RELEASE_ASSERT(os_thread_self_restrict_rwx_is_supported());
+            os_thread_self_restrict_rwx_to_rx();
+
+#else // not ENABLE(FAST_JIT_PERMISSIONS) or not CPU(ARM64E)
 #if ENABLE(FAST_JIT_PERMISSIONS)
             if (os_thread_self_restrict_rwx_is_supported()) {
                 useFastPermisionsJITCopy = true;
@@ -156,6 +163,7 @@ public:
                 reservationSize -= pageSize();
                 initializeSeparatedWXHeaps(m_reservation.base(), pageSize(), reservationBase, reservationSize);
             }
+#endif // not ENABLE(FAST_JIT_PERMISSIONS) or not CPU(ARM64E)
 
             addFreshFreeSpace(reservationBase, reservationSize);
 
@@ -244,7 +252,9 @@ private:
         // Zero out writableAddr to avoid leaking the address of the writable mapping.
         memset_s(&writableAddr, sizeof(writableAddr), 0, sizeof(writableAddr));
 
+#if !ENABLE(FAST_JIT_PERMISSIONS) || !CPU(ARM64E)
         jitWriteSeparateHeapsFunction = reinterpret_cast<JITWriteSeparateHeapsFunction>(writeThunk.code().executableAddress());
+#endif
     }
 
 #if CPU(ARM64) && USE(EXECUTE_ONLY_JIT_WRITE_FUNCTION)
index 203fc5e..9a925a9 100644 (file)
@@ -81,11 +81,14 @@ inline bool isJITPC(void* pc)
     return startOfFixedExecutableMemoryPool() <= pc && pc < endOfFixedExecutableMemoryPool();
 }
 
+#if !ENABLE(FAST_JIT_PERMISSIONS) || !CPU(ARM64E)
+
 typedef void (*JITWriteSeparateHeapsFunction)(off_t, const void*, size_t);
 extern JS_EXPORT_PRIVATE JITWriteSeparateHeapsFunction jitWriteSeparateHeapsFunction;
-
 extern JS_EXPORT_PRIVATE bool useFastPermisionsJITCopy;
 
+#endif // !ENABLE(FAST_JIT_PERMISSIONS) || !CPU(ARM64E)
+
 static inline void* performJITMemcpy(void *dst, const void *src, size_t n)
 {
 #if CPU(ARM64)
@@ -96,14 +99,18 @@ static inline void* performJITMemcpy(void *dst, const void *src, size_t n)
     if (dst >= startOfFixedExecutableMemoryPool() && dst < endOfFixedExecutableMemoryPool()) {
         RELEASE_ASSERT(reinterpret_cast<uint8_t*>(dst) + n <= endOfFixedExecutableMemoryPool());
 #if ENABLE(FAST_JIT_PERMISSIONS)
-        if (useFastPermisionsJITCopy) {
+#if !CPU(ARM64E)
+        if (useFastPermisionsJITCopy)
+#endif
+        {
             os_thread_self_restrict_rwx_to_rw();
             memcpy(dst, src, n);
             os_thread_self_restrict_rwx_to_rx();
             return dst;
         }
-#endif
+#endif // ENABLE(FAST_JIT_PERMISSIONS)
 
+#if !ENABLE(FAST_JIT_PERMISSIONS) || !CPU(ARM64E)
         if (jitWriteSeparateHeapsFunction) {
             // Use execute-only write thunk for writes inside the JIT region. This is a variant of
             // memcpy that takes an offset into the JIT region as its destination (first) parameter.
@@ -111,6 +118,7 @@ static inline void* performJITMemcpy(void *dst, const void *src, size_t n)
             retagCodePtr<JITThunkPtrTag, CFunctionPtrTag>(jitWriteSeparateHeapsFunction)(offset, src, n);
             return dst;
         }
+#endif
     }
 
     // Use regular memcpy for writes outside the JIT region.
index d02368e..960e6d9 100644 (file)
@@ -459,7 +459,7 @@ static void recomputeDependentOptions()
         Options::useOSREntryToFTL() = false;
     }
     
-#if PLATFORM(IOS) && CPU(ARM64)
+#if PLATFORM(IOS) && CPU(ARM64) && !CPU(ARM64E)
     // Override globally for now. Longer term we'll just make the default
     // be to have this option enabled, and have platforms that don't support
     // it just silently use a single mapping.