WebKit Bugzilla
Attachment 360828 Details for
Bug 194138
: Remove remaining poisoning code.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch.
bug-194138.patch (text/plain), 265.20 KB, created by
Mark Lam
on 2019-01-31 21:04:42 PST
(
hide
)
Description:
proposed patch.
Filename:
MIME Type:
Creator:
Mark Lam
Created:
2019-01-31 21:04:42 PST
Size:
265.20 KB
patch
obsolete
>Index: Source/JavaScriptCore/ChangeLog >=================================================================== >--- Source/JavaScriptCore/ChangeLog (revision 240833) >+++ Source/JavaScriptCore/ChangeLog (working copy) >@@ -1,3 +1,154 @@ >+2019-01-31 Mark Lam <mark.lam@apple.com> >+ >+ Remove poisoning everywhere. >+ https://bugs.webkit.org/show_bug.cgi?id=194138 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * API/JSAPIWrapperObject.h: >+ (JSC::JSAPIWrapperObject::wrappedObject): >+ * API/JSCallbackFunction.h: >+ * API/JSCallbackObject.h: >+ * API/JSObjectRef.cpp: >+ (classInfoPrivate): >+ * CMakeLists.txt: >+ * JavaScriptCore.xcodeproj/project.pbxproj: >+ * Sources.txt: >+ * UnifiedSources-input.xcfilelist: >+ * assembler/MacroAssemblerCodeRef.h: >+ (JSC::FunctionPtr::FunctionPtr): >+ (JSC::FunctionPtr::executableAddress const): >+ (JSC::FunctionPtr::retaggedExecutableAddress const): >+ (JSC::ReturnAddressPtr::ReturnAddressPtr): >+ (JSC::ReturnAddressPtr::value const): >+ (JSC::MacroAssemblerCodePtr::MacroAssemblerCodePtr): >+ (JSC::MacroAssemblerCodePtr::createFromExecutableAddress): >+ (JSC::MacroAssemblerCodePtr:: const): >+ (JSC::MacroAssemblerCodePtr::operator! const): >+ (JSC::MacroAssemblerCodePtr::operator== const): >+ (JSC::MacroAssemblerCodePtr::emptyValue): >+ (JSC::MacroAssemblerCodePtr::deletedValue): >+ (JSC::FunctionPtr<tag>::FunctionPtr): >+ (JSC::MacroAssemblerCodePtr::poisonedPtr const): Deleted. >+ * b3/B3LowerMacros.cpp: >+ * b3/testb3.cpp: >+ (JSC::B3::testInterpreter): >+ * bytecode/AccessCase.cpp: >+ (JSC::AccessCase::generateWithGuard): >+ * dfg/DFGOSRExitCompilerCommon.h: >+ (JSC::DFG::adjustFrameAndStackInOSRExitCompilerThunk): >+ * dfg/DFGSpeculativeJIT.cpp: >+ (JSC::DFG::SpeculativeJIT::compileGetByValOnScopedArguments): >+ (JSC::DFG::SpeculativeJIT::compileGetArrayLength): >+ (JSC::DFG::SpeculativeJIT::compileNewFunctionCommon): >+ (JSC::DFG::SpeculativeJIT::compileCheckSubClass): >+ (JSC::DFG::SpeculativeJIT::compileNewStringObject): >+ (JSC::DFG::SpeculativeJIT::emitSwitchIntJump): >+ (JSC::DFG::SpeculativeJIT::compileGetExecutable): >+ (JSC::DFG::SpeculativeJIT::compileCreateThis): >+ * dfg/DFGSpeculativeJIT.h: >+ (JSC::DFG::SpeculativeJIT::TrustedImmPtr::weakPoisonedPointer): Deleted. >+ * ftl/FTLLowerDFGToB3.cpp: >+ (JSC::FTL::DFG::LowerDFGToB3::compileGetExecutable): >+ (JSC::FTL::DFG::LowerDFGToB3::compileGetArrayLength): >+ (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal): >+ (JSC::FTL::DFG::LowerDFGToB3::compileNewFunction): >+ (JSC::FTL::DFG::LowerDFGToB3::compileNewStringObject): >+ (JSC::FTL::DFG::LowerDFGToB3::compileCheckSubClass): >+ (JSC::FTL::DFG::LowerDFGToB3::dynamicPoison): Deleted. >+ (JSC::FTL::DFG::LowerDFGToB3::dynamicPoisonOnLoadedType): Deleted. >+ (JSC::FTL::DFG::LowerDFGToB3::dynamicPoisonOnType): Deleted. >+ (JSC::FTL::DFG::LowerDFGToB3::weakPoisonedPointer): Deleted. >+ * ftl/FTLOutput.h: >+ (JSC::FTL::Output::weakPoisonedPointer): Deleted. >+ * jit/AssemblyHelpers.cpp: >+ (JSC::AssemblyHelpers::emitDynamicPoison): Deleted. >+ (JSC::AssemblyHelpers::emitDynamicPoisonOnLoadedType): Deleted. >+ (JSC::AssemblyHelpers::emitDynamicPoisonOnType): Deleted. >+ * jit/AssemblyHelpers.h: >+ (JSC::AssemblyHelpers::emitAllocateDestructibleObject): >+ * jit/JITOpcodes.cpp: >+ (JSC::JIT::emit_op_create_this): >+ * jit/JITPropertyAccess.cpp: >+ (JSC::JIT::emitScopedArgumentsGetByVal): >+ * jit/Repatch.cpp: >+ (JSC::linkPolymorphicCall): >+ * jit/SpecializedThunkJIT.h: >+ (JSC::SpecializedThunkJIT::loadArgumentWithSpecificClass): >+ * jit/ThunkGenerators.cpp: >+ (JSC::virtualThunkFor): >+ (JSC::nativeForGenerator): >+ (JSC::boundThisNoArgsFunctionCallGenerator): >+ * parser/UnlinkedSourceCode.h: >+ * runtime/ArrayPrototype.h: >+ * runtime/CustomGetterSetter.h: >+ (JSC::CustomGetterSetter::getter const): >+ (JSC::CustomGetterSetter::setter const): >+ * runtime/DateInstance.h: >+ * runtime/InitializeThreading.cpp: >+ (JSC::initializeThreading): >+ * runtime/InternalFunction.cpp: >+ (JSC::InternalFunction::getCallData): >+ (JSC::InternalFunction::getConstructData): >+ * runtime/InternalFunction.h: >+ (JSC::InternalFunction::nativeFunctionFor): >+ * runtime/JSArrayBuffer.h: >+ * runtime/JSBoundFunction.h: >+ * runtime/JSCPoison.cpp: Removed. >+ * runtime/JSCPoison.h: Removed. >+ * runtime/JSDestructibleObject.h: >+ (JSC::JSDestructibleObject::classInfo const): >+ * runtime/JSFunction.h: >+ * runtime/JSGlobalObject.h: >+ * runtime/JSScriptFetchParameters.h: >+ * runtime/JSScriptFetcher.h: >+ * runtime/JSSegmentedVariableObject.h: >+ (JSC::JSSegmentedVariableObject::classInfo const): >+ * runtime/JSString.h: >+ * runtime/NativeExecutable.h: >+ * runtime/Options.h: >+ * runtime/ScopedArguments.h: >+ * runtime/Structure.cpp: >+ (JSC::StructureTransitionTable::setSingleTransition): >+ * runtime/Structure.h: >+ * runtime/StructureTransitionTable.h: >+ (JSC::StructureTransitionTable::map const): >+ (JSC::StructureTransitionTable::weakImpl const): >+ (JSC::StructureTransitionTable::setMap): >+ * runtime/VM.h: >+ * runtime/WriteBarrier.h: >+ * wasm/WasmB3IRGenerator.cpp: >+ (JSC::Wasm::B3IRGenerator::addCall): >+ (JSC::Wasm::B3IRGenerator::addCallIndirect): >+ * wasm/WasmBinding.cpp: >+ (JSC::Wasm::wasmToWasm): >+ * wasm/WasmInstance.h: >+ * wasm/js/JSToWasm.cpp: >+ (JSC::Wasm::createJSToWasmWrapper): >+ * wasm/js/JSWebAssemblyCodeBlock.h: >+ * wasm/js/JSWebAssemblyInstance.cpp: >+ (JSC::JSWebAssemblyInstance::JSWebAssemblyInstance): >+ (JSC::JSWebAssemblyInstance::visitChildren): >+ * wasm/js/JSWebAssemblyInstance.h: >+ * wasm/js/JSWebAssemblyMemory.h: >+ * wasm/js/JSWebAssemblyModule.h: >+ * wasm/js/JSWebAssemblyTable.cpp: >+ (JSC::JSWebAssemblyTable::JSWebAssemblyTable): >+ (JSC::JSWebAssemblyTable::grow): >+ (JSC::JSWebAssemblyTable::clearFunction): >+ * wasm/js/JSWebAssemblyTable.h: >+ * wasm/js/WasmToJS.cpp: >+ (JSC::Wasm::materializeImportJSCell): >+ (JSC::Wasm::handleBadI64Use): >+ (JSC::Wasm::wasmToJS): >+ * wasm/js/WebAssemblyFunctionBase.h: >+ * wasm/js/WebAssemblyModuleRecord.cpp: >+ (JSC::WebAssemblyModuleRecord::link): >+ (JSC::WebAssemblyModuleRecord::evaluate): >+ * wasm/js/WebAssemblyModuleRecord.h: >+ * wasm/js/WebAssemblyToJSCallee.h: >+ * wasm/js/WebAssemblyWrapperFunction.h: >+ > 2019-01-31 Mark Lam <mark.lam@apple.com> > > Remove poisoning from CodeBlock and LLInt code. >Index: Source/JavaScriptCore/CMakeLists.txt >=================================================================== >--- Source/JavaScriptCore/CMakeLists.txt (revision 240833) >+++ Source/JavaScriptCore/CMakeLists.txt (working copy) >@@ -819,7 +819,6 @@ set(JavaScriptCore_PRIVATE_FRAMEWORK_HEA > runtime/JSCInlines.h > runtime/JSCJSValue.h > runtime/JSCJSValueInlines.h >- runtime/JSCPoison.h > runtime/JSCPtrTag.h > runtime/JSCallee.h > runtime/JSCast.h >Index: Source/JavaScriptCore/Sources.txt >=================================================================== >--- Source/JavaScriptCore/Sources.txt (revision 240833) >+++ Source/JavaScriptCore/Sources.txt (working copy) >@@ -801,7 +801,6 @@ runtime/JSAsyncGeneratorFunction.cpp > runtime/JSBigInt.cpp > runtime/JSBoundFunction.cpp > runtime/JSCJSValue.cpp >-runtime/JSCPoison.cpp > runtime/JSCallee.cpp > runtime/JSCell.cpp > runtime/JSCustomGetterSetterFunction.cpp >Index: Source/JavaScriptCore/UnifiedSources-input.xcfilelist >=================================================================== >--- Source/JavaScriptCore/UnifiedSources-input.xcfilelist (revision 240833) >+++ Source/JavaScriptCore/UnifiedSources-input.xcfilelist (working copy) >@@ -768,7 +768,6 @@ $(SRCROOT)/runtime/JSAsyncGeneratorFunct > $(SRCROOT)/runtime/JSBigInt.cpp > $(SRCROOT)/runtime/JSBoundFunction.cpp > $(SRCROOT)/runtime/JSCJSValue.cpp >-$(SRCROOT)/runtime/JSCPoison.cpp > $(SRCROOT)/runtime/JSCallee.cpp > $(SRCROOT)/runtime/JSCell.cpp > $(SRCROOT)/runtime/JSCustomGetterSetterFunction.cpp >Index: Source/JavaScriptCore/API/JSAPIWrapperObject.h >=================================================================== >--- Source/JavaScriptCore/API/JSAPIWrapperObject.h (revision 240833) >+++ Source/JavaScriptCore/API/JSAPIWrapperObject.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2013-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2013-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -27,9 +27,7 @@ > #define JSAPIWrapperObject_h > > #include "JSBase.h" >-#include "JSCPoison.h" > #include "JSDestructibleObject.h" >-#include <wtf/Poisoned.h> > > #if JSC_OBJC_API_ENABLED || defined(JSC_GLIB_API_ENABLED) > >@@ -42,14 +40,14 @@ public: > void finishCreation(VM&); > static void visitChildren(JSCell*, JSC::SlotVisitor&); > >- void* wrappedObject() { return m_wrappedObject.unpoisoned(); } >+ void* wrappedObject() { return m_wrappedObject; } > void setWrappedObject(void*); > > protected: > JSAPIWrapperObject(VM&, Structure*); > > private: >- Poisoned<JSAPIWrapperObjectPoison, void*> m_wrappedObject; >+ void* m_wrappedObject; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/API/JSCallbackFunction.h >=================================================================== >--- Source/JavaScriptCore/API/JSCallbackFunction.h (revision 240833) >+++ Source/JavaScriptCore/API/JSCallbackFunction.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2006-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2006-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -27,7 +27,6 @@ > #define JSCallbackFunction_h > > #include "InternalFunction.h" >-#include "JSCPoison.h" > #include "JSObjectRef.h" > > namespace JSC { >@@ -58,9 +57,9 @@ private: > JSCallbackFunction(VM&, Structure*, JSObjectCallAsFunctionCallback); > void finishCreation(VM&, const String& name); > >- JSObjectCallAsFunctionCallback functionCallback() { return m_callback.unpoisoned(); } >+ JSObjectCallAsFunctionCallback functionCallback() { return m_callback; } > >- Poisoned<NativeCodePoison, JSObjectCallAsFunctionCallback> m_callback; >+ JSObjectCallAsFunctionCallback m_callback; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/API/JSCallbackObject.h >=================================================================== >--- Source/JavaScriptCore/API/JSCallbackObject.h (revision 240833) >+++ Source/JavaScriptCore/API/JSCallbackObject.h (working copy) >@@ -27,11 +27,9 @@ > #ifndef JSCallbackObject_h > #define JSCallbackObject_h > >-#include "JSCPoison.h" > #include "JSObjectRef.h" > #include "JSValueRef.h" > #include "JSObject.h" >-#include <wtf/PoisonedUniquePtr.h> > > namespace JSC { > >@@ -227,8 +225,8 @@ private: > static EncodedJSValue staticFunctionGetter(ExecState*, EncodedJSValue, PropertyName); > static EncodedJSValue callbackGetter(ExecState*, EncodedJSValue, PropertyName); > >- WTF::PoisonedUniquePtr<JSCallbackObjectPoison, JSCallbackObjectData> m_callbackObjectData; >- PoisonedClassInfoPtr m_classInfo; >+ std::unique_ptr<JSCallbackObjectData> m_callbackObjectData; >+ ClassInfo* m_classInfo; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/API/JSObjectRef.cpp >=================================================================== >--- Source/JavaScriptCore/API/JSObjectRef.cpp (revision 240833) >+++ Source/JavaScriptCore/API/JSObjectRef.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2006-2017 Apple Inc. All rights reserved. >+ * Copyright (C) 2006-2019 Apple Inc. All rights reserved. > * Copyright (C) 2008 Kelvin W Sherlock (ksherlock@gmail.com) > * > * Redistribution and use in source and binary forms, with or without >@@ -551,7 +551,7 @@ static const ClassInfo* classInfoPrivate > if (vm.currentlyDestructingCallbackObject != jsObject) > return jsObject->classInfo(vm); > >- return vm.currentlyDestructingCallbackObjectClassInfo.unpoisoned(); >+ return vm.currentlyDestructingCallbackObjectClassInfo; > } > > void* JSObjectGetPrivate(JSObjectRef object) >Index: Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >=================================================================== >--- Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (revision 240833) >+++ Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (working copy) >@@ -1804,7 +1804,6 @@ > FE1C0FFD1B193E9800B53FCA /* Exception.h in Headers */ = {isa = PBXBuildFile; fileRef = FE1C0FFC1B193E9800B53FCA /* Exception.h */; settings = {ATTRIBUTES = (Private, ); }; }; > FE20CE9E15F04A9500DF3430 /* LLIntCLoop.h in Headers */ = {isa = PBXBuildFile; fileRef = FE20CE9C15F04A9500DF3430 /* LLIntCLoop.h */; settings = {ATTRIBUTES = (Private, ); }; }; > FE2A87601F02381600EB31B2 /* MinimumReservedZoneSize.h in Headers */ = {isa = PBXBuildFile; fileRef = FE2A875F1F02381600EB31B2 /* MinimumReservedZoneSize.h */; }; >- FE2B0B731FD9EF700075DA5F /* JSCPoison.h in Headers */ = {isa = PBXBuildFile; fileRef = FE2B0B701FD8C4630075DA5F /* JSCPoison.h */; settings = {ATTRIBUTES = (Private, ); }; }; > FE3022D31E3D73A500BAC493 /* SigillCrashAnalyzer.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3022D11E3D739600BAC493 /* SigillCrashAnalyzer.h */; settings = {ATTRIBUTES = (Private, ); }; }; > FE3022D71E42857300BAC493 /* VMInspector.h in Headers */ = {isa = PBXBuildFile; fileRef = FE3022D51E42856700BAC493 /* VMInspector.h */; }; > FE318FE01CAC982F00DFCC54 /* ECMAScriptSpecInternalFunctions.h in Headers */ = {isa = PBXBuildFile; fileRef = FE318FDE1CAC8C5300DFCC54 /* ECMAScriptSpecInternalFunctions.h */; }; >@@ -4703,7 +4702,7 @@ > E3794E741B77EB97005543AE /* ModuleAnalyzer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ModuleAnalyzer.h; sourceTree = "<group>"; }; > E380A76B1DCD7195000F89E6 /* MacroAssemblerHelpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MacroAssemblerHelpers.h; sourceTree = "<group>"; }; > E380D66B1F19249D00A59095 /* BuiltinNames.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = BuiltinNames.cpp; sourceTree = "<group>"; }; >- E3893A1C2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AsyncFromSyncIteratorPrototype.lut.h; path = AsyncFromSyncIteratorPrototype.lut.h; sourceTree = "<group>"; }; >+ E3893A1C2203A7C600E79A74 /* AsyncFromSyncIteratorPrototype.lut.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AsyncFromSyncIteratorPrototype.lut.h; sourceTree = "<group>"; }; > E38D060B1F8E814100649CF2 /* JSScriptFetchParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSScriptFetchParameters.h; sourceTree = "<group>"; }; > E38D060C1F8E814100649CF2 /* ScriptFetchParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScriptFetchParameters.h; sourceTree = "<group>"; }; > E38D060D1F8E814100649CF2 /* JSScriptFetchParameters.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSScriptFetchParameters.cpp; sourceTree = "<group>"; }; >@@ -4804,8 +4803,6 @@ > FE20CE9B15F04A9500DF3430 /* LLIntCLoop.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = LLIntCLoop.cpp; path = llint/LLIntCLoop.cpp; sourceTree = "<group>"; }; > FE20CE9C15F04A9500DF3430 /* LLIntCLoop.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = LLIntCLoop.h; path = llint/LLIntCLoop.h; sourceTree = "<group>"; }; > FE2A875F1F02381600EB31B2 /* MinimumReservedZoneSize.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = MinimumReservedZoneSize.h; sourceTree = "<group>"; }; >- FE2B0B681FD0D2970075DA5F /* JSCPoison.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSCPoison.cpp; sourceTree = "<group>"; }; >- FE2B0B701FD8C4630075DA5F /* JSCPoison.