[packages/qt4.git] / undo-fix-jit-crash-on-x86_64.patch

Description: Fix JIT crash on x86-64 (avoid 32-bit branch offset overflow)
 .
 Cherry-picked from webkit commit
 a5b3261a8c4386b4e14ce40a34c7fc933a5f7001
Origin: commit ada98493bbfbd9af0d0b593017e29d39bcd3495e
Author: Kent Hansen <kent.hansen@nokia.com>
Forwarded: not-needed
Applied-Upstream: yes
Reviewed-by: Simon Hausmann <simon.hausmann@nokia.com>
Reviewed-by: Kent Hansen <kent.hansen@nokia.com>
---
 .../javascriptcore/JavaScriptCore/ChangeLog        |   27 +++++++++++++++++
 .../JavaScriptCore/JavaScriptCore.pri              |    1 +
 .../JavaScriptCore/jit/ExecutableAllocator.cpp     |   21 +++++++++++++
 .../jit/ExecutableAllocatorFixedVMPool.cpp         |   31 +++++++++++++-------
 .../jit/ExecutableAllocatorPosix.cpp               |   29 ++----------------
 .../jit/ExecutableAllocatorSymbian.cpp             |    2 +-
 .../JavaScriptCore/jit/ExecutableAllocatorWin.cpp  |    2 +-
 .../javascriptcore/JavaScriptCore/wtf/Platform.h   |   10 +++++++
 8 files changed, 84 insertions(+), 39 deletions(-)

diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
index 9cbf0c1..5ab23e6 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
@@ -1,3 +1,30 @@
+2010-07-08  Gavin Barraclough  <barraclough@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        https://bugs.webkit.org/show_bug.cgi?id=41641
+
+        Update compile flags to allow use of ExecutableAllocatorFixedVMPool on platforms
+        other than x86-64 (this may be useful on 32-bit platforms, too).
+
+        Simplify ifdefs by dividing into thwo broad allocation strategies
+        (ENABLE_EXECUTABLE_ALLOCATOR_FIXED & ENABLE_EXECUTABLE_ALLOCATOR_DEMAND).
+
+        Rename constant used in the code to have names descriptive of their purpose,
+        rather than their specific value on a given platform.
+
+        * jit/ExecutableAllocator.cpp:
+        (JSC::ExecutableAllocator::reprotectRegion):
+        (JSC::ExecutableAllocator::cacheFlush):
+        * jit/ExecutableAllocatorFixedVMPool.cpp:
+        (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
+        (JSC::FixedVMPoolAllocator::free):
+        (JSC::ExecutablePool::systemAlloc):
+        * jit/ExecutableAllocatorPosix.cpp:
+        * jit/ExecutableAllocatorSymbian.cpp:
+        * jit/ExecutableAllocatorWin.cpp:
+        * wtf/Platform.h:
+
 2010-08-24  Oliver Hunt  <oliver@apple.com>
 
         Reviewed by Geoff Garen.
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri
index b061321..847f69c 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri
@@ -100,6 +100,7 @@ SOURCES += \
     interpreter/CallFrame.cpp \
     interpreter/Interpreter.cpp \
     interpreter/RegisterFile.cpp \
+    jit/ExecutableAllocatorFixedVMPool.cpp \
     jit/ExecutableAllocatorPosix.cpp \
     jit/ExecutableAllocatorSymbian.cpp \
     jit/ExecutableAllocatorWin.cpp \
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp
index f6b27ec..f0ebbab 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp
@@ -33,6 +33,27 @@ namespace JSC {
 
 size_t ExecutableAllocator::pageSize = 0;
 
+#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
+void ExecutableAllocator::reprotectRegion(void* start, size_t size, ProtectionSeting setting)
+{
+    if (!pageSize)
+        intializePageSize();
+
+    // Calculate the start of the page containing this region,
+    // and account for this extra memory within size.
+    intptr_t startPtr = reinterpret_cast<intptr_t>(start);
+    intptr_t pageStartPtr = startPtr & ~(pageSize - 1);
+    void* pageStart = reinterpret_cast<void*>(pageStartPtr);
+    size += (startPtr - pageStartPtr);
+
+    // Round size up
+    size += (pageSize - 1);
+    size &= ~(pageSize - 1);
+
+    mprotect(pageStart, size, (setting == Writable) ? PROTECTION_FLAGS_RW : PROTECTION_FLAGS_RX);
+}
+#endif
+
 }
 
