[webkit-changes] [264086] releases/WebKitGTK/webkit-2.28/Source/JavaScriptCore

Wed, 08 Jul 2020 03:07:49 -0700

Title: [264086] releases/WebKitGTK/webkit-2.28/Source/_javascript_Core
Revision
264086
Author
carlo...@webkit.org
Date
2020-07-08 03:07:35 -0700 (Wed, 08 Jul 2020)

Log Message

Merge r261326 - REGRESSION(r251875): Crash in JSC::StructureIDTable::get on ppc64le: gcSafeMemcpy broken on JSVALUE64 platforms other than x86_64 and aarch64
https://bugs.webkit.org/show_bug.cgi?id=210685

Patch by Daniel Kolesa <dan...@octaforge.org> on 2020-05-07
Reviewed by Michael Catanzaro.

Fix gcSafeMemcpy on non-x86_64/aarch64 64-bit architectures.

We were hitting an incorrect x86_64 assertion on values larger than
mediumCutoff on JSVALUE64 architectures other than x86_64 and aarch64,
as the control flow is wrong.

* heap/GCMemoryOperations.h:
(JSC::gcSafeMemcpy):

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/ChangeLog (264085 => 264086)


--- releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/ChangeLog	2020-07-08 10:07:31 UTC (rev 264085)
+++ releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/ChangeLog	2020-07-08 10:07:35 UTC (rev 264086)
@@ -1,3 +1,19 @@
+2020-05-07  Daniel Kolesa  <dan...@octaforge.org>
+
+        REGRESSION(r251875): Crash in JSC::StructureIDTable::get on ppc64le: gcSafeMemcpy broken on JSVALUE64 platforms other than x86_64 and aarch64
+        https://bugs.webkit.org/show_bug.cgi?id=210685
+
+        Reviewed by Michael Catanzaro.
+
+        Fix gcSafeMemcpy on non-x86_64/aarch64 64-bit architectures.
+
+        We were hitting an incorrect x86_64 assertion on values larger than
+        mediumCutoff on JSVALUE64 architectures other than x86_64 and aarch64,
+        as the control flow is wrong.
+
+        * heap/GCMemoryOperations.h:
+        (JSC::gcSafeMemcpy):
+
 2020-04-01  Keith Miller  <keith_mil...@apple.com>
 
         Bindings that override getOwnPropertySlotByIndex need to say they MayHaveIndexedAccessors

Modified: releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/heap/GCMemoryOperations.h (264085 => 264086)


--- releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/heap/GCMemoryOperations.h	2020-07-08 10:07:31 UTC (rev 264085)
+++ releases/WebKitGTK/webkit-2.28/Source/_javascript_Core/heap/GCMemoryOperations.h	2020-07-08 10:07:35 UTC (rev 264086)
@@ -53,7 +53,7 @@
             bitwise_cast<volatile uint64_t*>(dst)[i] = bitwise_cast<volatile uint64_t*>(src)[i];
     };
 
-#if COMPILER(GCC_COMPATIBLE) && USE(JSVALUE64)
+#if COMPILER(GCC_COMPATIBLE) && (CPU(X86_64) || CPU(ARM64))
     if (bytes <= smallCutoff)
         slowPathForwardMemcpy();
     else if (isARM64() || bytes <= mediumCutoff) {
@@ -121,8 +121,6 @@
             :
             : "d0", "d1", "memory"
         );
-#else
-    slowPathForwardMemcpy();
 #endif // CPU(X86_64)
     } else {
         RELEASE_ASSERT(isX86_64());
@@ -139,7 +137,7 @@
     }
 #else
     slowPathForwardMemcpy();
-#endif // COMPILER(GCC_COMPATIBLE)
+#endif // COMPILER(GCC_COMPATIBLE) && (CPU(X86_64) || CPU(ARM64))
 #else
     memcpy(dst, src, bytes);
 #endif // USE(JSVALUE64)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to