<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[212016] branches/safari-603-branch/Source</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/212016">212016</a></dd>
<dt>Author</dt> <dd>matthew_hanson@apple.com</dd>
<dt>Date</dt> <dd>2017-02-09 17:49:33 -0800 (Thu, 09 Feb 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/211603">r211603</a>. rdar://problem/30318237</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchessafari603branchSourceJavaScriptCoreAPIJSVirtualMachinemm">branches/safari-603-branch/Source/JavaScriptCore/API/JSVirtualMachine.mm</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreCMakeListstxt">branches/safari-603-branch/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreChangeLog">branches/safari-603-branch/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">branches/safari-603-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreassemblerARM64Assemblerh">branches/safari-603-branch/Source/JavaScriptCore/assembler/ARM64Assembler.h</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreassemblerMacroAssemblerARM64h">branches/safari-603-branch/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreassemblerMacroAssemblerX86Commonh">branches/safari-603-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreassemblerX86Assemblerh">branches/safari-603-branch/Source/JavaScriptCore/assembler/X86Assembler.h</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreheapHeapcpp">branches/safari-603-branch/Source/JavaScriptCore/heap/Heap.cpp</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreheapHeaph">branches/safari-603-branch/Source/JavaScriptCore/heap/Heap.h</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreheapHeapInlinesh">branches/safari-603-branch/Source/JavaScriptCore/heap/HeapInlines.h</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreruntimeOptionscpp">branches/safari-603-branch/Source/JavaScriptCore/runtime/Options.cpp</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreruntimeOptionsh">branches/safari-603-branch/Source/JavaScriptCore/runtime/Options.h</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreruntimeVMcpp">branches/safari-603-branch/Source/JavaScriptCore/runtime/VM.cpp</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoreruntimeVMh">branches/safari-603-branch/Source/JavaScriptCore/runtime/VM.h</a></li>
<li><a href="#branchessafari603branchSourceWTFChangeLog">branches/safari-603-branch/Source/WTF/ChangeLog</a></li>
<li><a href="#branchessafari603branchSourceWTFwtfStdLibExtrash">branches/safari-603-branch/Source/WTF/wtf/StdLibExtras.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#branchessafari603branchSourceJavaScriptCoreAPIJSVirtualMachinePrivateh">branches/safari-603-branch/Source/JavaScriptCore/API/JSVirtualMachinePrivate.h</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoretoolsSigillCrashAnalyzercpp">branches/safari-603-branch/Source/JavaScriptCore/tools/SigillCrashAnalyzer.cpp</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoretoolsSigillCrashAnalyzerh">branches/safari-603-branch/Source/JavaScriptCore/tools/SigillCrashAnalyzer.h</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoretoolsVMInspectorcpp">branches/safari-603-branch/Source/JavaScriptCore/tools/VMInspector.cpp</a></li>
<li><a href="#branchessafari603branchSourceJavaScriptCoretoolsVMInspectorh">branches/safari-603-branch/Source/JavaScriptCore/tools/VMInspector.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchessafari603branchSourceJavaScriptCoreAPIJSVirtualMachinemm"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/API/JSVirtualMachine.mm (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/API/JSVirtualMachine.mm        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/API/JSVirtualMachine.mm        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -34,6 +34,7 @@
</span><span class="cx"> #import "JSVirtualMachine.h"
</span><span class="cx"> #import "JSVirtualMachineInternal.h"
</span><span class="cx"> #import "JSWrapperMap.h"
</span><ins>+#import "SigillCrashAnalyzer.h"
</ins><span class="cx"> #import "SlotVisitorInlines.h"
</span><span class="cx"> #import <mutex>
</span><span class="cx"> #import <wtf/Lock.h>
</span><span class="lines">@@ -225,6 +226,11 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+- (void)enableSigillCrashAnalyzer
+{
+ JSC::enableSigillCrashAnalyzer();
+}
+
</ins><span class="cx"> @end
</span><span class="cx">
</span><span class="cx"> @implementation JSVirtualMachine(Internal)
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreAPIJSVirtualMachinePrivateh"></a>
<div class="addfile"><h4>Added: branches/safari-603-branch/Source/JavaScriptCore/API/JSVirtualMachinePrivate.h (0 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/API/JSVirtualMachinePrivate.h         (rev 0)
+++ branches/safari-603-branch/Source/JavaScriptCore/API/JSVirtualMachinePrivate.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -0,0 +1,45 @@
</span><ins>+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef JSVirtualMachinePrivate_h
+#define JSVirtualMachinePrivate_h
+
+#if JSC_OBJC_API_ENABLED
+
+@interface JSVirtualMachine(Private)
+
+/*!
+ @method
+ @abstract Enables SIGILL crash analysis for all JSVirtualMachines.
+ @discussion Installs a SIGILL crash handler that will collect additional
+ non-user identifying information about the crash site via os_log_info.
+ */
+- (void)enableSigillCrashAnalyzer;
+
+@end
+
+#endif
+
+#endif // JSVirtualMachinePrivate_h
</ins></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/CMakeLists.txt (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/CMakeLists.txt        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/CMakeLists.txt        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -906,6 +906,8 @@
</span><span class="cx"> tools/FunctionWhitelist.cpp
</span><span class="cx"> tools/JSDollarVM.cpp
</span><span class="cx"> tools/JSDollarVMPrototype.cpp
</span><ins>+ tools/SigillCrashAnalyzer.cpp
+ tools/VMInspector.cpp
</ins><span class="cx">
</span><span class="cx"> wasm/JSWebAssembly.cpp
</span><span class="cx"> wasm/WasmB3IRGenerator.cpp
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/ChangeLog (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/ChangeLog        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/ChangeLog        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -1,3 +1,59 @@
</span><ins>+2017-02-09 Matthew Hanson <matthew_hanson@apple.com>
+
+ Merge r211603. rdar://problem/30318237
+
+ 2017-02-02 Mark Lam <mark.lam@apple.com>
+
+ Add a SIGILL crash analyzer to make debugging SIGILLs easier.
+ https://bugs.webkit.org/show_bug.cgi?id=167714
+ <rdar://problem/30318237>
+
+ Reviewed by Filip Pizlo.
+
+ The current implementation is only for X86_64 and ARM64 on OS(DARWIN). The
+ analyzer is not enabled for all other ports.