 #endif // HAVE(ASSEMBLER)
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
index dd1db4e..16d0fb1 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
@@ -27,25 +27,33 @@
 
 #include "ExecutableAllocator.h"
 
-#include <errno.h>
+#if ENABLE(EXECUTABLE_ALLOCATOR_FIXED)
 
-#if ENABLE(ASSEMBLER) && OS(DARWIN) && CPU(X86_64)
+#include <errno.h>
 
 #include "TCSpinLock.h"
-#include <mach/mach_init.h>
-#include <mach/vm_map.h>
 #include <sys/mman.h>
 #include <unistd.h>
 #include <wtf/AVLTree.h>
 #include <wtf/VMTags.h>
 
+#if CPU(X86_64)
+    // These limits suitable on 64-bit platforms (particularly x86-64, where we require all jumps to have a 2Gb max range).
+    #define VM_POOL_SIZE (2u * 1024u * 1024u * 1024u) // 2Gb
+    #define COALESCE_LIMIT (16u * 1024u * 1024u) // 16Mb
+#else
+    // These limits are hopefully sensible on embedded platforms.
+    #define VM_POOL_SIZE (32u * 1024u * 1024u) // 32Mb
+    #define COALESCE_LIMIT (4u * 1024u * 1024u) // 4Mb
+#endif
+
+// ASLR currently only works on darwin (due to arc4random) & 64-bit (due to address space size).
+#define VM_POOL_ASLR (OS(DARWIN) && CPU(X86_64))
+
 using namespace WTF;
 
 namespace JSC {
 
-#define TWO_GB (2u * 1024u * 1024u * 1024u)
-#define SIXTEEN_MB (16u * 1024u * 1024u)
-
 // FreeListEntry describes a free chunk of memory, stored in the freeList.
 struct FreeListEntry {
     FreeListEntry(void* pointer, size_t size)
@@ -291,9 +299,12 @@ public:
         // for now instead of 2^26 bits of ASLR lets stick with 25 bits of randomization plus
         // 2^24, which should put up somewhere in the middle of usespace (in the address range
         // 0x200000000000 .. 0x5fffffffffff).
-        intptr_t randomLocation = arc4random() & ((1 << 25) - 1);
+        intptr_t randomLocation = 0;
+#if VM_POOL_ASLR
+        randomLocation = arc4random() & ((1 << 25) - 1);
         randomLocation += (1 << 24);
         randomLocation <<= 21;
+#endif
         m_base = mmap(reinterpret_cast<void*>(randomLocation), m_totalHeapSize, INITIAL_PROTECTION_FLAGS, MAP_PRIVATE | MAP_ANON, VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY, 0);
         if (!m_base)
             CRASH();
@@ -387,7 +398,7 @@ public:
         // 16MB of allocations have been freed, sweep m_freeList
         // coalescing any neighboring fragments.
         m_countFreedSinceLastCoalesce += size;
-        if (m_countFreedSinceLastCoalesce >= SIXTEEN_MB) {
+        if (m_countFreedSinceLastCoalesce >= COALESCE_LIMIT) {
             m_countFreedSinceLastCoalesce = 0;
             coalesceFreeSpace();
         }
@@ -429,7 +440,7 @@ ExecutablePool::Allocation ExecutablePool::systemAlloc(size_t size)
   SpinLockHolder lock_holder(&spinlock);
 
     if (!allocator)
-        allocator = new FixedVMPoolAllocator(JIT_ALLOCATOR_LARGE_ALLOC_SIZE, TWO_GB);
+        allocator = new FixedVMPoolAllocator(JIT_ALLOCATOR_LARGE_ALLOC_SIZE, VM_POOL_SIZE);
     ExecutablePool::Allocation alloc = {reinterpret_cast<char*>(allocator->alloc(size)), size};
     return alloc;
 }
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp
index 2eb0c87..b04049c 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp
@@ -27,7 +27,7 @@
 
 #include "ExecutableAllocator.h"
 
-#if ENABLE(ASSEMBLER) && OS(UNIX) && !OS(SYMBIAN)
+#if ENABLE(EXECUTABLE_ALLOCATOR_DEMAND) && !OS(WINDOWS) && !OS(SYMBIAN)
 
