Changeset 225437 in webkit


Ignore:
Timestamp:
Dec 1, 2017 5:12:48 PM (6 years ago)
Author:
mark.lam@apple.com
Message:

Let's scramble ClassInfo pointers in cells.
https://bugs.webkit.org/show_bug.cgi?id=180291
<rdar://problem/35807620>

Reviewed by JF Bastien.

Source/JavaScriptCore:

  • API/JSCallbackObject.h:
  • API/JSObjectRef.cpp:

(classInfoPrivate):

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • assembler/MacroAssemblerCodeRef.cpp:

(JSC::MacroAssemblerCodePtr::initialize): Deleted.

  • assembler/MacroAssemblerCodeRef.h:

(JSC::MacroAssemblerCodePtr:: const):
(JSC::MacroAssemblerCodePtr::hash const):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::compileCheckSubClass):
(JSC::DFG::SpeculativeJIT::compileNewStringObject):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject):
(JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):

  • jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::emitAllocateDestructibleObject):

  • jit/SpecializedThunkJIT.h:

(JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):

  • runtime/InitializeThreading.cpp:

(JSC::initializeThreading):

  • runtime/JSCScrambledPtr.cpp: Added.

(JSC::initializeScrambledPtrKeys):

  • runtime/JSCScrambledPtr.h: Added.
  • runtime/JSDestructibleObject.h:

(JSC::JSDestructibleObject::classInfo const):

  • runtime/JSSegmentedVariableObject.h:

(JSC::JSSegmentedVariableObject::classInfo const):

  • runtime/Structure.h:
  • runtime/VM.h:

Source/WTF:

  • wtf/ScrambledPtr.h:

(WTF::ScrambledPtr::descrambled const):
(WTF::ScrambledPtr::bits const):
(WTF::ScrambledPtr::operator==):
(WTF::ScrambledPtr::operator=):
(WTF::ScrambledPtr::scramble):
(WTF::ScrambledPtr::descramble):
(WTF::ScrambledPtr:: const): Deleted.
(WTF::ScrambledPtr::scrambledBits const): Deleted.

Location:
trunk/Source
Files:
2 added
18 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/API/JSCallbackObject.h

    r221822 r225437  
    2828#define JSCallbackObject_h
    2929
     30#include "JSCScrambledPtr.h"
    3031#include "JSObjectRef.h"
    3132#include "JSValueRef.h"
     
    234235
    235236    std::unique_ptr<JSCallbackObjectData> m_callbackObjectData;
    236     const ClassInfo* m_classInfo;
     237    ClassInfoScrambledPtr m_classInfo;
    237238};
    238239
  • trunk/Source/JavaScriptCore/API/JSObjectRef.cpp

    r224309 r225437  
    432432        return jsObject->classInfo(vm);
    433433
    434     return vm.currentlyDestructingCallbackObjectClassInfo;
     434    return vm.currentlyDestructingCallbackObjectClassInfo.descrambled();
    435435}
    436436
  • trunk/Source/JavaScriptCore/ChangeLog