+
+ * CMakeLists.txt:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * API/JSVirtualMachine.mm:
+ * assembler/ARM64Assembler.h:
+ (JSC::ARM64Assembler::illegalInstruction):
+ * assembler/MacroAssemblerARM64.h:
+ (JSC::MacroAssemblerARM64::illegalInstruction):
+ * assembler/MacroAssemblerX86Common.h:
+ (JSC::MacroAssemblerX86Common::illegalInstruction):
+ * assembler/X86Assembler.h:
+ (JSC::X86Assembler::illegalInstruction):
+ * heap/Heap.cpp:
+ (JSC::Heap::forEachCodeBlockIgnoringJITPlansImpl):
+ * heap/Heap.h:
+ * heap/HeapInlines.h:
+ (JSC::Heap::forEachCodeBlockIgnoringJITPlans):
+ * runtime/Options.cpp:
+ (JSC::Options::isAvailable):
+ (JSC::recomputeDependentOptions):
+ * runtime/Options.h:
+ * runtime/VM.cpp:
+ (JSC::VM::VM):
+ (JSC::VM::~VM):
+ * runtime/VM.h:
+ * tools/SigillCrashAnalyzer.cpp: Added.
+ (JSC::SignalContext::SignalContext):
+ (JSC::SignalContext::dump):
+ (JSC::handleCrash):
+ (JSC::initializeCrashHandler):
+ (JSC::ensureSigillCrashAnalyzer):
+ (JSC::SigillCrashAnalyzer::analyze):
+ (JSC::SigillCrashAnalyzer::dumpCodeBlock):
+ * tools/SigillCrashAnalyzer.h: Added.
+ * tools/VMInspector.cpp: Added.
+ (JSC::VMInspector::instance):
+ (JSC::VMInspector::add):
+ (JSC::VMInspector::remove):
+ (JSC::ensureIsSafeToLock):
+ * tools/VMInspector.h: Added.
+ (JSC::VMInspector::iterate):
+
</ins><span class="cx"> 2017-02-06 Matthew Hanson <matthew_hanson@apple.com>
</span><span class="cx">
</span><span class="cx"> Merge r211666. rdar://problem/30167791
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -2319,6 +2319,11 @@
</span><span class="cx">                 FE20CE9D15F04A9500DF3430 /* LLIntCLoop.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE20CE9B15F04A9500DF3430 /* LLIntCLoop.cpp */; };
</span><span class="cx">                 FE20CE9E15F04A9500DF3430 /* LLIntCLoop.h in Headers */ = {isa = PBXBuildFile; fileRef = FE20CE9C15F04A9500DF3430 /* LLIntCLoop.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx">                 FE2E6A7B1D6EA62C0060F896 /* ThrowScope.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE2E6A7A1D6EA5FE0060F896 /* ThrowScope.cpp */; };
</span><ins>+                FE3022D21E3D73A500BAC493 /* SigillCrashAnalyzer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE3022D01E3D739600BAC493 /* SigillCrashAnalyzer.cpp */; };
+                FE3022D31E3D73A500BAC493 /* SigillCrashAnalyzer.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3022D11E3D739600BAC493 /* SigillCrashAnalyzer.h */; settings = {ATTRIBUTES = (Private, ); }; };
+                FE3022D61E42857300BAC493 /* VMInspector.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE3022D41E42856700BAC493 /* VMInspector.cpp */; };
+                FE3022D71E42857300BAC493 /* VMInspector.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3022D51E42856700BAC493 /* VMInspector.h */; };
+                FE3022D91E43C93400BAC493 /* JSVirtualMachinePrivate.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3022D81E43C85500BAC493 /* JSVirtualMachinePrivate.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx">                 FE318FDF1CAC982700DFCC54 /* ECMAScriptSpecInternalFunctions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE318FDD1CAC8C5300DFCC54 /* ECMAScriptSpecInternalFunctions.cpp */; };
</span><span class="cx">                 FE318FE01CAC982F00DFCC54 /* ECMAScriptSpecInternalFunctions.h in Headers */ = {isa = PBXBuildFile; fileRef = FE318FDE1CAC8C5300DFCC54 /* ECMAScriptSpecInternalFunctions.h */; };
</span><span class="cx">                 FE3422121D6B81C30032BE88 /* ThrowScope.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3422111D6B818C0032BE88 /* ThrowScope.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -4845,6 +4850,11 @@
</span><span class="cx">                 FE20CE9B15F04A9500DF3430 /* LLIntCLoop.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = LLIntCLoop.cpp; path = llint/LLIntCLoop.cpp; sourceTree = "<group>"; };
</span><span class="cx">                 FE20CE9C15F04A9500DF3430 /* LLIntCLoop.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = LLIntCLoop.h; path = llint/LLIntCLoop.h; sourceTree = "<group>"; };
</span><span class="cx">                 FE2E6A7A1D6EA5FE0060F896 /* ThrowScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ThrowScope.cpp; sourceTree = "<group>"; };
</span><ins>+                FE3022D01E3D739600BAC493 /* SigillCrashAnalyzer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SigillCrashAnalyzer.cpp; sourceTree = "<group>"; };
+                FE3022D11E3D739600BAC493 /* SigillCrashAnalyzer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SigillCrashAnalyzer.h; sourceTree = "<group>"; };
+                FE3022D41E42856700BAC493 /* VMInspector.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = VMInspector.cpp; sourceTree = "<group>"; };
+                FE3022D51E42856700BAC493 /* VMInspector.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = VMInspector.h; sourceTree = "<group>"; };
+                FE3022D81E43C85500BAC493 /* JSVirtualMachinePrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSVirtualMachinePrivate.h; sourceTree = "<group>"; };
</ins><span class="cx">                 FE318FDD1CAC8C5300DFCC54 /* ECMAScriptSpecInternalFunctions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ECMAScriptSpecInternalFunctions.cpp; sourceTree = "<group>"; };
</span><span class="cx">                 FE318FDE1CAC8C5300DFCC54 /* ECMAScriptSpecInternalFunctions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ECMAScriptSpecInternalFunctions.h; sourceTree = "<group>"; };
</span><span class="cx">                 FE3422111D6B818C0032BE88 /* ThrowScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ThrowScope.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -5897,6 +5907,7 @@
</span><span class="cx">                                 86E3C60F167BAB87006D760A /* JSVirtualMachine.h */,
</span><span class="cx">                                 86E3C610167BAB87006D760A /* JSVirtualMachine.mm */,
</span><span class="cx">                                 86E3C611167BAB87006D760A /* JSVirtualMachineInternal.h */,
</span><ins>+                                FE3022D81E43C85500BAC493 /* JSVirtualMachinePrivate.h */,
</ins><span class="cx">                                 A7482E37116A697B003B0712 /* JSWeakObjectMapRefInternal.h */,
</span><span class="cx">                                 A7482B7A1166CDEA003B0712 /* JSWeakObjectMapRefPrivate.cpp */,
</span><span class="cx">                                 A7482B791166CDEA003B0712 /* JSWeakObjectMapRefPrivate.h */,
</span><span class="lines">@@ -6773,8 +6784,12 @@
</span><span class="cx">                                 FE384EE21ADDB7AD0055DE2C /* JSDollarVM.h */,
</span><span class="cx">                                 FE384EE31ADDB7AD0055DE2C /* JSDollarVMPrototype.cpp */,
