2a666e9cfd
* gnu/packages/patches/icecat-CVE-2014-8634-pt1.patch, gnu/packages/patches/icecat-CVE-2014-8634-pt2.patch, gnu/packages/patches/icecat-CVE-2014-8638-pt1.patch, gnu/packages/patches/icecat-CVE-2014-8638-pt2.patch, gnu/packages/patches/icecat-CVE-2014-8639.patch, gnu/packages/patches/icecat-CVE-2014-8641.patch, gnu/packages/patches/icecat-armhf-xpcom.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
411 lines
14 KiB
Diff
411 lines
14 KiB
Diff
From 4f447768a2ff6bf37d462e033c11e20c733129ba Mon Sep 17 00:00:00 2001
|
|
From: Jan de Mooij <jdemooij@mozilla.com>
|
|
Date: Tue, 16 Dec 2014 22:52:51 +0100
|
|
Subject: [PATCH] Bug 1109889 - Share more exception handling code. r=nbp,
|
|
a=abillings
|
|
|
|
---
|
|
js/src/jit/Ion.cpp | 11 ++++++++++-
|
|
js/src/jit/IonMacroAssembler.cpp | 8 ++++----
|
|
js/src/jit/JitCompartment.h | 8 ++++++--
|
|
js/src/jit/arm/MacroAssembler-arm.cpp | 11 ++---------
|
|
js/src/jit/arm/MacroAssembler-arm.h | 6 ++++--
|
|
js/src/jit/arm/Trampoline-arm.cpp | 4 ++--
|
|
js/src/jit/mips/MacroAssembler-mips.cpp | 11 ++---------
|
|
js/src/jit/mips/MacroAssembler-mips.h | 7 +++++--
|
|
js/src/jit/mips/Trampoline-mips.cpp | 4 ++--
|
|
js/src/jit/shared/MacroAssembler-x86-shared.h | 3 +++
|
|
js/src/jit/x64/MacroAssembler-x64.cpp | 11 ++---------
|
|
js/src/jit/x64/MacroAssembler-x64.h | 3 +--
|
|
js/src/jit/x64/Trampoline-x64.cpp | 4 ++--
|
|
js/src/jit/x86/MacroAssembler-x86.cpp | 11 ++---------
|
|
js/src/jit/x86/MacroAssembler-x86.h | 3 +--
|
|
js/src/jit/x86/Trampoline-x86.cpp | 4 ++--
|
|
16 files changed, 50 insertions(+), 59 deletions(-)
|
|
|
|
diff --git a/js/src/jit/Ion.cpp b/js/src/jit/Ion.cpp
|
|
index 9635742..a77f9b4 100644
|
|
--- a/js/src/jit/Ion.cpp
|
|
+++ b/js/src/jit/Ion.cpp
|
|
@@ -150,6 +150,7 @@ JitRuntime::JitRuntime()
|
|
: execAlloc_(nullptr),
|
|
ionAlloc_(nullptr),
|
|
exceptionTail_(nullptr),
|
|
+ exceptionTailParallel_(nullptr),
|
|
bailoutTail_(nullptr),
|
|
enterJIT_(nullptr),
|
|
bailoutHandler_(nullptr),
|
|
@@ -198,10 +199,18 @@ JitRuntime::initialize(JSContext *cx)
|
|
return false;
|
|
|
|
IonSpew(IonSpew_Codegen, "# Emitting exception tail stub");
|
|
- exceptionTail_ = generateExceptionTailStub(cx);
|
|
+
|
|
+ void *handler = JS_FUNC_TO_DATA_PTR(void *, jit::HandleException);
|
|
+ void *handlerParallel = JS_FUNC_TO_DATA_PTR(void *, jit::HandleParallelFailure);
|
|
+
|
|
+ exceptionTail_ = generateExceptionTailStub(cx, handler);
|
|
if (!exceptionTail_)
|
|
return false;
|
|
|
|
+ exceptionTailParallel_ = generateExceptionTailStub(cx, handlerParallel);
|
|
+ if (!exceptionTailParallel_)
|
|
+ return false;
|
|
+
|
|
IonSpew(IonSpew_Codegen, "# Emitting bailout tail stub");
|
|
bailoutTail_ = generateBailoutTailStub(cx);
|
|
if (!bailoutTail_)
|
|
diff --git a/js/src/jit/IonMacroAssembler.cpp b/js/src/jit/IonMacroAssembler.cpp
|
|
index 2326fe1..9f7cc8f 100644
|
|