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSCPoison.h; sourceTree = "<group>"; }; > FE2E6A7A1D6EA5FE0060F896 /* ThrowScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ThrowScope.cpp; sourceTree = "<group>"; }; > FE3022D01E3D739600BAC493 /* SigillCrashAnalyzer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SigillCrashAnalyzer.cpp; sourceTree = "<group>"; }; > FE3022D11E3D739600BAC493 /* SigillCrashAnalyzer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SigillCrashAnalyzer.h; sourceTree = "<group>"; }; >@@ -6850,8 +6847,6 @@ > F692A8870255597D01FF60F7 /* JSCJSValue.cpp */, > 14ABB36E099C076400E2A24F /* JSCJSValue.h */, > 865A30F0135007E100CDB49E /* JSCJSValueInlines.h */, >- FE2B0B681FD0D2970075DA5F /* JSCPoison.cpp */, >- FE2B0B701FD8C4630075DA5F /* JSCPoison.h */, > FE7497E5209001B00003565B /* JSCPtrTag.h */, > 72AAF7CB1D0D318B005E60BE /* JSCustomGetterSetterFunction.cpp */, > 72AAF7CC1D0D318B005E60BE /* JSCustomGetterSetterFunction.h */, >@@ -9256,7 +9251,6 @@ > A5EA70EE19F5B5C40098F5EC /* JSContextRefInspectorSupport.h in Headers */, > A5D2E665195E174000A518E7 /* JSContextRefInternal.h in Headers */, > 148CD1D8108CF902008163C6 /* JSContextRefPrivate.h in Headers */, >- FE2B0B731FD9EF700075DA5F /* JSCPoison.h in Headers */, > FE7497E6209001B10003565B /* JSCPtrTag.h in Headers */, > A72028B81797601E0098028C /* JSCTestRunnerUtils.h in Headers */, > 72AAF7CE1D0D31B3005E60BE /* JSCustomGetterSetterFunction.h in Headers */, >Index: Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h >=================================================================== >--- Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h (revision 240833) >+++ Source/JavaScriptCore/assembler/MacroAssemblerCodeRef.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2009-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2009-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -26,7 +26,6 @@ > #pragma once > > #include "ExecutableAllocator.h" >-#include "JSCPoison.h" > #include "JSCPtrTag.h" > #include <wtf/DataLog.h> > #include <wtf/PrintStream.h> >@@ -74,7 +73,6 @@ public: > : m_value(tagCFunctionPtr<void*, tag>(value)) > { > assertIsNullOrCFunctionPtr(value); >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); > ASSERT_NULL_OR_VALID_CODE_POINTER(m_value); > } > >@@ -87,7 +85,6 @@ public: > : m_value(tagCFunctionPtr<void*, tag>(value)) > { > assertIsNullOrCFunctionPtr(value); >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); > ASSERT_NULL_OR_VALID_CODE_POINTER(m_value); > } > >@@ -100,7 +97,6 @@ public: > : m_value(tagCFunctionPtr<void*, tag>(value)) > { > assertIsNullOrCFunctionPtr(value); >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); > ASSERT_NULL_OR_VALID_CODE_POINTER(m_value); > } > >@@ -114,7 +110,6 @@ public: > : m_value(tagCFunctionPtr<void*, tag>(value)) > { > assertIsNullOrCFunctionPtr(value); >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); > ASSERT_NULL_OR_VALID_CODE_POINTER(m_value); > } > >@@ -128,18 +123,10 @@ public: > return FunctionPtr<otherTag>(*this); > } > >- void* executableAddress() const >- { >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); >- return m_value; >- } >+ void* executableAddress() const { return m_value; } > > template<PtrTag newTag> >- void* retaggedExecutableAddress() const >- { >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); >- return retagCodePtr<tag, newTag>(m_value); >- } >+ void* retaggedExecutableAddress() const { return retagCodePtr<tag, newTag>(m_value); } > > explicit operator bool() const { return !!m_value; } > bool operator!() const { return !m_value; } >@@ -152,7 +139,6 @@ private: > explicit FunctionPtr(const FunctionPtr<otherTag>& other) > : m_value(retagCodePtr<otherTag, tag>(other.executableAddress())) > { >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); > ASSERT_NULL_OR_VALID_CODE_POINTER(m_value); > } > >@@ -179,7 +165,6 @@ public: > explicit ReturnAddressPtr(const void* value) > : m_value(value) > { >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); > ASSERT_VALID_CODE_POINTER(m_value); > } > >@@ -187,15 +172,10 @@ public: > explicit ReturnAddressPtr(FunctionPtr<tag> function) > : m_value(untagCodePtr<tag>(function.executableAddress())) > { >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); > ASSERT_VALID_CODE_POINTER(m_value); > } > >- const void* value() const >- { >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); >- return m_value; >- } >+ const void* value() const { return m_value; } > > void dump(PrintStream& out) const > { >@@ -231,12 +211,11 @@ public: > #endif > { > assertIsTaggedWith(value, tag); >- m_value.assertIsPoisoned(); > ASSERT(value); > #if CPU(ARM_THUMB2) > ASSERT(!(reinterpret_cast<uintptr_t>(value) & 1)); > #endif >- ASSERT_VALID_CODE_POINTER(m_value.unpoisoned()); >+ ASSERT_VALID_CODE_POINTER(m_value); > } > > static MacroAssemblerCodePtr createFromExecutableAddress(const void* value) >@@ -245,8 +224,7 @@ public: > ASSERT_VALID_CODE_POINTER(value); > assertIsTaggedWith(value, tag); > MacroAssemblerCodePtr result; >- result.m_value = PoisonedMasmPtr(value); >- result.m_value.assertIsPoisoned(); >+ result.m_value = value; > return result; > } > >@@ -255,12 +233,9 @@ public: > { > assertIsNotTagged(ra.value()); > ASSERT(ra.value()); >- m_value.assertIsPoisoned(); >- ASSERT_VALID_CODE_POINTER(m_value.unpoisoned()); >+ ASSERT_VALID_CODE_POINTER(m_value); > } > >- PoisonedMasmPtr poisonedPtr() const { return m_value; } >- > template<PtrTag newTag> > MacroAssemblerCodePtr<newTag> retagged() const > { >@@ -270,68 +245,44 @@ public: > } > > template<typename T = void*> >- T executableAddress() const >- { >- m_value.assertIsPoisoned(); >- return m_value.unpoisoned<T>(); >- } >+ T executableAddress() const { return m_value; } > > template<typename T = void*> >- T untaggedExecutableAddress() const >- { >- m_value.assertIsPoisoned(); >- return untagCodePtr<T, tag>(m_value.unpoisoned()); >- } >+ T untaggedExecutableAddress() const { return untagCodePtr<T, tag>(m_value); } > > template<PtrTag newTag, typename T = void*> >- T retaggedExecutableAddress() const >- { >- m_value.assertIsPoisoned(); >- return retagCodePtr<T, tag, newTag>(m_value.unpoisoned()); >- } >+ T retaggedExecutableAddress() const { return retagCodePtr<T, tag, newTag>(m_value); } > > #if CPU(ARM_THUMB2) > // To use this pointer as a data address remove the decoration. > template<typename T = void*> > T dataLocation() const > { >- m_value.assertIsPoisoned(); >- ASSERT_VALID_CODE_POINTER(m_value.unpoisoned()); >- return bitwise_cast<T>(m_value ? m_value.unpoisoned<char*>() - 1 : nullptr); >+ ASSERT_VALID_CODE_POINTER(m_value); >+ return bitwise_cast<T>(m_value ? reinterpret_cast<char*>(m_value) - 1 : nullptr); > } > #else > template<typename T = void*> > T dataLocation() const > { >- m_value.assertIsPoisoned(); > ASSERT_VALID_CODE_POINTER(m_value); >- return untagCodePtr<T, tag>(m_value.unpoisoned()); >+ return untagCodePtr<T, tag>(m_value); > } > #endif > > bool operator!() const > { >-#if ENABLE(POISON_ASSERTS) >- if (!isEmptyValue() && !isDeletedValue()) >- m_value.assertIsPoisoned(); >-#endif > return !m_value; > } > explicit operator bool() const { return !(!*this); } > > bool operator==(const MacroAssemblerCodePtr& other) const > { >-#if ENABLE(POISON_ASSERTS) >- if (!isEmptyValue() && !isDeletedValue()) >- m_value.assertIsPoisoned(); >- if (!other.isEmptyValue() && !other.isDeletedValue()) >- other.m_value.assertIsPoisoned(); >-#endif > return m_value == other.m_value; > } > > // Disallow any casting operations (except for booleans). Instead, the client >- // should be asking for poisonedPtr() or executableAddress() explicitly. >+ // should be asking for executableAddress() explicitly. > template<typename T, typename = std::enable_if_t<!std::is_same<T, bool>::value>> > operator T() = delete; > >@@ -361,10 +312,10 @@ public: > static void initialize(); > > private: >- static PoisonedMasmPtr emptyValue() { return PoisonedMasmPtr(AlreadyPoisoned, 1); } >- static PoisonedMasmPtr deletedValue() { return PoisonedMasmPtr(AlreadyPoisoned, 2); } >+ static const void* emptyValue() { return reinterpret_cast<const void*>(1); } >+ static const void* deletedValue() { return reinterpret_cast<const void*>(2); } > >- PoisonedMasmPtr m_value; >+ const void* m_value; > }; > > template<PtrTag tag> >@@ -488,7 +439,6 @@ template<PtrTag tag> > inline FunctionPtr<tag>::FunctionPtr(MacroAssemblerCodePtr<tag> ptr) > : m_value(ptr.executableAddress()) > { >- PoisonedMasmPtr::assertIsNotPoisoned(m_value); > } > > } // namespace JSC >Index: Source/JavaScriptCore/b3/B3LowerMacros.cpp >=================================================================== >--- Source/JavaScriptCore/b3/B3LowerMacros.cpp (revision 240833) >+++ Source/JavaScriptCore/b3/B3LowerMacros.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2015-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2015-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -506,12 +506,9 @@ private: > > GPRReg index = params[0].gpr(); > GPRReg scratch = params.gpScratch(0); >- GPRReg poisonScratch = params.gpScratch(1); > >- jit.move(CCallHelpers::TrustedImm64(JITCodePoison::key()), poisonScratch); > jit.move(CCallHelpers::TrustedImmPtr(jumpTable), scratch); > jit.load64(CCallHelpers::BaseIndex(scratch, index, CCallHelpers::timesPtr()), scratch); >- jit.xor64(poisonScratch, scratch); > jit.jump(scratch, JSSwitchPtrTag); > > // These labels are guaranteed to be populated before either late paths or >Index: Source/JavaScriptCore/b3/testb3.cpp >=================================================================== >--- Source/JavaScriptCore/b3/testb3.cpp (revision 240833) >+++ Source/JavaScriptCore/b3/testb3.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2015-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2015-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -13084,12 +13084,9 @@ void testInterpreter() > params.proc().addDataSection(sizeof(MacroAssemblerCodePtr<B3CompilationPtrTag>) * labels.size())); > > GPRReg scratch = params.gpScratch(0); >- GPRReg poisonScratch = params.gpScratch(1); > > jit.move(CCallHelpers::TrustedImmPtr(jumpTable), scratch); >- jit.move(CCallHelpers::TrustedImm64(JITCodePoison::key()), poisonScratch); > jit.load64(CCallHelpers::BaseIndex(scratch, params[0].gpr(), CCallHelpers::timesPtr()), scratch); >- jit.xor64(poisonScratch, scratch); > jit.jump(scratch, B3CompilationPtrTag); > > jit.addLinkTask( >Index: Source/JavaScriptCore/bytecode/AccessCase.cpp >=================================================================== >--- Source/JavaScriptCore/bytecode/AccessCase.cpp (revision 240833) >+++ Source/JavaScriptCore/bytecode/AccessCase.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -511,7 +511,6 @@ void AccessCase::generateWithGuard( > jit.loadPtr( > CCallHelpers::Address(baseGPR, ScopedArguments::offsetOfStorage()), > scratchGPR); >- jit.xorPtr(CCallHelpers::TrustedImmPtr(ScopedArgumentsPoison::key()), scratchGPR); > fallThrough.append( > jit.branchTest8( > CCallHelpers::NonZero, >Index: Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h >=================================================================== >--- Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h (revision 240833) >+++ Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2013-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2013-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -87,7 +87,6 @@ void adjustFrameAndStackInOSRExitCompile > // We need to make sure SP is correct in case of an exception. > jit.loadPtr(MacroAssembler::Address(GPRInfo::callFrameRegister, CallFrameSlot::codeBlock * static_cast<int>(sizeof(Register))), GPRInfo::regT0); > jit.loadPtr(MacroAssembler::Address(GPRInfo::regT0, CodeBlock::jitCodeOffset()), GPRInfo::regT0); >- jit.xorPtr(MacroAssembler::TrustedImmPtr(CodeBlockPoison::key()), GPRInfo::regT0); > jit.addPtr(MacroAssembler::TrustedImm32(JITCodeType::commonDataOffset()), GPRInfo::regT0); > jit.load32(MacroAssembler::Address(GPRInfo::regT0, CommonData::frameRegisterCountOffset()), GPRInfo::regT0); > // This does virtualRegisterForLocal(frameRegisterCount - 1)*sizeof(Register) where: >Index: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >=================================================================== >--- Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (revision 240833) >+++ Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2011-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -6871,8 +6871,7 @@ void SpeculativeJIT::compileGetByValOnSc > > m_jit.loadPtr( > MacroAssembler::Address(baseReg, ScopedArguments::offsetOfStorage()), resultRegs.payloadGPR()); >- m_jit.xorPtr(TrustedImmPtr(ScopedArgumentsPoison::key()), resultRegs.payloadGPR()); >- >+ > m_jit.load32( > MacroAssembler::Address(resultRegs.payloadGPR(), ScopedArguments::offsetOfTotalLengthInStorage()), > scratchReg); >@@ -6884,7 +6883,6 @@ void SpeculativeJIT::compileGetByValOnSc > m_jit.emitPreparePreciseIndexMask32(propertyReg, scratchReg, indexMaskReg); > > m_jit.loadPtr(MacroAssembler::Address(baseReg, ScopedArguments::offsetOfTable()), scratchReg); >- m_jit.xorPtr(TrustedImmPtr(ScopedArgumentsPoison::key()), scratchReg); > m_jit.load32( > MacroAssembler::Address(scratchReg, ScopedArgumentsTable::offsetOfLength()), scratch2Reg); > >@@ -6892,7 +6890,6 @@ void SpeculativeJIT::compileGetByValOnSc > MacroAssembler::AboveOrEqual, propertyReg, scratch2Reg); > > m_jit.loadPtr(MacroAssembler::Address(baseReg, ScopedArguments::offsetOfScope()), scratch2Reg); >- m_jit.xorPtr(TrustedImmPtr(ScopedArgumentsPoison::key()), scratch2Reg); > > m_jit.loadPtr( > MacroAssembler::Address(scratchReg, ScopedArgumentsTable::offsetOfArguments()), >@@ -7042,8 +7039,7 @@ void SpeculativeJIT::compileGetArrayLeng > > m_jit.loadPtr( > MacroAssembler::Address(baseReg, ScopedArguments::offsetOfStorage()), resultReg); >- m_jit.xorPtr(TrustedImmPtr(ScopedArgumentsPoison::key()), resultReg); >- >+ > speculationCheck( > ExoticObjectMode, JSValueSource(), 0, > m_jit.branchTest8( >@@ -7093,7 +7089,7 @@ void SpeculativeJIT::compileNewFunctionC > emitAllocateJSObjectWithKnownSize<ClassType>(resultGPR, TrustedImmPtr(structure), butterfly, scratch1GPR, scratch2GPR, slowPath, size); > > m_jit.storePtr(scopeGPR, JITCompiler::Address(resultGPR, JSFunction::offsetOfScopeChain())); >- m_jit.storePtr(TrustedImmPtr::weakPoisonedPointer<JSFunctionPoison>(m_jit.graph(), executable), JITCompiler::Address(resultGPR, JSFunction::offsetOfExecutable())); >+ m_jit.storePtr(TrustedImmPtr::weakPointer(m_jit.graph(), executable), JITCompiler::Address(resultGPR, JSFunction::offsetOfExecutable())); > m_jit.storePtr(TrustedImmPtr(nullptr), JITCompiler::Address(resultGPR, JSFunction::offsetOfRareData())); > > m_jit.mutatorFence(*m_jit.vm()); >@@ -9343,10 +9339,6 @@ void SpeculativeJIT::compileCheckSubClas > > m_jit.emitLoadStructure(*m_jit.vm(), baseGPR, otherGPR, specifiedGPR); > m_jit.loadPtr(CCallHelpers::Address(otherGPR, Structure::classInfoOffset()), otherGPR); >-#if USE(JSVALUE64) >- m_jit.move(CCallHelpers::TrustedImm64(GlobalDataPoison::key()), specifiedGPR); >- m_jit.xor64(specifiedGPR, otherGPR); >-#endif > m_jit.move(CCallHelpers::TrustedImmPtr(node->classInfo()), specifiedGPR); > > CCallHelpers::Label loop = m_jit.label(); >@@ -9640,7 +9632,7 @@ void SpeculativeJIT::compileNewStringObj > slowPath); > > m_jit.storePtr( >- TrustedImmPtr(PoisonedClassInfoPtr(StringObject::info()).bits()), >+ TrustedImmPtr(StringObject::info()), > JITCompiler::Address(resultGPR, JSDestructibleObject::classInfoOffset())); > #if USE(JSVALUE64) > m_jit.store64( >@@ -10483,7 +10475,7 @@ void SpeculativeJIT::speculate(Node*, Ed > } > > void SpeculativeJIT::emitSwitchIntJump( >- SwitchData* data, GPRReg value, GPRReg scratch, GPRReg poisonScratch) >+ SwitchData* data, GPRReg value, GPRReg scratch) > { > SimpleJumpTable& table = m_jit.codeBlock()->switchJumpTable(data->switchTableIndex); > table.ensureCTITable(); >@@ -10491,16 +10483,9 @@ void SpeculativeJIT::emitSwitchIntJump( > addBranch( > m_jit.branch32(JITCompiler::AboveOrEqual, value, Imm32(table.ctiOffsets.size())), > data->fallThrough.block); >- UNUSED_PARAM(poisonScratch); // Placate the 32-bit build. >-#if USE(JSVALUE64) >- m_jit.move(TrustedImm64(JITCodePoison::key()), poisonScratch); >-#endif > m_jit.move(TrustedImmPtr(table.ctiOffsets.begin()), scratch); > m_jit.loadPtr(JITCompiler::BaseIndex(scratch, value, JITCompiler::timesPtr()), scratch); > >-#if