[webkit-reviews] review granted: [Bug 197620] Wasm should cage the memory base pointers in structs : [Attachment 370065] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 16 18:34:45 PDT 2019
Saam Barati <sbarati at apple.com> has granted Keith Miller
<keith_miller at apple.com>'s request for review:
Bug 197620: Wasm should cage the memory base pointers in structs
https://bugs.webkit.org/show_bug.cgi?id=197620
Attachment 370065: Patch
https://bugs.webkit.org/attachment.cgi?id=370065&action=review
--- Comment #2 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 370065
--> https://bugs.webkit.org/attachment.cgi?id=370065
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=370065&action=review
r=me
> Source/JavaScriptCore/ChangeLog:11
> + Currently, we use cageConditionally; this only matters for API
> + users since the web content process cannot disable primitive
> + gigacage. This patch also adds a set helper for union/intersection
> + of RegisterSets.
Do we have tests where Gigacage is disabled with Wasm enabled in JSC?
> Source/JavaScriptCore/wasm/WasmBinding.cpp:48
> + GPRReg scratch = wasmCallingConventionAir().prologueScratch(0);
👍🏼
> Source/JavaScriptCore/wasm/WasmMemory.cpp:-442
> - m_memory.resize(m_size, desiredSize);
Seems like this was a bug? Do we have a test?
More information about the webkit-reviews
mailing list