    r225425 r225437  
     12017-12-01  Mark Lam  <mark.lam@apple.com>
     2
     3        Let's scramble ClassInfo pointers in cells.
     4        https://bugs.webkit.org/show_bug.cgi?id=180291
     5        <rdar://problem/35807620>
     6
     7        Reviewed by JF Bastien.
     8
     9        * API/JSCallbackObject.h:
     10        * API/JSObjectRef.cpp:
     11        (classInfoPrivate):
     12        * JavaScriptCore.xcodeproj/project.pbxproj:
     13        * Sources.txt:
     14        * assembler/MacroAssemblerCodeRef.cpp:
     15        (JSC::MacroAssemblerCodePtr::initialize): Deleted.
     16        * assembler/MacroAssemblerCodeRef.h:
     17        (JSC::MacroAssemblerCodePtr:: const):
     18        (JSC::MacroAssemblerCodePtr::hash const):
     19        * dfg/DFGSpeculativeJIT.cpp:
     20        (JSC::DFG::SpeculativeJIT::checkArray):
     21        (JSC::DFG::SpeculativeJIT::compileCheckSubClass):
     22        (JSC::DFG::SpeculativeJIT::compileNewStringObject):
     23        * ftl/FTLLowerDFGToB3.cpp:
     24        (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject):
     25        (JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass):
     26        * jit/AssemblyHelpers.h:
     27        (JSC::AssemblyHelpers::emitAllocateDestructibleObject):
     28        * jit/SpecializedThunkJIT.h:
     29        (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass):
     30        * runtime/InitializeThreading.cpp:
     31        (JSC::initializeThreading):
     32        * runtime/JSCScrambledPtr.cpp: Added.
     33        (JSC::initializeScrambledPtrKeys):
     34        * runtime/JSCScrambledPtr.h: Added.
     35        * runtime/JSDestructibleObject.h:
     36        (JSC::JSDestructibleObject::classInfo const):
     37        * runtime/JSSegmentedVariableObject.h:
     38        (JSC::JSSegmentedVariableObject::classInfo const):
     39        * runtime/Structure.h:
     40        * runtime/VM.h:
     41
    1422017-12-01  Brian Burg  <bburg@apple.com>
    243
  • trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

    r225314 r225437  
    17161716                FE20CE9E15F04A9500DF3430 /* LLIntCLoop.h in Headers */ = {isa = PBXBuildFile; fileRef = FE20CE9C15F04A9500DF3430 /* LLIntCLoop.h */; settings = {ATTRIBUTES = (Private, ); }; };
    17171717                FE2A87601F02381600EB31B2 /* MinimumReservedZoneSize.h in Headers */ = {isa = PBXBuildFile; fileRef = FE2A875F1F02381600EB31B2 /* MinimumReservedZoneSize.h */; };
     1718                FE2B0B691FD227E00075DA5F /* JSCScrambledPtr.h in Headers */ = {isa = PBXBuildFile; fileRef = FE2B0B671FD0D2960075DA5F /* JSCScrambledPtr.h */; settings = {ATTRIBUTES = (Private, ); }; };
    17181719                FE3022D31E3D73A500BAC493 /* SigillCrashAnalyzer.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3022D11E3D739600BAC493 /* SigillCrashAnalyzer.h */; settings = {ATTRIBUTES = (Private, ); }; };
    17191720                FE3022D71E42857300BAC493 /* VMInspector.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3022D51E42856700BAC493 /* VMInspector.h */; };
     
    45854586                FE20CE9C15F04A9500DF3430 /* LLIntCLoop.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = LLIntCLoop.h; path = llint/LLIntCLoop.h; sourceTree = "<group>"; };
    45864587                FE2A875F1F02381600EB31B2 /* MinimumReservedZoneSize.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MinimumReservedZoneSize.h; sourceTree = "<group>"; };
     4588                FE2B0B671FD0D2960075DA5F /* JSCScrambledPtr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSCScrambledPtr.h; sourceTree = "<group>"; };
     4589                FE2B0B681FD0D2970075DA5F /* JSCScrambledPtr.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSCScrambledPtr.cpp; sourceTree = "<group>"; };
    45874590                FE2E6A7A1D6EA5FE0060F896 /* ThrowScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ThrowScope.cpp; sourceTree = "<group>"; };
    45884591                FE3022D01E3D739600BAC493 /* SigillCrashAnalyzer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SigillCrashAnalyzer.cpp; sourceTree = "<group>"; };
     
    65206523                                14ABB36E099C076400E2A24F /* JSCJSValue.h */,
    65216524                                865A30F0135007E100CDB49E /* JSCJSValueInlines.h */,
     6525                                FE2B0B681FD0D2970075DA5F /* JSCScrambledPtr.cpp */,
     6526                                FE2B0B671FD0D2960075DA5F /* JSCScrambledPtr.h */,
    65226527                                72AAF7CB1D0D318B005E60BE /* JSCustomGetterSetterFunction.cpp */,
    65236528                                72AAF7CC1D0D318B005E60BE /* JSCustomGetterSetterFunction.h */,
     