 #include <sys/mman.h>
 #include <unistd.h>
@@ -35,8 +35,6 @@
 
 namespace JSC {
 
-#if !(OS(DARWIN) && !PLATFORM(QT) && CPU(X86_64))
-
 void ExecutableAllocator::intializePageSize()
 {
     ExecutableAllocator::pageSize = getpagesize();
@@ -57,29 +55,6 @@ void ExecutablePool::systemRelease(const ExecutablePool::Allocation& alloc)
     ASSERT_UNUSED(result, !result);
 }
 
-#endif // !(OS(DARWIN) && !PLATFORM(QT) && CPU(X86_64))
-
-#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
-void ExecutableAllocator::reprotectRegion(void* start, size_t size, ProtectionSeting setting)
-{
-    if (!pageSize)
-        intializePageSize();
-
-    // Calculate the start of the page containing this region,
-    // and account for this extra memory within size.
-    intptr_t startPtr = reinterpret_cast<intptr_t>(start);
-    intptr_t pageStartPtr = startPtr & ~(pageSize - 1);
-    void* pageStart = reinterpret_cast<void*>(pageStartPtr);
-    size += (startPtr - pageStartPtr);
-
-    // Round size up
-    size += (pageSize - 1);
-    size &= ~(pageSize - 1);
-
-    mprotect(pageStart, size, (setting == Writable) ? PROTECTION_FLAGS_RW : PROTECTION_FLAGS_RX);
-}
-#endif
-
 }
 
-#endif // HAVE(ASSEMBLER)
+#endif
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorSymbian.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorSymbian.cpp
index e82975c..9028f50 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorSymbian.cpp
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorSymbian.cpp
@@ -22,7 +22,7 @@
 
 #include "ExecutableAllocator.h"
 
-#if ENABLE(ASSEMBLER) && OS(SYMBIAN)
+#if ENABLE(EXECUTABLE_ALLOCATOR_DEMAND) && OS(SYMBIAN)
 
 #include <e32hal.h>
 #include <e32std.h>
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp
index e38323c..72a1d5f 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp
@@ -27,7 +27,7 @@
 
 #include "ExecutableAllocator.h"
 
-#if ENABLE(ASSEMBLER) && OS(WINDOWS)
+#if ENABLE(EXECUTABLE_ALLOCATOR_DEMAND) && OS(WINDOWS)
 
 #include "windows.h"
 
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h
index 700977e..d930ed7 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h
@@ -1016,6 +1016,16 @@ on MinGW. See https://bugs.webkit.org/show_bug.cgi?id=29268 */
 #define ENABLE_ASSEMBLER_WX_EXCLUSIVE 0
 #endif
 
