|
1 | | -2020-12-02 Russell Epstein <repstein@apple.com> |
| 1 | +2021-01-15 Russell Epstein <repstein@apple.com> |
2 | 2 |
|
3 | | - Apply patch. rdar://problem/70289034 |
| 3 | + Cherry-pick r271544. rdar://problem/73267306 |
| 4 | + |
| 5 | + [JSC] Clean up DFGPreciseLocalClobberize to avoid duplicate code |
| 6 | + https://bugs.webkit.org/show_bug.cgi?id=220670 |
| 7 | + |
| 8 | + Reviewed by Filip Pizlo. |
| 9 | + |
| 10 | + This patch cleans up DFGPreciseLocalClobberize by extracting code to lambda to remove duplicate code. |
| 11 | + |
| 12 | + * dfg/DFGPreciseLocalClobberize.h: |
| 13 | + (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop): |
| 14 | + |
| 15 | + git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271544 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
| 16 | + |
| 17 | + 2021-01-15 Yusuke Suzuki <ysuzuki@apple.com> |
| 18 | + |
| 19 | + [JSC] Clean up DFGPreciseLocalClobberize to avoid duplicate code |
| 20 | + https://bugs.webkit.org/show_bug.cgi?id=220670 |
| 21 | + |
| 22 | + Reviewed by Filip Pizlo. |
| 23 | + |
| 24 | + This patch cleans up DFGPreciseLocalClobberize by extracting code to lambda to remove duplicate code. |
| 25 | + |
| 26 | + * dfg/DFGPreciseLocalClobberize.h: |
| 27 | + (JSC::DFG::PreciseLocalClobberizeAdaptor::readTop): |
| 28 | + |
| 29 | +2021-01-08 Alan Coon <alancoon@apple.com> |
| 30 | + |
| 31 | + Cherry-pick r271144. rdar://problem/72935460 |
| 32 | + |
| 33 | + propertyNameEnumerator must check it can still take the fast path after getGenericPropertyNames |
| 34 | + https://bugs.webkit.org/show_bug.cgi?id=219957 |
| 35 | + <rdar://71156284> |
| 36 | + |
| 37 | + Reviewed by Yusuke Suzuki. |
| 38 | + |
| 39 | + We need to check if we still `canAccessPropertiesQuicklyForEnumeration` on |
| 40 | + `structureAfterGettingPropertyNames`, since we might call out out to a proxy's |
| 41 | + `getPrototypeOf` callback through `getGenericPropertyNames`. |
| 42 | + |
| 43 | + * runtime/JSPropertyNameEnumerator.h: |
| 44 | + (JSC::propertyNameEnumerator): |
| 45 | + |
| 46 | + git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271144 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
| 47 | + |
| 48 | + 2020-12-16 Tadeu Zagallo <tzagallo@apple.com> |
| 49 | + |
| 50 | + propertyNameEnumerator must check it can still take the fast path after getGenericPropertyNames |
| 51 | + https://bugs.webkit.org/show_bug.cgi?id=219957 |
| 52 | + <rdar://71156284> |
| 53 | + |
| 54 | + Reviewed by Yusuke Suzuki. |
| 55 | + |
| 56 | + We need to check if we still `canAccessPropertiesQuicklyForEnumeration` on |
| 57 | + `structureAfterGettingPropertyNames`, since we might call out out to a proxy's |
| 58 | + `getPrototypeOf` callback through `getGenericPropertyNames`. |
| 59 | + |
| 60 | + * runtime/JSPropertyNameEnumerator.h: |
| 61 | + (JSC::propertyNameEnumerator): |
| 62 | + |
| 63 | +2021-01-07 Alan Coon <alancoon@apple.com> |
| 64 | + |
| 65 | + Cherry-pick r271143. rdar://problem/72893965 |
| 66 | + |
| 67 | + Validate every instruction in AssemblerBuffer |
| 68 | + https://bugs.webkit.org/show_bug.cgi?id=218104 |
| 69 | + <rdar://problem/69433094> |