    81298134                                0F37308D1C0BD29100052BFA /* B3PhiChildren.h in Headers */,
    81308135                                0FEC852C1BDACDAC0080FF74 /* B3Procedure.h in Headers */,
     8136                                FE2B0B691FD227E00075DA5F /* JSCScrambledPtr.h in Headers */,
    81318137                                0FEC852D1BDACDAC0080FF74 /* B3ProcedureInlines.h in Headers */,
    81328138                                0F725CAA1C503DED00AD943A /* B3PureCSE.h in Headers */,
  • trunk/Source/JavaScriptCore/Sources.txt

    r225314 r225437  
    770770runtime/JSBoundFunction.cpp
    771771runtime/JSCJSValue.cpp
     772runtime/JSCScrambledPtr.cpp
    772773runtime/JSCallee.cpp
    773774runtime/JSCell.cpp
  • trunk/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.cpp

    r225363 r225437  
    3333
    3434namespace JSC {
    35 
    36 uintptr_t g_masmScrambledPtrKey;
    37 
    38 void MacroAssemblerCodePtr::initialize()
    39 {
    40     static std::once_flag initializeOnceFlag;
    41     std::call_once(initializeOnceFlag, [] {
    42         g_masmScrambledPtrKey = makeScrambledPtrKey();
    43     });
    44 }
    4535
    4636MacroAssemblerCodePtr MacroAssemblerCodePtr::createLLIntCodePtr(OpcodeID codeId)
  • trunk/Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h

    r225363 r225437  
    2727
    2828#include "ExecutableAllocator.h"
     29#include "JSCScrambledPtr.h"
    2930#include <wtf/DataLog.h>
    3031#include <wtf/PrintStream.h>
    3132#include <wtf/RefPtr.h>
    32 #include <wtf/ScrambledPtr.h>
    3333#include <wtf/text/CString.h>
    3434
     
    5252namespace JSC {
    5353
    54 extern "C" JS_EXPORTDATA uintptr_t g_masmScrambledPtrKey;
    55 
    56 using MasmScrambledPtr = ScrambledPtr<g_masmScrambledPtrKey>;
    57 
    5854class MacroAssemblerCodePtr;
    5955
     
    324320    {
    325321        m_value.assertIsScrambled();
    326         return m_value ? m_value.descramble<T>() : static_cast<T>(0);
     322        return m_value ? m_value.descrambled<T>() : static_cast<T>(0);
    327323    }
    328324#if CPU(ARM_THUMB2)
     
    333329        m_value.assertIsScrambled();
    334330        ASSERT_VALID_CODE_POINTER(m_value);
    335         return bitwise_cast<T>(m_value ? m_value.descramble<char*>() - 1 : nullptr);
     331        return bitwise_cast<T>(m_value ? m_value.descrambled<char*>() - 1 : nullptr);
    336332    }
    337333#else
     
    341337        m_value.assertIsScrambled();
    342338        ASSERT_VALID_CODE_POINTER(m_value);
    343         return m_value ? m_value.descramble<T>() : static_cast<T>(0);
     339        return m_value ? m_value.descrambled<T>() : static_cast<T>(0);
    344340    }
    345341#endif
     
    389385    bool isDeletedValue() const { return m_value == deletedValue(); }
    390386
    391     unsigned hash() const { return IntHash<uintptr_t>::hash(m_value.scrambledBits()); }
     387    unsigned hash() const { return IntHash<uintptr_t>::hash(m_value.bits()); }
    392388
    393389    static void initialize();
  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

    r225363 r225437  
    869869            MacroAssembler::NotEqual,
    870870            MacroAssembler::Address(temp.gpr(), Structure::classInfoOffset()),
    871             TrustedImmPtr(expectedClassInfo)));
    872    
     871            TrustedImmPtr(ClassInfoScrambledPtr(expectedClassInfo).bits())));
     872
    873873    noResult(m_currentNode);
    874874}
     
    87068706        m_jit.emitLoadStructure(*m_jit.vm(), baseGPR, otherGPR, specifiedGPR);
    87078707        m_jit.loadPtr(CCallHelpers::Address(otherGPR, Structure::classInfoOffset()), otherGPR);
     8708#if USE(JSVALUE64)
     8709        m_jit.move(CCallHelpers::TrustedImm64(g_classInfoScrambledPtrKey), specifiedGPR);
     8710        m_jit.xor64(specifiedGPR, otherGPR);
     8711#endif
    87088712        m_jit.move(CCallHelpers::TrustedImmPtr(node->classInfo()), specifiedGPR);
    87098713
     
