Don't rely on fixed offsets to patch calls

author barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Sat, 14 Apr 2012 01:20:33 +0000 (01:20 +0000)

committer barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Sat, 14 Apr 2012 01:20:33 +0000 (01:20 +0000)
author barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 14 Apr 2012 01:20:33 +0000 (01:20 +0000)
committer barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 14 Apr 2012 01:20:33 +0000 (01:20 +0000)
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog

index 193f326..1ecb300 100644 (file)
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,18 @@
+2012-04-13  Gavin Barraclough  <barraclough@apple.com>
+
+        Don't rely on fixed offsets to patch calls
+        https://bugs.webkit.org/show_bug.cgi?id=83966
+
+        Rubber stamped by Oliver Hunt.
+
+        These aren't being used anywhere!
+
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileOpCall):
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::compileOpCall):
+
  2012-04-13  Hojong Han  <hojong.han@samsung.com>
  
          Array.prototype.toString and Array.prototype.toLocaleString should be generic
diff --git a/Source/JavaScriptCore/jit/JIT.h b/Source/JavaScriptCore/jit/JIT.h

index 3da9f19..6a95a04 100644 (file)
--- a/Source/JavaScriptCore/jit/JIT.h
+++ b/Source/JavaScriptCore/jit/JIT.h
@@ -479,11 +479,7 @@ namespace JSC {
          void emitSub32Constant(unsigned dst, unsigned op, int32_t constant, ResultType opType);
          void emitBinaryDoubleOp(OpcodeID, unsigned dst, unsigned op1, unsigned op2, OperandTypes, JumpList& notInt32Op1, JumpList& notInt32Op2, bool op1IsInRegisters = true, bool op2IsInRegisters = true);
  
-#if CPU(X86)
-        static const int patchOffsetOpCallCompareToJump = 6;
-#elif CPU(ARM_TRADITIONAL)
-        static const int patchOffsetOpCallCompareToJump = 12;
-
+#if CPU(ARM_TRADITIONAL)
          // sequenceOpCall
          static const int sequenceOpCallInstructionSpace = 12;
          static const int sequenceOpCallConstantSpace = 2;
@@ -499,14 +495,6 @@ namespace JSC {
          // sequencePutById
          static const int sequencePutByIdInstructionSpace = 36;
          static const int sequencePutByIdConstantSpace = 4;
-#elif CPU(ARM_THUMB2)
-        static const int patchOffsetOpCallCompareToJump = 16;
-#elif CPU(MIPS)
-#if WTF_MIPS_ISA(1)
-        static const int patchOffsetOpCallCompareToJump = 32;
-#else // WTF_MIPS_ISA(1)
-        static const int patchOffsetOpCallCompareToJump = 32;
-#endif
  #elif CPU(SH4)
          // sequenceOpCall
          static const int sequenceOpCallInstructionSpace = 12;
@@ -523,10 +511,6 @@ namespace JSC {
          // sequencePutById
          static const int sequencePutByIdInstructionSpace = 36;
          static const int sequencePutByIdConstantSpace = 5;
-
-        static const int patchOffsetOpCallCompareToJump = 4;
-#else
-#error "JSVALUE32_64 not supported on this platform."
  #endif
  
  #else // USE(JSVALUE32_64)
@@ -569,10 +553,6 @@ namespace JSC {
          void compileGetDirectOffset(RegisterID base, RegisterID result, RegisterID offset, RegisterID scratch);
          void compilePutDirectOffset(RegisterID base, RegisterID value, size_t cachedOffset);
  
-#if CPU(X86_64)
-        static const int patchOffsetOpCallCompareToJump = 9;
-#endif
-
  #endif // USE(JSVALUE32_64)
  
  #if (defined(ASSEMBLER_HAS_CONSTANT_POOL) && ASSEMBLER_HAS_CONSTANT_POOL)
diff --git a/Source/JavaScriptCore/jit/JITCall.cpp b/Source/JavaScriptCore/jit/JITCall.cpp

index 73d017d..cad76cf 100644 (file)
--- a/Source/JavaScriptCore/jit/JITCall.cpp
+++ b/Source/JavaScriptCore/jit/JITCall.cpp
@@ -180,7 +180,6 @@ void JIT::compileOpCall(OpcodeID opcodeID, Instruction* instruction, unsigned ca
      END_UNINTERRUPTED_SEQUENCE(sequenceOpCall);
      addSlowCase(slowCase);
  
-    ASSERT_JIT_OFFSET(differenceBetween(addressOfLinkedFunctionCheck, slowCase), patchOffsetOpCallCompareToJump);
      ASSERT(m_callStructureStubCompilationInfo.size() == callLinkInfoIndex);
      m_callStructureStubCompilationInfo.append(StructureStubCompilationInfo());
      m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathBegin = addressOfLinkedFunctionCheck;
diff --git a/Source/JavaScriptCore/jit/JITCall32_64.cpp b/Source/JavaScriptCore/jit/JITCall32_64.cpp

index 7fb6c78..d691340 100644 (file)
--- a/Source/JavaScriptCore/jit/JITCall32_64.cpp
+++ b/Source/JavaScriptCore/jit/JITCall32_64.cpp
@@ -264,7 +264,6 @@ void JIT::compileOpCall(OpcodeID opcodeID, Instruction* instruction, unsigned ca
      addSlowCase(slowCase);
      addSlowCase(branch32(NotEqual, regT1, TrustedImm32(JSValue::CellTag)));
  
-    ASSERT_JIT_OFFSET(differenceBetween(addressOfLinkedFunctionCheck, slowCase), patchOffsetOpCallCompareToJump);
      ASSERT(m_callStructureStubCompilationInfo.size() == callLinkInfoIndex);
      m_callStructureStubCompilationInfo.append(StructureStubCompilationInfo());
      m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathBegin = addressOfLinkedFunctionCheck;
author	barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Sat, 14 Apr 2012 01:20:33 +0000 (01:20 +0000)
committer	barraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Sat, 14 Apr 2012 01:20:33 +0000 (01:20 +0000)
Source/JavaScriptCore/ChangeLog		patch \| blob \| history
Source/JavaScriptCore/jit/JIT.h		patch \| blob \| history
Source/JavaScriptCore/jit/JITCall.cpp		patch \| blob \| history
Source/JavaScriptCore/jit/JITCall32_64.cpp		patch \| blob \| history