| 70 | + |
| 71 | + Reviewed by Saam Barati. |
| 72 | + |
| 73 | + * assembler/AssemblerBuffer.cpp: |
| 74 | + (JSC::threadSpecificAssemblerHashes): |
| 75 | + * assembler/AssemblerBuffer.h: |
| 76 | + (JSC::AssemblerBuffer::AssemblerBuffer): |
| 77 | + (JSC::AssemblerBuffer::~AssemblerBuffer): |
| 78 | + (JSC::AssemblerBuffer::releaseAssemblerData): |
| 79 | + (JSC::AssemblerBuffer::releaseAssemblerHashes): |
| 80 | + (JSC::AssemblerBuffer::putIntegralUnchecked): |
| 81 | + (JSC::AssemblerBuffer::grow): |
| 82 | + (JSC::AssemblerBuffer::outOfLineGrow): |
| 83 | + (JSC::ARM64EHash::update): Deleted. |
| 84 | + (JSC::ARM64EHash::finalHash const): Deleted. |
| 85 | + (): Deleted. |
| 86 | + (JSC::AssemblerBuffer::hash const): Deleted. |
| 87 | + * assembler/LinkBuffer.cpp: |
| 88 | + (JSC::LinkBuffer::copyCompactAndLinkCode): |
| 89 | + * assembler/LinkBuffer.h: |
| 90 | + |
| 91 | + git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271143 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
| 92 | + |
| 93 | + 2020-11-17 Tadeu Zagallo <tzagallo@apple.com> |
| 94 | + |
| 95 | + Validate every instruction in AssemblerBuffer |
| 96 | + https://bugs.webkit.org/show_bug.cgi?id=218104 |
| 97 | + <rdar://problem/69433094> |
| 98 | + |
| 99 | + Reviewed by Saam Barati. |
| 100 | + |
| 101 | + * assembler/AssemblerBuffer.cpp: |
| 102 | + (JSC::threadSpecificAssemblerHashes): |
| 103 | + * assembler/AssemblerBuffer.h: |
| 104 | + (JSC::AssemblerBuffer::AssemblerBuffer): |
| 105 | + (JSC::AssemblerBuffer::~AssemblerBuffer): |
| 106 | + (JSC::AssemblerBuffer::releaseAssemblerData): |
| 107 | + (JSC::AssemblerBuffer::releaseAssemblerHashes): |
| 108 | + (JSC::AssemblerBuffer::putIntegralUnchecked): |
| 109 | + (JSC::AssemblerBuffer::grow): |
| 110 | + (JSC::AssemblerBuffer::outOfLineGrow): |
| 111 | + (JSC::ARM64EHash::update): Deleted. |
| 112 | + (JSC::ARM64EHash::finalHash const): Deleted. |
| 113 | + (): Deleted. |
| 114 | + (JSC::AssemblerBuffer::hash const): Deleted. |
| 115 | + * assembler/LinkBuffer.cpp: |
| 116 | + (JSC::LinkBuffer::copyCompactAndLinkCode): |
| 117 | + * assembler/LinkBuffer.h: |
| 118 | + |
| 119 | +2021-01-07 Alan Coon <alancoon@apple.com> |
| 120 | + |
| 121 | + Cherry-pick r271034. rdar://problem/72894016 |
| 122 | + |
| 123 | + DFG should make sure replacement watchpoint is fired before folding to PutByOffset |
| 124 | + https://bugs.webkit.org/show_bug.cgi?id=220031 |
| 125 | + <rdar://72045350> |
| 126 | + |
| 127 | + Reviewed by Saam Barati. |
| 128 | + |
| 129 | + * dfg/DFGByteCodeParser.cpp: |
| 130 | + (JSC::DFG::ByteCodeParser::presenceConditionIfConsistent): |
| 131 | + (JSC::DFG::ByteCodeParser::checkPresence): |
| 132 | + (JSC::DFG::ByteCodeParser::checkPresenceForReplace): |
| 133 | + (JSC::DFG::ByteCodeParser::load): |
| 134 | + (JSC::DFG::ByteCodeParser::store): |
| 135 | + (JSC::DFG::ByteCodeParser::presenceLike): Deleted. |
| 136 | + (JSC::DFG::ByteCodeParser::checkPresenceLike): Deleted. |
| 137 | + * dfg/DFGConstantFoldingPhase.cpp: |
| 138 | + (JSC::DFG::ConstantFoldingPhase::tryFoldAsPutByOffset): |
| 139 | + * runtime/Structure.cpp: |
| 140 | + (JSC::Structure::dump const): |