    90009004   
    90019005    m_jit.storePtr(
    9002         TrustedImmPtr(StringObject::info()),
     9006        TrustedImmPtr(ClassInfoScrambledPtr(StringObject::info()).bits()),
    90039007        JITCompiler::Address(resultGPR, JSDestructibleObject::classInfoOffset()));
    90049008#if USE(JSVALUE64)
  • trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

    r225385 r225437  
    50115011
    50125012        LValue fastResultValue = allocateObject<StringObject>(structure, m_out.intPtrZero, slowCase);
    5013         m_out.storePtr(m_out.constIntPtr(StringObject::info()), fastResultValue, m_heaps.JSDestructibleObject_classInfo);
     5013        m_out.storePtr(m_out.constIntPtr(ClassInfoScrambledPtr(StringObject::info()).bits()), fastResultValue, m_heaps.JSDestructibleObject_classInfo);
    50145014        m_out.store64(string, fastResultValue, m_heaps.JSWrapperObject_internalValue);
    50155015        mutatorFence();
     
    1116111161
    1116211162            LValue structure = loadStructure(cell);
    11163             ValueFromBlock otherAtStart = m_out.anchor(m_out.loadPtr(structure, m_heaps.Structure_classInfo));
     11163            LValue scrambledClassInfo = m_out.loadPtr(structure, m_heaps.Structure_classInfo);
     11164            LValue classInfo = m_out.bitXor(scrambledClassInfo, m_out.constInt64(g_classInfoScrambledPtrKey));
     11165            ValueFromBlock otherAtStart = m_out.anchor(classInfo);
    1116411166            m_out.jump(loop);
    1116511167
  • trunk/Source/JavaScriptCore/jit/AssemblyHelpers.h

    r225314 r225437  
    16261626    {
    16271627        emitAllocateJSObject<ClassType>(vm, resultGPR, TrustedImmPtr(structure), TrustedImmPtr(0), scratchGPR1, scratchGPR2, slowPath);
    1628         storePtr(TrustedImmPtr(structure->classInfo()), Address(resultGPR, JSDestructibleObject::classInfoOffset()));
     1628        storePtr(TrustedImmPtr(ClassInfoScrambledPtr(structure->classInfo()).bits()), Address(resultGPR, JSDestructibleObject::classInfoOffset()));
    16291629    }
    16301630   
  • trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h

    r214571 r225437  
    11/*
    2  * Copyright (C) 2010, 2016 Apple Inc. All rights reserved.
     2 * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    7878            loadCellArgument(argument, dst);
    7979            emitLoadStructure(*vm(), dst, scratch, dst);
    80             appendFailure(branchPtr(NotEqual, Address(scratch, Structure::classInfoOffset()), TrustedImmPtr(classInfo)));
     80            appendFailure(branchPtr(NotEqual, Address(scratch, Structure::classInfoOffset()), TrustedImmPtr(ClassInfoScrambledPtr(classInfo).bits())));
    8181            // We have to reload the argument since emitLoadStructure clobbered it.
    8282            loadCellArgument(argument, dst);
  • trunk/Source/JavaScriptCore/runtime/InitializeThreading.cpp

    r225363 r225437  
    11/*
    2  * Copyright (C) 2008, 2015-2017 Apple Inc. All rights reserved.
     2 * Copyright (C) 2008-2017 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    6060    std::call_once(initializeThreadingOnceFlag, []{
    6161        WTF::initializeThreading();
    62         MacroAssemblerCodePtr::initialize();
     62        initializeScrambledPtrKeys();
    6363        Options::initialize();
    6464#if ENABLE(WRITE_BARRIER_PROFILING)
  • trunk/Source/JavaScriptCore/runtime/JSDestructibleObject.h

    r225314 r225437  
    4444    }
    4545
    46     const ClassInfo* classInfo() const { return m_classInfo; }
     46    const ClassInfo* classInfo() const { return m_classInfo.descrambled(); }
    4747   
    4848    static ptrdiff_t classInfoOffset() { return OBJECT_OFFSETOF(JSDestructibleObject, m_classInfo); }
     