</span><span class="cx">                                 FE384EE41ADDB7AD0055DE2C /* JSDollarVMPrototype.h */,
</span><ins>+                                FE3022D01E3D739600BAC493 /* SigillCrashAnalyzer.cpp */,
+                                FE3022D11E3D739600BAC493 /* SigillCrashAnalyzer.h */,
</ins><span class="cx">                                 86B5822C14D22F5F00A9C306 /* ProfileTreeNode.h */,
</span><span class="cx">                                 86B5826A14D35D5100A9C306 /* TieredMMapArray.h */,
</span><ins>+                                FE3022D41E42856700BAC493 /* VMInspector.cpp */,
+                                FE3022D51E42856700BAC493 /* VMInspector.h */,
</ins><span class="cx">                         );
</span><span class="cx">                         path = tools;
</span><span class="cx">                         sourceTree = "<group>";
</span><span class="lines">@@ -8254,7 +8269,6 @@
</span><span class="cx">                                 0F2FCCFF18A60070001A27F8 /* DFGThreadData.h in Headers */,
</span><span class="cx">                                 0FC097A2146B28CC00CF2442 /* DFGThunks.h in Headers */,
</span><span class="cx">                                 0FD8A32817D51F5700CA2C40 /* DFGTierUpCheckInjectionPhase.h in Headers */,
</span><del>-                                ADFF2F701E319DE3001EA54E /* DFGTierUpEntryTrigger.h in Headers */,
</del><span class="cx">                                 0FD8A32A17D51F5700CA2C40 /* DFGToFTLDeferredCompilationCallback.h in Headers */,
</span><span class="cx">                                 0FD8A32C17D51F5700CA2C40 /* DFGToFTLForOSREntryDeferredCompilationCallback.h in Headers */,
</span><span class="cx">                                 0FE7211E193B9C590031F6ED /* DFGTransition.h in Headers */,
</span><span class="lines">@@ -8396,6 +8410,7 @@
</span><span class="cx">                                 0F86A26F1D6F7B3300CB0C92 /* GCTypeMap.h in Headers */,
</span><span class="cx">                                 9959E9311BD18272001AA413 /* generate-combined-inspector-json.py in Headers */,
</span><span class="cx">                                 C4703CC0192844960013FBEA /* generate-inspector-protocol-bindings.py in Headers */,
</span><ins>+                                FE3022D91E43C93400BAC493 /* JSVirtualMachinePrivate.h in Headers */,
</ins><span class="cx">                                 99DA00AF1BD5994E00F4575C /* generate-js-builtins.py in Headers */,
</span><span class="cx">                                 A5EA70EC19F5B3EA0098F5EC /* generate_cpp_alternate_backend_dispatcher_header.py in Headers */,
</span><span class="cx">                                 A5EF9B141A1D43F600702E90 /* generate_cpp_backend_dispatcher_header.py in Headers */,
</span><span class="lines">@@ -8749,6 +8764,7 @@
</span><span class="cx">                                 FE3913561B794F8F00EDAF71 /* LiveObjectList.h in Headers */,
</span><span class="cx">                                 70DE9A091BE7D69E005D89D9 /* LLIntAssembly.h in Headers */,
</span><span class="cx">                                 0F0FC45A14BD15F500B81154 /* LLIntCallLinkInfo.h in Headers */,
</span><ins>+                                FE3022D31E3D73A500BAC493 /* SigillCrashAnalyzer.h in Headers */,
</ins><span class="cx">                                 FE20CE9E15F04A9500DF3430 /* LLIntCLoop.h in Headers */,
</span><span class="cx">                                 0F4680CA14BBB16C00BFE272 /* LLIntCommon.h in Headers */,
</span><span class="cx">                                 0F4680D314BBD16700BFE272 /* LLIntData.h in Headers */,
</span><span class="lines">@@ -8809,6 +8825,7 @@
</span><span class="cx">                                 A79D3ED9C5064DD0A8466A3A /* ModuleScopeData.h in Headers */,
</span><span class="cx">                                 0F1FB3991E1F65FB00A9BE50 /* MutatorScheduler.h in Headers */,
</span><span class="cx">                                 0FA762071DB9243300B7A2FD /* MutatorState.h in Headers */,
</span><ins>+                                FE3022D71E42857300BAC493 /* VMInspector.h in Headers */,
</ins><span class="cx">                                 BC02E9110E1839DB000F9297 /* NativeErrorConstructor.h in Headers */,
</span><span class="cx">                                 BC02E9130E1839DB000F9297 /* NativeErrorPrototype.h in Headers */,
</span><span class="cx">                                 147341D01DC02DB400AA29BA /* NativeExecutable.h in Headers */,
</span><span class="lines">@@ -9676,6 +9693,7 @@
</span><span class="cx">                                 0F9630391D4192C6005609D9 /* AllocatorAttributes.cpp in Sources */,
</span><span class="cx">                                 147F39BD107EC37600427A48 /* ArgList.cpp in Sources */,
</span><span class="cx">                                 79A228351D35D71E00D8E067 /* ArithProfile.cpp in Sources */,
</span><ins>+                                FE3022D61E42857300BAC493 /* VMInspector.cpp in Sources */,
</ins><span class="cx">                                 0F743BAA16B88249009F9277 /* ARM64Disassembler.cpp in Sources */,
</span><span class="cx">                                 86D3B2C310156BDE002865E7 /* ARMAssembler.cpp in Sources */,
</span><span class="cx">                                 65C02850171795E200351E35 /* ARMv7Disassembler.cpp in Sources */,
</span><span class="lines">@@ -10370,6 +10388,7 @@
</span><span class="cx">                                 79B00CBE1C6AB07E0088C65D /* ProxyObject.cpp in Sources */,
</span><span class="cx">                                 79160DBD1C8E3EC8008C085A /* ProxyRevoke.cpp in Sources */,
</span><span class="cx">                                 0F15CD221BA5F9860031FFD3 /* PutByIdFlags.cpp in Sources */,
</span><ins>+                                FE3022D21E3D73A500BAC493 /* SigillCrashAnalyzer.cpp in Sources */,
</ins><span class="cx">                                 0F9332A314CA7DD70085F3C6 /* PutByIdStatus.cpp in Sources */,
</span><span class="cx">                                 0F93B4A918B92C4D00178A3F /* PutByIdVariant.cpp in Sources */,
</span><span class="cx">                                 0FF60AC316740F8800029779 /* ReduceWhitespace.cpp in Sources */,
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreassemblerARM64Assemblerh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/assembler/ARM64Assembler.h (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/assembler/ARM64Assembler.h        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/assembler/ARM64Assembler.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2014 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2014, 2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -1072,6 +1072,12 @@
</span><span class="cx"> insn(excepnGeneration(ExcepnOp_HALT, imm, 0));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // Only used for testing purposes.
