[webkit-changes] [WebKit/WebKit] e9b556: [ARMv7] Fix concurrent BBQ repatching
Justin Michaud
noreply at github.com
Fri May 3 00:14:30 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e9b5568186739399f480a72072955bb38563436e
https://github.com/WebKit/WebKit/commit/e9b5568186739399f480a72072955bb38563436e
Author: Justin Michaud <justin at justinmichaud.com>
Date: 2024-05-03 (Fri, 03 May 2024)
Changed paths:
M Source/JavaScriptCore/assembler/ARMv7Assembler.h
M Source/JavaScriptCore/assembler/AssemblerCommon.h
M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
Log Message:
-----------
[ARMv7] Fix concurrent BBQ repatching
https://bugs.webkit.org/show_bug.cgi?id=273545
Reviewed by Keith Miller and Yusuke Suzuki.
Armv7 places a few interesting constraints on repatching in thumb mode:
- As far as I can tell, you cannot concurrently repatch a mov without an isb
- bl and family can be repatched without an isb, but bl is a 32-bit instruction.
So to repatch it concurrently, we need it to be 4-byte aligned.
This patch fixes this. I also added some debug assertions that verified that
this was the only place in our test case that tried to concurrently repatch an unaligned
bl, but the assertions were too involved to upstream.
This should fix export-arity.js crashes on armv7 on ToT.
* Source/JavaScriptCore/assembler/ARMv7Assembler.h:
(JSC::ARMv7Assembler::alignWithNop):
* Source/JavaScriptCore/assembler/AssemblerCommon.h:
(JSC::machineCodeCopy):
* Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::threadSafePatchableNearCall):
(JSC::MacroAssemblerARMv7::threadSafePatchableNearTailCall):
Canonical link: https://commits.webkit.org/278305@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list