+/* Pick which allocator to use; we only need an executable allocator if the assembler is compiled in.
+   On x86-64 we use a single fixed mmap, on other platforms we mmap on demand. */
+#if ENABLE(ASSEMBLER)
+#if CPU(X86_64)
+#define ENABLE_EXECUTABLE_ALLOCATOR_FIXED 1
+#else
+#define ENABLE_EXECUTABLE_ALLOCATOR_DEMAND 1
+#endif
+#endif
+
 #if !defined(ENABLE_PAN_SCROLLING) && OS(WINDOWS)
 #define ENABLE_PAN_SCROLLING 1
 #endif
-- 
1.7.10.4
Commit	Line	Data
a3ed32b9 AM	1	Description: Fix JIT crash on x86-64 (avoid 32-bit branch offset overflow)
	2	.
	3	Cherry-picked from webkit commit
	4	a5b3261a8c4386b4e14ce40a34c7fc933a5f7001
	5	Origin: commit ada98493bbfbd9af0d0b593017e29d39bcd3495e
	6	Author: Kent Hansen <kent.hansen@nokia.com>
	7	Forwarded: not-needed
	8	Applied-Upstream: yes
	9	Reviewed-by: Simon Hausmann <simon.hausmann@nokia.com>
	10	Reviewed-by: Kent Hansen <kent.hansen@nokia.com>
	11	---
	12	.../javascriptcore/JavaScriptCore/ChangeLog \| 27 +++++++++++++++++
	13	.../JavaScriptCore/JavaScriptCore.pri \| 1 +
	14	.../JavaScriptCore/jit/ExecutableAllocator.cpp \| 21 +++++++++++++
	15	.../jit/ExecutableAllocatorFixedVMPool.cpp \| 31 +++++++++++++-------
	16	.../jit/ExecutableAllocatorPosix.cpp \| 29 ++----------------
	17	.../jit/ExecutableAllocatorSymbian.cpp \| 2 +-
	18	.../JavaScriptCore/jit/ExecutableAllocatorWin.cpp \| 2 +-
	19	.../javascriptcore/JavaScriptCore/wtf/Platform.h \| 10 +++++++
	20	8 files changed, 84 insertions(+), 39 deletions(-)
	21
	22	diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
	23	index 9cbf0c1..5ab23e6 100644
	24	--- a/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
	25	+++ b/src/3rdparty/javascriptcore/JavaScriptCore/ChangeLog
	26	@@ -1,3 +1,30 @@
	27	+2010-07-08 Gavin Barraclough <barraclough@apple.com>
	28	+
	29	+ Reviewed by Sam Weinig.
	30	+
	31	+ https://bugs.webkit.org/show_bug.cgi?id=41641
	32	+
	33	+ Update compile flags to allow use of ExecutableAllocatorFixedVMPool on platforms
	34	+ other than x86-64 (this may be useful on 32-bit platforms, too).
	35	+
	36	+ Simplify ifdefs by dividing into thwo broad allocation strategies
	37	+ (ENABLE_EXECUTABLE_ALLOCATOR_FIXED & ENABLE_EXECUTABLE_ALLOCATOR_DEMAND).
	38	+
	39	+ Rename constant used in the code to have names descriptive of their purpose,
	40	+ rather than their specific value on a given platform.
	41	+
	42	+ * jit/ExecutableAllocator.cpp:
	43	+ (JSC::ExecutableAllocator::reprotectRegion):
	44	+ (JSC::ExecutableAllocator::cacheFlush):
	45	+ * jit/ExecutableAllocatorFixedVMPool.cpp:
	46	+ (JSC::FixedVMPoolAllocator::FixedVMPoolAllocator):
	47	+ (JSC::FixedVMPoolAllocator::free):
	48	+ (JSC::ExecutablePool::systemAlloc):
	49	+ * jit/ExecutableAllocatorPosix.cpp:
	50	+ * jit/ExecutableAllocatorSymbian.cpp:
	51	+ * jit/ExecutableAllocatorWin.cpp:
	52	+ * wtf/Platform.h:
	53	+
	54	2010-08-24 Oliver Hunt <oliver@apple.com>
	55
	56	Reviewed by Geoff Garen.
	57	diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri
	58	index b061321..847f69c 100644
	59	--- a/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri
	60	+++ b/src/3rdparty/javascriptcore/JavaScriptCore/JavaScriptCore.pri
	61	@@ -100,6 +100,7 @@ SOURCES += \
	62	interpreter/CallFrame.cpp \
	63	interpreter/Interpreter.cpp \
	64	interpreter/RegisterFile.cpp \
65	+ jit/ExecutableAllocatorFixedVMPool.cpp \
66	jit/ExecutableAllocatorPosix.cpp \
67	jit/ExecutableAllocatorSymbian.cpp \
68	jit/ExecutableAllocatorWin.cpp \
69	diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp
70	index f6b27ec..f0ebbab 100644
71	--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp
72	+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocator.cpp
73	@@ -33,6 +33,27 @@ namespace JSC {
74
75	size_t ExecutableAllocator::pageSize = 0;
76
