Smash function prologues on function destruction

Function prologues guard on Func* pointers rather on funcId. This can cause a recycled Func* (with a different funcId) to pass the prologue guard. Change it so that the Func* destructor smashes the func prologue guard immediate.
2013-07-19 00:32:29 -07:00
commit 0d0748302c
@@ -247,6 +247,12 @@ Func::~Func() {
    DEBUG_ONLY auto oldVal = s_funcVec.exchange(m_funcId, nullptr);
    assert(oldVal == this);
  }
+  int maxNumPrologues = getMaxNumPrologues(numParams());
+  int numPrologues =
+    maxNumPrologues > kNumFixedPrologues ? maxNumPrologues
+                                         : kNumFixedPrologues;
+  TranslatorX64::Get()->smashPrologueGuards((TCA *)m_prologueTable,
+                                            numPrologues, this);
 #ifdef DEBUG
  validate();
  m_magic = ~m_magic;
@@ -1238,6 +1238,30 @@ funcPrologToGuard(TCA prolog, const Func* func) {
     kFuncGuardLen);
 }

+static inline void
+funcPrologSmashGuard(TCA prolog, const Func* func) {
+  intptr_t iptr = uintptr_t(func);
+  if (deltaFits(iptr, sz::dword)) {
+    *funcPrologToGuardImm<int32_t>(prolog) = 0;
+    return;
+  }
+  *funcPrologToGuardImm<int64_t>(prolog) = 0;
+}
+
+void
+TranslatorX64::smashPrologueGuards(TCA* prologues, int numPrologues,
+                                   const Func* func) {
+#ifdef DEBUG
+  LeaseHolder writer(s_writeLease);
+#endif
+  for (int i = 0; i < numPrologues; i++) {
+    if (prologues[i] != (TCA)fcallHelperThunk
+        && funcPrologHasGuard(prologues[i], func)) {
+      funcPrologSmashGuard(prologues[i], func);
+    }
+  }
+}
+
 TCA
 TranslatorX64::emitFuncGuard(X64Assembler& a, const Func* func) {
  assert(kScratchCrossTraceRegs.contains(rax));
@@ -237,6 +237,7 @@ public:
  void emitCall(Asm& a, TCA dest);
  void emitCall(Asm& a, CppCall call);
  TCA getCallArrayProlog(Func* func);
+  void smashPrologueGuards(TCA* prologues, int numPrologues, const Func* func);
 private:

  void translateClassExistsImpl(const Tracelet& t,