--- a/js/src/jit/IonMacroAssembler.cpp
|
|
+++ b/js/src/jit/IonMacroAssembler.cpp
|
|
@@ -1030,18 +1030,18 @@ MacroAssembler::handleFailure(ExecutionMode executionMode)
|
|
sps_->skipNextReenter();
|
|
leaveSPSFrame();
|
|
|
|
- void *handler;
|
|
+ JitCode *excTail;
|
|
switch (executionMode) {
|
|
case SequentialExecution:
|
|
- handler = JS_FUNC_TO_DATA_PTR(void *, jit::HandleException);
|
|
+ excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTail();
|
|
break;
|
|
case ParallelExecution:
|
|
- handler = JS_FUNC_TO_DATA_PTR(void *, jit::HandleParallelFailure);
|
|
+ excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTailParallel();
|
|
break;
|
|
default:
|
|
MOZ_ASSUME_UNREACHABLE("No such execution mode");
|
|
}
|
|
- MacroAssemblerSpecific::handleFailureWithHandler(handler);
|
|
+ jump(excTail);
|
|
|
|
// Doesn't actually emit code, but balances the leave()
|
|
if (sps_)
|
|
diff --git a/js/src/jit/JitCompartment.h b/js/src/jit/JitCompartment.h
|
|
index 486a29d..475a685 100644
|
|
--- a/js/src/jit/JitCompartment.h
|
|
+++ b/js/src/jit/JitCompartment.h
|
|
@@ -153,8 +153,9 @@ class JitRuntime
|
|
// need for explicit interrupt checks.
|
|
JSC::ExecutableAllocator *ionAlloc_;
|
|
|
|
- // Shared post-exception-handler tail
|
|
+ // Shared exception-handler tail.
|
|
JitCode *exceptionTail_;
|
|
+ JitCode *exceptionTailParallel_;
|
|
|
|
// Shared post-bailout-handler tail.
|
|
JitCode *bailoutTail_;
|
|
@@ -214,7 +215,7 @@ class JitRuntime
|
|
InlineList<PatchableBackedge> backedgeList_;
|
|
|
|
private:
|
|
- JitCode *generateExceptionTailStub(JSContext *cx);
|
|
+ JitCode *generateExceptionTailStub(JSContext *cx, void *handler);
|
|
JitCode *generateBailoutTailStub(JSContext *cx);
|
|
JitCode *generateEnterJIT(JSContext *cx, EnterJitType type);
|
|
JitCode *generateArgumentsRectifier(JSContext *cx, ExecutionMode mode, void **returnAddrOut);
|
|
@@ -287,6 +288,9 @@ class JitRuntime
|
|
JitCode *getExceptionTail() const {
|
|
return exceptionTail_;
|
|
}
|
|
+ JitCode *getExceptionTailParallel() const {
|
|
+ return exceptionTailParallel_;
|
|
+ }
|
|
|
|
JitCode *getBailoutTail() const {
|
|
return bailoutTail_;
|
|
diff --git a/js/src/jit/arm/MacroAssembler-arm.cpp b/js/src/jit/arm/MacroAssembler-arm.cpp
|
|
index b34483c..63b3ff2 100644
|
|
--- a/js/src/jit/arm/MacroAssembler-arm.cpp
|
|
+++ b/js/src/jit/arm/MacroAssembler-arm.cpp
|
|
@@ -3984,25 +3984,18 @@ MacroAssemblerARMCompat::callWithABI(const Address &fun, MoveOp::Type result)
|
|
}
|
|
|
|
void
|
|
-MacroAssemblerARMCompat::handleFailureWithHandler(void *handler)
|
|
+MacroAssemblerARMCompat::handleFailureWithHandlerTail(void *handler)
|
|
{
|
|
// Reserve space for exception information.
|
|
int size = (sizeof(ResumeFromException) + 7) & ~7;
|
|
ma_sub(Imm32(size), sp);
|
|
ma_mov(sp, r0);
|
|
|
|
- // Ask for an exception handler.
|
|
+ // Call the handler.
