[webkit-reviews] review requested: [Bug 181599] PoisonedWriteBarrier : [Attachment 331235] patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 12 14:31:48 PST 2018
JF Bastien <jfbastien at apple.com> has asked for review:
Bug 181599: PoisonedWriteBarrier
https://bugs.webkit.org/show_bug.cgi?id=181599
Attachment 331235: patch
https://bugs.webkit.org/attachment.cgi?id=331235&action=review
--- Comment #8 from JF Bastien <jfbastien at apple.com> ---
Created attachment 331235
--> https://bugs.webkit.org/attachment.cgi?id=331235&action=review
patch
> > Source/JavaScriptCore/runtime/WriteBarrier.h:113
> > + validateCell<T>(Traits::unwrap(cell));
> > + return Traits::unwrap(cell);
>
> I suggest pre-caching the unwrapped pointer:
> T* resultCell = Traits::unwrap(cell);
> validateCell<T>(resultCell);
> return resultCell;
>
> > Source/JavaScriptCore/runtime/WriteBarrier.h:121
> > + validateCell(Traits::unwrap(cell));
> > + return Traits::unwrap(cell);
>
> Ditto. precache?
Done x 2.
> > Source/JavaScriptCore/wasm/js/WasmToJS.cpp:482
> > +
jit.move(CCallHelpers::TrustedImm64(JSWebAssemblyInstance::PoisonedBarrier<WebA
ssemblyToJSCallee>::poison), importJSCellGPRReg);
>
> It is wrong to assume that importJSCellGPRReg (i.e. GPRInfo::regT0) !==
> GPRInfo::argumentGPR0. In fact, on ARM64 (and most other architectures),
> they are the same. You're just lucky that they aren't the same on x86_64
> here. Please fix.
Nice, good catch! I hadn't looked at all the ISAs. Fixed now.
More information about the webkit-reviews
mailing list