[Webkit-unassigned] [Bug 183407] [ARM, MIPS] Enable pointer poisoning also for 32-bit architectures

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 20 06:49:20 PDT 2018


https://bugs.webkit.org/show_bug.cgi?id=183407

--- Comment #4 from Dominik Inf├╝hr <dinfuehr at igalia.com> ---
So thanks for the review! I hope I've incorporated your feedback now, the patch now uses bit 1 as poison mark bit.

I've run all tests on ARM/MIPS with this diff to make sure that no pointer has bit 1 set:

--- a/Source/WTF/wtf/Poisoned.h
+++ b/Source/WTF/wtf/Poisoned.h
@@ -195,7 +195,10 @@ private:
     constexpr static PoisonedBits poison(const Poisoned*, std::nullptr_t) { return 0; }
 #if ENABLE(POISON)
     template<typename U>
-    ALWAYS_INLINE static PoisonedBits poison(const Poisoned* thisPoisoned, U ptr) { return ptr ? bitwise_cast<PoisonedBits>(ptr) ^ Poison::key(thisPoisoned) : 0; }
+    ALWAYS_INLINE static PoisonedBits poison(const Poisoned* thisPoisoned, U ptr) {
+        RELEASE_ASSERT(!(bitwise_cast<PoisonedBits>(ptr) & 0x2));
+        return ptr ? bitwise_cast<PoisonedBits>(ptr) ^ Poison::key(thisPoisoned) : 0;
+    }
     template<typename U = T>
     ALWAYS_INLINE static U unpoison(const Poisoned* thisPoisoned, PoisonedBits poisonedBits) { return poisonedBits ? bitwise_cast<U>(poisonedBits ^ Poison::key(thisPoisoned)) : bitwise_cast<U>(0ll); }
 #else

Not sure whether to add this assertion as ASSERT for JSVALUE32_64.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180420/fbdf30cb/attachment.html>


More information about the webkit-unassigned mailing list