WebKit Bugzilla
Attachment 347472 Details for
Bug 188736
: REGRESSION(r234852): Workaround is not correct (Requested by yusukesuzuki on #webkit).
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
ROLLOUT of r234852
bug-188736-20180819202246.patch (text/plain), 2.40 KB, created by
WebKit Commit Bot
on 2018-08-19 17:22:46 PDT
(
hide
)
Description:
ROLLOUT of r234852
Filename:
MIME Type:
Creator:
WebKit Commit Bot
Created:
2018-08-19 17:22:46 PDT
Size:
2.40 KB
patch
obsolete
>Subversion Revision: 235020 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 54d7a35e9ca13d84127da2ab33b06ef9ff37f199..840cdad63060329ff53147998d5408d5d9bf6449 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,17 @@ >+2018-08-19 Commit Queue <commit-queue@webkit.org> >+ >+ Unreviewed, rolling out r234852. >+ https://bugs.webkit.org/show_bug.cgi?id=188736 >+ >+ Workaround is not correct (Requested by yusukesuzuki on >+ #webkit). >+ >+ Reverted changeset: >+ >+ "[JSC] Should not rotate constant with 64" >+ https://bugs.webkit.org/show_bug.cgi?id=188556 >+ https://trac.webkit.org/changeset/234852 >+ > 2018-08-19 Yusuke Suzuki <yusukesuzuki@slowstart.org> > > [WTF] Add WTF::unalignedLoad and WTF::unalignedStore >diff --git a/Source/JavaScriptCore/assembler/MacroAssembler.h b/Source/JavaScriptCore/assembler/MacroAssembler.h >index 625b1123f53fa168d4fe14c7c802e505ff0c2b1d..adbac90c7beab53398d17a6fbae83255470c8587 100644 >--- a/Source/JavaScriptCore/assembler/MacroAssembler.h >+++ b/Source/JavaScriptCore/assembler/MacroAssembler.h >@@ -1290,13 +1290,6 @@ public: > > return shouldBlindPointerForSpecificArch(value); > } >- >- uint8_t generateRotationSeed(size_t widthInBits) >- { >- // Generate the seed in [0, widthInBits). We should not generate widthInBits >- // since it leads to `<< widthInBits`, which is an undefined behavior. >- return random() % (widthInBits - 1); >- } > > struct RotatedImmPtr { > RotatedImmPtr(uintptr_t v1, uint8_t v2) >@@ -1310,7 +1303,7 @@ public: > > RotatedImmPtr rotationBlindConstant(ImmPtr imm) > { >- uint8_t rotation = generateRotationSeed(sizeof(void*) * 8); >+ uint8_t rotation = random() % (sizeof(void*) * 8); > uintptr_t value = imm.asTrustedImmPtr().asIntptr(); > value = (value << rotation) | (value >> (sizeof(void*) * 8 - rotation)); > return RotatedImmPtr(value, rotation); >@@ -1378,7 +1371,7 @@ public: > > RotatedImm64 rotationBlindConstant(Imm64 imm) > { >- uint8_t rotation = generateRotationSeed(sizeof(int64_t) * 8); >+ uint8_t rotation = random() % (sizeof(int64_t) * 8); > uint64_t value = imm.asTrustedImm64().m_value; > value = (value << rotation) | (value >> (sizeof(int64_t) * 8 - rotation)); > return RotatedImm64(value, rotation);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=347472">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 188736
: 347472