[Webkit-unassigned] [Bug 183732] New: bmalloc has a static initializer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Mar 18 19:25:00 PDT 2018 

https://bugs.webkit.org/show_bug.cgi?id=183732

            Bug ID: 183732
           Summary: bmalloc has a static initializer
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: bmalloc
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: joepeck at webkit.org
                CC: fpizlo at apple.com, ggaren at apple.com,
                    mark.lam at apple.com, mitz at webkit.org, msaboff at apple.com

bmalloc has a static initializer. Can we eliminate it?

Test:

    $ cat jsc-test.m
    #include <JavaScriptCore/JavaScriptCore.h>
    int main() {
        [[[JSContext alloc] init] release];
        return 0;
    }

    $ clang -framework JavaScriptCore jsc-test.m -o jsc-test
    $ DYLD_PRINT_INITIALIZERS=1 ./jsc-test
    ...
    dyld: calling initializer function 0x7fff4faaf260 in /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore
    ...

I don't know exactly what the initializer is... but here is how far I got tracking it:

    $ otool -l /System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore | grep __mod_init_func -B1 -A10
    Section
      sectname __mod_init_func
       segname __DATA
          addr 0x0000000000d6d268
          size 0x0000000000000008
        offset 14078568
         align 2^3 (8)
        reloff 0
        nreloc 0
         flags 0x00000009
     reserved1 0
     reserved2 0

    $ lldb /System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore
    (lldb) memory read 0x0000000000e0a2d0 --format address
    0x00e0a2d0: 0x0000000000d5a8a0

    (lldb) dis -s 0x0000000000d5a8a0 -c 15
    JavaScriptCore`__cpu_indicator_init:
    JavaScriptCore[0xd5a8a0] <+0>:  pushq  %rbp
    JavaScriptCore[0xd5a8a1] <+1>:  pushq  %r15
    JavaScriptCore[0xd5a8a3] <+3>:  pushq  %r14
    JavaScriptCore[0xd5a8a5] <+5>:  pushq  %r13
    JavaScriptCore[0xd5a8a7] <+7>:  pushq  %r12
    JavaScriptCore[0xd5a8a9] <+9>:  pushq  %rbx
    JavaScriptCore[0xd5a8aa] <+10>: pushq  %rax
    JavaScriptCore[0xd5a8ab] <+11>: xorl   %eax, %eax
    JavaScriptCore[0xd5a8ad] <+13>: cmpl   $0x0, 0x103750(%rip)      ; Gigacage::g_wasEnabled + 3
    JavaScriptCore[0xd5a8b4] <+20>: jne    0xd5aed7                  ; <+1591>
    JavaScriptCore[0xd5a8ba] <+26>: xorl   %eax, %eax
    JavaScriptCore[0xd5a8bc] <+28>: movq   %rbx, %rsi
    JavaScriptCore[0xd5a8bf] <+31>: cpuid  
    JavaScriptCore[0xd5a8c1] <+33>: xchgq  %rbx, %rsi
    JavaScriptCore[0xd5a8c4] <+36>: movl   %esi, %r9d

So it appears to be related to Gigacage::g_wasEnabled.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180319/c477fe01/attachment-0001.html>

More information about the webkit-unassigned mailing list