USE(JSVALUE64) >- m_jit.xor64(poisonScratch, scratch); >-#endif > m_jit.jump(scratch, JSSwitchPtrTag); > data->didUseJumpTable = true; > } >@@ -12136,9 +12121,6 @@ void SpeculativeJIT::compileGetExecutabl > GPRReg resultGPR = result.gpr(); > speculateCellType(node->child1(), functionGPR, SpecFunction, JSFunctionType); > m_jit.loadPtr(JITCompiler::Address(functionGPR, JSFunction::offsetOfExecutable()), resultGPR); >-#if USE(JSVALUE64) >- m_jit.xorPtr(JITCompiler::TrustedImmPtr(JSFunctionPoison::key()), resultGPR); >-#endif > cellResult(resultGPR, node); > } > >@@ -12510,7 +12492,6 @@ void SpeculativeJIT::compileCreateThis(N > slowPath.append(m_jit.branchIfNotFunction(calleeGPR)); > m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfRareData()), rareDataGPR); > slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, rareDataGPR)); >- m_jit.xorPtr(JITCompiler::TrustedImmPtr(JSFunctionPoison::key()), rareDataGPR); > m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorGPR); > m_jit.loadPtr(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureGPR); > >@@ -12518,7 +12499,6 @@ void SpeculativeJIT::compileCreateThis(N > emitAllocateJSObject(resultGPR, JITAllocator::variable(), allocatorGPR, structureGPR, butterfly, scratchGPR, slowPath); > > m_jit.loadPtr(JITCompiler::Address(calleeGPR, JSFunction::offsetOfRareData()), rareDataGPR); >- m_jit.xorPtr(JITCompiler::TrustedImmPtr(JSFunctionPoison::key()), rareDataGPR); > m_jit.load32(JITCompiler::Address(rareDataGPR, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfInlineCapacity()), inlineCapacityGPR); > m_jit.emitInitializeInlineStorage(resultGPR, inlineCapacityGPR); > m_jit.mutatorFence(*m_jit.vm()); >Index: Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h >=================================================================== >--- Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (revision 240833) >+++ Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2011-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -149,13 +149,6 @@ public: > return TrustedImmPtr(bitwise_cast<size_t>(cell)); > } > >- template<typename Key> >- static TrustedImmPtr weakPoisonedPointer(Graph& graph, JSCell* cell) >- { >- graph.m_plan.weakReferences().addLazily(cell); >- return TrustedImmPtr(bitwise_cast<size_t>(cell) ^ Key::key()); >- } >- > operator MacroAssembler::TrustedImmPtr() const { return m_value; } > operator MacroAssembler::TrustedImm() const { return m_value; } > >Index: Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >=================================================================== >--- Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (revision 240833) >+++ Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2013-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2013-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -3134,10 +3134,7 @@ private: > { > LValue cell = lowCell(m_node->child1()); > speculateFunction(m_node->child1(), cell); >- setJSValue( >- m_out.bitXor( >- m_out.loadPtr(cell, m_heaps.JSFunction_executable), >- m_out.constIntPtr(JSFunctionPoison::key()))); >+ setJSValue(m_out.loadPtr(cell, m_heaps.JSFunction_executable)); > } > > void compileArrayify() >@@ -3836,9 +3833,7 @@ private: > > case Array::ScopedArguments: { > LValue arguments = lowCell(m_node->child1()); >- LValue storage = m_out.bitXor( >- m_out.loadPtr(arguments, m_heaps.ScopedArguments_storage), >- m_out.constIntPtr(ScopedArgumentsPoison::key())); >+ LValue storage = m_out.loadPtr(arguments, m_heaps.ScopedArguments_storage); > speculate( > ExoticObjectMode, noValue(), nullptr, > m_out.notZero32(m_out.load8ZeroExt32(storage, m_heaps.ScopedArguments_Storage_overrodeThings))); >@@ -4036,8 +4031,7 @@ private: > LValue index = lowInt32(m_graph.varArgChild(m_node, 1)); > > LValue storage = m_out.loadPtr(base, m_heaps.ScopedArguments_storage); >- storage = m_out.bitXor(storage, m_out.constIntPtr(ScopedArgumentsPoison::key())); >- >+ > LValue totalLength = m_out.load32NonNegative( > storage, m_heaps.ScopedArguments_Storage_totalLength); > speculate( >@@ -4045,8 +4039,7 @@ private: > m_out.aboveOrEqual(index, totalLength)); > > LValue table = m_out.loadPtr(base, m_heaps.ScopedArguments_table); >- table = m_out.bitXor(table, m_out.constIntPtr(ScopedArgumentsPoison::key())); >- >+ > LValue namedLength = m_out.load32(table, m_heaps.ScopedArgumentsTable_length); > > LBasicBlock namedCase = m_out.newBlock(); >@@ -4059,8 +4052,7 @@ private: > LBasicBlock lastNext = m_out.appendTo(namedCase, overflowCase); > > LValue scope = m_out.loadPtr(base, m_heaps.ScopedArguments_scope); >- scope = m_out.bitXor(scope, m_out.constIntPtr(ScopedArgumentsPoison::key())); >- >+ > LValue arguments = m_out.loadPtr(table, m_heaps.ScopedArgumentsTable_arguments); > > TypedPointer address = m_out.baseIndex( >@@ -5279,7 +5271,7 @@ private: > // We don't need memory barriers since we just fast-created the function, so it > // must be young. > m_out.storePtr(scope, fastObject, m_heaps.JSFunction_scope); >- m_out.storePtr(weakPoisonedPointer<JSFunctionPoison>(executable), fastObject, m_heaps.JSFunction_executable); >+ m_out.storePtr(weakPointer(executable), fastObject, m_heaps.JSFunction_executable); > m_out.storePtr(m_out.intPtrZero, fastObject, m_heaps.JSFunction_rareData); > > mutatorFence(); >@@ -5601,7 +5593,7 @@ private: > LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowCase); > > LValue fastResultValue = allocateObject<StringObject>(structure, m_out.intPtrZero, slowCase); >- m_out.storePtr(m_out.constIntPtr(PoisonedClassInfoPtr(StringObject::info()).bits()), fastResultValue, m_heaps.JSDestructibleObject_classInfo); >+ m_out.storePtr(m_out.constIntPtr(StringObject::info()), fastResultValue, m_heaps.JSDestructibleObject_classInfo); > m_out.store64(string, fastResultValue, m_heaps.JSWrapperObject_internalValue); > mutatorFence(); > ValueFromBlock fastResult = m_out.anchor(fastResultValue); >@@ -12114,8 +12106,7 @@ private: > LBasicBlock continuation = m_out.newBlock(); > > LValue structure = loadStructure(cell); >- LValue poisonedClassInfo = m_out.loadPtr(structure, m_heaps.Structure_classInfo); >- LValue classInfo = m_out.bitXor(poisonedClassInfo, m_out.constInt64(GlobalDataPoison::key())); >+ LValue classInfo = m_out.loadPtr(structure, m_heaps.Structure_classInfo); > ValueFromBlock otherAtStart = m_out.anchor(classInfo); > m_out.jump(loop); > >@@ -16343,32 +16334,6 @@ private: > return preciseIndexMask64(value, m_out.zeroExt(index, Int64), m_out.zeroExt(limit, Int64)); > } > >- LValue dynamicPoison(LValue value, LValue poison) >- { >- return m_out.add( >- value, >- m_out.shl( >- m_out.zeroExt(poison, pointerType()), >- m_out.constInt32(40))); >- } >- >- LValue dynamicPoisonOnLoadedType(LValue value, LValue actualType, JSType expectedType) >- { >- return dynamicPoison( >- value, >- m_out.bitXor( >- m_out.opaque(actualType), >- m_out.constInt32(expectedType))); >- } >- >- LValue dynamicPoisonOnType(LValue value, JSType expectedType) >- { >- return dynamicPoisonOnLoadedType( >- value, >- m_out.load8ZeroExt32(value, m_heaps.JSCell_typeInfoType), >- expectedType); >- } >- > template<typename... Args> > LValue vmCall(LType type, LValue function, Args&&... args) > { >@@ -16915,13 +16880,6 @@ private: > return m_out.weakPointer(m_graph, pointer); > } > >- template<typename Key> >- LValue weakPoisonedPointer(JSCell* pointer) >- { >- addWeakReference(pointer); >- return m_out.weakPoisonedPointer<Key>(m_graph, pointer); >- } >- > LValue frozenPointer(FrozenValue* value) > { > return m_out.weakPointer(value); >Index: Source/JavaScriptCore/ftl/FTLOutput.h >=================================================================== >--- Source/JavaScriptCore/ftl/FTLOutput.h (revision 240833) >+++ Source/JavaScriptCore/ftl/FTLOutput.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2013-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2013-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -111,14 +111,6 @@ public: > return constIntPtr(bitwise_cast<intptr_t>(cell)); > } > >- template<typename Key> >- LValue weakPoisonedPointer(DFG::Graph& graph, JSCell* cell) >- { >- ASSERT(graph.m_plan.weakReferences().contains(cell)); >- >- return constIntPtr(bitwise_cast<intptr_t>(cell) ^ Key::key()); >- } >- > LValue weakPointer(DFG::FrozenValue* value) > { > RELEASE_ASSERT(value->value().isCell()); >Index: Source/JavaScriptCore/jit/AssemblyHelpers.cpp >=================================================================== >--- Source/JavaScriptCore/jit/AssemblyHelpers.cpp (revision 240833) >+++ Source/JavaScriptCore/jit/AssemblyHelpers.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2011-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -988,41 +988,6 @@ void AssemblyHelpers::emitPreparePrecise > rshiftPtr(TrustedImm32(preciseIndexMaskShift<void*>()), result); > } > >-void AssemblyHelpers::emitDynamicPoison(GPRReg base, GPRReg poisonValue) >-{ >-#if CPU(X86_64) || (CPU(ARM64) && !defined(__ILP32__)) >- lshiftPtr(TrustedImm32(40), poisonValue); >- addPtr(poisonValue, base); >-#else >- UNUSED_PARAM(base); >- UNUSED_PARAM(poisonValue); >-#endif >-} >- >-void AssemblyHelpers::emitDynamicPoisonOnLoadedType(GPRReg base, GPRReg actualType, JSType expectedType) >-{ >-#if CPU(X86_64) || (CPU(ARM64) && !defined(__ILP32__)) >- xor32(TrustedImm32(expectedType), actualType); >- emitDynamicPoison(base, actualType); >-#else >- UNUSED_PARAM(base); >- UNUSED_PARAM(actualType); >- UNUSED_PARAM(expectedType); >-#endif >-} >- >-void AssemblyHelpers::emitDynamicPoisonOnType(GPRReg base, GPRReg scratch, JSType expectedType) >-{ >-#if CPU(X86_64) || (CPU(ARM64) && !defined(__ILP32__)) >- load8(Address(base, JSCell::typeInfoTypeOffset()), scratch); >- emitDynamicPoisonOnLoadedType(base, scratch, expectedType); >-#else >- UNUSED_PARAM(base); >- UNUSED_PARAM(scratch); >- UNUSED_PARAM(expectedType); >-#endif >-} >- > } // namespace JSC > > #endif // ENABLE(JIT) >Index: Source/JavaScriptCore/jit/AssemblyHelpers.h >=================================================================== >--- Source/JavaScriptCore/jit/AssemblyHelpers.h (revision 240833) >+++ Source/JavaScriptCore/jit/AssemblyHelpers.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2011-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -1797,7 +1797,7 @@ public: > { > auto butterfly = TrustedImmPtr(nullptr); > emitAllocateJSObject<ClassType>(vm, resultGPR, TrustedImmPtr(structure), butterfly, scratchGPR1, scratchGPR2, slowPath); >- storePtr(TrustedImmPtr(PoisonedClassInfoPtr(structure->classInfo()).bits()), Address(resultGPR, JSDestructibleObject::classInfoOffset())); >+ storePtr(TrustedImmPtr(structure->classInfo()), Address(resultGPR, JSDestructibleObject::classInfoOffset())); > } > > void emitInitializeInlineStorage(GPRReg baseGPR, unsigned inlineCapacity) >@@ -1830,10 +1830,6 @@ public: > // zero-extended. Also this does not clobber index, which is useful in the baseline JIT. This > // permits length and result to be in the same register. > void emitPreparePreciseIndexMask32(GPRReg index, GPRReg length, GPRReg result); >- >- void emitDynamicPoison(GPRReg base, GPRReg poisonValue); >- void emitDynamicPoisonOnLoadedType(GPRReg base, GPRReg actualType, JSType expectedType); >- void emitDynamicPoisonOnType(GPRReg base, GPRReg scratch, JSType expectedType); > > #if ENABLE(WEBASSEMBLY) > void loadWasmContextInstance(GPRReg dst); >Index: Source/JavaScriptCore/jit/JITOpcodes.cpp >=================================================================== >--- Source/JavaScriptCore/jit/JITOpcodes.cpp (revision 240833) >+++ Source/JavaScriptCore/jit/JITOpcodes.cpp (working copy) >@@ -908,7 +908,6 @@ void JIT::emit_op_create_this(const Inst > addSlowCase(branchIfNotFunction(calleeReg)); > loadPtr(Address(calleeReg, JSFunction::offsetOfRareData()), rareDataReg); > addSlowCase(branchTestPtr(Zero, rareDataReg)); >- xorPtr(TrustedImmPtr(JSFunctionPoison::key()), rareDataReg); > loadPtr(Address(rareDataReg, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()), allocatorReg); > loadPtr(Address(rareDataReg, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()), structureReg); > >@@ -922,7 +921,6 @@ void JIT::emit_op_create_this(const Inst > emitAllocateJSObject(resultReg, JITAllocator::variable(), allocatorReg, structureReg, butterfly, scratchReg, slowCases); > emitGetVirtualRegister(callee, scratchReg); > loadPtr(Address(scratchReg, JSFunction::offsetOfRareData()), scratchReg); >- xorPtr(TrustedImmPtr(JSFunctionPoison::key()), scratchReg); > load32(Address(scratchReg, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfInlineCapacity()), scratchReg); > emitInitializeInlineStorage(resultReg, scratchReg); > addSlowCase(slowCases); >Index: Source/JavaScriptCore/jit/JITPropertyAccess.cpp >=================================================================== >--- Source/JavaScriptCore/jit/JITPropertyAccess.cpp (revision 240833) >+++ Source/JavaScriptCore/jit/JITPropertyAccess.cpp (working copy) >@@ -1609,15 +1609,12 @@ JIT::JumpList JIT::emitScopedArgumentsGe > load8(Address(base, JSCell::typeInfoTypeOffset()), scratch); > badType = patchableBranch32(NotEqual, scratch, TrustedImm32(ScopedArgumentsType)); > loadPtr(Address(base, ScopedArguments::offsetOfStorage()), scratch3); >- xorPtr(TrustedImmPtr(ScopedArgumentsPoison::key()), scratch3); > slowCases.append(branch32(AboveOrEqual, property, Address(scratch3, ScopedArguments::offsetOfTotalLengthInStorage()))); > > loadPtr(Address(base, ScopedArguments::offsetOfTable()), scratch); >- xorPtr(TrustedImmPtr(ScopedArgumentsPoison::key()), scratch); > load32(Address(scratch, ScopedArgumentsTable::offsetOfLength()), scratch2); > Jump overflowCase = branch32(AboveOrEqual, property, scratch2); > loadPtr(Address(base, ScopedArguments::offsetOfScope()), scratch2); >- xorPtr(TrustedImmPtr(ScopedArgumentsPoison::key()), scratch2); > loadPtr(Address(scratch, ScopedArgumentsTable::offsetOfArguments()), scratch); > load32(BaseIndex(scratch, property, TimesFour), scratch); > slowCases.append(branch32(Equal, scratch, TrustedImm32(ScopeOffset::invalidOffset))); >Index: Source/JavaScriptCore/jit/Repatch.cpp >=================================================================== >--- Source/JavaScriptCore/jit/Repatch.cpp (revision 240833) >+++ Source/JavaScriptCore/jit/Repatch.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2011-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -1063,7 +1063,6 @@ void linkPolymorphicCall( > stubJit.loadPtr( > CCallHelpers::Address(calleeGPR, JSFunction::offsetOfExecutable()), > scratchGPR); >- stubJit.xorPtr(CCallHelpers::TrustedImmPtr(JSFunctionPoison::key()), scratchGPR); > > comparisonValueGPR = scratchGPR; > } else >Index: Source/JavaScriptCore/jit/SpecializedThunkJIT.h >=================================================================== >--- Source/JavaScriptCore/jit/SpecializedThunkJIT.h (revision 240833) >+++ Source/JavaScriptCore/jit/SpecializedThunkJIT.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2010-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2010-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -75,7 +75,7 @@ namespace JSC { > { > loadCellArgument(argument, dst); > emitLoadStructure(*vm(), dst, scratch, dst); >- appendFailure(branchPtr(NotEqual, Address(scratch, Structure::classInfoOffset()), TrustedImmPtr(PoisonedClassInfoPtr(classInfo).bits()))); >+ appendFailure(branchPtr(NotEqual, Address(scratch, Structure::classInfoOffset()), TrustedImmPtr(classInfo))); > // We have to reload the argument since emitLoadStructure clobbered it. > loadCellArgument(argument, dst); > } >Index: Source/JavaScriptCore/jit/ThunkGenerators.cpp >=================================================================== >--- Source/JavaScriptCore/jit/ThunkGenerators.cpp (revision 240833) >+++ Source/JavaScriptCore/jit/ThunkGenerators.