Backed out changeset 209d492c3ec5 (bug 1332594) for jit-test failures on a CLOSED TREE.

2017-01-20 18:29:30 -05:00 · 2017-01-20 18:29:30 -05:00 · 8ea9bfe6fc
--- a/js/src/ds/PageProtectingVector.h
+++ b/js/src/ds/PageProtectingVector.h
@ -8,7 +8,6 @@
 #define ds_PageProtectingVector_h

 #include "mozilla/Atomics.h"
-#include "mozilla/PodOperations.h"
 #include "mozilla/Vector.h"

 #include "ds/MemoryProtectionExceptionHandler.h"
@ -540,7 +539,10 @@ PageProtectingVector<T, N, A, P, Q, G, D, I, X>::lockSlow() const

 class ProtectedReallocPolicy
 {
-    static const uint8_t PoisonPattern = 0xe5;
+    /* We hardcode the page size here to minimize administrative overhead. */
+    static const size_t pageShift = 12;
+    static const size_t pageSize = 1 << pageShift;
+    static const size_t pageMask = pageSize - 1;

  public:
    template <typename T> T* maybe_pod_malloc(size_t numElems) {
@ -551,34 +553,35 @@ class ProtectedReallocPolicy
    }
    template <typename T> T* maybe_pod_realloc(T* oldAddr, size_t oldSize, size_t newSize) {
        MOZ_ASSERT_IF(oldAddr, oldSize);
+        MOZ_ASSERT(gc::SystemPageSize() == pageSize);
        if (MOZ_UNLIKELY(!newSize))
            return nullptr;
        if (MOZ_UNLIKELY(!oldAddr))
            return js_pod_malloc<T>(newSize);

-        T* tmpAddr = js_pod_malloc<T>(newSize);
-        if (MOZ_UNLIKELY(!tmpAddr))
-            return js_pod_realloc<T>(oldAddr, oldSize, newSize);
-
-        size_t bytes = (newSize >= oldSize ? oldSize : newSize) * sizeof(T);
-        memcpy(tmpAddr, oldAddr, bytes);
-
-        T* newAddr = js_pod_realloc<T>(oldAddr, oldSize, newSize);
-        if (MOZ_UNLIKELY(!newAddr)) {
-            js_free(tmpAddr);
-            return js_pod_realloc<T>(oldAddr, oldSize, newSize);
+        T* newAddr = nullptr;
+        size_t initPage = (uintptr_t(oldAddr - 1) >> pageShift) + 1;
+        size_t lastPage = (uintptr_t(oldAddr + oldSize) >> pageShift) - 1;
+        size_t toCopy = (newSize >= oldSize ? oldSize : newSize) * sizeof(T);
+        if (MOZ_UNLIKELY(oldSize >= 32 * 1024 && lastPage >= initPage)) {
+            T* protectAddr = reinterpret_cast<T*>(initPage << pageShift);
+            size_t protectSize = (lastPage - initPage + 1) << pageShift;
+            MemoryProtectionExceptionHandler::addRegion(protectAddr, protectSize);
+            gc::MakePagesReadOnly(protectAddr, protectSize);
+            newAddr = js_pod_malloc<T>(newSize);
+            if (MOZ_LIKELY(newAddr))
+                memcpy(newAddr, oldAddr, toCopy);
+            gc::UnprotectPages(protectAddr, protectSize);
+            MemoryProtectionExceptionHandler::removeRegion(protectAddr);
+            if (MOZ_LIKELY(newAddr))
+                js_free(oldAddr);
+        } else {
+            newAddr = js_pod_malloc<T>(newSize);
+            if (MOZ_LIKELY(newAddr)) {
+                memcpy(newAddr, oldAddr, toCopy);
+                js_free(oldAddr);
+            }
        }
-
-        const uint8_t* newAddrBytes = reinterpret_cast<const uint8_t*>(newAddr);
-        const uint8_t* tmpAddrBytes = reinterpret_cast<const uint8_t*>(tmpAddr);
-        if (!mozilla::PodEqual(tmpAddrBytes, newAddrBytes, bytes)) {
-            if (oldAddr == newAddr)
-                MOZ_CRASH("New buffer doesn't match the old buffer (newAddr == oldAddr)!");
-            else
-                MOZ_CRASH("New buffer doesn't match the old buffer (newAddr != oldAddr)!");
-        }
-
-        js_free(tmpAddr);
        return newAddr;
    }

--- a/js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h
+++ b/js/src/jit/x86-shared/AssemblerBuffer-x86-shared.h
@ -126,6 +126,30 @@ namespace jit {
            return m_oom;
        }

+#ifndef RELEASE_OR_BETA
+        const unsigned char* acquireBuffer() const
+        {
+            MOZ_RELEASE_ASSERT(!m_oom);
+            return m_buffer.acquire();
+        }
+        void releaseBuffer() const { m_buffer.release(); }
+        unsigned char* acquireData() { return m_buffer.acquire(); }
+        void releaseData() const { m_buffer.release(); }
+        void disableProtection() { m_buffer.disableProtection(); }
+        void enableProtection() { m_buffer.enableProtection(); }
+        void setLowerBoundForProtection(size_t size)
+        {
+            m_buffer.setLowerBoundForProtection(size);
+        }
+        void unprotectRegion(unsigned char* first, size_t size)
+        {
+            m_buffer.unprotectRegion(first, size);
+        }
+        void reprotectRegion(unsigned char* first, size_t size)
+        {
+            m_buffer.reprotectRegion(first, size);
+        }
+#else
        const unsigned char* acquireBuffer() const
        {
            MOZ_RELEASE_ASSERT(!m_oom);
@ -139,6 +163,7 @@ namespace jit {
        void setLowerBoundForProtection(size_t) {}
        void unprotectRegion(unsigned char*, size_t) {}
        void reprotectRegion(unsigned char*, size_t) {}
+#endif

    protected:
        /*
@ -161,7 +186,10 @@ namespace jit {
        }

 #ifndef RELEASE_OR_BETA
-        mozilla::Vector<unsigned char, 256, ProtectedReallocPolicy> m_buffer;
+        PageProtectingVector<unsigned char, 256, ProtectedReallocPolicy,
+                             /* ProtectUsed = */ false, /* ProtectUnused = */ false,
+                             /* GuardAgainstReentrancy = */ true, /* DetectPoison = */ true,
+                             /* InitialLowerBound = */ 32 * 1024> m_buffer;
 #else
        mozilla::Vector<unsigned char, 256, SystemAllocPolicy> m_buffer;
 #endif