    5757
    5858private:
    59     const ClassInfo* m_classInfo;
     59    ClassInfoScrambledPtr m_classInfo;
    6060};
    6161
  • trunk/Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h

    r225314 r225437  
    9595    }
    9696   
    97     const ClassInfo* classInfo() const { return m_classInfo; }
     97    const ClassInfo* classInfo() const { return m_classInfo.descrambled(); }
    9898   
    9999protected:
     
    108108    ConcurrentJSLock m_lock;
    109109    bool m_alreadyDestroyed { false }; // We use these assertions to check that we aren't doing ancient hacks that result in this being destroyed more than once.
    110     const ClassInfo* m_classInfo;
     110    ClassInfoScrambledPtr m_classInfo;
    111111};
    112112
  • trunk/Source/JavaScriptCore/runtime/Structure.h

    r223715 r225437  
    11/*
    2  * Copyright (C) 2008, 2009, 2012-2016 Apple Inc. All rights reserved.
     2 * Copyright (C) 2008-2017 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    469469    void setObjectToStringValue(ExecState*, VM&, JSString* value, PropertySlot toStringTagSymbolSlot);
    470470
    471     const ClassInfo* classInfo() const { return m_classInfo; }
     471    const ClassInfo* classInfo() const { return m_classInfo.descrambled(); }
    472472
    473473    static ptrdiff_t structureIDOffset()
     
    799799    RefPtr<UniquedStringImpl> m_nameInPrevious;
    800800
    801     const ClassInfo* m_classInfo;
     801    ClassInfoScrambledPtr m_classInfo;
    802802
    803803    StructureTransitionTable m_transitionTable;
  • trunk/Source/JavaScriptCore/runtime/VM.h

    r225314 r225437  
    415415   
    416416    JSCell* currentlyDestructingCallbackObject;
    417     const ClassInfo* currentlyDestructingCallbackObjectClassInfo;
     417    ClassInfoScrambledPtr currentlyDestructingCallbackObjectClassInfo;
    418418
    419419    AtomicStringTable* m_atomicStringTable;
  • trunk/Source/WTF/ChangeLog

    r225430 r225437  
     12017-12-01  Mark Lam  <mark.lam@apple.com>
     2
     3        Let's scramble ClassInfo pointers in cells.
     4        https://bugs.webkit.org/show_bug.cgi?id=180291
     5        <rdar://problem/35807620>
     6
     7        Reviewed by JF Bastien.
     8
     9        * wtf/ScrambledPtr.h:
     10        (WTF::ScrambledPtr::descrambled const):
     11        (WTF::ScrambledPtr::bits const):
     12        (WTF::ScrambledPtr::operator==):
     13        (WTF::ScrambledPtr::operator=):
     14        (WTF::ScrambledPtr::scramble):
     15        (WTF::ScrambledPtr::descramble):
     16        (WTF::ScrambledPtr:: const): Deleted.
     17        (WTF::ScrambledPtr::scrambledBits const): Deleted.
     18
    1192017-12-01  Christopher Reid  <chris.reid@sony.com>
    220
  • trunk/Source/WTF/wtf/ScrambledPtr.h

    r225363 r225437  
    4141using ScrambledPtrBits = uintptr_t;
    4242
    43 template<uintptr_t& key>
     43template<typename T, uintptr_t& key, typename = std::enable_if_t<std::is_pointer<T>::value>>
    4444class ScrambledPtr {
    4545public:
    4646    ScrambledPtr() { }
    4747
    48     template<typename T, typename = typename std::enable_if<std::is_pointer<T>::value>::type>
    4948    explicit ScrambledPtr(T ptr)
    5049        : m_scrambledBits(scramble(ptr))
     