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2010-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2010-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -203,7 +203,6 @@ MacroAssemblerCodeRef<JITStubRoutinePtrT > jit.loadPtr( > CCallHelpers::Address(GPRInfo::regT0, JSFunction::offsetOfExecutable()), > GPRInfo::regT4); >- jit.xorPtr(CCallHelpers::TrustedImmPtr(JSFunctionPoison::key()), GPRInfo::regT4); > jit.loadPtr( > CCallHelpers::Address( > GPRInfo::regT4, ExecutableBase::offsetOfJITCodeWithArityCheckFor( >@@ -213,10 +212,6 @@ MacroAssemblerCodeRef<JITStubRoutinePtrT > > // Now we know that we have a CodeBlock, and we're committed to making a fast > // call. >-#if USE(JSVALUE64) >- jit.move(CCallHelpers::TrustedImm64(JITCodePoison::key()), GPRInfo::regT1); >- jit.xor64(GPRInfo::regT1, GPRInfo::regT4); >-#endif > > // Make a tail call. This will return back to JIT code. > JSInterfaceJIT::Label callCode(jit.label()); >@@ -287,7 +282,6 @@ static MacroAssemblerCodeRef<JITThunkPtr > jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, JSInterfaceJIT::regT1); > if (thunkFunctionType == ThunkFunctionType::JSFunction) { > jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, JSFunction::offsetOfExecutable()), JSInterfaceJIT::regT1); >- jit.xorPtr(JSInterfaceJIT::TrustedImmPtr(JSFunctionPoison::key()), JSInterfaceJIT::regT1); > jit.call(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, executableOffsetToFunction), JSEntryPtrTag); > } else > jit.call(JSInterfaceJIT::Address(JSInterfaceJIT::regT1, InternalFunction::offsetOfNativeFunctionFor(kind)), JSEntryPtrTag); >@@ -303,12 +297,9 @@ static MacroAssemblerCodeRef<JITThunkPtr > jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, X86Registers::esi); > if (thunkFunctionType == ThunkFunctionType::JSFunction) { > jit.loadPtr(JSInterfaceJIT::Address(X86Registers::esi, JSFunction::offsetOfExecutable()), X86Registers::r9); >- jit.xorPtr(JSInterfaceJIT::TrustedImmPtr(JSFunctionPoison::key()), X86Registers::r9); > jit.loadPtr(JSInterfaceJIT::Address(X86Registers::r9, executableOffsetToFunction), X86Registers::r9); > } else > jit.loadPtr(JSInterfaceJIT::Address(X86Registers::esi, InternalFunction::offsetOfNativeFunctionFor(kind)), X86Registers::r9); >- jit.move(JSInterfaceJIT::TrustedImm64(NativeCodePoison::key()), X86Registers::esi); >- jit.xor64(X86Registers::esi, X86Registers::r9); > jit.call(X86Registers::r9, JSEntryPtrTag); > > #else >@@ -323,7 +314,6 @@ static MacroAssemblerCodeRef<JITThunkPtr > jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, X86Registers::edx); > if (thunkFunctionType == ThunkFunctionType::JSFunction) { > jit.loadPtr(JSInterfaceJIT::Address(X86Registers::edx, JSFunction::offsetOfExecutable()), X86Registers::r9); >- jit.xorPtr(JSInterfaceJIT::TrustedImmPtr(JSFunctionPoison::key()), X86Registers::r9); > jit.call(JSInterfaceJIT::Address(X86Registers::r9, executableOffsetToFunction), JSEntryPtrTag); > } else > jit.call(JSInterfaceJIT::Address(X86Registers::edx, InternalFunction::offsetOfNativeFunctionFor(kind)), JSEntryPtrTag); >@@ -342,12 +332,9 @@ static MacroAssemblerCodeRef<JITThunkPtr > jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, ARM64Registers::x1); > if (thunkFunctionType == ThunkFunctionType::JSFunction) { > jit.loadPtr(JSInterfaceJIT::Address(ARM64Registers::x1, JSFunction::offsetOfExecutable()), ARM64Registers::x2); >- jit.xorPtr(JSInterfaceJIT::TrustedImmPtr(JSFunctionPoison::key()), ARM64Registers::x2); > jit.loadPtr(JSInterfaceJIT::Address(ARM64Registers::x2, executableOffsetToFunction), ARM64Registers::x2); > } else > jit.loadPtr(JSInterfaceJIT::Address(ARM64Registers::x1, InternalFunction::offsetOfNativeFunctionFor(kind)), ARM64Registers::x2); >- jit.move(JSInterfaceJIT::TrustedImm64(NativeCodePoison::key()), ARM64Registers::x1); >- jit.xor64(ARM64Registers::x1, ARM64Registers::x2); > jit.call(ARM64Registers::x2, JSEntryPtrTag); > > #elif CPU(ARM_THUMB2) || CPU(MIPS) >@@ -363,7 +350,6 @@ static MacroAssemblerCodeRef<JITThunkPtr > jit.emitGetFromCallFrameHeaderPtr(CallFrameSlot::callee, JSInterfaceJIT::argumentGPR1); > if (thunkFunctionType == ThunkFunctionType::JSFunction) { > jit.loadPtr(JSInterfaceJIT::Address(JSInterfaceJIT::argumentGPR1, JSFunction::offsetOfExecutable()), JSInterfaceJIT::regT2); >- jit.xorPtr(JSInterfaceJIT::TrustedImmPtr(JSFunctionPoison::key()), JSInterfaceJIT::regT2); > jit.call(JSInterfaceJIT::Address(JSInterfaceJIT::regT2, executableOffsetToFunction), JSEntryPtrTag); > } else > jit.call(JSInterfaceJIT::Address(JSInterfaceJIT::argumentGPR1, InternalFunction::offsetOfNativeFunctionFor(kind)), JSEntryPtrTag); >@@ -1241,17 +1227,12 @@ MacroAssemblerCodeRef<JITThunkPtrTag> bo > jit.loadPtr( > CCallHelpers::Address(GPRInfo::regT3, JSFunction::offsetOfExecutable()), > GPRInfo::regT0); >- jit.xorPtr(CCallHelpers::TrustedImmPtr(JSFunctionPoison::key()), GPRInfo::regT0); > jit.loadPtr( > CCallHelpers::Address( > GPRInfo::regT0, ExecutableBase::offsetOfJITCodeWithArityCheckFor(CodeForCall)), > GPRInfo::regT0); > CCallHelpers::Jump noCode = jit.branchTestPtr(CCallHelpers::Zero, GPRInfo::regT0); > >-#if USE(JSVALUE64) >- jit.move(CCallHelpers::TrustedImm64(JITCodePoison::key()), GPRInfo::regT1); >- jit.xor64(GPRInfo::regT1, GPRInfo::regT0); >-#endif > emitPointerValidation(jit, GPRInfo::regT0, JSEntryPtrTag); > jit.call(GPRInfo::regT0, JSEntryPtrTag); > >Index: Source/JavaScriptCore/parser/UnlinkedSourceCode.h >=================================================================== >--- Source/JavaScriptCore/parser/UnlinkedSourceCode.h (revision 240833) >+++ Source/JavaScriptCore/parser/UnlinkedSourceCode.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2008-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2008-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -28,7 +28,6 @@ > > #pragma once > >-#include "JSCPoison.h" > #include "SourceProvider.h" > #include <wtf/RefPtr.h> > >@@ -107,9 +106,9 @@ namespace JSC { > int length() const { return m_endOffset - m_startOffset; } > > protected: >- // FIXME: Make it PoisonedRef<SourceProvidier>. >+ // FIXME: Make it Ref<SourceProvidier>. > // https://bugs.webkit.org/show_bug.cgi?id=168325 >- PoisonedRefPtr<UnlinkedSourceCodePoison, SourceProvider> m_provider; >+ RefPtr<SourceProvider> m_provider; > int m_startOffset; > int m_endOffset; > }; >Index: Source/JavaScriptCore/runtime/ArrayPrototype.h >=================================================================== >--- Source/JavaScriptCore/runtime/ArrayPrototype.h (revision 240833) >+++ Source/JavaScriptCore/runtime/ArrayPrototype.h (working copy) >@@ -1,6 +1,6 @@ > /* > * Copyright (C) 1999-2000 Harri Porten (porten@kde.org) >- * Copyright (C) 2007-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2007-2019 Apple Inc. All rights reserved. > * > * This library is free software; you can redistribute it and/or > * modify it under the terms of the GNU Lesser General Public >@@ -21,8 +21,6 @@ > #pragma once > > #include "JSArray.h" >-#include "JSCPoison.h" >-#include <wtf/PoisonedUniquePtr.h> > > namespace JSC { > >@@ -62,8 +60,8 @@ protected: > private: > // This bit is set if any user modifies the constructor property Array.prototype. This is used to optimize species creation for JSArrays. > friend ArrayPrototypeAdaptiveInferredPropertyWatchpoint; >- PoisonedUniquePtr<ArrayPrototypePoison, ArrayPrototypeAdaptiveInferredPropertyWatchpoint> m_constructorWatchpoint; >- PoisonedUniquePtr<ArrayPrototypePoison, ArrayPrototypeAdaptiveInferredPropertyWatchpoint> m_constructorSpeciesWatchpoint; >+ std::unique_ptr<ArrayPrototypeAdaptiveInferredPropertyWatchpoint> m_constructorWatchpoint; >+ std::unique_ptr<ArrayPrototypeAdaptiveInferredPropertyWatchpoint> m_constructorSpeciesWatchpoint; > }; > > EncodedJSValue JSC_HOST_CALL arrayProtoFuncToString(ExecState*); >Index: Source/JavaScriptCore/runtime/CustomGetterSetter.h >=================================================================== >--- Source/JavaScriptCore/runtime/CustomGetterSetter.h (revision 240833) >+++ Source/JavaScriptCore/runtime/CustomGetterSetter.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2014-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2014-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -25,7 +25,6 @@ > > #pragma once > >-#include "JSCPoison.h" > #include "JSCast.h" > #include "PropertySlot.h" > #include "PutPropertySlot.h" >@@ -48,8 +47,8 @@ public: > return customGetterSetter; > } > >- CustomGetterSetter::CustomGetter getter() const { return m_getter.unpoisoned(); } >- CustomGetterSetter::CustomSetter setter() const { return m_setter.unpoisoned(); } >+ CustomGetterSetter::CustomGetter getter() const { return m_getter; } >+ CustomGetterSetter::CustomSetter setter() const { return m_setter; } > > static Structure* createStructure(VM& vm, JSGlobalObject* globalObject, JSValue prototype) > { >@@ -67,11 +66,8 @@ protected: > } > > private: >- template<typename T> >- using PoisonedAccessor = Poisoned<NativeCodePoison, T>; >- >- PoisonedAccessor<CustomGetter> m_getter; >- PoisonedAccessor<CustomSetter> m_setter; >+ CustomGetter m_getter; >+ CustomSetter m_setter; > }; > > JS_EXPORT_PRIVATE bool callCustomSetter(ExecState*, CustomGetterSetter::CustomSetter, bool isAccessor, JSValue thisValue, JSValue); >Index: Source/JavaScriptCore/runtime/DateInstance.h >=================================================================== >--- Source/JavaScriptCore/runtime/DateInstance.h (revision 240833) >+++ Source/JavaScriptCore/runtime/DateInstance.h (working copy) >@@ -1,6 +1,6 @@ > /* > * Copyright (C) 1999-2000 Harri Porten (porten@kde.org) >- * Copyright (C) 2008-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2008-2019 Apple Inc. All rights reserved. > * > * This library is free software; you can redistribute it and/or > * modify it under the terms of the GNU Lesser General Public >@@ -20,7 +20,6 @@ > > #pragma once > >-#include "JSCPoison.h" > #include "JSWrapperObject.h" > > namespace JSC { >@@ -77,7 +76,7 @@ private: > JS_EXPORT_PRIVATE const GregorianDateTime* calculateGregorianDateTime(ExecState*) const; > JS_EXPORT_PRIVATE const GregorianDateTime* calculateGregorianDateTimeUTC(ExecState*) const; > >- mutable PoisonedRefPtr<DateInstancePoison, DateInstanceData> m_data; >+ mutable RefPtr<DateInstanceData> m_data; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/runtime/InitializeThreading.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/InitializeThreading.cpp (revision 240833) >+++ Source/JavaScriptCore/runtime/InitializeThreading.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2008-2017 Apple Inc. All rights reserved. >+ * Copyright (C) 2008-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -60,7 +60,6 @@ void initializeThreading() > std::call_once(initializeThreadingOnceFlag, []{ > WTF::initializeThreading(); > Options::initialize(); >- initializePoison(); > > #if ENABLE(WRITE_BARRIER_PROFILING) > WriteBarrierCounters::initialize(); >Index: Source/JavaScriptCore/runtime/InternalFunction.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/InternalFunction.cpp (revision 240833) >+++ Source/JavaScriptCore/runtime/InternalFunction.cpp (working copy) >@@ -1,7 +1,7 @@ > /* > * Copyright (C) 1999-2002 Harri Porten (porten@kde.org) > * Copyright (C) 2001 Peter Kelly (pmk@post.com) >- * Copyright (C) 2004, 2007-2008, 2016-2017 Apple Inc. All rights reserved. >+ * Copyright (C) 2004-2019 Apple Inc. All rights reserved. > * > * This library is free software; you can redistribute it and/or > * modify it under the terms of the GNU Library General Public >@@ -88,7 +88,7 @@ CallType InternalFunction::getCallData(J > { > auto* function = jsCast<InternalFunction*>(cell); > ASSERT(function->m_functionForCall); >- callData.native.function = function->m_functionForCall.unpoisoned(); >+ callData.native.function = function->m_functionForCall; > return CallType::Host; > } > >@@ -97,7 +97,7 @@ ConstructType InternalFunction::getConst > auto* function = jsCast<InternalFunction*>(cell); > if (function->m_functionForConstruct == callHostFunctionAsConstructor) > return ConstructType::None; >- constructData.native.function = function->m_functionForConstruct.unpoisoned(); >+ constructData.native.function = function->m_functionForConstruct; > return ConstructType::Host; > } > >Index: Source/JavaScriptCore/runtime/InternalFunction.h >=================================================================== >--- Source/JavaScriptCore/runtime/InternalFunction.h (revision 240833) >+++ Source/JavaScriptCore/runtime/InternalFunction.h (working copy) >@@ -1,6 +1,6 @@ > /* > * Copyright (C) 1999-2000 Harri Porten (porten@kde.org) >- * Copyright (C) 2003-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2003-2019 Apple Inc. All rights reserved. > * Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca) > * Copyright (C) 2007 Maks Orlovich > * >@@ -24,7 +24,6 @@ > #pragma once > > #include "CodeSpecializationKind.h" >-#include "JSCPoison.h" > #include "JSDestructibleObject.h" > > namespace JSC { >@@ -63,9 +62,9 @@ public: > TaggedNativeFunction nativeFunctionFor(CodeSpecializationKind kind) > { > if (kind == CodeForCall) >- return m_functionForCall.unpoisoned(); >+ return m_functionForCall; > ASSERT(kind == CodeForConstruct); >- return m_functionForConstruct.unpoisoned(); >+ return m_functionForConstruct; > } > > static ptrdiff_t offsetOfNativeFunctionFor(CodeSpecializationKind kind) >@@ -77,8 +76,6 @@ public: > } > > protected: >- using PoisonedTaggedNativeFunction = Poisoned<NativeCodePoison, TaggedNativeFunction>; >- > JS_EXPORT_PRIVATE InternalFunction(VM&, Structure*, NativeFunction functionForCall, NativeFunction functionForConstruct); > > enum class NameVisibility { Visible, Anonymous }; >@@ -89,8 +86,8 @@ protected: > JS_EXPORT_PRIVATE static ConstructType getConstructData(JSCell*, ConstructData&); > JS_EXPORT_PRIVATE static CallType getCallData(JSCell*, CallData&); > >- PoisonedTaggedNativeFunction m_functionForCall; >- PoisonedTaggedNativeFunction m_functionForConstruct; >+ TaggedNativeFunction m_functionForCall; >+ TaggedNativeFunction m_functionForConstruct; > WriteBarrier<JSString> m_originalName; > }; > >Index: Source/JavaScriptCore/runtime/JSArrayBuffer.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSArrayBuffer.h (revision 240833) >+++ Source/JavaScriptCore/runtime/JSArrayBuffer.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2013-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2013-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -26,9 +26,7 @@ > #pragma once > > #include "ArrayBuffer.h" >-#include "JSCPoison.h" > #include "JSObject.h" >-#include <wtf/Poisoned.h> > > namespace JSC { > >@@ -45,7 +43,7 @@ public: > // This function will register the new wrapper with the vm's TypedArrayController. > JS_EXPORT_PRIVATE static JSArrayBuffer* create(VM&, Structure*, RefPtr<ArrayBuffer>&&); > >- ArrayBuffer* impl() const { return m_impl.unpoisoned(); } >+ ArrayBuffer* impl() const { return m_impl; } > > static Structure* createStructure(VM&, JSGlobalObject*, JSValue prototype); > >@@ -61,7 +59,7 @@ protected: > static size_t estimatedSize(JSCell*, VM&); > > private: >- Poisoned<JSArrayBufferPoison, ArrayBuffer*> m_impl; >+ ArrayBuffer* m_impl; > }; > > inline ArrayBuffer* toPossiblySharedArrayBuffer(VM& vm, JSValue value) >Index: Source/JavaScriptCore/runtime/JSBoundFunction.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSBoundFunction.h (revision 240833) >+++ Source/JavaScriptCore/runtime/JSBoundFunction.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2011-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -76,8 +76,6 @@ private: > > void finishCreation(VM&, NativeExecutable*, int length); > >- // FIXME: Consider poisoning these pointers. >- // https://bugs.webkit.org/show_bug.cgi?id=182713 > WriteBarrier<JSObject> m_targetFunction; > WriteBarrier<Unknown> m_boundThis; > WriteBarrier<JSArray> m_boundArgs; >Index: Source/JavaScriptCore/runtime/JSCPoison.