| 141 | + |
| 142 | + git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271034 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
| 143 | + |
| 144 | + 2020-12-21 Keith Miller <keith_miller@apple.com> |
| 145 | + |
| 146 | + DFG should make sure replacement watchpoint is fired before folding to PutByOffset |
| 147 | + https://bugs.webkit.org/show_bug.cgi?id=220031 |
| 148 | + <rdar://72045350> |
| 149 | + |
| 150 | + Reviewed by Saam Barati. |
| 151 | + |
| 152 | + * dfg/DFGByteCodeParser.cpp: |
| 153 | + (JSC::DFG::ByteCodeParser::presenceConditionIfConsistent): |
| 154 | + (JSC::DFG::ByteCodeParser::checkPresence): |
| 155 | + (JSC::DFG::ByteCodeParser::checkPresenceForReplace): |
| 156 | + (JSC::DFG::ByteCodeParser::load): |
| 157 | + (JSC::DFG::ByteCodeParser::store): |
| 158 | + (JSC::DFG::ByteCodeParser::presenceLike): Deleted. |
| 159 | + (JSC::DFG::ByteCodeParser::checkPresenceLike): Deleted. |
| 160 | + * dfg/DFGConstantFoldingPhase.cpp: |
| 161 | + (JSC::DFG::ConstantFoldingPhase::tryFoldAsPutByOffset): |
| 162 | + * runtime/Structure.cpp: |
| 163 | + (JSC::Structure::dump const): |
| 164 | + |
| 165 | +2020-12-16 Mark Lam <mark.lam@apple.com> |
| 166 | + |
| 167 | + Cherry-pick r270981. rdar://problem/72552976 |
| 168 | + |
| 169 | + 2020-12-17 Mark Lam <mark.lam@apple.com> |
| 170 | + |
| 171 | + Add tagging to JIT probe's return address. |
| 172 | + https://bugs.webkit.org/show_bug.cgi?id=220008 |
| 173 | + rdar://71279530 |
| 174 | + |
| 175 | + Reviewed by Keith Miller and Robin Morisset. |
| 176 | + |
| 177 | + * assembler/MacroAssemblerARM64.cpp: |
| 178 | + * assembler/testmasm.cpp: |
| 179 | + (JSC::testProbeModifiesProgramCounter): |
| 180 | + * runtime/JSCPtrTag.h: |
| 181 | + |
| 182 | +2020-12-21 Alan Coon <alancoon@apple.com> |
| 183 | + |
| 184 | + Cherry-pick r270993. rdar://problem/72552973 |
| 185 | + |
| 186 | + Build fix after r270988. |
| 187 | + https://bugs.webkit.org/show_bug.cgi?id=220021 |
| 188 | + <rdar://problem/72474809> |
| 189 | + |
| 190 | + Not reviewed. |
| 191 | + |
| 192 | + * JavaScriptCore.xcodeproj/project.pbxproj: |
| 193 | + |
| 194 | + |
| 195 | + |
| 196 | + git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270993 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
| 197 | + |
| 198 | + 2020-12-18 Mark Lam <mark.lam@apple.com> |
| 199 | + |
| 200 | + Build fix after r270988. |
| 201 | + https://bugs.webkit.org/show_bug.cgi?id=220021 |
| 202 | + <rdar://problem/72474809> |
| 203 | + |
| 204 | + Not reviewed. |
| 205 | + |
| 206 | + * JavaScriptCore.xcodeproj/project.pbxproj: |
| 207 | + |
| 208 | +2020-12-21 Alan Coon <alancoon@apple.com> |
| 209 | + |
| 210 | + Cherry-pick r270988. rdar://problem/72552973 |
| 211 | + |
| 212 | + Fix MacroAssemblerARM64E::validateUntaggedPtr() to account for TBI. |
| 213 | + https://bugs.webkit.org/show_bug.cgi?id=220021 |
| 214 | + <rdar://problem/72474809> |
| 215 | + |
| 216 | + Reviewed by Saam Barati. |
| 217 | + |
| 218 | + * assembler/AbstractMacroAssembler.h: |
| 219 | + * assembler/DisallowMacroScratchRegisterUsage.h: |
| 220 | + - templatized the DisallowMacroScratchRegisterUsage class so that we can #include |