|
|
setupUnalignedABICall(1, r1);
|
|
passABIArg(r0);
|
|
callWithABI(handler);
|
|
|
|
- JitCode *excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTail();
|
|
- branch(excTail);
|
|
-}
|
|
-
|
|
-void
|
|
-MacroAssemblerARMCompat::handleFailureWithHandlerTail()
|
|
-{
|
|
Label entryFrame;
|
|
Label catch_;
|
|
Label finally;
|
|
diff --git a/js/src/jit/arm/MacroAssembler-arm.h b/js/src/jit/arm/MacroAssembler-arm.h
|
|
index 00e8a03..6ccc0be 100644
|
|
--- a/js/src/jit/arm/MacroAssembler-arm.h
|
|
+++ b/js/src/jit/arm/MacroAssembler-arm.h
|
|
@@ -711,6 +711,9 @@ class MacroAssemblerARMCompat : public MacroAssemblerARM
|
|
void jump(Label *label) {
|
|
as_b(label);
|
|
}
|
|
+ void jump(JitCode *code) {
|
|
+ branch(code);
|
|
+ }
|
|
void jump(Register reg) {
|
|
ma_bx(reg);
|
|
}
|
|
@@ -1202,8 +1205,7 @@ class MacroAssemblerARMCompat : public MacroAssemblerARM
|
|
|
|
void linkExitFrame();
|
|
void linkParallelExitFrame(const Register &pt);
|
|
- void handleFailureWithHandler(void *handler);
|
|
- void handleFailureWithHandlerTail();
|
|
+ void handleFailureWithHandlerTail(void *handler);
|
|
|
|
/////////////////////////////////////////////////////////////////
|
|
// Common interface.
|
|
diff --git a/js/src/jit/arm/Trampoline-arm.cpp b/js/src/jit/arm/Trampoline-arm.cpp
|
|
index e539c00..693dad8 100644
|
|
--- a/js/src/jit/arm/Trampoline-arm.cpp
|
|
+++ b/js/src/jit/arm/Trampoline-arm.cpp
|
|
@@ -928,11 +928,11 @@ JitRuntime::generateDebugTrapHandler(JSContext *cx)
|
|
}
|
|
|
|
JitCode *
|
|
-JitRuntime::generateExceptionTailStub(JSContext *cx)
|
|
+JitRuntime::generateExceptionTailStub(JSContext *cx, void *handler)
|
|
{
|
|
MacroAssembler masm;
|
|
|
|
- masm.handleFailureWithHandlerTail();
|
|
+ masm.handleFailureWithHandlerTail(handler);
|
|
|
|
Linker linker(masm);
|
|
AutoFlushICache afc("ExceptionTailStub");
|
|
diff --git a/js/src/jit/mips/MacroAssembler-mips.cpp b/js/src/jit/mips/MacroAssembler-mips.cpp
|
|
index cee93a5..256434d 100644
|
|
--- a/js/src/jit/mips/MacroAssembler-mips.cpp
|
|
+++ b/js/src/jit/mips/MacroAssembler-mips.cpp
|
|
@@ -3139,25 +3139,18 @@ MacroAssemblerMIPSCompat::callWithABI(const Address &fun, MoveOp::Type result)
|
|
}
|
|
|
|
void
|
|
-MacroAssemblerMIPSCompat::handleFailureWithHandler(void *handler)
|
|
+MacroAssemblerMIPSCompat::handleFailureWithHandlerTail(void *handler)
|
|
{
|
|
// Reserve space for exception information.
|
|
int size = (sizeof(ResumeFromException) + StackAlignment) & ~(StackAlignment - 1);
|
|
ma_subu(StackPointer, StackPointer, Imm32(size));
|
|
ma_move(a0, StackPointer); // Use a0 since it is a first function argument
|
|
|
|
- // Ask for an exception handler.
|
|
+ // Call the handler.
|
|
setupUnalignedABICall(1, a1);
|
|
passABIArg(a0);
|
|
callWithABI(handler);
|
|
|
|
- JitCode *excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTail();
|
|
- branch(excTail);
|
|
-}
|
|
-
|
|
-void
|
|
-MacroAssemblerMIPSCompat::handleFailureWithHandlerTail()
|
|
-{
|
|
Label entryFrame;
|
|
Label catch_;
|
|
Label finally;
|
|
diff --git a/js/src/jit/mips/MacroAssembler-mips.h b/js/src/jit/mips/MacroAssembler-mips.h
|
|
index ed1f566..899a50e 100644
|
|
--- a/js/src/jit/mips/MacroAssembler-mips.h
|
|
+++ b/js/src/jit/mips/MacroAssembler-mips.h
|
|
@@ -481,6 +481,10 @@ class MacroAssemblerMIPSCompat : public MacroAssemblerMIPS
|
|
as_nop();
|
|
}
|
|
|
|
+ void jump(JitCode *code) {
|
|
+ branch(code);
|
|
+ }
|
|
+
|
|
void neg32(Register reg) {
|
|
ma_negu(reg, reg);
|
|
}
|
|
@@ -842,8 +846,7 @@ public:
|
|
|
|
void linkExitFrame();
|
|
void linkParallelExitFrame(const Register &pt);
|
|
- void handleFailureWithHandler(void *handler);
|
|
- void handleFailureWithHandlerTail();
|
|
+ void handleFailureWithHandlerTail(void *handler);
|
|
|
|
/////////////////////////////////////////////////////////////////
|
|
// Common interface.