+ void illegalInstruction()
+ {
+ insn(0x0);
+ }
+
</ins><span class="cx"> template<int datasize>
</span><span class="cx"> ALWAYS_INLINE void ldp(RegisterID rt, RegisterID rt2, RegisterID rn, PairPostIndex simm)
</span><span class="cx"> {
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreassemblerMacroAssemblerARM64h"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/assembler/MacroAssemblerARM64.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2014-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2014-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -441,6 +441,12 @@
</span><span class="cx"> m_assembler.clz<64>(dest, dest);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // Only used for testing purposes.
+ void illegalInstruction()
+ {
+ m_assembler.illegalInstruction();
+ }
+
</ins><span class="cx"> void lshift32(RegisterID src, RegisterID shiftAmount, RegisterID dest)
</span><span class="cx"> {
</span><span class="cx"> m_assembler.lsl<32>(dest, src, shiftAmount);
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreassemblerMacroAssemblerX86Commonh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2014-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2014-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -323,6 +323,12 @@
</span><span class="cx"> ctzAfterBsf<32>(dst);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // Only used for testing purposes.
+ void illegalInstruction()
+ {
+ m_assembler.illegalInstruction();
+ }
+
</ins><span class="cx"> void lshift32(RegisterID shift_amount, RegisterID dest)
</span><span class="cx"> {
</span><span class="cx"> if (shift_amount == X86Registers::ecx)
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreassemblerX86Assemblerh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/assembler/X86Assembler.h (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/assembler/X86Assembler.h        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/assembler/X86Assembler.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2008, 2012-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2008, 2012-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -259,6 +259,7 @@
</span><span class="cx"> } OneByteOpcodeID;
</span><span class="cx">
</span><span class="cx"> typedef enum {
</span><ins>+ OP2_UD2 = 0xB,
</ins><span class="cx"> OP2_MOVSD_VsdWsd = 0x10,
</span><span class="cx"> OP2_MOVSD_WsdVsd = 0x11,
</span><span class="cx"> OP2_MOVSS_VsdWsd = 0x10,
</span><span class="lines">@@ -680,6 +681,12 @@
</span><span class="cx"> }
</span><span class="cx"> #endif // CPU(X86_64)
</span><span class="cx">
</span><ins>+ // Only used for testing purposes.
+ void illegalInstruction()
+ {
+ m_formatter.twoByteOp(OP2_UD2);
+ }
+
</ins><span class="cx"> void inc_r(RegisterID dst)
</span><span class="cx"> {
</span><span class="cx"> m_formatter.oneByteOp(OP_GROUP5_Ev, GROUP1_OP_ADD, dst);
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreheapHeapcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/heap/Heap.cpp (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/heap/Heap.cpp        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/heap/Heap.cpp        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -2024,6 +2024,11 @@
</span><span class="cx"> return m_codeBlocks->iterate(func);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void Heap::forEachCodeBlockIgnoringJITPlansImpl(const ScopedLambda<bool(CodeBlock*)>& func)
+{
+ return m_codeBlocks->iterate(func);
+}
+
</ins><span class="cx"> void Heap::writeBarrierSlowPath(const JSCell* from)
</span><span class="cx"> {
</span><span class="cx"> if (UNLIKELY(mutatorShouldBeFenced())) {
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreheapHeaph"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/heap/Heap.h (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/heap/Heap.h        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/heap/Heap.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -225,6 +225,7 @@
</span><span class="cx">
</span><span class="cx"> template<typename Functor> void forEachProtectedCell(const Functor&);
</span><span class="cx"> template<typename Functor> void forEachCodeBlock(const Functor&);
</span><ins>+ template<typename Functor> void forEachCodeBlockIgnoringJITPlans(const Functor&);
</ins><span class="cx">
</span><span class="cx"> HandleSet* handleSet() { return &m_handleSet; }
</span><span class="cx"> HandleStack* handleStack() { return &m_handleStack; }
</span><span class="lines">@@ -470,6 +471,7 @@
</span><span class="cx"> size_t threadBytesVisited();
</span><span class="cx">
</span><span class="cx"> void forEachCodeBlockImpl(const ScopedLambda<bool(CodeBlock*)>&);
</span><ins>+ void forEachCodeBlockIgnoringJITPlansImpl(const ScopedLambda<bool(CodeBlock*)>&);
</ins><span class="cx">
</span><span class="cx"> void setMutatorShouldBeFenced(bool value);
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreheapHeapInlinesh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/heap/HeapInlines.h (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/heap/HeapInlines.h        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/heap/HeapInlines.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -173,6 +173,11 @@
</span><span class="cx"> forEachCodeBlockImpl(scopedLambdaRef<bool(CodeBlock*)>(func));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+template<typename Functor> inline void Heap::forEachCodeBlockIgnoringJITPlans(const Functor& func)
+{
+ forEachCodeBlockIgnoringJITPlansImpl(scopedLambdaRef<bool(CodeBlock*)>(func));
+}
+
</ins><span class="cx"> template<typename Functor> inline void Heap::forEachProtectedCell(const Functor& functor)
</span><span class="cx"> {
</span><span class="cx"> for (auto& pair : m_protectedValues)
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreruntimeOptionscpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/runtime/Options.cpp (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/runtime/Options.cpp        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/runtime/Options.cpp        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -28,6 +28,7 @@
</span><span class="cx">
</span><span class="cx"> #include "LLIntCommon.h"
</span><span class="cx"> #include "LLIntData.h"
</span><ins>+#include "SigillCrashAnalyzer.h"
</ins><span class="cx"> #include <algorithm>
</span><span class="cx"> #include <limits>
</span><span class="cx"> #include <math.h>
</span><span class="lines">@@ -144,6 +145,10 @@
</span><span class="cx"> if (id == maxSingleAllocationSizeID)
</span><span class="cx"> return true;
</span><span class="cx"> #endif
</span><ins>+#if OS(DARWIN)
+ if (id == useSigillCrashAnalyzerID)
+ return true;
+#endif
</ins><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -429,6 +434,8 @@
</span><span class="cx"> else
</span><span class="cx"> fastSetMaxSingleAllocationSize(std::numeric_limits<size_t>::max());
</span><span class="cx"> #endif
</span><ins>+ if (Options::useSigillCrashAnalyzer())
+ enableSigillCrashAnalyzer();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void Options::initialize()
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreruntimeOptionsh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/runtime/Options.h (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/runtime/Options.h        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/runtime/Options.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -393,6 +393,7 @@
</span><span class="cx"> \
</span><span class="cx"> v(bool, useDollarVM, false, Restricted, "installs the $vm debugging tool in global objects") \
</span><span class="cx"> v(optionString, functionOverrides, nullptr, Restricted, "file with debugging overrides for function bodies") \
</span><ins>+ v(bool, useSigillCrashAnalyzer, false, Configurable, "logs data about SIGILL crashes") \
</ins><span class="cx"> \
</span><span class="cx"> v(unsigned, watchdog, 0, Normal, "watchdog timeout (0 = Disabled, N = a timeout period of N milliseconds)") \
</span><span class="cx"> \
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreruntimeVMcpp"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/runtime/VM.cpp (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/runtime/VM.cpp        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/runtime/VM.cpp        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -100,6 +100,7 @@
</span><span class="cx"> #include "TypeProfilerLog.h"
</span><span class="cx"> #include "UnlinkedCodeBlock.h"
</span><span class="cx"> #include "VMEntryScope.h"
</span><ins>+#include "VMInspector.h"
</ins><span class="cx"> #include "Watchdog.h"
</span><span class="cx"> #include "WeakGCMapInlines.h"
</span><span class="cx"> #include "WeakMapData.h"
</span><span class="lines">@@ -344,10 +345,14 @@
</span><span class="cx"> Watchdog& watchdog = ensureWatchdog();
</span><span class="cx"> watchdog.setTimeLimit(timeoutMillis);
</span><span class="cx"> }
</span><ins>+
+ VMInspector::instance().add(this);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> VM::~VM()
</span><span class="cx"> {
</span><ins>+ VMInspector::instance().remove(this);
+
</ins><span class="cx"> // Never GC, ever again.
