JSWebAssemblyCodeBlock should be in an IsoSubspace
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 Apr 2018 18:59:00 +0000 (18:59 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 17 Apr 2018 18:59:00 +0000 (18:59 +0000)
https://bugs.webkit.org/show_bug.cgi?id=184704

Reviewed by Mark Lam.

Previously it was in a CompleteSubspace, which is pretty good, but also quite wasteful.
CompleteSubspace means about 4KB of data to track the size-allocator mapping. IsoSubspace
shortcircuits this. Also, IsoSubspace uses the iso allocator, so it provides stronger UAF
protection.

* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:
* wasm/js/JSWebAssemblyCodeBlock.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230723 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/VM.cpp
Source/JavaScriptCore/runtime/VM.h
Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h

index f0a4caf..f1b04b1 100644 (file)
@@ -1,3 +1,20 @@
+2018-04-17  Filip Pizlo  <fpizlo@apple.com>
+
+        JSWebAssemblyCodeBlock should be in an IsoSubspace
+        https://bugs.webkit.org/show_bug.cgi?id=184704
+
+        Reviewed by Mark Lam.
+        
+        Previously it was in a CompleteSubspace, which is pretty good, but also quite wasteful.
+        CompleteSubspace means about 4KB of data to track the size-allocator mapping. IsoSubspace
+        shortcircuits this. Also, IsoSubspace uses the iso allocator, so it provides stronger UAF
+        protection.
+
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * runtime/VM.h:
+        * wasm/js/JSWebAssemblyCodeBlock.h:
+
 2018-04-17  Jer Noble  <jer.noble@apple.com>
 
         Only enable useSeparatedWXHeap on ARM64.
index c9a24ec..352f0a2 100644 (file)
@@ -94,6 +94,7 @@
 #include "JSWeakMap.h"
 #include "JSWeakSet.h"
 #include "JSWebAssembly.h"
+#include "JSWebAssemblyCodeBlock.h"
 #include "JSWebAssemblyCodeBlockHeapCellType.h"
 #include "JSWithScope.h"
 #include "LLIntData.h"
@@ -253,9 +254,6 @@ VM::VM(VMType vmType, HeapType heapType)
     , destructibleObjectSpace("JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get())
     , eagerlySweptDestructibleObjectSpace("Eagerly Swept JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get())
     , segmentedVariableObjectSpace("JSSegmentedVariableObjectSpace", heap, segmentedVariableObjectHeapCellType.get(), fastMallocAllocator.get())
-#if ENABLE(WEBASSEMBLY)
-    , webAssemblyCodeBlockSpace("JSWebAssemblyCodeBlockSpace", heap, webAssemblyCodeBlockHeapCellType.get(), fastMallocAllocator.get())
-#endif
     , asyncFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSAsyncFunction)
     , asyncGeneratorFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSAsyncGeneratorFunction)
     , boundFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), JSBoundFunction)
@@ -278,6 +276,7 @@ VM::VM(VMType vmType, HeapType heapType)
     , weakSetSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakSet)
     , weakMapSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), JSWeakMap)
 #if ENABLE(WEBASSEMBLY)
+    , webAssemblyCodeBlockSpace ISO_SUBSPACE_INIT(heap, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock)
     , webAssemblyFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), WebAssemblyFunction)
     , webAssemblyWrapperFunctionSpace ISO_SUBSPACE_INIT(heap, cellJSValueOOBHeapCellType.get(), WebAssemblyWrapperFunction)
 #endif
index 030e6d5..b160ac1 100644 (file)
@@ -336,9 +336,6 @@ public:
     CompleteSubspace destructibleObjectSpace;
     CompleteSubspace eagerlySweptDestructibleObjectSpace;
     CompleteSubspace segmentedVariableObjectSpace;
-#if ENABLE(WEBASSEMBLY)
-    CompleteSubspace webAssemblyCodeBlockSpace;
-#endif
     
     IsoSubspace asyncFunctionSpace;
     IsoSubspace asyncGeneratorFunctionSpace;
@@ -362,6 +359,7 @@ public:
     IsoSubspace weakSetSpace;
     IsoSubspace weakMapSpace;
 #if ENABLE(WEBASSEMBLY)
+    IsoSubspace webAssemblyCodeBlockSpace;
     IsoSubspace webAssemblyFunctionSpace;
     IsoSubspace webAssemblyWrapperFunctionSpace;
 #endif
index da46e64..28b7c0a 100644 (file)
@@ -61,7 +61,7 @@ public:
     }
 
     template<typename CellType>
-    static CompleteSubspace* subspaceFor(VM& vm)
+    static IsoSubspace* subspaceFor(VM& vm)
     {
         return &vm.webAssemblyCodeBlockSpace;
     }