    6261
    6362#if ENABLE(SCRAMBLED_PTR_ASSERTS)
    64     template<typename T = void*>
    65     static bool isScrambled(T value) { return !value || (reinterpret_cast<uintptr_t>(value) & 0xffff000000000000); }
    66     template<typename T = void*>
    67     static void assertIsScrambled(T value) { RELEASE_ASSERT(isScrambled(value)); }
    68     template<typename T = void*>
    69     static void assertIsNotScrambled(T value) { RELEASE_ASSERT(!isScrambled(value)); }
     63    template<typename U = void*>
     64    static bool isScrambled(U value) { return !value || (reinterpret_cast<uintptr_t>(value) & 0xffff000000000000); }
     65    template<typename U = void*>
     66    static void assertIsScrambled(U value) { RELEASE_ASSERT(isScrambled(value)); }
     67    template<typename U = void*>
     68    static void assertIsNotScrambled(U value) { RELEASE_ASSERT(!isScrambled(value)); }
    7069#else
    71     template<typename T = void*> static void assertIsScrambled(T) { }
    72     template<typename T = void*> static void assertIsNotScrambled(T) { }
     70    template<typename U = void*> static void assertIsScrambled(U) { }
     71    template<typename U = void*> static void assertIsNotScrambled(U) { }
    7372#endif
    7473    void assertIsScrambled() const { assertIsScrambled(m_scrambledBits); }
    7574    void assertIsNotScrambled() const { assertIsNotScrambled(m_scrambledBits); }
    7675
    77     template<typename T = void*>
    78     T descramble() const { return descramble<T>(m_scrambledBits); }
     76    template<typename U = T>
     77    U descrambled() const { return descramble<U>(m_scrambledBits); }
    7978
    80     template<typename T, typename = typename std::enable_if<std::is_pointer<T>::value>::type>
    8179    ALWAYS_INLINE T operator->() const { return descramble<T>(m_scrambledBits); }
    8280
    83     ScrambledPtrBits scrambledBits() const { return m_scrambledBits; }
     81    template<typename U = ScrambledPtrBits>
     82    U bits() const { return bitwise_cast<U>(m_scrambledBits); }
    8483
    8584    bool operator!() const { return !m_scrambledBits; }
     
    9493    bool operator==(const PtrType b)
    9594    {
    96         return descramble<PtrType>() == b;
     95        return descrambled<PtrType>() == b;
    9796    }
     97
     98    ScrambledPtr& operator=(T ptr)
     99    {
     100        m_scrambledBits = ptr ? scramble(ptr) : 0;
     101        return *this;
     102    }
     103    ScrambledPtr& operator=(const ScrambledPtr&) = default;
    98104
    99105private:
    100106#if USE(JSVALUE64)
    101     template<typename T>
    102     ALWAYS_INLINE static ScrambledPtrBits scramble(T ptr) { return bitwise_cast<ScrambledPtrBits>(ptr) ^ key; }
    103     template<typename T>
    104     ALWAYS_INLINE static T descramble(ScrambledPtrBits scrambledBits) { return bitwise_cast<T>(scrambledBits ^ key); }
     107    template<typename U>
     108    ALWAYS_INLINE static ScrambledPtrBits scramble(U ptr) { return bitwise_cast<ScrambledPtrBits>(ptr) ^ key; }
     109    template<typename U>
     110    ALWAYS_INLINE static U descramble(ScrambledPtrBits scrambledBits) { return bitwise_cast<U>(scrambledBits ^ key); }
    105111#else
    106     template<typename T>
    107     ALWAYS_INLINE static ScrambledPtrBits scramble(T ptr) { return bitwise_cast<ScrambledPtrBits>(ptr); }
    108     template<typename T>
    109     ALWAYS_INLINE static T descramble(ScrambledPtrBits scrambledBits) { return bitwise_cast<T>(scrambledBits); }
     112    template<typename U>
     113    ALWAYS_INLINE static ScrambledPtrBits scramble(U ptr) { return bitwise_cast<ScrambledPtrBits>(ptr); }
     114    template<typename U>
     115    ALWAYS_INLINE static U descramble(ScrambledPtrBits scrambledBits) { return bitwise_cast<U>(scrambledBits); }
    110116#endif
    111117
Note: See TracChangeset for help on using the changeset viewer.