From a7a5b5ce485512e659fd4f8a1edb2cda3021517f Mon Sep 17 00:00:00 2001
From: Zheng Xu <zheng.xu@linaro.org>
Date: Thu, 1 Sep 2016 16:58:30 +0800
Subject: [PATCH] Bug 1143022 - Manually mmap on arm64 to ensure high 17 bits
 are clear. r=ehoogeveen

There might be 48-bit VA on arm64 depending on kernel configuration.
Manually mmap heap memory to align with the assumption made by JS engine.

Change-Id: I2853e284b92aecf609e00bb82718e5df535bbba2
---
 js/src/gc/Memory.cpp                   | 37 ++++++++++++++++++++++++++++++-
 js/src/jsapi-tests/testGCAllocator.cpp | 40 +++++++++++++++++++++++++++-------
 2 files changed, 68 insertions(+), 9 deletions(-)

diff --git a/js/src/gc/Memory.cpp b/js/src/gc/Memory.cpp
index 8db2c68e..db2063d 100644
--- a/js/src/gc/Memory.cpp
+++ b/js/src/gc/Memory.cpp
@@ -379,7 +379,7 @@ static inline void*
 MapMemoryAt(void* desired, size_t length, int prot = PROT_READ | PROT_WRITE,
             int flags = MAP_PRIVATE | MAP_ANON, int fd = -1, off_t offset = 0)
 {
-#if defined(__ia64__) || (defined(__sparc64__) && defined(__NetBSD__))
+#if defined(__ia64__) || (defined(__sparc64__) && defined(__NetBSD__)) || defined(__aarch64__)
     MOZ_ASSERT(0xffff800000000000ULL & (uintptr_t(desired) + length - 1) == 0);
 #endif
     void* region = mmap(desired, length, prot, flags, fd, offset);
@@ -429,6 +429,41 @@ MapMemory(size_t length, int prot = PROT_READ | PROT_WRITE,
         return nullptr;
     }
     return region;
+#elif defined(__aarch64__)
+   /*
+    * There might be similar virtual address issue on arm64 which depends on
+    * hardware and kernel configurations. But the work around is slightly
+    * different due to the different mmap behavior.
+    *
+    * TODO: Merge with the above code block if this implementation works for
+    * ia64 and sparc64.
+    */
+    const uintptr_t start = UINT64_C(0x0000070000000000);
+    const uintptr_t end   = UINT64_C(0x0000800000000000);
+    const uintptr_t step  = ChunkSize;
+   /*
+    * Optimization options if there are too many retries in practice:
+    * 1. Examine /proc/self/maps to find an available address. This file is
+    *    not always available, however. In addition, even if we examine
+    *    /proc/self/maps, we may still need to retry several times due to
+    *    racing with other threads.
+    * 2. Use a global/static variable with lock to track the addresses we have
+    *    allocated or tried.
+    */
+    uintptr_t hint;
+    void* region = MAP_FAILED;
+    for (hint = start; region == MAP_FAILED && hint + length <= end; hint += step) {
+        region = mmap((void*)hint, length, prot, flags, fd, offset);
+        if (region != MAP_FAILED) {
+            if ((uintptr_t(region) + (length - 1)) & 0xffff800000000000) {
+                if (munmap(region, length)) {
+                    MOZ_ASSERT(errno == ENOMEM);
+                }
+                region = MAP_FAILED;
+            }
+        }
+    }
+    return region == MAP_FAILED ? nullptr : region;
 #else
     void* region = MozTaggedAnonymousMmap(nullptr, length, prot, flags, fd, offset, "js-gc-heap");
     if (region == MAP_FAILED)
diff --git a/js/src/jsapi-tests/testGCAllocator.cpp b/js/src/jsapi-tests/testGCAllocator.cpp
index 2d36d2f..9bf1692 100644
--- a/js/src/jsapi-tests/testGCAllocator.cpp
+++ b/js/src/jsapi-tests/testGCAllocator.cpp
@@ -257,7 +257,7 @@ unmapPages(void* p, size_t size)
 void*
 mapMemoryAt(void* desired, size_t length)
 {
-#if defined(__ia64__) || (defined(__sparc64__) && defined(__NetBSD__))
+#if defined(__ia64__) || (defined(__sparc64__) && defined(__NetBSD__)) || defined(__aarch64__)
     MOZ_RELEASE_ASSERT(0xffff800000000000ULL & (uintptr_t(desired) + length - 1) == 0);
 #endif
     void* region = mmap(desired, length, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
@@ -274,21 +274,45 @@ mapMemoryAt(void* desired, size_t length)
 void*
 mapMemory(size_t length)
 {
-    void* hint = nullptr;
+    int prot = PROT_READ | PROT_WRITE;
+    int flags = MAP_PRIVATE | MAP_ANON;
+    int fd = -1;
+    off_t offset = 0;
+    // The test code must be aligned with the implementation in gc/Memory.cpp.
 #if defined(__ia64__) || (defined(__sparc64__) && defined(__NetBSD__))
-    hint = (void*)0x0000070000000000ULL;
-#endif
-    void* region = mmap(hint, length, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
+    void* region = mmap((void*)0x0000070000000000, length, prot, flags, fd, offset);
     if (region == MAP_FAILED)
         return nullptr;
-#if defined(__ia64__) || (defined(__sparc64__) && defined(__NetBSD__))
-    if ((uintptr_t(region) + (length - 1)) & 0xffff800000000000ULL) {
+    if ((uintptr_t(region) + (length - 1)) & 0xffff800000000000) {
         if (munmap(region, length))
             MOZ_RELEASE_ASSERT(errno == ENOMEM);
         return nullptr;
     }
-#endif
     return region;
+#elif defined(__aarch64__)
+    const uintptr_t start = UINT64_C(0x0000070000000000);
+    const uintptr_t end   = UINT64_C(0x0000800000000000);
+    const uintptr_t step  = js::gc::ChunkSize;
+    uintptr_t hint;
+    void* region = MAP_FAILED;
+    for (hint = start; region == MAP_FAILED && hint + length <= end; hint += step) {
+        region = mmap((void*)hint, length, prot, flags, fd, offset);
+        if (region != MAP_FAILED) {
+            if ((uintptr_t(region) + (length - 1)) & 0xffff800000000000) {
+                if (munmap(region, length)) {
+                    MOZ_RELEASE_ASSERT(errno == ENOMEM);
+                }
+                region = MAP_FAILED;
+            }
+        }
+    }
+    return region == MAP_FAILED ? nullptr : region;
+#else
+    void* region = mmap(nullptr, length, prot, flags, fd, offset);
+    if (region == MAP_FAILED)
+        return nullptr;
+    return region;
+#endif
 }
 
 void
-- 
1.9.1