77	+#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
78	+void ExecutableAllocator::reprotectRegion(void* start, size_t size, ProtectionSeting setting)
79	+{
80	+ if (!pageSize)
81	+ intializePageSize();
82	+
83	+ // Calculate the start of the page containing this region,
84	+ // and account for this extra memory within size.
85	+ intptr_t startPtr = reinterpret_cast<intptr_t>(start);
86	+ intptr_t pageStartPtr = startPtr & ~(pageSize - 1);
87	+ void* pageStart = reinterpret_cast<void*>(pageStartPtr);
88	+ size += (startPtr - pageStartPtr);
89	+
90	+ // Round size up
91	+ size += (pageSize - 1);
92	+ size &= ~(pageSize - 1);
93	+
94	+ mprotect(pageStart, size, (setting == Writable) ? PROTECTION_FLAGS_RW : PROTECTION_FLAGS_RX);
95	+}
96	+#endif
97	+
98	}
99
100	#endif // HAVE(ASSEMBLER)
101	diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
102	index dd1db4e..16d0fb1 100644
103	--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
104	+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorFixedVMPool.cpp
105	@@ -27,25 +27,33 @@
106
107	#include "ExecutableAllocator.h"
108
109	-#include <errno.h>
110	+#if ENABLE(EXECUTABLE_ALLOCATOR_FIXED)
111
112	-#if ENABLE(ASSEMBLER) && OS(DARWIN) && CPU(X86_64)
113	+#include <errno.h>
114
115	#include "TCSpinLock.h"
116	-#include <mach/mach_init.h>
117	-#include <mach/vm_map.h>
118	#include <sys/mman.h>
119	#include <unistd.h>
120	#include <wtf/AVLTree.h>
121	#include <wtf/VMTags.h>
122
123	+#if CPU(X86_64)
124	+ // These limits suitable on 64-bit platforms (particularly x86-64, where we require all jumps to have a 2Gb max range).
125	+ #define VM_POOL_SIZE (2u * 1024u * 1024u * 1024u) // 2Gb
126	+ #define COALESCE_LIMIT (16u * 1024u * 1024u) // 16Mb
127	+#else
128	+ // These limits are hopefully sensible on embedded platforms.
129	+ #define VM_POOL_SIZE (32u * 1024u * 1024u) // 32Mb
130	+ #define COALESCE_LIMIT (4u * 1024u * 1024u) // 4Mb
131	+#endif
132	+
133	+// ASLR currently only works on darwin (due to arc4random) & 64-bit (due to address space size).
134	+#define VM_POOL_ASLR (OS(DARWIN) && CPU(X86_64))
135	+
136	using namespace WTF;
137
138	namespace JSC {
139
140	-#define TWO_GB (2u * 1024u * 1024u * 1024u)
141	-#define SIXTEEN_MB (16u * 1024u * 1024u)
142	-
143	// FreeListEntry describes a free chunk of memory, stored in the freeList.
144	struct FreeListEntry {
145	FreeListEntry(void* pointer, size_t size)
146	@@ -291,9 +299,12 @@ public:
147	// for now instead of 2^26 bits of ASLR lets stick with 25 bits of randomization plus
148	// 2^24, which should put up somewhere in the middle of usespace (in the address range
149	// 0x200000000000 .. 0x5fffffffffff).
150	- intptr_t randomLocation = arc4random() & ((1 << 25) - 1);
151	+ intptr_t randomLocation = 0;
152	+#if VM_POOL_ASLR
153	+ randomLocation = arc4random() & ((1 << 25) - 1);
154	randomLocation += (1 << 24);
155	randomLocation <<= 21;
156	+#endif
157	m_base = mmap(reinterpret_cast<void*>(randomLocation), m_totalHeapSize, INITIAL_PROTECTION_FLAGS, MAP_PRIVATE \| MAP_ANON, VM_TAG_FOR_EXECUTABLEALLOCATOR_MEMORY, 0);
158	if (!m_base)
159	CRASH();
160	@@ -387,7 +398,7 @@ public:
161	// 16MB of allocations have been freed, sweep m_freeList
162	// coalescing any neighboring fragments.
163	m_countFreedSinceLastCoalesce += size;
164	- if (m_countFreedSinceLastCoalesce >= SIXTEEN_MB) {
165	+ if (m_countFreedSinceLastCoalesce >= COALESCE_LIMIT) {
166	m_countFreedSinceLastCoalesce = 0;
167	coalesceFreeSpace();
168	}
169	@@ -429,7 +440,7 @@ ExecutablePool::Allocation ExecutablePool::systemAlloc(size_t size)
170	SpinLockHolder lock_holder(&spinlock);
171
172	if (!allocator)
173	- allocator = new FixedVMPoolAllocator(JIT_ALLOCATOR_LARGE_ALLOC_SIZE, TWO_GB);