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/JSCPoison.cpp (revision 240833) >+++ Source/JavaScriptCore/runtime/JSCPoison.cpp (nonexistent) >@@ -1,54 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >-#include "JSCPoison.h" >- >-#include "Options.h" >-#include <mutex> >-#include <wtf/HashSet.h> >- >-namespace JSC { >- >-#define DEFINE_POISON(poisonID) \ >- uintptr_t POISON_KEY_NAME(poisonID); >-FOR_EACH_JSC_POISON(DEFINE_POISON) >- >-void initializePoison() >-{ >- static std::once_flag initializeOnceFlag; >- std::call_once(initializeOnceFlag, [] { >- if (!Options::usePoisoning()) >- return; >- >-#define INITIALIZE_POISON(poisonID) \ >- POISON_KEY_NAME(poisonID) = makePoison(); >- >- FOR_EACH_JSC_POISON(INITIALIZE_POISON) >- }); >-} >- >-} // namespace JSC >- >Index: Source/JavaScriptCore/runtime/JSCPoison.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSCPoison.h (revision 240833) >+++ Source/JavaScriptCore/runtime/JSCPoison.h (nonexistent) >@@ -1,76 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#pragma once >- >-#include <wtf/Poisoned.h> >- >-namespace JSC { >- >-// Let's keep the following list of poisons in alphabetical order just so it's easier to read. >-#define FOR_EACH_JSC_POISON(v) \ >- v(ArrayPrototype) \ >- v(CodeBlock) \ >- v(DateInstance) \ >- v(GlobalData) \ >- v(JITCode) \ >- v(JSAPIWrapperObject) \ >- v(JSArrayBuffer) \ >- v(JSCallbackObject) \ >- v(JSFunction) \ >- v(JSGlobalObject) \ >- v(JSScriptFetchParameters) \ >- v(JSScriptFetcher) \ >- v(JSWebAssemblyCodeBlock) \ >- v(JSWebAssemblyInstance) \ >- v(JSWebAssemblyMemory) \ >- v(JSWebAssemblyModule) \ >- v(JSWebAssemblyTable) \ >- v(NativeCode) \ >- v(ScopedArguments) \ >- v(StructureTransitionTable) \ >- v(UnlinkedSourceCode) \ >- v(WebAssemblyFunctionBase) \ >- v(WebAssemblyModuleRecord) \ >- v(WebAssemblyToJSCallee) \ >- v(WebAssemblyWrapperFunction) \ >- >-#define POISON_KEY_NAME(_poisonID_) g_##_poisonID_##Poison >- >-#define DECLARE_POISON(_poisonID_) \ >- extern "C" JS_EXPORT_PRIVATE uintptr_t POISON_KEY_NAME(_poisonID_); \ >- using _poisonID_ ## Poison = Poison<POISON_KEY_NAME(_poisonID_)>; >- >-FOR_EACH_JSC_POISON(DECLARE_POISON) >-#undef DECLARE_POISON >- >-struct ClassInfo; >- >-using PoisonedClassInfoPtr = Poisoned<GlobalDataPoison, const ClassInfo*>; >-using PoisonedMasmPtr = Poisoned<JITCodePoison, const void*>; >- >-void initializePoison(); >- >-} // namespace JSC >Index: Source/JavaScriptCore/runtime/JSDestructibleObject.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSDestructibleObject.h (revision 240833) >+++ Source/JavaScriptCore/runtime/JSDestructibleObject.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2012-2017 Apple Inc. All rights reserved. >+ * Copyright (C) 2012-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -43,7 +43,7 @@ public: > return &vm.destructibleObjectSpace; > } > >- const ClassInfo* classInfo() const { return m_classInfo.unpoisoned(); } >+ const ClassInfo* classInfo() const { return m_classInfo; } > > static ptrdiff_t classInfoOffset() { return OBJECT_OFFSETOF(JSDestructibleObject, m_classInfo); } > >@@ -56,7 +56,7 @@ protected: > } > > private: >- PoisonedClassInfoPtr m_classInfo; >+ ClassInfo* m_classInfo; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/runtime/JSFunction.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSFunction.h (revision 240833) >+++ Source/JavaScriptCore/runtime/JSFunction.h (working copy) >@@ -1,6 +1,6 @@ > /* > * Copyright (C) 1999-2000 Harri Porten (porten@kde.org) >- * Copyright (C) 2003-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2003-2019 Apple Inc. All rights reserved. > * Copyright (C) 2007 Cameron Zwarich (cwzwarich@uwaterloo.ca) > * Copyright (C) 2007 Maks Orlovich > * >@@ -220,11 +220,8 @@ private: > static EncodedJSValue lengthGetter(ExecState*, EncodedJSValue, PropertyName); > static EncodedJSValue nameGetter(ExecState*, EncodedJSValue, PropertyName); > >- template<typename T> >- using PoisonedBarrier = PoisonedWriteBarrier<JSFunctionPoison, T>; >- >- PoisonedBarrier<ExecutableBase> m_executable; >- PoisonedBarrier<FunctionRareData> m_rareData; >+ WriteBarrier<ExecutableBase> m_executable; >+ WriteBarrier<FunctionRareData> m_rareData; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/runtime/JSGlobalObject.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSGlobalObject.h (revision 240833) >+++ Source/JavaScriptCore/runtime/JSGlobalObject.h (working copy) >@@ -1,6 +1,6 @@ > /* > * Copyright (C) 2007 Eric Seidel <eric@webkit.org> >- * Copyright (C) 2007-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2007-2019 Apple Inc. All rights reserved. > * > * This library is free software; you can redistribute it and/or > * modify it under the terms of the GNU Library General Public >@@ -30,7 +30,6 @@ > #include "InternalFunction.h" > #include "JSArray.h" > #include "JSArrayBufferPrototype.h" >-#include "JSCPoison.h" > #include "JSClassRef.h" > #include "JSGlobalLexicalEnvironment.h" > #include "JSPromiseDeferred.h" >@@ -49,7 +48,6 @@ > #include <JavaScriptCore/JSBase.h> > #include <array> > #include <wtf/HashSet.h> >-#include <wtf/PoisonedUniquePtr.h> > #include <wtf/RetainPtr.h> > > struct OpaqueJSClass; >@@ -425,11 +423,9 @@ public: > > VM& m_vm; > >- template<typename T> using PoisonedUniquePtr = WTF::PoisonedUniquePtr<JSGlobalObjectPoison, T>; >- > #if ENABLE(REMOTE_INSPECTOR) >- PoisonedUniquePtr<Inspector::JSGlobalObjectInspectorController> m_inspectorController; >- PoisonedUniquePtr<JSGlobalObjectDebuggable> m_inspectorDebuggable; >+ std::unique_ptr<Inspector::JSGlobalObjectInspectorController> m_inspectorController; >+ std::unique_ptr<JSGlobalObjectDebuggable> m_inspectorDebuggable; > #endif > > #if ENABLE(INTL) >@@ -468,17 +464,17 @@ public: > InlineWatchpointSet m_setAddWatchpoint; > InlineWatchpointSet m_arraySpeciesWatchpoint; > InlineWatchpointSet m_numberToStringWatchpoint; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_arrayPrototypeSymbolIteratorWatchpoint; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_arrayIteratorPrototypeNext; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_mapPrototypeSymbolIteratorWatchpoint; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_mapIteratorPrototypeNextWatchpoint; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_setPrototypeSymbolIteratorWatchpoint; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_setIteratorPrototypeNextWatchpoint; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_stringPrototypeSymbolIteratorWatchpoint; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_stringIteratorPrototypeNextWatchpoint; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_mapPrototypeSetWatchpoint; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_setPrototypeAddWatchpoint; >- PoisonedUniquePtr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_numberPrototypeToStringWatchpoint; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_arrayPrototypeSymbolIteratorWatchpoint; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_arrayIteratorPrototypeNext; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_mapPrototypeSymbolIteratorWatchpoint; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_mapIteratorPrototypeNextWatchpoint; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_setPrototypeSymbolIteratorWatchpoint; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_setIteratorPrototypeNextWatchpoint; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_stringPrototypeSymbolIteratorWatchpoint; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_stringIteratorPrototypeNextWatchpoint; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_mapPrototypeSetWatchpoint; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_setPrototypeAddWatchpoint; >+ std::unique_ptr<ObjectPropertyChangeAdaptiveWatchpoint<InlineWatchpointSet>> m_numberPrototypeToStringWatchpoint; > > bool isArrayPrototypeIteratorProtocolFastAndNonObservable(); > bool isMapPrototypeIteratorProtocolFastAndNonObservable(); >Index: Source/JavaScriptCore/runtime/JSScriptFetchParameters.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSScriptFetchParameters.h (revision 240833) >+++ Source/JavaScriptCore/runtime/JSScriptFetchParameters.h (working copy) >@@ -1,6 +1,6 @@ > /* > * Copyright (C) 2017 Yusuke Suzuki <utatane.tea@gmail.com> >- * Copyright (C) 2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2018-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -26,7 +26,6 @@ > > #pragma once > >-#include "JSCPoison.h" > #include "JSGlobalObject.h" > #include "JSObject.h" > #include "ScriptFetchParameters.h" >@@ -74,7 +73,7 @@ private: > { > } > >- PoisonedRef<JSScriptFetchParametersPoison, ScriptFetchParameters> m_parameters; >+ Ref<ScriptFetchParameters> m_parameters; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/runtime/JSScriptFetcher.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSScriptFetcher.h (revision 240833) >+++ Source/JavaScriptCore/runtime/JSScriptFetcher.h (working copy) >@@ -1,6 +1,6 @@ > /* > * Copyright (C) 2017 Yusuke Suzuki <utatane.tea@gmail.com> >- * Copyright (C) 2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2018-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -26,7 +26,6 @@ > > #pragma once > >-#include "JSCPoison.h" > #include "JSGlobalObject.h" > #include "JSObject.h" > #include "ScriptFetcher.h" >@@ -74,7 +73,7 @@ private: > { > } > >- PoisonedRefPtr<JSScriptFetcherPoison, ScriptFetcher> m_fetcher; >+ RefPtr<ScriptFetcher> m_fetcher; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h (revision 240833) >+++ Source/JavaScriptCore/runtime/JSSegmentedVariableObject.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2012-2017 Apple Inc. All rights reserved. >+ * Copyright (C) 2012-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -95,9 +95,9 @@ public: > { > return &vm.segmentedVariableObjectSpace; > } >- >- const ClassInfo* classInfo() const { return m_classInfo.unpoisoned(); } >- >+ >+ const ClassInfo* classInfo() const { return m_classInfo; } >+ > protected: > JSSegmentedVariableObject(VM&, Structure*, JSScope*); > >@@ -107,7 +107,7 @@ protected: > > private: > SegmentedVector<WriteBarrier<Unknown>, 16> m_variables; >- PoisonedClassInfoPtr m_classInfo; >+ ClassInfo* m_classInfo; > ConcurrentJSLock m_lock; > bool m_alreadyDestroyed { false }; // We use these assertions to check that we aren't doing ancient hacks that result in this being destroyed more than once. > }; >Index: Source/JavaScriptCore/runtime/JSString.h >=================================================================== >--- Source/JavaScriptCore/runtime/JSString.h (revision 240833) >+++ Source/JavaScriptCore/runtime/JSString.h (working copy) >@@ -1,7 +1,7 @@ > /* > * Copyright (C) 1999-2001 Harri Porten (porten@kde.org) > * Copyright (C) 2001 Peter Kelly (pmk@post.com) >- * Copyright (C) 2003-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2003-2019 Apple Inc. All rights reserved. > * > * This library is free software; you can redistribute it and/or > * modify it under the terms of the GNU Library General Public >@@ -221,8 +221,6 @@ private: > // A string is represented either by a String or a rope of fibers. > unsigned m_length { 0 }; > mutable uint16_t m_flags { 0 }; >- // The poison is strategically placed and holds a value such that the first >- // 64 bits of JSString look like a double JSValue. > mutable String m_value; > > friend class LLIntOffsetsExtractor; >Index: Source/JavaScriptCore/runtime/NativeExecutable.h >=================================================================== >--- Source/JavaScriptCore/runtime/NativeExecutable.h (revision 240833) >+++ Source/JavaScriptCore/runtime/NativeExecutable.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2009-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2009-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -26,7 +26,6 @@ > #pragma once > > #include "ExecutableBase.h" >-#include "JSCPoison.h" > > namespace JSC { > namespace DOMJIT { >@@ -52,8 +51,8 @@ public: > > CodeBlockHash hashFor(CodeSpecializationKind) const; > >- TaggedNativeFunction function() { return m_function.unpoisoned(); } >- TaggedNativeFunction constructor() { return m_constructor.unpoisoned(); } >+ TaggedNativeFunction function() { return m_function; } >+ TaggedNativeFunction constructor() { return m_constructor; } > > TaggedNativeFunction nativeFunctionFor(CodeSpecializationKind kind) > { >@@ -90,12 +89,11 @@ protected: > > private: > friend class ExecutableBase; >- using PoisonedTaggedNativeFunction = Poisoned<NativeCodePoison, TaggedNativeFunction>; > > NativeExecutable(VM&, TaggedNativeFunction, TaggedNativeFunction constructor, Intrinsic, const DOMJIT::Signature*); > >- PoisonedTaggedNativeFunction m_function; >- PoisonedTaggedNativeFunction m_constructor; >+ TaggedNativeFunction m_function; >+ TaggedNativeFunction m_constructor; > const DOMJIT::Signature* m_signature; > > String m_name; >Index: Source/JavaScriptCore/runtime/Options.h >=================================================================== >--- Source/JavaScriptCore/runtime/Options.h (revision 240833) >+++ Source/JavaScriptCore/runtime/Options.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2011-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -475,7 +475,6 @@ constexpr bool enableWebAssemblyStreamin > \ > v(bool, enableSpectreMitigations, true, Restricted, "Enable Spectre mitigations.") \ > v(bool, enableSpectreGadgets, false, Restricted, "enable gadgets to test Spectre mitigations.") \ >- v(bool, usePoisoning, true, Normal, "Poison is randomized at load time when true, and initialized to 0 if false which defeats some Spectre and type confusion mitigations, but allows tools such as leak detectors to function better.") \ > v(bool, zeroStackFrame, false, Normal, "Zero stack frame on entry to a function.") \ > \ > v(bool, failToCompileWebAssemblyCode, false, Normal, "If true, no Wasm::Plan will sucessfully compile a function.") \ >Index: Source/JavaScriptCore/runtime/ScopedArguments.h >=================================================================== >--- Source/JavaScriptCore/runtime/ScopedArguments.h (revision 240833) >+++ Source/JavaScriptCore/runtime/ScopedArguments.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2015-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2015-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -180,7 +180,7 @@ private: > > WriteBarrier<Unknown>* overflowStorage() const > { >- return m_storage.get().unpoisoned(); >+ return m_storage.get(); > } > > static StorageHeader& storageHeader(WriteBarrier<Unknown>* storage) >@@ -194,14 +194,11 @@ private: > return storageHeader(overflowStorage()); > } > >- template<typename T> >- using PoisonedBarrier = PoisonedWriteBarrier<ScopedArgumentsPoison, T>; >+ WriteBarrier<JSFunction> m_callee; >+ WriteBarrier<ScopedArgumentsTable> m_table; >+ WriteBarrier<JSLexicalEnvironment> m_scope; > >- PoisonedBarrier<JSFunction> m_callee; >- PoisonedBarrier<ScopedArgumentsTable> m_table; >- PoisonedBarrier<JSLexicalEnvironment> m_scope; >- >- AuxiliaryBarrier<Poisoned<ScopedArgumentsPoison, WriteBarrier<Unknown>*>> m_storage; >+ AuxiliaryBarrier<WriteBarrier<Unknown>*> m_storage; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/runtime/Structure.cpp >=================================================================== >--- Source/JavaScriptCore/runtime/Structure.cpp (revision 240833) >+++ Source/JavaScriptCore/runtime/Structure.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2008, 2009, 2013-2016 Apple Inc. All rights reserved. >+ * Copyright (C) 2008-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -84,7 +84,7 @@ inline void StructureTransitionTable::se > if (WeakImpl* impl = this->weakImpl()) > WeakSet::deallocate(impl); > WeakImpl* impl = WeakSet::allocate(structure, &singleSlotTransitionWeakOwner(), this); >- m_data = PoisonedWeakImplPtr(impl).bits() | UsingSingleSlotFlag; >+ m_data = bitwise_cast<intptr_t>(impl) | UsingSingleSlotFlag; > } > > bool StructureTransitionTable::contains(UniquedStringImpl* rep, unsigned attributes) const >Index: Source/JavaScriptCore/runtime/Structure.h >=================================================================== >--- Source/JavaScriptCore/runtime/Structure.h (revision 240833) >+++ Source/JavaScriptCore/runtime/Structure.