[Webkit-unassigned] [Bug 176669] [JSC] Fold gigacage address into 32bit

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=176669

Yusuke Suzuki <utatane.tea at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #3 from Yusuke Suzuki <utatane.tea at gmail.com> ---
(In reply to Filip Pizlo from comment #2)
> Also, I want cage size to be tunable. We do not want to become married to a
> 32GB size limit.

(In reply to Filip Pizlo from comment #1)
> (In reply to Yusuke Suzuki from comment #0)
> > We access caged area by doing `base + (target & mask)`.
> > At that time, target is 64bit pointer.
> > 
> > This is rough idea: If we can discard alignment part we can make this target
> > address within 32bit.
> > If the memory area is 8byte aligned, our 32bit offset can represent 32GB (4
> > * 8), which matches to the current gigacage area.
> > Computation becomes like, `base + (target << alignment)`.
> 
> Caging relies on the fact that it’s an identity operation for valid
> pointers. This breaks that property. I suggest not doing this.

That sounds reasonable.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171002/1972460d/attachment-0001.html>