Align the metadata table on all platforms
authortzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 8 Dec 2018 01:12:57 +0000 (01:12 +0000)
committertzagallo@apple.com <tzagallo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 8 Dec 2018 01:12:57 +0000 (01:12 +0000)
https://bugs.webkit.org/show_bug.cgi?id=192050
<rdar://problem/46312674>

Reviewed by Mark Lam.

Although certain platforms don't require the metadata to be aligned,
values were being concurrently read and written to ValueProfiles,
which caused crashes since these operations are not atomic on unaligned
addresses.

* bytecode/Opcode.cpp:
(JSC::metadataAlignment):
* bytecode/Opcode.h:
* bytecode/UnlinkedMetadataTableInlines.h:
(JSC::UnlinkedMetadataTable::finalize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@238997 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/Opcode.cpp
Source/JavaScriptCore/bytecode/Opcode.h
Source/JavaScriptCore/bytecode/UnlinkedMetadataTableInlines.h

index ac53c4c..423af98 100644 (file)
@@ -1,3 +1,22 @@
+2018-12-07  Tadeu Zagallo  <tzagallo@apple.com>
+
+        Align the metadata table on all platforms
+        https://bugs.webkit.org/show_bug.cgi?id=192050
+        <rdar://problem/46312674>
+
+        Reviewed by Mark Lam.
+
+        Although certain platforms don't require the metadata to be aligned,
+        values were being concurrently read and written to ValueProfiles,
+        which caused crashes since these operations are not atomic on unaligned
+        addresses.
+
+        * bytecode/Opcode.cpp:
+        (JSC::metadataAlignment):
+        * bytecode/Opcode.h:
+        * bytecode/UnlinkedMetadataTableInlines.h:
+        (JSC::UnlinkedMetadataTable::finalize):
+
 2018-12-05  Mark Lam  <mark.lam@apple.com>
 
         speculationFromCell() should speculate non-Identifier strings as SpecString instead of SpecStringVar.
index 9fac453..97d47d4 100644 (file)
@@ -193,7 +193,6 @@ static unsigned metadataSizes[] = {
 
 };
 
-#if CPU(NEEDS_ALIGNED_ACCESS)
 static unsigned metadataAlignments[] = {
 
 #define METADATA_ALIGNMENT(size) size,
@@ -201,19 +200,16 @@ static unsigned metadataAlignments[] = {
 #undef METADATA_ALIGNMENT
 
 };
-#endif
 
 unsigned metadataSize(OpcodeID opcodeID)
 {
     return metadataSizes[opcodeID];
 }
 
-#if CPU(NEEDS_ALIGNED_ACCESS)
 unsigned metadataAlignment(OpcodeID opcodeID)
 {
     return metadataAlignments[opcodeID];
 }
-#endif
 
 } // namespace JSC
 
index 38bdfe2..1f39b7f 100644 (file)
@@ -251,9 +251,7 @@ inline bool isThrow(OpcodeID opcodeID)
 }
 
 unsigned metadataSize(OpcodeID);
-#if CPU(NEEDS_ALIGNED_ACCESS)
 unsigned metadataAlignment(OpcodeID);
-#endif
 
 } // namespace JSC
 
index ac8acca..05fb04b 100644 (file)
@@ -90,9 +90,7 @@ ALWAYS_INLINE void UnlinkedMetadataTable::finalize()
         unsigned numberOfEntries = buffer()[i];
 
         if (numberOfEntries > 0) {
-#if CPU(NEEDS_ALIGNED_ACCESS)
             offset = roundUpToMultipleOf(metadataAlignment(static_cast<OpcodeID>(i)), offset);
-#endif
             buffer()[i] = offset;
             offset += numberOfEntries * metadataSize(static_cast<OpcodeID>(i));
         } else