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2008-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2008-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -490,7 +490,7 @@ public: > > void setObjectToStringValue(ExecState*, VM&, JSString* value, PropertySlot toStringTagSymbolSlot); > >- const ClassInfo* classInfo() const { return m_classInfo.unpoisoned(); } >+ const ClassInfo* classInfo() const { return m_classInfo; } > > static ptrdiff_t structureIDOffset() > { >@@ -768,7 +768,7 @@ private: > > RefPtr<UniquedStringImpl> m_nameInPrevious; > >- PoisonedClassInfoPtr m_classInfo; >+ ClassInfo* m_classInfo; > > StructureTransitionTable m_transitionTable; > >Index: Source/JavaScriptCore/runtime/StructureTransitionTable.h >=================================================================== >--- Source/JavaScriptCore/runtime/StructureTransitionTable.h (revision 240833) >+++ Source/JavaScriptCore/runtime/StructureTransitionTable.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2008-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2008-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -26,7 +26,6 @@ > #pragma once > > #include "IndexingType.h" >-#include "JSCPoison.h" > #include "WeakGCMap.h" > #include <wtf/HashFunctions.h> > #include <wtf/text/UniquedStringImpl.h> >@@ -187,8 +186,6 @@ public: > > private: > friend class SingleSlotTransitionWeakOwner; >- using PoisonedTransitionMapPtr = Poisoned<StructureTransitionTablePoison, TransitionMap*>; >- using PoisonedWeakImplPtr = Poisoned<StructureTransitionTablePoison, WeakImpl*>; > > bool isUsingSingleSlot() const > { >@@ -198,13 +195,13 @@ private: > TransitionMap* map() const > { > ASSERT(!isUsingSingleSlot()); >- return PoisonedTransitionMapPtr(AlreadyPoisoned, m_data).unpoisoned(); >+ return bitwise_cast<TransitionMap*>(m_data); > } > > WeakImpl* weakImpl() const > { > ASSERT(isUsingSingleSlot()); >- return PoisonedWeakImplPtr(AlreadyPoisoned, m_data & ~UsingSingleSlotFlag).unpoisoned(); >+ return bitwise_cast<WeakImpl*>(m_data & ~UsingSingleSlotFlag); > } > > void setMap(TransitionMap* map) >@@ -215,7 +212,7 @@ private: > WeakSet::deallocate(impl); > > // This implicitly clears the flag that indicates we're using a single transition >- m_data = PoisonedTransitionMapPtr(map).bits(); >+ m_data = bitwise_cast<intptr_t>(map); > > ASSERT(!isUsingSingleSlot()); > } >Index: Source/JavaScriptCore/runtime/VM.h >=================================================================== >--- Source/JavaScriptCore/runtime/VM.h (revision 240833) >+++ Source/JavaScriptCore/runtime/VM.h (working copy) >@@ -563,7 +563,7 @@ public: > std::unique_ptr<PromiseDeferredTimer> promiseDeferredTimer; > > JSCell* currentlyDestructingCallbackObject; >- PoisonedClassInfoPtr currentlyDestructingCallbackObjectClassInfo; >+ ClassInfo* currentlyDestructingCallbackObjectClassInfo { nullptr }; > > AtomicStringTable* m_atomicStringTable; > WTF::SymbolRegistry m_symbolRegistry; >Index: Source/JavaScriptCore/runtime/WriteBarrier.h >=================================================================== >--- Source/JavaScriptCore/runtime/WriteBarrier.h (revision 240833) >+++ Source/JavaScriptCore/runtime/WriteBarrier.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2011-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -27,11 +27,9 @@ > > #include "GCAssertions.h" > #include "HandleTypes.h" >-#include "JSCPoison.h" > #include <type_traits> > #include <wtf/DumbPtrTraits.h> > #include <wtf/DumbValueTraits.h> >-#include <wtf/Poisoned.h> > > namespace JSC { > >@@ -250,12 +248,4 @@ inline bool operator==(const WriteBarrie > return lhs.get() == rhs.get(); > } > >-template<typename Poison, class T> >-using PoisonedWriteBarrierTraitsSelect = typename std::conditional<std::is_same<T, Unknown>::value, >- WTF::PoisonedValueTraits<Poison, T>, WTF::PoisonedPtrTraits<Poison, T> >->::type; >- >-template <typename Poison, typename T> >-using PoisonedWriteBarrier = WriteBarrier<T, PoisonedWriteBarrierTraitsSelect<Poison, T>>; >- > } // namespace JSC >Index: Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp >=================================================================== >--- Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp (revision 240833) >+++ Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -48,7 +48,6 @@ > #include "B3WasmAddressValue.h" > #include "B3WasmBoundsCheckValue.h" > #include "JSCInlines.h" >-#include "JSCPoison.h" > #include "ScratchRegisterAllocator.h" > #include "VirtualRegister.h" > #include "WasmCallingConvention.h" >@@ -1126,8 +1125,6 @@ auto B3IRGenerator::addCall(uint32_t fun > // https://bugs.webkit.org/show_bug.cgi?id=170375 > Value* jumpDestination = isEmbedderBlock->appendNew<MemoryValue>(m_proc, > Load, pointerType(), origin(), instanceValue(), safeCast<int32_t>(Instance::offsetOfWasmToEmbedderStub(functionIndex))); >- if (Options::usePoisoning()) >- jumpDestination = isEmbedderBlock->appendNew<Value>(m_proc, BitXor, origin(), jumpDestination, isEmbedderBlock->appendNew<Const64Value>(m_proc, origin(), g_JITCodePoison)); > > Value* embedderCallResult = wasmCallingConvention().setupCall(m_proc, isEmbedderBlock, origin(), args, toB3Type(returnType), > [=] (PatchpointValue* patchpoint) { >@@ -1306,8 +1303,6 @@ auto B3IRGenerator::addCallIndirect(cons > ExpressionType calleeCode = m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), > m_currentBlock->appendNew<MemoryValue>(m_proc, Load, pointerType(), origin(), callableFunction, > safeCast<int32_t>(WasmToWasmImportableFunction::offsetOfEntrypointLoadLocation()))); >- if (Options::usePoisoning()) >- calleeCode = m_currentBlock->appendNew<Value>(m_proc, BitXor, origin(), calleeCode, m_currentBlock->appendNew<Const64Value>(m_proc, origin(), g_JITCodePoison)); > > Type returnType = signature.returnType(); > result = wasmCallingConvention().setupCall(m_proc, m_currentBlock, origin(), args, toB3Type(returnType), >Index: Source/JavaScriptCore/wasm/WasmBinding.cpp >=================================================================== >--- Source/JavaScriptCore/wasm/WasmBinding.cpp (revision 240833) >+++ Source/JavaScriptCore/wasm/WasmBinding.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -78,8 +78,6 @@ Expected<MacroAssemblerCodeRef<WasmEntry > > // Tail call into the callee WebAssembly function. > jit.loadPtr(scratch, scratch); >- if (Options::usePoisoning()) >- jit.xorPtr(JIT::TrustedImmPtr(g_JITCodePoison), scratch); > jit.jump(scratch, WasmEntryPtrTag); > > LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, JITCompilationCanFail); >Index: Source/JavaScriptCore/wasm/WasmInstance.h >=================================================================== >--- Source/JavaScriptCore/wasm/WasmInstance.h (revision 240833) >+++ Source/JavaScriptCore/wasm/WasmInstance.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -117,7 +117,7 @@ public: > Instance* targetInstance { nullptr }; > WasmToWasmImportableFunction::LoadLocation wasmEntrypointLoadLocation { nullptr }; > MacroAssemblerCodePtr<WasmEntryPtrTag> wasmToEmbedderStub; >- void* importFunction { nullptr }; // In a JS embedding, this is a PoisonedBarrier<JSObject>. >+ void* importFunction { nullptr }; // In a JS embedding, this is a WriteBarrier<JSObject>. > }; > unsigned numImportFunctions() const { return m_numImportFunctions; } > ImportFunctionInfo* importFunctionInfo(size_t importFunctionNum) >Index: Source/JavaScriptCore/wasm/js/JSToWasm.cpp >=================================================================== >--- Source/JavaScriptCore/wasm/js/JSToWasm.cpp (revision 240833) >+++ Source/JavaScriptCore/wasm/js/JSToWasm.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -116,9 +116,7 @@ std::unique_ptr<InternalFunction> create > // instance as the first JS argument when we're not using fast TLS to hold the > // Wasm::Context*'s instance. > jit.loadPtr(CCallHelpers::Address(GPRInfo::callFrameRegister, CallFrameSlot::thisArgument * sizeof(EncodedJSValue)), GPRInfo::argumentGPR2); >- jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, JSWebAssemblyInstance::offsetOfPoisonedInstance()), GPRInfo::argumentGPR2); >- jit.move(CCallHelpers::TrustedImm64(JSWebAssemblyInstancePoison::key()), GPRInfo::argumentGPR0); >- jit.xor64(GPRInfo::argumentGPR0, GPRInfo::argumentGPR2); >+ jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, JSWebAssemblyInstance::offsetOfInstance()), GPRInfo::argumentGPR2); > } > > jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR2, Instance::offsetOfPointerToTopEntryFrame()), GPRInfo::argumentGPR0); >@@ -155,9 +153,7 @@ std::unique_ptr<InternalFunction> create > // Wasm::Context*'s instance. > if (!Context::useFastTLS()) { > jit.loadPtr(CCallHelpers::Address(GPRInfo::callFrameRegister, jsOffset), wasmContextInstanceGPR); >- jit.loadPtr(CCallHelpers::Address(wasmContextInstanceGPR, JSWebAssemblyInstance::offsetOfPoisonedInstance()), wasmContextInstanceGPR); >- jit.move(CCallHelpers::TrustedImm64(JSWebAssemblyInstancePoison::key()), scratchReg); >- jit.xor64(scratchReg, wasmContextInstanceGPR); >+ jit.loadPtr(CCallHelpers::Address(wasmContextInstanceGPR, JSWebAssemblyInstance::offsetOfInstance()), wasmContextInstanceGPR); > jsOffset += sizeof(EncodedJSValue); > } > >Index: Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h >=================================================================== >--- Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h (revision 240833) >+++ Source/JavaScriptCore/wasm/js/JSWebAssemblyCodeBlock.h (working copy) >@@ -28,7 +28,6 @@ > #if ENABLE(WEBASSEMBLY) > > #include "CallLinkInfo.h" >-#include "JSCPoison.h" > #include "JSCast.h" > #include "PromiseDeferredTimer.h" > #include "Structure.h" >@@ -36,7 +35,6 @@ > #include "WasmFormat.h" > #include "WasmModule.h" > #include <wtf/Bag.h> >-#include <wtf/PoisonedUniquePtr.h> > #include <wtf/Ref.h> > #include <wtf/Vector.h> > >@@ -90,7 +88,7 @@ private: > static void destroy(JSCell*); > static void visitChildren(JSCell*, SlotVisitor&); > >- PoisonedRef<JSWebAssemblyCodeBlockPoison, Wasm::CodeBlock> m_codeBlock; >+ Ref<Wasm::CodeBlock> m_codeBlock; > Vector<MacroAssemblerCodeRef<WasmEntryPtrTag>> m_wasmToJSExitStubs; > Bag<CallLinkInfo> m_callLinkInfos; > String m_errorMessage; >Index: Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp >=================================================================== >--- Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp (revision 240833) >+++ Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -54,7 +54,7 @@ JSWebAssemblyInstance::JSWebAssemblyInst > , m_instance(WTFMove(instance)) > { > for (unsigned i = 0; i < this->instance().numImportFunctions(); ++i) >- new (this->instance().importFunction<PoisonedBarrier<JSObject>>(i)) PoisonedBarrier<JSObject>(); >+ new (this->instance().importFunction<WriteBarrier<JSObject>>(i)) WriteBarrier<JSObject>(); > } > > void JSWebAssemblyInstance::finishCreation(VM& vm, JSWebAssemblyModule* module, JSModuleNamespaceObject* moduleNamespaceObject) >@@ -88,7 +88,7 @@ void JSWebAssemblyInstance::visitChildre > visitor.append(thisObject->m_callee); > visitor.reportExtraMemoryVisited(thisObject->m_instance->extraMemoryAllocated()); > for (unsigned i = 0; i < thisObject->instance().numImportFunctions(); ++i) >- visitor.append(*thisObject->instance().importFunction<PoisonedBarrier<JSObject>>(i)); // This also keeps the functions' JSWebAssemblyInstance alive. >+ visitor.append(*thisObject->instance().importFunction<WriteBarrier<JSObject>>(i)); // This also keeps the functions' JSWebAssemblyInstance alive. > } > > void JSWebAssemblyInstance::finalizeCreation(VM& vm, ExecState* exec, Ref<Wasm::CodeBlock>&& wasmCodeBlock, JSObject* importObject, Wasm::CreationMode creationMode) >Index: Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h >=================================================================== >--- Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h (revision 240833) >+++ Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -27,7 +27,6 @@ > > #if ENABLE(WEBASSEMBLY) > >-#include "JSCPoison.h" > #include "JSDestructibleObject.h" > #include "JSObject.h" > #include "JSWebAssemblyCodeBlock.h" >@@ -81,11 +80,8 @@ public: > > JSWebAssemblyModule* module() const { return m_module.get(); } > >- static size_t offsetOfPoisonedInstance() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_instance); } >- static size_t offsetOfPoisonedCallee() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_callee); } >- >- template<typename T> >- using PoisonedBarrier = PoisonedWriteBarrier<JSWebAssemblyInstancePoison, T>; >+ static size_t offsetOfInstance() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_instance); } >+ static size_t offsetOfCallee() { return OBJECT_OFFSETOF(JSWebAssemblyInstance, m_callee); } > > protected: > JSWebAssemblyInstance(VM&, Structure*, Ref<Wasm::Instance>&&); >@@ -94,14 +90,14 @@ protected: > static void visitChildren(JSCell*, SlotVisitor&); > > private: >- PoisonedRef<JSWebAssemblyInstancePoison, Wasm::Instance> m_instance; >+ Ref<Wasm::Instance> m_instance; > >- PoisonedBarrier<JSWebAssemblyModule> m_module; >- PoisonedBarrier<JSWebAssemblyCodeBlock> m_codeBlock; >- PoisonedBarrier<JSModuleNamespaceObject> m_moduleNamespaceObject; >- PoisonedBarrier<JSWebAssemblyMemory> m_memory; >- PoisonedBarrier<JSWebAssemblyTable> m_table; >- PoisonedBarrier<WebAssemblyToJSCallee> m_callee; >+ WriteBarrier<JSWebAssemblyModule> m_module; >+ WriteBarrier<JSWebAssemblyCodeBlock> m_codeBlock; >+ WriteBarrier<JSModuleNamespaceObject> m_moduleNamespaceObject; >+ WriteBarrier<JSWebAssemblyMemory> m_memory; >+ WriteBarrier<JSWebAssemblyTable> m_table; >+ WriteBarrier<WebAssemblyToJSCallee> m_callee; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h >=================================================================== >--- Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h (revision 240833) >+++ Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -27,7 +27,6 @@ > > #if ENABLE(WEBASSEMBLY) > >-#include "JSCPoison.h" > #include "JSDestructibleObject.h" > #include "JSObject.h" > #include "WasmMemory.h" >@@ -67,9 +66,9 @@ private: > static void destroy(JSCell*); > static void visitChildren(JSCell*, SlotVisitor&); > >- PoisonedRef<JSWebAssemblyMemoryPoison, Wasm::Memory> m_memory; >- PoisonedWriteBarrier<JSWebAssemblyMemoryPoison, JSArrayBuffer> m_bufferWrapper; >- PoisonedRefPtr<JSWebAssemblyMemoryPoison, ArrayBuffer> m_buffer; >+ Ref<Wasm::Memory> m_memory; >+ WriteBarrier<JSArrayBuffer> m_bufferWrapper; >+ RefPtr<ArrayBuffer> m_buffer; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h >=================================================================== >--- Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h (revision 240833) >+++ Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -27,7 +27,6 @@ > > #if ENABLE(WEBASSEMBLY) > >-#include "JSCPoison.h" > #include "JSDestructibleObject.h" > #include "JSObject.h" > #include "WasmMemoryMode.h" >@@ -78,14 +77,11 @@ private: > static void destroy(JSCell*); > static void visitChildren(JSCell*, SlotVisitor&); > >- PoisonedRef<JSWebAssemblyModulePoison, Wasm::Module> m_module; >+ Ref<Wasm::Module> m_module; > >- template<typename T> >- using PoisonedBarrier = PoisonedWriteBarrier<JSWebAssemblyModulePoison, T>; >- >- PoisonedBarrier<SymbolTable> m_exportSymbolTable; >- PoisonedBarrier<JSWebAssemblyCodeBlock> m_codeBlocks[Wasm::NumberOfMemoryModes]; >- PoisonedBarrier<WebAssemblyToJSCallee> m_callee; >+ WriteBarrier<SymbolTable> m_exportSymbolTable; >+ WriteBarrier<JSWebAssemblyCodeBlock> m_codeBlocks[Wasm::NumberOfMemoryModes]; >+ WriteBarrier<WebAssemblyToJSCallee> m_callee; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp >=================================================================== >--- Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp (revision 240833) >+++ Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -63,9 +63,9 @@ JSWebAssemblyTable::JSWebAssemblyTable(V > // FIXME: It might be worth trying to pre-allocate maximum