</span><span class="cx"> heap.incrementDeferralDepth();
</span><span class="cx">
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoreruntimeVMh"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/JavaScriptCore/runtime/VM.h (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/runtime/VM.h        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/JavaScriptCore/runtime/VM.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -60,6 +60,7 @@
</span><span class="cx"> #include <wtf/BumpPointerAllocator.h>
</span><span class="cx"> #include <wtf/DateMath.h>
</span><span class="cx"> #include <wtf/Deque.h>
</span><ins>+#include <wtf/DoublyLinkedList.h>
</ins><span class="cx"> #include <wtf/Forward.h>
</span><span class="cx"> #include <wtf/HashMap.h>
</span><span class="cx"> #include <wtf/HashSet.h>
</span><span class="lines">@@ -235,7 +236,7 @@
</span><span class="cx"> #pragma warning(pop)
</span><span class="cx"> #endif
</span><span class="cx">
</span><del>-class VM : public ThreadSafeRefCounted<VM> {
</del><ins>+class VM : public ThreadSafeRefCounted<VM>, public DoublyLinkedListNode<VM> {
</ins><span class="cx"> public:
</span><span class="cx"> // WebCore has a one-to-one mapping of threads to VMs;
</span><span class="cx"> // either create() or createLeaked() should only be called once
</span><span class="lines">@@ -766,11 +767,15 @@
</span><span class="cx"> std::unique_ptr<ShadowChicken> m_shadowChicken;
</span><span class="cx"> std::unique_ptr<BytecodeIntrinsicRegistry> m_bytecodeIntrinsicRegistry;
</span><span class="cx">
</span><ins>+ VM* m_prev; // Required by DoublyLinkedListNode.
+ VM* m_next; // Required by DoublyLinkedListNode.
+
</ins><span class="cx"> // Friends for exception checking purpose only.
</span><span class="cx"> friend class Heap;
</span><span class="cx"> friend class CatchScope;
</span><span class="cx"> friend class ExceptionScope;
</span><span class="cx"> friend class ThrowScope;
</span><ins>+ friend class WTF::DoublyLinkedListNode<VM>;
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> #if ENABLE(GC_VALIDATION)
</span></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoretoolsSigillCrashAnalyzercpp"></a>
<div class="addfile"><h4>Added: branches/safari-603-branch/Source/JavaScriptCore/tools/SigillCrashAnalyzer.cpp (0 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/tools/SigillCrashAnalyzer.cpp         (rev 0)
+++ branches/safari-603-branch/Source/JavaScriptCore/tools/SigillCrashAnalyzer.cpp        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -0,0 +1,353 @@
</span><ins>+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "SigillCrashAnalyzer.h"
+
+#include "CallFrame.h"
+#include "CodeBlock.h"
+#include "VMInspector.h"
+#include <mutex>
+#include <wtf/StdLibExtras.h>
+
+#if USE(ARM64_DISASSEMBLER)
+#include "A64DOpcode.h"
+#endif
+
+#if HAVE(SIGNAL_H)
+#include <signal.h>
+#endif
+
+namespace JSC {
+
+struct SignalContext;
+
+class SigillCrashAnalyzer {
+public:
+ static SigillCrashAnalyzer& instance();
+ void analyze(SignalContext&);
+
+private:
+ SigillCrashAnalyzer() { }
+ void dumpCodeBlock(CodeBlock*, void* machinePC);
+
+#if USE(ARM64_DISASSEMBLER)
+ A64DOpcode m_arm64Opcode;
+#endif
+};
+
+#if OS(DARWIN)
+
+#if USE(OS_LOG)
+
+#define log(format, ...) \
+ os_log_info(OS_LOG_DEFAULT, format, ##__VA_ARGS__)
+
+#else // USE(OS_LOG)
+
+#define log(format, ...) \
+ dataLogF(format, ##__VA_ARGS__)
+
+#endif // USE(OS_LOG)
+
+#if CPU(X86_64)
+struct SignalContext {
+ SignalContext(mcontext_t& mcontext)
+ : mcontext(mcontext)
+ , machinePC(reinterpret_cast<void*>(mcontext->__ss.__rip))
+ , stackPointer(reinterpret_cast<void*>(mcontext->__ss.__rsp))
+ , framePointer(reinterpret_cast<CallFrame*>(mcontext->__ss.__rbp))
+ { }
+
+ void dump()
+ {
+#define FOR_EACH_REGISTER(v) \
+ v(rax) \
+ v(rbx) \
+ v(rcx) \
+ v(rdx) \
+ v(rdi) \
+ v(rsi) \
+ v(rbp) \
+ v(rsp) \
+ v(r8) \
+ v(r9) \
+ v(r10) \
+ v(r11) \
+ v(r12) \
+ v(r13) \
+ v(r14) \
+ v(r15) \
+ v(rip) \
+ v(rflags) \
+ v(cs) \
+ v(fs) \
+ v(gs)
+
+#define DUMP_REGISTER(__reg) \
+ log("Register " #__reg ": %p", reinterpret_cast<void*>(mcontext->__ss.__##__reg));
+ FOR_EACH_REGISTER(DUMP_REGISTER)
+#undef FOR_EACH_REGISTER
+ }
+
+ mcontext_t& mcontext;
+ void* machinePC;
+ void* stackPointer;
+ void* framePointer;
+};
+
+#elif CPU(ARM64)
+
+struct SignalContext {
+ SignalContext(mcontext_t& mcontext)
+ : mcontext(mcontext)
+ , machinePC(reinterpret_cast<void*>(mcontext->__ss.__pc))
+ , stackPointer(reinterpret_cast<void*>(mcontext->__ss.__sp))
+ , framePointer(reinterpret_cast<CallFrame*>(mcontext->__ss.__fp))
+ { }
+
+ void dump()
+ {
+ int i;
+ for (i = 0; i < 28; i += 4) {