| 221 | + it in MacroAssembler implementations. |
| 222 | + * assembler/MacroAssemblerARM64E.h: |
| 223 | + (JSC::MacroAssemblerARM64E::validateUntaggedPtr): |
| 224 | + |
| 225 | + |
| 226 | + |
| 227 | + git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270988 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
| 228 | + |
| 229 | + 2020-12-18 Mark Lam <mark.lam@apple.com> |
| 230 | + |
| 231 | + Fix MacroAssemblerARM64E::validateUntaggedPtr() to account for TBI. |
| 232 | + https://bugs.webkit.org/show_bug.cgi?id=220021 |
| 233 | + <rdar://problem/72474809> |
| 234 | + |
| 235 | + Reviewed by Saam Barati. |
| 236 | + |
| 237 | + * assembler/AbstractMacroAssembler.h: |
| 238 | + * assembler/DisallowMacroScratchRegisterUsage.h: |
| 239 | + - templatized the DisallowMacroScratchRegisterUsage class so that we can #include |
| 240 | + it in MacroAssembler implementations. |
| 241 | + * assembler/MacroAssemblerARM64E.h: |
| 242 | + (JSC::MacroAssemblerARM64E::validateUntaggedPtr): |
| 243 | + |
| 244 | +2020-12-16 Mark Lam <mark.lam@apple.com> |
| 245 | + |
| 246 | + Cherry-pick r270686. rdar://problem/72321615 |
| 247 | + |
| 248 | + 2020-12-11 Mark Lam <mark.lam@apple.com> |
| 249 | + |
| 250 | + Add extra validation after untagging code pointers. |
| 251 | + https://bugs.webkit.org/show_bug.cgi?id=219765 |
| 252 | + rdar://72069920 |
| 253 | + |
| 254 | + Reviewed by Robin Morisset. |
| 255 | + |
| 256 | + * assembler/AbstractMacroAssembler.h: |
| 257 | + (JSC::AbstractMacroAssembler::untagReturnAddress): |
| 258 | + (JSC::AbstractMacroAssembler::validateUntaggedPtr): |
| 259 | + * assembler/MacroAssemblerARM64E.h: |
| 260 | + (JSC::MacroAssemblerARM64E::untagReturnAddress): |
| 261 | + (JSC::MacroAssemblerARM64E::validateUntaggedPtr): |
| 262 | + * dfg/DFGOSRExitCompilerCommon.cpp: |
| 263 | + (JSC::DFG::reifyInlinedCallFrames): |
| 264 | + * ftl/FTLThunks.cpp: |
| 265 | + (JSC::FTL::genericGenerationThunkGenerator): |
| 266 | + * jit/CCallHelpers.h: |
| 267 | + (JSC::CCallHelpers::prepareForTailCallSlow): |
| 268 | + * jit/CallFrameShuffler.cpp: |
| 269 | + (JSC::CallFrameShuffler::prepareForTailCall): |
| 270 | + * jit/ThunkGenerators.cpp: |
| 271 | + (JSC::emitPointerValidation): |
| 272 | + (JSC::arityFixupGenerator): |
| 273 | + * llint/LLIntThunks.cpp: |
| 274 | + (JSC::LLInt::createTailCallGate): |
| 275 | + (JSC::LLInt::untagGateThunk): |
| 276 | + * wasm/js/WebAssemblyFunction.cpp: |
| 277 | + (JSC::WebAssemblyFunction::jsCallEntrypointSlow): |
| 278 | + |
| 279 | +2020-12-08 Russell Epstein <repstein@apple.com> |
| 280 | + |
| 281 | + Cherry-pick r270052. rdar://problem/72099688 |
| 282 | + |
| 283 | + Use os_thread_self_restrict_rwx_is_supported instead of pthread_jit_write_protect_supported_np on Apple Internal SDK builds |
| 284 | + https://bugs.webkit.org/show_bug.cgi?id=219099 |
| 285 | + <rdar://problem/71547048> |
| 286 | + |
| 287 | + Reviewed by Mark Lam. |
| 288 | + |
| 289 | + Source/JavaScriptCore: |
| 290 | + |
| 291 | + * assembler/FastJITPermissions.h: |
| 292 | + (useFastJITPermissions): |
| 293 | + (threadSelfRestrictRWXToRW): |