here. The spec recommends doing so. > // But for now, we're not doing that. > // FIXME this over-allocates and could be smarter about not committing all of that memory https://bugs.webkit.org/show_bug.cgi?id=181425 >- m_jsFunctions = MallocPtr<PoisonedBarrier<JSObject>>::malloc((sizeof(PoisonedBarrier<JSObject>) * Checked<size_t>(allocatedLength())).unsafeGet()); >+ m_jsFunctions = MallocPtr<WriteBarrier<JSObject>>::malloc((sizeof(WriteBarrier<JSObject>) * Checked<size_t>(allocatedLength())).unsafeGet()); > for (uint32_t i = 0; i < allocatedLength(); ++i) >- new(&m_jsFunctions.get()[i]) PoisonedBarrier<JSObject>(); >+ new(&m_jsFunctions.get()[i]) WriteBarrier<JSObject>(); > } > > void JSWebAssemblyTable::finishCreation(VM& vm) >@@ -104,10 +104,10 @@ bool JSWebAssemblyTable::grow(uint32_t d > size_t newLength = grew.value(); > if (newLength > m_table->allocatedLength(oldLength)) > // FIXME this over-allocates and could be smarter about not committing all of that memory https://bugs.webkit.org/show_bug.cgi?id=181425 >- m_jsFunctions.realloc((sizeof(PoisonedBarrier<JSObject>) * Checked<size_t>(m_table->allocatedLength(newLength))).unsafeGet()); >+ m_jsFunctions.realloc((sizeof(WriteBarrier<JSObject>) * Checked<size_t>(m_table->allocatedLength(newLength))).unsafeGet()); > > for (size_t i = oldLength; i < m_table->allocatedLength(newLength); ++i) >- new (&m_jsFunctions.get()[i]) PoisonedBarrier<JSObject>(); >+ new (&m_jsFunctions.get()[i]) WriteBarrier<JSObject>(); > > return true; > } >@@ -121,7 +121,7 @@ JSObject* JSWebAssemblyTable::getFunctio > void JSWebAssemblyTable::clearFunction(uint32_t index) > { > m_table->clearFunction(index); >- m_jsFunctions.get()[index & m_table->mask()] = PoisonedBarrier<JSObject>(); >+ m_jsFunctions.get()[index & m_table->mask()] = WriteBarrier<JSObject>(); > } > > void JSWebAssemblyTable::setFunction(VM& vm, uint32_t index, WebAssemblyFunction* function) >Index: Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.h >=================================================================== >--- Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.h (revision 240833) >+++ Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -27,7 +27,6 @@ > > #if ENABLE(WEBASSEMBLY) > >-#include "JSCPoison.h" > #include "JSDestructibleObject.h" > #include "JSObject.h" > #include "WasmLimits.h" >@@ -66,12 +65,9 @@ private: > static void destroy(JSCell*); > static void visitChildren(JSCell*, SlotVisitor&); > >- PoisonedRef<JSWebAssemblyTablePoison, Wasm::Table> m_table; >+ Ref<Wasm::Table> m_table; > >- template<typename T> >- using PoisonedBarrier = PoisonedWriteBarrier<JSWebAssemblyTablePoison, T>; >- >- MallocPtr<PoisonedBarrier<JSObject>> m_jsFunctions; >+ MallocPtr<WriteBarrier<JSObject>> m_jsFunctions; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/wasm/js/WasmToJS.cpp >=================================================================== >--- Source/JavaScriptCore/wasm/js/WasmToJS.cpp (revision 240833) >+++ Source/JavaScriptCore/wasm/js/WasmToJS.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -47,12 +47,11 @@ namespace JSC { namespace Wasm { > > using JIT = CCallHelpers; > >-static void materializeImportJSCell(JIT& jit, unsigned importIndex, GPRReg poison, GPRReg result) >+static void materializeImportJSCell(JIT& jit, unsigned importIndex, GPRReg result) > { > // We're calling out of the current WebAssembly.Instance. That Instance has a list of all its import functions. > jit.loadWasmContextInstance(result); > jit.loadPtr(JIT::Address(result, Instance::offsetOfImportFunction(importIndex)), result); >- jit.xor64(poison, result); > } > > static Expected<MacroAssemblerCodeRef<WasmEntryPtrTag>, BindingFailure> handleBadI64Use(VM* vm, JIT& jit, const Signature& signature, unsigned importIndex) >@@ -86,14 +85,9 @@ static Expected<MacroAssemblerCodeRef<Wa > > // Store Callee. > jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR1, Instance::offsetOfOwner()), GPRInfo::argumentGPR1); >- jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR1, JSWebAssemblyInstance::offsetOfPoisonedCallee()), GPRInfo::argumentGPR2); >- jit.move(CCallHelpers::TrustedImm64(JSWebAssemblyInstancePoison::key()), GPRInfo::argumentGPR3); >- jit.xor64(GPRInfo::argumentGPR3, GPRInfo::argumentGPR2); >+ jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR1, JSWebAssemblyInstance::offsetOfCallee()), GPRInfo::argumentGPR2); > jit.storePtr(GPRInfo::argumentGPR2, JIT::Address(GPRInfo::callFrameRegister, CallFrameSlot::callee * static_cast<int>(sizeof(Register)))); > >- // Let's be paranoid on the exception path and zero out the poison instead of leaving it in an argument GPR. >- jit.move(CCallHelpers::TrustedImm32(0), GPRInfo::argumentGPR3); >- > auto call = jit.call(OperationPtrTag); > jit.jumpToExceptionHandler(*vm); > >@@ -291,16 +285,11 @@ Expected<MacroAssemblerCodeRef<WasmEntry > > jit.loadWasmContextInstance(GPRInfo::argumentGPR0); > jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, Instance::offsetOfOwner()), GPRInfo::argumentGPR0); >- jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, JSWebAssemblyInstance::offsetOfPoisonedCallee()), GPRInfo::argumentGPR0); >- jit.move(CCallHelpers::TrustedImm64(JSWebAssemblyInstancePoison::key()), GPRInfo::argumentGPR3); >- jit.xor64(GPRInfo::argumentGPR3, GPRInfo::argumentGPR0); >+ jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, JSWebAssemblyInstance::offsetOfCallee()), GPRInfo::argumentGPR0); > jit.storePtr(GPRInfo::argumentGPR0, JIT::Address(GPRInfo::callFrameRegister, CallFrameSlot::callee * static_cast<int>(sizeof(Register)))); > >- materializeImportJSCell(jit, importIndex, GPRInfo::argumentGPR3, GPRInfo::argumentGPR1); >+ materializeImportJSCell(jit, importIndex, GPRInfo::argumentGPR1); > >- // Let's be paranoid before the call and zero out the poison instead of leaving it in an argument GPR. >- jit.move(CCallHelpers::TrustedImm32(0), GPRInfo::argumentGPR3); >- > static_assert(GPRInfo::numberOfArgumentRegisters >= 4, "We rely on this with the call below."); > static_assert(sizeof(SignatureIndex) == sizeof(uint64_t), "Following code assumes SignatureIndex is 64bit."); > jit.setupArguments<decltype(callFunc)>(GPRInfo::argumentGPR1, CCallHelpers::TrustedImm64(signatureIndex), CCallHelpers::TrustedImmPtr(buffer)); >@@ -479,24 +468,15 @@ Expected<MacroAssemblerCodeRef<WasmEntry > } > } > >- GPRReg poison = GPRInfo::argumentGPR1; >- ASSERT(poison != GPRInfo::argumentGPR0); // Both are used at the same time below. >- > jit.loadWasmContextInstance(GPRInfo::argumentGPR0); > jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, Instance::offsetOfOwner()), GPRInfo::argumentGPR0); >- jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, JSWebAssemblyInstance::offsetOfPoisonedCallee()), GPRInfo::argumentGPR0); >- jit.move(CCallHelpers::TrustedImm64(JSWebAssemblyInstancePoison::key()), poison); >- jit.xor64(poison, GPRInfo::argumentGPR0); >+ jit.loadPtr(CCallHelpers::Address(GPRInfo::argumentGPR0, JSWebAssemblyInstance::offsetOfCallee()), GPRInfo::argumentGPR0); > jit.storePtr(GPRInfo::argumentGPR0, JIT::Address(GPRInfo::callFrameRegister, CallFrameSlot::callee * static_cast<int>(sizeof(Register)))); > > GPRReg importJSCellGPRReg = GPRInfo::regT0; // Callee needs to be in regT0 for slow path below. >- ASSERT(poison != importJSCellGPRReg); > > ASSERT(!wasmCC.m_calleeSaveRegisters.get(importJSCellGPRReg)); >- materializeImportJSCell(jit, importIndex, poison, importJSCellGPRReg); >- >- // Let's be paranoid zero out the poison instead of leaving it in an argument GPR. >- jit.move(CCallHelpers::TrustedImm32(0), poison); >+ materializeImportJSCell(jit, importIndex, importJSCellGPRReg); > > jit.store64(importJSCellGPRReg, calleeFrame.withOffset(CallFrameSlot::callee * static_cast<int>(sizeof(Register)))); > jit.store32(JIT::TrustedImm32(numberOfParameters), calleeFrame.withOffset(CallFrameSlot::argumentCount * static_cast<int>(sizeof(Register)) + PayloadOffset)); >Index: Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.h >=================================================================== >--- Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.h (revision 240833) >+++ Source/JavaScriptCore/wasm/js/WebAssemblyFunctionBase.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -50,7 +50,7 @@ protected: > void finishCreation(VM&, NativeExecutable*, unsigned length, const String& name, JSWebAssemblyInstance*); > WebAssemblyFunctionBase(VM&, JSGlobalObject*, Structure*); > >- PoisonedWriteBarrier<WebAssemblyFunctionBasePoison, JSWebAssemblyInstance> m_instance; >+ WriteBarrier<JSWebAssemblyInstance> m_instance; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp >=================================================================== >--- Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp (revision 240833) >+++ Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -224,7 +224,7 @@ void WebAssemblyModuleRecord::link(ExecS > auto* info = m_instance->instance().importFunctionInfo(import.kindIndex); > info->targetInstance = calleeInstance; > info->wasmEntrypointLoadLocation = entrypointLoadLocation; >- m_instance->instance().importFunction<JSWebAssemblyInstance::PoisonedBarrier<JSObject>>(import.kindIndex)->set(vm, m_instance.get(), function); >+ m_instance->instance().importFunction<WriteBarrier<JSObject>>(import.kindIndex)->set(vm, m_instance.get(), function); > break; > } > >@@ -338,7 +338,7 @@ void WebAssemblyModuleRecord::link(ExecS > // ii. (Note: At most one wrapper is created for any closure, so func is unique, even if there are multiple occurrances in the list. Moreover, if the item was an import that is already an Exported Function Exotic Object, then the original function object will be found. For imports that are regular JS functions, a new wrapper will be created.) > if (exp.kindIndex < functionImportCount) { > unsigned functionIndex = exp.kindIndex; >- JSObject* functionImport = m_instance->instance().importFunction<JSWebAssemblyInstance::PoisonedBarrier<JSObject>>(functionIndex)->get(); >+ JSObject* functionImport = m_instance->instance().importFunction<WriteBarrier<JSObject>>(functionIndex)->get(); > if (isWebAssemblyHostFunction(vm, functionImport)) > exportedValue = functionImport; > else { >@@ -419,7 +419,7 @@ void WebAssemblyModuleRecord::link(ExecS > ASSERT(!signature.argumentCount()); > ASSERT(signature.returnType() == Wasm::Void); > if (startFunctionIndexSpace < codeBlock->functionImportCount()) { >- JSObject* startFunction = m_instance->instance().importFunction<JSWebAssemblyInstance::PoisonedBarrier<JSObject>>(startFunctionIndexSpace)->get(); >+ JSObject* startFunction = m_instance->instance().importFunction<WriteBarrier<JSObject>>(startFunctionIndexSpace)->get(); > m_startFunction.set(vm, this, startFunction); > } else { > Wasm::Callee& embedderEntrypointCallee = codeBlock->embedderEntrypointCalleeFromFunctionIndexSpace(startFunctionIndexSpace); >@@ -520,7 +520,7 @@ JSValue WebAssemblyModuleRecord::evaluat > uint32_t functionIndex = element.functionIndices[i]; > Wasm::SignatureIndex signatureIndex = module.signatureIndexFromFunctionIndexSpace(functionIndex); > if (functionIndex < codeBlock->functionImportCount()) { >- JSObject* functionImport = m_instance->instance().importFunction<JSWebAssemblyInstance::PoisonedBarrier<JSObject>>(functionIndex)->get(); >+ JSObject* functionImport = m_instance->instance().importFunction<WriteBarrier<JSObject>>(functionIndex)->get(); > if (isWebAssemblyHostFunction(vm, functionImport)) { > WebAssemblyFunction* wasmFunction = jsDynamicCast<WebAssemblyFunction*>(vm, functionImport); > // If we ever import a WebAssemblyWrapperFunction, we set the import as the unwrapped value. >Index: Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.h >=================================================================== >--- Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.h (revision 240833) >+++ Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -61,11 +61,8 @@ private: > > static void visitChildren(JSCell*, SlotVisitor&); > >- template<typename T> >- using PoisonedBarrier = PoisonedWriteBarrier<WebAssemblyModuleRecordPoison, T>; >- >- PoisonedBarrier<JSWebAssemblyInstance> m_instance; >- PoisonedBarrier<JSObject> m_startFunction; >+ WriteBarrier<JSWebAssemblyInstance> m_instance; >+ WriteBarrier<JSObject> m_startFunction; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.h >=================================================================== >--- Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.h (revision 240833) >+++ Source/JavaScriptCore/wasm/js/WebAssemblyToJSCallee.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2016-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2016-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -51,7 +51,7 @@ private: > void finishCreation(VM&, JSWebAssemblyModule*); > WebAssemblyToJSCallee(VM&, Structure*); > >- PoisonedWriteBarrier<WebAssemblyToJSCalleePoison, JSWebAssemblyModule> m_module; >+ WriteBarrier<JSWebAssemblyModule> m_module; > }; > > } // namespace JSC >Index: Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h >=================================================================== >--- Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h (revision 240833) >+++ Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -64,7 +64,7 @@ protected: > private: > WebAssemblyWrapperFunction(VM&, JSGlobalObject*, Structure*, WasmToWasmImportableFunction); > >- PoisonedWriteBarrier<WebAssemblyWrapperFunctionPoison, JSObject> m_function; >+ WriteBarrier<JSObject> m_function; > // It's safe to just hold the raw WasmToWasmImportableFunction because we have a reference > // to our Instance, which points to the CodeBlock, which points to the Module > // that exported us, which ensures that the actual Signature/code doesn't get deallocated. >Index: Source/WTF/ChangeLog >=================================================================== >--- Source/WTF/ChangeLog (revision 240833) >+++ Source/WTF/ChangeLog (working copy) >@@ -1,3 +1,22 @@ >+2019-01-31 Mark Lam <mark.lam@apple.com> >+ >+ Remove poisoning everywhere. >+ https://bugs.webkit.org/show_bug.cgi?id=194138 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WTF.xcodeproj/project.pbxproj: >+ * wtf/Bag.h: >+ * wtf/CMakeLists.txt: >+ * wtf/Platform.h: >+ * wtf/Poisoned.cpp: Removed. >+ * wtf/Poisoned.h: Removed. >+ * wtf/PoisonedUniquePtr.h: Removed. >+ * wtf/Ref.h: >+ * wtf/RefCountedArray.h: >+ * wtf/RefPtr.h: >+ * wtf/WTFAssertions.cpp: >+ > 2019-01-31 Carlos Garcia Campos <cgarcia@igalia.com> > > Unreviewed. Fix WPE compile warnings due to deprecated glib API. >Index: Source/WTF/WTF.xcodeproj/project.pbxproj >=================================================================== >--- Source/WTF/WTF.xcodeproj/project.pbxproj (revision 240833) >+++ Source/WTF/WTF.xcodeproj/project.pbxproj (working copy) >@@ -165,7 +165,6 @@ > E4A0AD391A96245500536DF6 /* WorkQueue.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E4A0AD371A96245500536DF6 /* WorkQueue.cpp */; }; > E4A0AD3D1A96253C00536DF6 /* WorkQueueCocoa.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E4A0AD3C1A96253C00536DF6 /* WorkQueueCocoa.cpp */; }; > FE05FAFF1FE5007500093230 /* WTFAssertions.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE05FAFE1FE5007500093230 /* WTFAssertions.cpp */; }; >- FE85416E1FBE285D008DA5DA /* Poisoned.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE85416C1FBE285B008DA5DA /* Poisoned.cpp */; }; > FEDACD3D1630F83F00C69634 /* StackStats.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FEDACD3B1630F83F00C69634 /* StackStats.cpp */; }; > FEEA4DF9216D7BE400AC0602 /* StackPointer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FEEA4DF8216D7BE400AC0602 /* StackPointer.cpp */; }; > /* End PBXBuildFile section */ >@@ -669,12 +668,9 @@ > F72BBDB107FA424886178B9E /* SymbolImpl.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SymbolImpl.cpp; sourceTree = "<group>"; }; > FE05FAE61FDB214300093230 /* DumbPtrTraits.