Context Navigation

Changeset 235021 in webkit

Timestamp:

Aug 19, 2018 5:24:47 PM (6 years ago)

Author:

commit-queue@webkit.org

Message:

Workaround is not correct (Requested by yusukesuzuki on
#webkit).

Reverted changeset:

Location:

trunk/Source/JavaScriptCore

Files:

-                      r235018
+                      r235021
+-08-19  Commit Queue  <commit-queue@webkit.org>
+        Unreviewed, rolling out r234852.
+        https://bugs.webkit.org/show_bug.cgi?id=188736
+        Workaround is not correct (Requested by yusukesuzuki on
+        #webkit).
+        Reverted changeset:
+        "[JSC] Should not rotate constant with 64"
+        https://bugs.webkit.org/show_bug.cgi?id=188556
+        https://trac.webkit.org/changeset/234852
 -08-19  Yusuke Suzuki  <yusukesuzuki@slowstart.org>

-                      r234984
+                      r235021
         return shouldBlindPointerForSpecificArch(value);
+    }
-    uint8_t generateRotationSeed(size_t widthInBits)
+    {
-        // Generate the seed in [0, widthInBits). We should not generate widthInBits
-        // since it leads to `<< widthInBits`, which is an undefined behavior.
-        return random() % (widthInBits - 1);
+    }
     struct RotatedImmPtr {
 …
     RotatedImmPtr rotationBlindConstant(ImmPtr imm)
+    {
         uint8_t rotation = generateRotationSeed(sizeof(void*) * 8);
+        uint8_t rotation = random() % (sizeof(void*) * 8);
         uintptr_t value = imm.asTrustedImmPtr().asIntptr();
         value = (value << rotation) | (value >> (sizeof(void*) * 8 - rotation));
 …
     RotatedImm64 rotationBlindConstant(Imm64 imm)
+    {
         uint8_t rotation = generateRotationSeed(sizeof(int64_t) * 8);
+        uint8_t rotation = random() % (sizeof(int64_t) * 8);
         uint64_t value = imm.asTrustedImm64().m_value;
         value = (value << rotation) | (value >> (sizeof(int64_t) * 8 - rotation));

Note: See TracChangeset for help on using the changeset viewer.