|
|
diff --git a/js/src/jit/mips/Trampoline-mips.cpp b/js/src/jit/mips/Trampoline-mips.cpp
|
|
index b456845..64c2385 100644
|
|
--- a/js/src/jit/mips/Trampoline-mips.cpp
|
|
+++ b/js/src/jit/mips/Trampoline-mips.cpp
|
|
@@ -960,11 +960,11 @@ JitRuntime::generateDebugTrapHandler(JSContext *cx)
|
|
|
|
|
|
JitCode *
|
|
-JitRuntime::generateExceptionTailStub(JSContext *cx)
|
|
+JitRuntime::generateExceptionTailStub(JSContext *cx, void *handler)
|
|
{
|
|
MacroAssembler masm;
|
|
|
|
- masm.handleFailureWithHandlerTail();
|
|
+ masm.handleFailureWithHandlerTail(handler);
|
|
|
|
Linker linker(masm);
|
|
AutoFlushICache afc("ExceptionTailStub");
|
|
diff --git a/js/src/jit/shared/MacroAssembler-x86-shared.h b/js/src/jit/shared/MacroAssembler-x86-shared.h
|
|
index 01d1a4b..779cf83 100644
|
|
--- a/js/src/jit/shared/MacroAssembler-x86-shared.h
|
|
+++ b/js/src/jit/shared/MacroAssembler-x86-shared.h
|
|
@@ -287,6 +287,9 @@ class MacroAssemblerX86Shared : public Assembler
|
|
void jump(Label *label) {
|
|
jmp(label);
|
|
}
|
|
+ void jump(JitCode *code) {
|
|
+ jmp(code);
|
|
+ }
|
|
void jump(RepatchLabel *label) {
|
|
jmp(label);
|
|
}
|
|
diff --git a/js/src/jit/x64/MacroAssembler-x64.cpp b/js/src/jit/x64/MacroAssembler-x64.cpp
|
|
index 9a9f995..0db799c 100644
|
|
--- a/js/src/jit/x64/MacroAssembler-x64.cpp
|
|
+++ b/js/src/jit/x64/MacroAssembler-x64.cpp
|
|
@@ -287,24 +287,17 @@ MacroAssemblerX64::callWithABI(Address fun, MoveOp::Type result)
|
|
}
|
|
|
|
void
|
|
-MacroAssemblerX64::handleFailureWithHandler(void *handler)
|
|
+MacroAssemblerX64::handleFailureWithHandlerTail(void *handler)
|
|
{
|
|
// Reserve space for exception information.
|
|
subq(Imm32(sizeof(ResumeFromException)), rsp);
|
|
movq(rsp, rax);
|
|
|
|
- // Ask for an exception handler.
|
|
+ // Call the handler.
|
|
setupUnalignedABICall(1, rcx);
|
|
passABIArg(rax);
|
|
callWithABI(handler);
|
|
|
|
- JitCode *excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTail();
|
|
- jmp(excTail);
|
|
-}
|
|
-
|
|
-void
|
|
-MacroAssemblerX64::handleFailureWithHandlerTail()
|
|
-{
|
|
Label entryFrame;
|
|
Label catch_;
|
|
Label finally;
|
|
diff --git a/js/src/jit/x64/MacroAssembler-x64.h b/js/src/jit/x64/MacroAssembler-x64.h
|
|
index 2c11e9a..5010549 100644
|
|
--- a/js/src/jit/x64/MacroAssembler-x64.h
|
|
+++ b/js/src/jit/x64/MacroAssembler-x64.h
|
|
@@ -1288,8 +1288,7 @@ class MacroAssemblerX64 : public MacroAssemblerX86Shared
|
|
void callWithABI(AsmJSImmPtr imm, MoveOp::Type result = MoveOp::GENERAL);
|
|
void callWithABI(Address fun, MoveOp::Type result = MoveOp::GENERAL);
|
|
|
|
- void handleFailureWithHandler(void *handler);
|
|
- void handleFailureWithHandlerTail();
|
|
+ void handleFailureWithHandlerTail(void *handler);
|
|
|
|
void makeFrameDescriptor(Register frameSizeReg, FrameType type) {
|
|
shlq(Imm32(FRAMESIZE_SHIFT), frameSizeReg);
|
|
diff --git a/js/src/jit/x64/Trampoline-x64.cpp b/js/src/jit/x64/Trampoline-x64.cpp
|
|
