Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 987f734c374ec6d7091385529cf241015177934d
https://github.com/WebKit/WebKit/commit/987f734c374ec6d7091385529cf241015177934d
Author: Elliott Williams <[email protected]>
Date: 2025-05-12 (Mon, 12 May 2025)
Changed paths:
M Configurations/CommonBase.xcconfig
Log Message:
-----------
[PGO] Work around memory corruption in instrumentation runtime
https://bugs.webkit.org/show_bug.cgi?id=292899
rdar://151191066
Reviewed by Alexey Proskuryakov.
When building with instrumentation, move the __llvm_prf_cnts section to
its own segment. This section is the table of function counters
generated for a binary. At runtime, the compiler-rt library mmaps this
section to the .profdata file for that framework and process.
However, it rounds up to the nearest page boundary, which may be past
the end of the section. When the counts table is not itself
page-sized, the call to mmap might write over another section in __DATA,
such as ObjC runtime data (rdar://151083138).
We encounter this as `NSProtocolFromString(@"WKObject")` returning
garbage data in some instrumented builds of WebKit. But it could happen
to anything in __DATA. By moving __llvm_prf_cnts to its own segment, it
is guaranteed to be the only section in its page and can mmap freely.
* Configurations/CommonBase.xcconfig:
Canonical link: https://commits.webkit.org/294823@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