+ log("x%d: %016llx x%d: %016llx x%d: %016llx x%d: %016llx",
+ i, mcontext->__ss.__x[i],
+ i+1, mcontext->__ss.__x[i+1],
+ i+2, mcontext->__ss.__x[i+2],
+ i+3, mcontext->__ss.__x[i+3]);
+ }
+ ASSERT(i < 29);
+ log("x%d: %016llx fp: %016llx lr: %016llx",
+ i, mcontext->__ss.__x[i], mcontext->__ss.__fp, mcontext->__ss.__lr);
+ log("sp: %016llx pc: %016llx cpsr: %08x",
+ mcontext->__ss.__sp, mcontext->__ss.__pc, mcontext->__ss.__cpsr);
+ }
+
+ mcontext_t& mcontext;
+ void* machinePC;
+ void* stackPointer;
+ void* framePointer;
+};
+
+#else
+
+struct SignalContext {
+ SignalContext(mcontext_t&) { }
+
+ void dump() { }
+
+ void* machinePC;
+ void* stackPointer;
+ void* framePointer;
+};
+
+#endif
+
+struct sigaction oldSigIllAction;
+
+static void handleCrash(int, siginfo_t*, void* uap)
+{
+ sigaction(SIGILL, &oldSigIllAction, nullptr);
+
+ SignalContext context(static_cast<ucontext_t*>(uap)->uc_mcontext);
+ SigillCrashAnalyzer& analyzer = SigillCrashAnalyzer::instance();
+ analyzer.analyze(context);
+}
+
+static void installCrashHandler()
+{
+#if CPU(X86_64) || CPU(ARM64)
+ struct sigaction action;
+ action.sa_sigaction = reinterpret_cast<void (*)(int, siginfo_t *, void *)>(handleCrash);
+ sigfillset(&action.sa_mask);
+ action.sa_flags = SA_SIGINFO;
+ sigaction(SIGILL, &action, &oldSigIllAction);
+#else
+ UNUSED_PARAM(handleCrash);
+#endif
+}
+
+#else // OS(DARWIN)
+
+#define log(format, ...) do { } while (false)
+
+struct SignalContext {
+ SignalContext() { }
+
+ void dump() { }
+
+ void* machinePC;
+ void* stackPointer;
+ void* framePointer;
+};
+
+static void installCrashHandler()
+{
+ // Do nothing. Not supported for this platform.
+}
+
+#endif // OS(DARWIN)
+
+SigillCrashAnalyzer& SigillCrashAnalyzer::instance()
+{
+ static SigillCrashAnalyzer* analyzer;
+ static std::once_flag once;
+ std::call_once(once, [] {
+ installCrashHandler();
+ analyzer = new SigillCrashAnalyzer;
+ });
+ return *analyzer;
+}
+
+void enableSigillCrashAnalyzer()
+{
+ // Just instantiating the SigillCrashAnalyzer will enable it.
+ SigillCrashAnalyzer::instance();
+}
+
+void SigillCrashAnalyzer::analyze(SignalContext& context)
+{
+ log("BEGIN SIGILL analysis");
+
+ [&] () {
+ // First, dump the signal context info so that we'll at least have the same info
+ // that the default crash handler would given us in case this crash analyzer
+ // itself crashes.
+ context.dump();
+
+ VMInspector& inspector = VMInspector::instance();
+
+ // Use a timeout period of 2 seconds. The client is about to crash, and we don't
+ // want to turn the crash into a hang by re-trying the lock for too long.
+ auto expectedLockToken = inspector.lock(Seconds(2));
+ if (!expectedLockToken) {
+ ASSERT(expectedLockToken.error() == VMInspector::Error::TimedOut);
+ log("ERROR: Unable to analyze SIGILL. Timed out while waiting to iterate VMs.");
+ return;
+ }
+ auto lockToken = expectedLockToken.value();
+
+ void* pc = context.machinePC;
+ auto isInJITMemory = inspector.isValidExecutableMemory(lockToken, pc);
+ if (!isInJITMemory) {
+ log("ERROR: Timed out: not able to determine if pc %p is in valid JIT executable memory", pc);
+ return;
+ }
+ if (!isInJITMemory.value()) {
+ log("pc %p is NOT in valid JIT executable memory", pc);
+ return;
+ }
+ log("pc %p is in valid JIT executable memory", pc);
+
+#if CPU(ARM64)
+ size_t pcAsSize = reinterpret_cast<size_t>(pc);
+ if (pcAsSize != roundUpToMultipleOf<sizeof(uint32_t)>(pcAsSize)) {
+ log("pc %p is NOT properly aligned", pc);
+ return;
+ }
+
+ // We know it's safe to read the word at the PC because we're handling a SIGILL.
+ // Otherwise, we would have crashed with a SIGBUS instead.
+ uint32_t wordAtPC = *reinterpret_cast<uint32_t*>(pc);
+ log("instruction bits at pc %p is: 0x%08x", pc, wordAtPC);
+#endif
+
+ auto expectedCodeBlock = inspector.codeBlockForMachinePC(lockToken, pc);
+ if (!expectedCodeBlock) {
+ if (expectedCodeBlock.error() == VMInspector::Error::TimedOut)
+ log("ERROR: Timed out: not able to determine if pc %p is in a valid CodeBlock", pc);
+ else
+ log("The current thread does not own any VM JSLock");
+ return;
+ }
+ CodeBlock* codeBlock = expectedCodeBlock.value();
+ if (!codeBlock) {
+ log("machine PC %p does not belong to any CodeBlock in the currently entered VM", pc);
+ return;
+ }
+
+ log("pc %p belongs to CodeBlock %p of type %s", pc, codeBlock, JITCode::typeName(codeBlock->jitType()));
+
+ dumpCodeBlock(codeBlock, pc);
+ } ();
+
+ log("END SIGILL analysis");
+}
+
+void SigillCrashAnalyzer::dumpCodeBlock(CodeBlock* codeBlock, void* machinePC)
+{
+#if CPU(ARM64)
+ JITCode* jitCode = codeBlock->jitCode().get();
+
+ // Dump the raw bits of the code.