index 72f4592..3b83850 100644
|
|
--- a/js/src/jit/x64/Trampoline-x64.cpp
|
|
+++ b/js/src/jit/x64/Trampoline-x64.cpp
|
|
@@ -785,11 +785,11 @@ JitRuntime::generateDebugTrapHandler(JSContext *cx)
|
|
}
|
|
|
|
JitCode *
|
|
-JitRuntime::generateExceptionTailStub(JSContext *cx)
|
|
+JitRuntime::generateExceptionTailStub(JSContext *cx, void *handler)
|
|
{
|
|
MacroAssembler masm;
|
|
|
|
- masm.handleFailureWithHandlerTail();
|
|
+ masm.handleFailureWithHandlerTail(handler);
|
|
|
|
Linker linker(masm);
|
|
JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
|
|
diff --git a/js/src/jit/x86/MacroAssembler-x86.cpp b/js/src/jit/x86/MacroAssembler-x86.cpp
|
|
index d36f4d3..57a0f85 100644
|
|
--- a/js/src/jit/x86/MacroAssembler-x86.cpp
|
|
+++ b/js/src/jit/x86/MacroAssembler-x86.cpp
|
|
@@ -281,24 +281,17 @@ MacroAssemblerX86::callWithABI(const Address &fun, MoveOp::Type result)
|
|
}
|
|
|
|
void
|
|
-MacroAssemblerX86::handleFailureWithHandler(void *handler)
|
|
+MacroAssemblerX86::handleFailureWithHandlerTail(void *handler)
|
|
{
|
|
// Reserve space for exception information.
|
|
subl(Imm32(sizeof(ResumeFromException)), esp);
|
|
movl(esp, eax);
|
|
|
|
- // Ask for an exception handler.
|
|
+ // Call the handler.
|
|
setupUnalignedABICall(1, ecx);
|
|
passABIArg(eax);
|
|
callWithABI(handler);
|
|
|
|
- JitCode *excTail = GetIonContext()->runtime->jitRuntime()->getExceptionTail();
|
|
- jmp(excTail);
|
|
-}
|
|
-
|
|
-void
|
|
-MacroAssemblerX86::handleFailureWithHandlerTail()
|
|
-{
|
|
Label entryFrame;
|
|
Label catch_;
|
|
Label finally;
|
|
diff --git a/js/src/jit/x86/MacroAssembler-x86.h b/js/src/jit/x86/MacroAssembler-x86.h
|
|
index 17de7a7..7e578c8 100644
|
|
--- a/js/src/jit/x86/MacroAssembler-x86.h
|
|
+++ b/js/src/jit/x86/MacroAssembler-x86.h
|
|
@@ -1086,8 +1086,7 @@ class MacroAssemblerX86 : public MacroAssemblerX86Shared
|
|
void callWithABI(const Address &fun, MoveOp::Type result = MoveOp::GENERAL);
|
|
|
|
// Used from within an Exit frame to handle a pending exception.
|
|
- void handleFailureWithHandler(void *handler);
|
|
- void handleFailureWithHandlerTail();
|
|
+ void handleFailureWithHandlerTail(void *handler);
|
|
|
|
void makeFrameDescriptor(Register frameSizeReg, FrameType type) {
|
|
shll(Imm32(FRAMESIZE_SHIFT), frameSizeReg);
|
|
diff --git a/js/src/jit/x86/Trampoline-x86.cpp b/js/src/jit/x86/Trampoline-x86.cpp
|
|
index 0a2f0de..9fd2c00 100644
|
|
--- a/js/src/jit/x86/Trampoline-x86.cpp
|
|
+++ b/js/src/jit/x86/Trampoline-x86.cpp
|
|
@@ -827,11 +827,11 @@ JitRuntime::generateDebugTrapHandler(JSContext *cx)
|
|
}
|
|
|
|
JitCode *
|
|
-JitRuntime::generateExceptionTailStub(JSContext *cx)
|
|
+JitRuntime::generateExceptionTailStub(JSContext *cx, void *handler)
|
|
{
|
|
MacroAssembler masm;
|
|
|
|
- masm.handleFailureWithHandlerTail();
|
|
+ masm.handleFailureWithHandlerTail(handler);
|
|
|
|
Linker linker(masm);
|
|
JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
|
|
--
|
|
2.1.2
|
|
|