[webkit-changes] [281720] trunk/Source/JavaScriptCore

Fri, 27 Aug 2021 14:17:10 -0700

Title: [281720] trunk/Source/_javascript_Core
Revision
281720
Author
mark....@apple.com
Date
2021-08-27 14:16:21 -0700 (Fri, 27 Aug 2021)

Log Message

Changed ARM64 probe trampoline to do ptr auth the standard way.
https://bugs.webkit.org/show_bug.cgi?id=229629
rdar://problem/82453220

Reviewed by Saam Barati.

Also fix a comment, and add back 2 lines that I accidentally deleted in r281718.

* assembler/MacroAssemblerARM64.cpp:

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (281719 => 281720)


--- trunk/Source/_javascript_Core/ChangeLog	2021-08-27 21:00:39 UTC (rev 281719)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-08-27 21:16:21 UTC (rev 281720)
@@ -1,5 +1,17 @@
 2021-08-27  Mark Lam  <mark....@apple.com>
 
+        Changed ARM64 probe trampoline to do ptr auth the standard way.
+        https://bugs.webkit.org/show_bug.cgi?id=229629
+        rdar://problem/82453220
+
+        Reviewed by Saam Barati.
+
+        Also fix a comment, and add back 2 lines that I accidentally deleted in r281718.
+
+        * assembler/MacroAssemblerARM64.cpp:
+
+2021-08-27  Mark Lam  <mark....@apple.com>
+
         Make ARM64 and X86_64 probe code a little bit more efficient.
         https://bugs.webkit.org/show_bug.cgi?id=229618
         rdar://82445743

Modified: trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.cpp (281719 => 281720)


--- trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.cpp	2021-08-27 21:00:39 UTC (rev 281719)
+++ trunk/Source/_javascript_Core/assembler/MacroAssemblerARM64.cpp	2021-08-27 21:16:21 UTC (rev 281720)
@@ -500,7 +500,7 @@
     // returns. So, the ARM64 probe implementation will allow the probe handler to
     // either modify lr or pc, but not both in the same probe invocation. The probe
     // mechanism ensures that we never try to modify both lr and pc with a RELEASE_ASSERT
-    // in Probe::().
+    // in Probe::executeJSCJITProbe().
 
     // Determine if the probe handler changed the pc.
     "ldr       x30, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_SP_OFFSET) "]" "\n" // preload the target sp.
@@ -521,10 +521,12 @@
 #if CPU(ARM64E)
     "movz      x28, #" STRINGIZE_VALUE_OF(JIT_PROBE_PC_PTR_TAG) "\n"
     "autib     x27, x28" "\n"
-    "lsr       x28, x27, #8" "\n"
-    "and       x28, x28, #0xff000000000000" "\n"
-    "orr       x28, x28, x27" "\n"
-    "ldrb      w28, [x28]" "\n"
+    "mov       x28, x27" "\n"
+    "xpaci     x28" "\n"
+    "cmp       x28, x27" "\n"
+    "beq     " LOCAL_LABEL_STRING(ctiMasmProbeTrampolinePCAuthDone) "\n"
+    "brk       #0xc471" "\n"
+    LOCAL_LABEL_STRING(ctiMasmProbeTrampolinePCAuthDone) ":" "\n"
 #endif
     "sub       x27, x27, #" STRINGIZE_VALUE_OF(2 * GPREG_SIZE) "\n" // The return point PC is at 2 instructions before the end of the probe.
 #if CPU(ARM64E)
@@ -546,10 +548,14 @@
 #if CPU(ARM64E)
     "movz      x27, #" STRINGIZE_VALUE_OF(JIT_PROBE_PC_PTR_TAG) "\n"
     "autib     x28, x27" "\n"
-    "lsr       x27, x28, #8" "\n"
-    "and       x27, x27, #0xff000000000000" "\n"
-    "orr       x27, x27, x28" "\n"
-    "ldrb      w27, [x27]" "\n"
+    "mov       x27, x28" "\n"
+    "xpaci     x27" "\n"
+    "cmp       x27, x28" "\n"
+    "beq     " LOCAL_LABEL_STRING(ctiMasmProbeTrampolinePCAuthDone2) "\n"
+    "brk       #0xc471" "\n"
+    LOCAL_LABEL_STRING(ctiMasmProbeTrampolinePCAuthDone2) ":" "\n"
+    "add       x27, x30, #48" "\n" // Compute sp at return point.
+    "pacib     x28, x27" "\n"
 #endif
     "ldr       x27, [sp, #" STRINGIZE_VALUE_OF(PROBE_CPU_FP_OFFSET) "]" "\n"
     "stp       x27, x28, [x30, #" STRINGIZE_VALUE_OF(OUT_FP_OFFSET) "]" "\n"

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to