+ uint32_t* start = reinterpret_cast<uint32_t*>(jitCode->start());
+ uint32_t* end = reinterpret_cast<uint32_t*>(jitCode->end());
+ log("JITCode %p [%p-%p]:", jitCode, start, end);
+ if (start < end) {
+ uint32_t* p = start;
+ while (p + 8 <= end) {
+ log("[%p-%p]: %08x %08x %08x %08x %08x %08x %08x %08x", p, p+7, p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
+ p += 8;
+ }
+ if (p + 7 <= end)
+ log("[%p-%p]: %08x %08x %08x %08x %08x %08x %08x", p, p+6, p[0], p[1], p[2], p[3], p[4], p[5], p[6]);
+ else if (p + 6 <= end)
+ log("[%p-%p]: %08x %08x %08x %08x %08x %08x", p, p+5, p[0], p[1], p[2], p[3], p[4], p[5]);
+ else if (p + 5 <= end)
+ log("[%p-%p]: %08x %08x %08x %08x %08x", p, p+4, p[0], p[1], p[2], p[3], p[4]);
+ else if (p + 4 <= end)
+ log("[%p-%p]: %08x %08x %08x %08x", p, p+3, p[0], p[1], p[2], p[3]);
+ if (p + 3 <= end)
+ log("[%p-%p]: %08x %08x %08x", p, p+2, p[0], p[1], p[2]);
+ else if (p + 2 <= end)
+ log("[%p-%p]: %08x %08x", p, p+1, p[0], p[1]);
+ else if (p + 1 <= end)
+ log("[%p-%p]: %08x", p, p, p[0]);
+ }
+
+ // Dump the disassembly of the code.
+ log("Disassembly:");
+ uint32_t* currentPC = reinterpret_cast<uint32_t*>(jitCode->executableAddress());
+ size_t byteCount = jitCode->size();
+ while (byteCount) {
+ char pcString[24];
+ if (currentPC == machinePC) {
+ snprintf(pcString, sizeof(pcString), "* 0x%lx", reinterpret_cast<unsigned long>(currentPC));
+ log("%20s: %s <=========================", pcString, m_arm64Opcode.disassemble(currentPC));
+ } else {
+ snprintf(pcString, sizeof(pcString), "0x%lx", reinterpret_cast<unsigned long>(currentPC));
+ log("%20s: %s", pcString, m_arm64Opcode.disassemble(currentPC));
+ }
+ currentPC++;
+ byteCount -= sizeof(uint32_t);
+ }
+#else
+ UNUSED_PARAM(codeBlock);
+ UNUSED_PARAM(machinePC);
+ // Not implemented yet.
+#endif
+}
+
+} // namespace JSC
</ins></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoretoolsSigillCrashAnalyzerh"></a>
<div class="addfile"><h4>Added: branches/safari-603-branch/Source/JavaScriptCore/tools/SigillCrashAnalyzer.h (0 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/tools/SigillCrashAnalyzer.h         (rev 0)
+++ branches/safari-603-branch/Source/JavaScriptCore/tools/SigillCrashAnalyzer.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -0,0 +1,33 @@
</span><ins>+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+namespace JSC {
+
+// Enables the SIGILL crash analyzer. This is a one way trip. There's no going back.
+void enableSigillCrashAnalyzer();
+
+} // namespace JSC
</ins></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoretoolsVMInspectorcpp"></a>
<div class="addfile"><h4>Added: branches/safari-603-branch/Source/JavaScriptCore/tools/VMInspector.cpp (0 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/tools/VMInspector.cpp         (rev 0)
+++ branches/safari-603-branch/Source/JavaScriptCore/tools/VMInspector.cpp        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -0,0 +1,183 @@
</span><ins>+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "VMInspector.h"
+
+#include "CodeBlock.h"
+#include "CodeBlockSet.h"
+#include "HeapInlines.h"
+#include <mutex>
+#include <wtf/Expected.h>
+
+#if !OS(WINDOWS)
+#include <unistd.h>
+#endif
+
+namespace JSC {
+
+VMInspector& VMInspector::instance()
+{
+ static VMInspector* manager;
+ static std::once_flag once;
+ std::call_once(once, [] {
+ manager = new VMInspector();
+ });
+ return *manager;
+}
+
+void VMInspector::add(VM* vm)
+{
+ auto locker = holdLock(m_lock);
+ m_list.append(vm);
+}
+
+void VMInspector::remove(VM* vm)
+{
+ auto locker = holdLock(m_lock);
+ m_list.remove(vm);
+}
+
+auto VMInspector::lock(Seconds timeout) -> Expected<LockToken, Error>
+{
+ // This function may be called from a signal handler (e.g. via visit()). Hence,
+ // it should only use APIs that are safe to call from signal handlers. This is
+ // why we use unistd.h's sleep() instead of its alternatives.
+
+ // We'll be doing sleep(1) between tries below. Hence, sleepPerRetry is 1.
+ unsigned maxRetries = (timeout < Seconds::infinity()) ? timeout.value() : UINT_MAX;
+
+ bool locked = m_lock.tryLock();
+ unsigned tryCount = 0;
+ while (!locked && tryCount < maxRetries) {
+ // We want the version of sleep from unistd.h. Cast to disambiguate.
+#if !OS(WINDOWS)
+ (static_cast<unsigned (*)(unsigned)>(sleep))(1);
+#endif
+ locked = m_lock.tryLock();
+ }
+
+ if (!locked)
+ return makeUnexpected(Error::TimedOut);
+ return LockToken::LockedValue;
+}
+
+static bool ensureIsSafeToLock(Lock& lock)
+{
+ unsigned maxRetries = 2;
+ unsigned tryCount = 0;
+ while (tryCount <= maxRetries) {
+ bool success = lock.tryLock();
+ if (success) {
+ lock.unlock();
+ return true;
+ }
+ tryCount++;
+ }
+ return false;
+};
+
+auto VMInspector::isValidExecutableMemory(VMInspector::LockToken, void* machinePC) -> Expected<bool, Error>
+{
+ bool found = false;
+ bool hasTimeout = false;
+ iterate([&] (VM& vm) -> FunctorStatus {
+ auto allocator = vm.executableAllocator;
+ auto& lock = allocator.getLock();
+
+ bool isSafeToLock = ensureIsSafeToLock(lock);
+ if (!isSafeToLock) {
+ hasTimeout = true;
+ return FunctorStatus::Continue; // Skip this VM.
