[Webkit-unassigned] [Bug 183407] [ARM, MIPS] Enable pointer poisoning also for 32-bit architectures
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 20 06:49:20 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=183407
--- Comment #4 from Dominik Inführ <dinfuehr at igalia.com> ---
So thanks for the review! I hope I've incorporated your feedback now, the patch now uses bit 1 as poison mark bit.
I've run all tests on ARM/MIPS with this diff to make sure that no pointer has bit 1 set:
--- a/Source/WTF/wtf/Poisoned.h
+++ b/Source/WTF/wtf/Poisoned.h
@@ -195,7 +195,10 @@ private:
constexpr static PoisonedBits poison(const Poisoned*, std::nullptr_t) { return 0; }
#if ENABLE(POISON)
template<typename U>
- ALWAYS_INLINE static PoisonedBits poison(const Poisoned* thisPoisoned, U ptr) { return ptr ? bitwise_cast<PoisonedBits>(ptr) ^ Poison::key(thisPoisoned) : 0; }
+ ALWAYS_INLINE static PoisonedBits poison(const Poisoned* thisPoisoned, U ptr) {
+ RELEASE_ASSERT(!(bitwise_cast<PoisonedBits>(ptr) & 0x2));
+ return ptr ? bitwise_cast<PoisonedBits>(ptr) ^ Poison::key(thisPoisoned) : 0;
+ }
template<typename U = T>
ALWAYS_INLINE static U unpoison(const Poisoned* thisPoisoned, PoisonedBits poisonedBits) { return poisonedBits ? bitwise_cast<U>(poisonedBits ^ Poison::key(thisPoisoned)) : bitwise_cast<U>(0ll); }
#else
Not sure whether to add this assertion as ASSERT for JSVALUE32_64.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180420/fbdf30cb/attachment.html>
More information about the webkit-unassigned
mailing list