From 528ffd602cc5a501713cd768df0cf6870a36ddad Mon Sep 17 00:00:00 2001 From: Kent Hansen Date: Tue, 20 Apr 2010 14:00:01 +0200 Subject: Fix Mac OS Tiger-vs-Leopard crash due to memory tagging by JavaScriptCore Cherry-picked from WebKit trunk. --- .../javascriptcore/JavaScriptCore/ChangeLog | 26 +++++++++++++++ .../javascriptcore/JavaScriptCore/wtf/VMTags.h | 39 +++++++++++++++++----- src/3rdparty/javascriptcore/VERSION | 4 +-- 3 files changed, 59 insertions(+), 10 deletions(-) diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog index 4f6e565..11572b0 100644 --- a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog +++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog @@ -1,3 +1,29 @@ +2010-04-14 Kent Hansen + + Reviewed by Maciej Stachowiak. + + Mac OS X: Use deployment target to determine whether memory tagging should be enabled + https://bugs.webkit.org/show_bug.cgi?id=34888 + + When building on (Snow) Leopard but targeting Tiger + (TARGETING_TIGER defined, BUILDING_ON_TIGER not defined), + WebKit would crash on Tiger because the tags passed to mmap + caused those function calls to fail. + + Conversely, when building on Tiger but targeting Leopard + (BUILDING_ON_TIGER defined, TARGETING_LEOPARD defined), WebKit + would crash on Leopard because the tags passed to vm_map and + vm_allocate caused those function calls to fail. + + Solution: Use TARGETING_TIGER rather than BUILDING_ON_TIGER to + govern the tag definitions. Use the same tags for vm_map and + vm_allocate regardless of target, since they work on + both. Fall back to the mmap tags that work on Tiger (that is, + "no tags") if targeting Tiger, since those tags also work on + Leopard. + + * wtf/VMTags.h: + 2010-03-29 Patrick Gansterer Reviewed by Darin Adler. diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/VMTags.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/VMTags.h index 34e2494..75bec11 100644 --- a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/VMTags.h +++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/VMTags.h @@ -30,25 +30,48 @@ // On Mac OS X, the VM subsystem allows tagging memory requested from mmap and vm_map // in order to aid tools that inspect system memory use. -#if OS(DARWIN) && !defined(BUILDING_ON_TIGER) +#if OS(DARWIN) #include +#if !defined(TARGETING_TIGER) + #if defined(VM_MEMORY_TCMALLOC) #define VM_TAG_FOR_TCMALLOC_MEMORY VM_MAKE_TAG(VM_MEMORY_TCMALLOC) #else #define VM_TAG_FOR_TCMALLOC_MEMORY VM_MAKE_TAG(53) #endif // defined(VM_MEMORY_TCMALLOC) -#if defined(VM_MEMORY_JAVASCRIPT_CORE) && defined(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE) && defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR) && defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR) -#define VM_TAG_FOR_COLLECTOR_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_CORE) -#define VM_TAG_FOR_REGISTERFILE_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE) +#if defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR) #define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR) #else -#define VM_TAG_FOR_COLLECTOR_MEMORY VM_MAKE_TAG(63) #define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY VM_MAKE_TAG(64) +#endif // defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR) + +#if defined(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE) +#define VM_TAG_FOR_REGISTERFILE_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE) +#else #define VM_TAG_FOR_REGISTERFILE_MEMORY VM_MAKE_TAG(65) -#endif // defined(VM_MEMORY_JAVASCRIPT_CORE) && defined(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE) && defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR) && defined(VM_MEMORY_JAVASCRIPT_JIT_EXECUTABLE_ALLOCATOR) +#endif // defined(VM_MEMORY_JAVASCRIPT_JIT_REGISTER_FILE) + +#else // !defined(TARGETING_TIGER) + +// mmap on Tiger fails with tags that work on Leopard, so fall +// back to Tiger-compatible tags (that also work on Leopard) +// when targeting Tiger. +#define VM_TAG_FOR_TCMALLOC_MEMORY -1 +#define VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY -1 +#define VM_TAG_FOR_REGISTERFILE_MEMORY -1 + +#endif // !defined(TARGETING_TIGER) + +// Tags for vm_map and vm_allocate work on both Tiger and Leopard. + +#if defined(VM_MEMORY_JAVASCRIPT_CORE) +#define VM_TAG_FOR_COLLECTOR_MEMORY VM_MAKE_TAG(VM_MEMORY_JAVASCRIPT_CORE) +#else +#define VM_TAG_FOR_COLLECTOR_MEMORY VM_MAKE_TAG(63) +#endif // defined(VM_MEMORY_JAVASCRIPT_CORE) #if defined(VM_MEMORY_WEBCORE_PURGEABLE_BUFFERS) #define VM_TAG_FOR_WEBCORE_PURGEABLE_MEMORY VM_MAKE_TAG(VM_MEMORY_WEBCORE_PURGEABLE_BUFFERS) @@ -56,7 +79,7 @@ #define VM_TAG_FOR_WEBCORE_PURGEABLE_MEMORY VM_MAKE_TAG(69) #endif // defined(VM_MEMORY_WEBCORE_PURGEABLE_BUFFERS) -#else // OS(DARWIN) && !defined(BUILDING_ON_TIGER) +#else // OS(DARWIN) #define VM_TAG_FOR_TCMALLOC_MEMORY -1 #define VM_TAG_FOR_COLLECTOR_MEMORY -1 @@ -64,6 +87,6 @@ #define VM_TAG_FOR_REGISTERFILE_MEMORY -1 #define VM_TAG_FOR_WEBCORE_PURGEABLE_MEMORY -1 -#endif // OS(DARWIN) && !defined(BUILDING_ON_TIGER) +#endif // OS(DARWIN) #endif // VMTags_h diff --git a/src/3rdparty/javascriptcore/VERSION b/src/3rdparty/javascriptcore/VERSION index 2b885a7..9a02027 100644 --- a/src/3rdparty/javascriptcore/VERSION +++ b/src/3rdparty/javascriptcore/VERSION @@ -4,8 +4,8 @@ This is a snapshot of JavaScriptCore from The commit imported was from the - javascriptcore-snapshot-07042010 branch/tag + javascriptcore-snapshot-20042010 branch/tag and has the sha1 checksum - 475f8c67522d8b3f3163dc3a6b24d6083fd0ac19 + c589321ffdda5e93cf77e2cf2cf43afe3e996f6e -- cgit v0.12