174	+ allocator = new FixedVMPoolAllocator(JIT_ALLOCATOR_LARGE_ALLOC_SIZE, VM_POOL_SIZE);
175	ExecutablePool::Allocation alloc = {reinterpret_cast<char*>(allocator->alloc(size)), size};
176	return alloc;
177	}
178	diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp
179	index 2eb0c87..b04049c 100644
180	--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp
181	+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorPosix.cpp
182	@@ -27,7 +27,7 @@
183
184	#include "ExecutableAllocator.h"
185
186	-#if ENABLE(ASSEMBLER) && OS(UNIX) && !OS(SYMBIAN)
187	+#if ENABLE(EXECUTABLE_ALLOCATOR_DEMAND) && !OS(WINDOWS) && !OS(SYMBIAN)
188
189	#include <sys/mman.h>
190	#include <unistd.h>
191	@@ -35,8 +35,6 @@
192
193	namespace JSC {
194
195	-#if !(OS(DARWIN) && !PLATFORM(QT) && CPU(X86_64))
196	-
197	void ExecutableAllocator::intializePageSize()
198	{
199	ExecutableAllocator::pageSize = getpagesize();
200	@@ -57,29 +55,6 @@ void ExecutablePool::systemRelease(const ExecutablePool::Allocation& alloc)
201	ASSERT_UNUSED(result, !result);
202	}
203
204	-#endif // !(OS(DARWIN) && !PLATFORM(QT) && CPU(X86_64))
205	-
206	-#if ENABLE(ASSEMBLER_WX_EXCLUSIVE)
207	-void ExecutableAllocator::reprotectRegion(void* start, size_t size, ProtectionSeting setting)
208	-{
209	- if (!pageSize)
210	- intializePageSize();
211	-
212	- // Calculate the start of the page containing this region,
213	- // and account for this extra memory within size.
214	- intptr_t startPtr = reinterpret_cast<intptr_t>(start);
215	- intptr_t pageStartPtr = startPtr & ~(pageSize - 1);
216	- void* pageStart = reinterpret_cast<void*>(pageStartPtr);
217	- size += (startPtr - pageStartPtr);
218	-
219	- // Round size up
220	- size += (pageSize - 1);
221	- size &= ~(pageSize - 1);
222	-
223	- mprotect(pageStart, size, (setting == Writable) ? PROTECTION_FLAGS_RW : PROTECTION_FLAGS_RX);
224	-}
225	-#endif
226	-
227	}
228
229	-#endif // HAVE(ASSEMBLER)
230	+#endif
231	diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorSymbian.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorSymbian.cpp
232	index e82975c..9028f50 100644
233	--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorSymbian.cpp
234	+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorSymbian.cpp
235	@@ -22,7 +22,7 @@
236
237	#include "ExecutableAllocator.h"
238
239	-#if ENABLE(ASSEMBLER) && OS(SYMBIAN)
240	+#if ENABLE(EXECUTABLE_ALLOCATOR_DEMAND) && OS(SYMBIAN)
241
242	#include <e32hal.h>
243	#include <e32std.h>
244	diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp
245	index e38323c..72a1d5f 100644
246	--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp
247	+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/ExecutableAllocatorWin.cpp
248	@@ -27,7 +27,7 @@
249
250	#include "ExecutableAllocator.h"
251
252	-#if ENABLE(ASSEMBLER) && OS(WINDOWS)
253	+#if ENABLE(EXECUTABLE_ALLOCATOR_DEMAND) && OS(WINDOWS)
254
255	#include "windows.h"
256
257	diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h
258	index 700977e..d930ed7 100644
259	--- a/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h
260	+++ b/src/3rdparty/javascriptcore/JavaScriptCore/wtf/Platform.h
261	@@ -1016,6 +1016,16 @@ on MinGW. See https://bugs.webkit.org/show_bug.cgi?id=29268 */
262	#define ENABLE_ASSEMBLER_WX_EXCLUSIVE 0
263	#endif
264
265	+/* Pick which allocator to use; we only need an executable allocator if the assembler is compiled in.
266	+ On x86-64 we use a single fixed mmap, on other platforms we mmap on demand. */
267	+#if ENABLE(ASSEMBLER)
268	+#if CPU(X86_64)
269	+#define ENABLE_EXECUTABLE_ALLOCATOR_FIXED 1
270	+#else
271	+#define ENABLE_EXECUTABLE_ALLOCATOR_DEMAND 1
272	+#endif
273	+#endif
274	+
275	#if !defined(ENABLE_PAN_SCROLLING) && OS(WINDOWS)
276	#define ENABLE_PAN_SCROLLING 1
277	#endif
278	--
279	1.7.10.4
280