+ }
+
+ LockHolder executableAllocatorLocker(lock);
+ if (allocator.isValidExecutableMemory(executableAllocatorLocker, machinePC)) {
+ found = true;
+ return FunctorStatus::Done;
+ }
+ return FunctorStatus::Continue;
+ });
+
+ if (!found && hasTimeout)
+ return makeUnexpected(Error::TimedOut);
+ return found;
+}
+
+auto VMInspector::codeBlockForMachinePC(VMInspector::LockToken, void* machinePC) -> Expected<CodeBlock*, Error>
+{
+ CodeBlock* codeBlock = nullptr;
+ bool hasTimeout = false;
+ iterate([&] (VM& vm) {
+ if (!vm.apiLock().currentThreadIsHoldingLock())
+ return FunctorStatus::Continue;
+
+ // It is safe to call Heap::forEachCodeBlockIgnoringJITPlans here because:
+ // 1. CodeBlocks are added to the CodeBlockSet from the main thread before
+ // they are handed to the JIT plans. Those codeBlocks will have a null jitCode,
+ // but we check for that in our lambda functor.
+ // 2. CodeBlockSet::iterate() will acquire the CodeBlockSet lock before iterating.
+ // This ensures that a CodeBlock won't be GCed while we're iterating.
+ // 3. We do a tryLock on the CodeBlockSet's lock first to ensure that it is
+ // safe for the current thread to lock it before calling
+ // Heap::forEachCodeBlockIgnoringJITPlans(). Hence, there's no risk of
+ // re-entering the lock and deadlocking on it.
+
+ auto& lock = vm.heap.codeBlockSet().getLock();
+ bool isSafeToLock = ensureIsSafeToLock(lock);
+ if (!isSafeToLock) {
+ hasTimeout = true;
+ return FunctorStatus::Continue; // Skip this VM.
+ }
+
+ vm.heap.forEachCodeBlockIgnoringJITPlans([&] (CodeBlock* cb) {
+ JITCode* jitCode = cb->jitCode().get();
+ if (!jitCode) {
+ // If the codeBlock is a replacement codeBlock which is in the process of being
+ // compiled, its jitCode will be null, and we can disregard it as a match for
+ // the machinePC we're searching for.
+ return false;
+ }
+
+ if (!JITCode::isJIT(jitCode->jitType()))
+ return false;
+
+ if (jitCode->contains(machinePC)) {
+ codeBlock = cb;
+ return true;
+ }
+ return false;
+ });
+ if (codeBlock)
+ return FunctorStatus::Done;
+ return FunctorStatus::Continue;
+ });
+
+ if (!codeBlock && hasTimeout)
+ return makeUnexpected(Error::TimedOut);
+ return codeBlock;
+}
+
+} // namespace JSC
</ins></span></pre></div>
<a id="branchessafari603branchSourceJavaScriptCoretoolsVMInspectorh"></a>
<div class="addfile"><h4>Added: branches/safari-603-branch/Source/JavaScriptCore/tools/VMInspector.h (0 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/JavaScriptCore/tools/VMInspector.h         (rev 0)
+++ branches/safari-603-branch/Source/JavaScriptCore/tools/VMInspector.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -0,0 +1,72 @@
</span><ins>+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#include "VM.h"
+#include <wtf/DoublyLinkedList.h>
+#include <wtf/Expected.h>
+#include <wtf/Lock.h>
+
+namespace JSC {
+
+class VMInspector {
+public:
+ enum class Error {
+ None,
+ TimedOut
+ };
+
+ enum class LockToken { LockedValue };
+
+ static VMInspector& instance();
+
+ void add(VM*);
+ void remove(VM*);
+
+ Expected<LockToken, Error> lock(Seconds timeout = Seconds::infinity());
+
+ Expected<bool, Error> isValidExecutableMemory(LockToken, void*);
+ Expected<CodeBlock*, Error> codeBlockForMachinePC(LockToken, void*);
+
+private:
+ enum class FunctorStatus {
+ Continue,
+ Done
+ };
+ template <typename Functor> void iterate(const Functor& functor)
+ {
+ for (VM* vm = m_list.head(); vm; vm = vm->next()) {
+ FunctorStatus status = functor(*vm);
+ if (status == FunctorStatus::Done)
+ return;
+ }
+ }
+
+ Lock m_lock;
+ DoublyLinkedList<VM> m_list;
+};
+
+} // namespace JSC
</ins></span></pre></div>
<a id="branchessafari603branchSourceWTFChangeLog"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WTF/ChangeLog (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WTF/ChangeLog        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/WTF/ChangeLog        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2017-02-09 Matthew Hanson <matthew_hanson@apple.com>
+
+ Merge r211603. rdar://problem/30318237
+
+ 2017-02-02 Mark Lam <mark.lam@apple.com>
+
+ Add a SIGILL crash analyzer to make debugging SIGILLs easier.
+ https://bugs.webkit.org/show_bug.cgi?id=167714
+ <rdar://problem/30318237>
+
+ Reviewed by Filip Pizlo.
+
+ * wtf/StdLibExtras.h:
+
</ins><span class="cx"> 2017-02-05 Matthew Hanson <matthew_hanson@apple.com>
</span><span class="cx">
</span><span class="cx"> Merge r211482. rdar://problem/29711409
</span></span></pre></div>
<a id="branchessafari603branchSourceWTFwtfStdLibExtrash"></a>
<div class="modfile"><h4>Modified: branches/safari-603-branch/Source/WTF/wtf/StdLibExtras.h (212015 => 212016)</h4>
<pre class="diff"><span>
<span class="info">--- branches/safari-603-branch/Source/WTF/wtf/StdLibExtras.h        2017-02-10 01:39:13 UTC (rev 212015)
+++ branches/safari-603-branch/Source/WTF/wtf/StdLibExtras.h        2017-02-10 01:49:33 UTC (rev 212016)
</span><span class="lines">@@ -489,6 +489,7 @@
</span><span class="cx"> using WTF::isPointerAligned;
</span><span class="cx"> using WTF::isStatelessLambda;
</span><span class="cx"> using WTF::is8ByteAligned;
</span><ins>+using WTF::roundUpToMultipleOf;
</ins><span class="cx"> using WTF::safeCast;
</span><span class="cx"> using WTF::tryBinarySearch;
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>