| 294 | + (threadSelfRestrictRWXToRX): |
| 295 | + |
| 296 | + Source/WTF: |
| 297 | + |
| 298 | + * wtf/PlatformHave.h: |
| 299 | + * wtf/PlatformUse.h: |
| 300 | + |
| 301 | + git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270052 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
| 302 | + |
| 303 | + 2020-11-19 Saam Barati <sbarati@apple.com> |
| 304 | + |
| 305 | + Use os_thread_self_restrict_rwx_is_supported instead of pthread_jit_write_protect_supported_np on Apple Internal SDK builds |
| 306 | + https://bugs.webkit.org/show_bug.cgi?id=219099 |
| 307 | + <rdar://problem/71547048> |
| 308 | + |
| 309 | + Reviewed by Mark Lam. |
| 310 | + |
| 311 | + * assembler/FastJITPermissions.h: |
| 312 | + (useFastJITPermissions): |
| 313 | + (threadSelfRestrictRWXToRW): |
| 314 | + (threadSelfRestrictRWXToRX): |
| 315 | + |
| 316 | +2020-12-02 Alan Coon <alancoon@apple.com> |
| 317 | + |
| 318 | + Apply patch. rdar://problem/71921536 |
4 | 319 |
|
5 | 320 | 2020-12-02 Saam Barati <sbarati@apple.com> |
6 | 321 |
|
|
15 | 330 | * parser/Parser.cpp: |
16 | 331 | (JSC::Parser<LexerType>::parseInner): |
17 | 332 |
|
18 | | -2020-11-18 Russell Epstein <repstein@apple.com> |
| 333 | +2020-12-01 Alan Coon <alancoon@apple.com> |
19 | 334 |
|
20 | | - Cherry-pick r269931. rdar://problem/71540532 |
| 335 | + Cherry-pick r269931. rdar://problem/71836676 |
21 | 336 |
|
22 | 337 | Add more info to the RELEASE_ASSERT inside Parser::parseInner |
23 | 338 | https://bugs.webkit.org/show_bug.cgi?id=219054 |
|
52 | 367 | * parser/Parser.cpp: |
53 | 368 | (JSC::Parser<LexerType>::parseInner): |
54 | 369 |
|
55 | | -2020-11-05 Alan Coon <alancoon@apple.com> |
56 | | - |
57 | | - Cherry-pick r269338. rdar://problem/71021911 |
58 | | - |
59 | | - Don't assert there is no checkpoint side state when dropping the JSLock |
60 | | - https://bugs.webkit.org/show_bug.cgi?id=218537 |
61 | | - |
62 | | - Reviewed by Filip Pizlo. |
63 | | - |
64 | | - You may have multiple OSR exit sidestate data on the stack, and then call into |
65 | | - API code, which might DropAllLocks. Hence, this assert is wrong. |
66 | | - |
67 | | - Working on a test. Will land in a followup. |
68 | | - |
69 | | - * runtime/JSLock.cpp: |
70 | | - (JSC::JSLock::willReleaseLock): |
71 | | - |
72 | | - |
73 | | - git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269338 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
74 | | - |
75 | | - 2020-11-03 Saam Barati <sbarati@apple.com> |
76 | | - |
77 | | - Don't assert there is no checkpoint side state when dropping the JSLock |
78 | | - https://bugs.webkit.org/show_bug.cgi?id=218537 |
79 | | - |
80 | | - Reviewed by Filip Pizlo. |
81 | | - |
82 | | - You may have multiple OSR exit sidestate data on the stack, and then call into |
83 | | - API code, which might DropAllLocks. Hence, this assert is wrong. |
84 | | - |
85 | | - Working on a test. Will land in a followup. |
86 | | - |
87 | | - * runtime/JSLock.cpp: |
88 | | - (JSC::JSLock::willReleaseLock): |
89 | | - |
90 | 370 | 2020-10-27 Russell Epstein <repstein@apple.com> |
91 | 371 |
|
92 | 372 | Apply patch. rdar://problem/70733375 |
|
0 commit comments