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DumbPtrTraits.h; sourceTree = "<group>"; }; > FE05FAFE1FE5007500093230 /* WTFAssertions.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WTFAssertions.cpp; sourceTree = "<group>"; }; >- FE05FB041FE8453200093230 /* PoisonedUniquePtr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PoisonedUniquePtr.h; sourceTree = "<group>"; }; > FE7497E4208FFCAA0003565B /* PtrTag.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PtrTag.h; sourceTree = "<group>"; }; > FE7497ED209163060003565B /* MetaAllocatorPtr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MetaAllocatorPtr.h; sourceTree = "<group>"; }; > FE8225301B2A1E5B00BA68FD /* NakedPtr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NakedPtr.h; sourceTree = "<group>"; }; >- FE85416C1FBE285B008DA5DA /* Poisoned.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Poisoned.cpp; sourceTree = "<group>"; }; >- FE85416D1FBE285C008DA5DA /* Poisoned.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Poisoned.h; sourceTree = "<group>"; }; > FE86A8741E59440200111BBF /* ForbidHeapAllocation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ForbidHeapAllocation.h; sourceTree = "<group>"; }; > FE8925AF1D00DAEC0046907E /* Indenter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Indenter.h; sourceTree = "<group>"; }; > FEB6B035201BE0B600B958C1 /* PointerPreparations.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PointerPreparations.h; sourceTree = "<group>"; }; >@@ -1060,9 +1056,6 @@ > E3200AB41E9A536D003B59D2 /* PlatformRegisters.h */, > 0FF860941BCCBD740045127F /* PointerComparison.h */, > FEB6B035201BE0B600B958C1 /* PointerPreparations.h */, >- FE85416C1FBE285B008DA5DA /* Poisoned.cpp */, >- FE85416D1FBE285C008DA5DA /* Poisoned.h */, >- FE05FB041FE8453200093230 /* PoisonedUniquePtr.h */, > 0F9D335D165DBA73005AD387 /* PrintStream.cpp */, > 0F9D335E165DBA73005AD387 /* PrintStream.h */, > 53EC253C1E95AD30000831B9 /* PriorityQueue.h */, >@@ -1560,7 +1553,6 @@ > 51F1752B1F3D486000C74950 /* PersistentCoders.cpp in Sources */, > 51F1752C1F3D486000C74950 /* PersistentDecoder.cpp in Sources */, > 51F1752D1F3D486000C74950 /* PersistentEncoder.cpp in Sources */, >- FE85416E1FBE285D008DA5DA /* Poisoned.cpp in Sources */, > 0F9D3362165DBA73005AD387 /* PrintStream.cpp in Sources */, > 7AF023B52061E17000A8EFD6 /* ProcessPrivilege.cpp in Sources */, > 143F611F1565F0F900DB514A /* RAMSize.cpp in Sources */, >Index: Source/WTF/wtf/Bag.h >=================================================================== >--- Source/WTF/wtf/Bag.h (revision 240833) >+++ Source/WTF/wtf/Bag.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2013-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2013-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -156,12 +156,6 @@ private: > typename PtrTraits::StorageType m_head { nullptr }; > }; > >-template<typename Poison, typename T> struct PoisonedPtrTraits; >- >-template<typename Poison, typename T> >-using PoisonedBag = Bag<T, PoisonedPtrTraits<Poison, Private::BagNode<T>>>; >- > } // namespace WTF > > using WTF::Bag; >-using WTF::PoisonedBag; >Index: Source/WTF/wtf/CMakeLists.txt >=================================================================== >--- Source/WTF/wtf/CMakeLists.txt (revision 240833) >+++ Source/WTF/wtf/CMakeLists.txt (working copy) >@@ -165,8 +165,6 @@ set(WTF_PUBLIC_HEADERS > PlatformRegisters.h > PointerComparison.h > PointerPreparations.h >- Poisoned.h >- PoisonedUniquePtr.h > PrintStream.h > PriorityQueue.h > ProcessID.h >@@ -380,7 +378,6 @@ set(WTF_SOURCES > ParallelHelperPool.cpp > ParallelJobsGeneric.cpp > ParkingLot.cpp >- Poisoned.cpp > PrintStream.cpp > ProcessPrivilege.cpp > RAMSize.cpp >Index: Source/WTF/wtf/Platform.h >=================================================================== >--- Source/WTF/wtf/Platform.h (revision 240833) >+++ Source/WTF/wtf/Platform.h (working copy) >@@ -1046,8 +1046,6 @@ > #define ENABLE_SIGNAL_BASED_VM_TRAPS 1 > #endif > >-#define ENABLE_POISON 0 >- > #if !defined(USE_POINTER_PROFILING) || USE(JSVALUE32_64) || !ENABLE(JIT) > #undef USE_POINTER_PROFILING > #define USE_POINTER_PROFILING 0 >Index: Source/WTF/wtf/Poisoned.cpp >=================================================================== >--- Source/WTF/wtf/Poisoned.cpp (revision 240833) >+++ Source/WTF/wtf/Poisoned.cpp (nonexistent) >@@ -1,60 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >-#include <wtf/Poisoned.h> >- >-#include <wtf/CryptographicallyRandomNumber.h> >- >-namespace WTF { >- >-uintptr_t makePoison() >-{ >- uintptr_t poison = 0; >-#if ENABLE(POISON) >- do { >- poison = cryptographicallyRandomNumber(); >- poison = (poison << 16) ^ (static_cast<uintptr_t>(cryptographicallyRandomNumber()) << 3); >- } while (!(poison >> 32)); // Ensure that bits 32-47 are not completely 0. >- >- // Ensure that the poisoned bits (pointer ^ poison) looks like a valid pointer. >- RELEASE_ASSERT(poison && !(poison >> 48)); >- >- // Ensure that the poisoned bits (pointer ^ poison) cannot be 0. This is so that the poisoned >- // bits can also be used for a normal zero check without needing to be decoded first. >- poison |= (1 << 2); >- >- // Ensure that the bottom 2 alignment bits are still 0 so that the poisoned bits will >- // still preserve the properties of a pointer where these bits are expected to be 0. >- // This allows the poisoned bits to be used in place of the pointer by clients that >- // rely on this property of pointers and sets flags in the low bits. >- // Note: a regular pointer has 3 alignment bits, but the poisoned bits need to use one >- // (see above). Hence, clients can only use 2 bits for flags. >- RELEASE_ASSERT(!(poison & 0x3)); >-#endif >- return poison; >-} >- >-} // namespace WTF >Index: Source/WTF/wtf/Poisoned.h >=================================================================== >--- Source/WTF/wtf/Poisoned.h (revision 240833) >+++ Source/WTF/wtf/Poisoned.h (nonexistent) >@@ -1,271 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#pragma once >- >-#include <cstddef> >-#include <utility> >-#include <wtf/Assertions.h> >- >-#define ENABLE_POISON_ASSERTS 0 >- >-#if !ENABLE(POISON) >-#undef ENABLE_POISON_ASSERTS >-#define ENABLE_POISON_ASSERTS 0 >-#endif >- >-namespace WTF { >- >-using PoisonedBits = uintptr_t; >- >-namespace PoisonedImplHelper { >- >-template<typename T> >-struct isFunctionPointer : std::integral_constant<bool, std::is_function<typename std::remove_pointer<T>::type>::value> { }; >- >-template<typename T> >-struct isVoidPointer : std::integral_constant<bool, std::is_void<typename std::remove_pointer<T>::type>::value> { }; >- >-template<typename T> >-struct isConvertibleToReference : std::integral_constant<bool, !isFunctionPointer<T>::value && !isVoidPointer<T>::value> { }; >- >-template<typename T> >-typename std::enable_if_t<!isConvertibleToReference<T>::value, int>& >-asReference(T) { RELEASE_ASSERT_NOT_REACHED(); } >- >-template<typename T> >-typename std::enable_if_t<isConvertibleToReference<T>::value, typename std::remove_pointer<T>::type>& >-asReference(T ptr) { return *ptr; } >- >-} // namespace PoisonedImplHelper >- >-enum AlreadyPoisonedTag { AlreadyPoisoned }; >- >-template<uintptr_t& poisonKey> >-class Poison { >-public: >- template<typename PoisonedType = void> >- static uintptr_t key(const PoisonedType* = nullptr) { return poisonKey; } >-}; >- >-template<typename Poison, typename T, typename = std::enable_if_t<sizeof(T) == sizeof(void*)>> >-class Poisoned { >-public: >- static constexpr bool isPoisonedType = true; >- >- Poisoned() { } >- >- Poisoned(std::nullptr_t) { } >- >- Poisoned(T ptr) >- : m_poisonedBits(poison(ptr)) >- { } >- >- Poisoned(const Poisoned&) = default; >- >- template<typename Other, typename = std::enable_if_t<Other::isPoisonedType>> >- Poisoned(const Other& other) >- : m_poisonedBits(poison<T>(other.unpoisoned())) >- { } >- >- Poisoned(Poisoned&&) = default; >- >- explicit Poisoned(AlreadyPoisonedTag, PoisonedBits poisonedBits) >- : m_poisonedBits(poisonedBits) >- { } >- >-#if ENABLE(POISON_ASSERTS) >- template<typename U = void*> >- static bool isPoisoned(U value) { return !value || (reinterpret_cast<uintptr_t>(value) & 0xffff000000000000); } >- template<typename U = void*> >- static void assertIsPoisoned(U value) { RELEASE_ASSERT(isPoisoned(value)); } >- template<typename U = void*> >- static void assertIsNotPoisoned(U value) { RELEASE_ASSERT(!isPoisoned(value)); } >-#else >- template<typename U = void*> static void assertIsPoisoned(U) { } >- template<typename U = void*> static void assertIsNotPoisoned(U) { } >-#endif >- void assertIsPoisoned() const { assertIsPoisoned(m_poisonedBits); } >- void assertIsNotPoisoned() const { assertIsNotPoisoned(m_poisonedBits); } >- >- template<typename U = T> >- U unpoisoned() const { return unpoison<U>(m_poisonedBits); } >- >- void clear() { m_poisonedBits = 0; } >- >- auto& operator*() const { ASSERT(m_poisonedBits); return PoisonedImplHelper::asReference(unpoison(m_poisonedBits)); } >- ALWAYS_INLINE T operator->() const { return unpoison(m_poisonedBits); } >- >- template<typename U = PoisonedBits> >- U bits() const { return bitwise_cast<U>(m_poisonedBits); } >- >- bool operator!() const { return !m_poisonedBits; } >- explicit operator bool() const { return !!m_poisonedBits; } >- >- bool operator==(const Poisoned& b) const { return m_poisonedBits == b.m_poisonedBits; } >- bool operator!=(const Poisoned& b) const { return m_poisonedBits != b.m_poisonedBits; } >- >- bool operator==(T b) const { return unpoisoned() == b; } >- bool operator!=(T b) const { return unpoisoned() != b; } >- bool operator<(T b) const { return unpoisoned() < b; } >- bool operator<=(T b) const { return unpoisoned() <= b; } >- bool operator>(T b) const { return unpoisoned() > b; } >- bool operator>=(T b) const { return unpoisoned() >= b; } >- >- Poisoned& operator=(T ptr) >- { >- m_poisonedBits = poison(ptr); >- return *this; >- } >- Poisoned& operator=(const Poisoned&) = default; >- >- Poisoned& operator=(std::nullptr_t) >- { >- clear(); >- return *this; >- } >- >- template<typename Other, typename = std::enable_if_t<Other::isPoisonedType>> >- Poisoned& operator=(const Other& other) >- { >- m_poisonedBits = poison<T>(other.unpoisoned()); >- return *this; >- } >- >- void swap(Poisoned& other) >- { >- std::swap(m_poisonedBits, other.m_poisonedBits); >- } >- >- void swap(std::nullptr_t) { clear(); } >- >- template<typename Other, typename = std::enable_if_t<Other::isPoisonedType>> >- void swap(Other& other) >- { >- T t1 = this->unpoisoned(); >- T t2 = other.unpoisoned(); >- std::swap(t1, t2); >- m_poisonedBits = poison(t1); >- other.m_poisonedBits = other.poison(t2); >- } >- >- void swap(T& t2) >- { >- T t1 = this->unpoisoned(); >- std::swap(t1, t2); >- m_poisonedBits = poison(t1); >- } >- >- template<class U> >- T exchange(U&& newValue) >- { >- T oldValue = unpoisoned(); >- m_poisonedBits = poison(std::forward<U>(newValue)); >- return oldValue; >- } >- >-private: >- template<typename U> >- ALWAYS_INLINE PoisonedBits poison(U ptr) const { return poison<PoisonedBits>(this, bitwise_cast<uintptr_t>(ptr)); } >- template<typename U = T> >- ALWAYS_INLINE U unpoison(PoisonedBits poisonedBits) const { return unpoison<U>(this, poisonedBits); } >- >- constexpr static PoisonedBits poison(const Poisoned*, std::nullptr_t) { return 0; } >-#if ENABLE(POISON) >- template<typename U> >- ALWAYS_INLINE static PoisonedBits poison(const Poisoned* thisPoisoned, U ptr) { return ptr ? bitwise_cast<PoisonedBits>(ptr) ^ Poison::key(thisPoisoned) : 0; } >- template<typename U = T> >- ALWAYS_INLINE static U unpoison(const Poisoned* thisPoisoned, PoisonedBits poisonedBits) { return poisonedBits ? bitwise_cast<U>(poisonedBits ^ Poison::key(thisPoisoned)) : bitwise_cast<U>(0ll); } >-#else >- template<typename U> >- ALWAYS_INLINE static PoisonedBits poison(const Poisoned*, U ptr) { return bitwise_cast<PoisonedBits>(ptr); } >- template<typename U = T> >- ALWAYS_INLINE static U unpoison(const Poisoned*, PoisonedBits poisonedBits) { return bitwise_cast<U>(poisonedBits); } >-#endif >- >- PoisonedBits m_poisonedBits { 0 }; >- >- template<typename, typename, typename> friend class Poisoned; >-}; >- >-template<typename T, typename U, typename = std::enable_if_t<T::isPoisonedType && U::isPoisonedType && !std::is_same<T, U>::value>> >-inline bool operator==(const T& a, const U& b) { return a.unpoisoned() == b.unpoisoned(); } >- >-template<typename T, typename U, typename = std::enable_if_t<T::isPoisonedType && U::isPoisonedType && !std::is_same<T, U>::value>> >-inline bool operator!=(const T& a, const U& b) { return a.unpoisoned() != b.unpoisoned(); } >- >-template<typename T, typename U, typename = std::enable_if_t<T::isPoisonedType && U::isPoisonedType>> >-inline bool operator<(const T& a, const U& b) { return a.unpoisoned() < b.unpoisoned(); } >- >-template<typename T, typename U, typename = std::enable_if_t<T::isPoisonedType && U::isPoisonedType>> >-inline bool operator<=(const T& a, const U& b) { return a.unpoisoned() <= b.unpoisoned(); } >- >-template<typename T, typename U, typename = std::enable_if_t<T::isPoisonedType && U::isPoisonedType>> >-inline bool operator>(const T& a, const U& b) { return a.unpoisoned() > b.unpoisoned(); } >- >-template<typename T, typename U, typename = std::enable_if_t<T::isPoisonedType && U::isPoisonedType>> >-inline bool operator>=(const T& a, const U& b) { return a.unpoisoned() >= b.unpoisoned(); } >- >-template<typename T, typename U, typename = std::enable_if_t<T::isPoisonedType>> >-inline void swap(T& a, U& b) >-{ >- a.swap(b); >-} >- >-WTF_EXPORT_PRIVATE uintptr_t makePoison(); >- >-template<typename Poison, typename T> >-struct PoisonedPtrTraits { >- using StorageType = Poisoned<Poison, T*>; >- >- template<class U> static ALWAYS_INLINE T* exchange(StorageType& ptr, U&& newValue) { return ptr.exchange(newValue); } >- >- template<typename Other> >- static ALWAYS_INLINE void swap(Poisoned<Poison, T*>& a, Other& b) { a.swap(b); } >- >- static ALWAYS_INLINE T* unwrap(const StorageType& ptr) { return ptr.unpoisoned(); } >-}; >- >-template<typename Poison, typename T> >-struct PoisonedValueTraits { >- using StorageType = Poisoned<Poison, T>; >- >- template<class U> static ALWAYS_INLINE T exchange(StorageType& val, U&& newValue) { return val.exchange(newValue); } >- >- template<typename Other> >- static ALWAYS_INLINE void swap(Poisoned<Poison, T>& a, Other& b) { a.swap(b); } >- >- static ALWAYS_INLINE T unwrap(const StorageType& val) { return val.unpoisoned(); } >-}; >- >-} // namespace WTF >- >-using WTF::AlreadyPoisoned; >-using WTF::Poison; >-using WTF::Poisoned; >-using WTF::PoisonedBits; >-using WTF::PoisonedPtrTraits; >-using WTF::PoisonedValueTraits; >-using WTF::makePoison; >Index: Source/WTF/wtf/PoisonedUniquePtr.h >=================================================================== >--- Source/WTF/wtf/PoisonedUniquePtr.h (revision 240833) >+++ Source/WTF/wtf/PoisonedUniquePtr.h (nonexistent) >@@ -1,220 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#pragma once >- >-#include <cstddef> >-#include <memory> >-#include <wtf/FastMalloc.h> >-#include <wtf/Poisoned.h> >- >-namespace WTF { >- >-template<typename Poison, typename T, typename Enable = void> >-class PoisonedUniquePtr : public Poisoned<Poison, T*> { >- WTF_MAKE_FAST_ALLOCATED; >- using Base = Poisoned<Poison, T*>; >-public: >- static constexpr bool isPoisonedUniquePtrType = true; >- using ValueType = T; >- >- PoisonedUniquePtr() = default; >- PoisonedUniquePtr(std::nullptr_t) : Base() { } >- PoisonedUniquePtr(T* ptr) : Base(ptr) { } >- PoisonedUniquePtr(PoisonedUniquePtr&& ptr) : Base(WTFMove(ptr)) { ptr.clearWithoutDestroy(); } >- PoisonedUniquePtr(std::unique_ptr<T>&& unique) : PoisonedUniquePtr(unique.release()) { } >- >- template<typename U, typename = std::enable_if_t<std::is_base_of<T, U>::value>> >- PoisonedUniquePtr(std::unique_ptr<U>&& unique) >- : Base(unique.release()) >- { } >- >- template<typename Other, typename = std::enable_if_t<Other::isPoisonedUniquePtrType && std::is_base_of<T, typename Other::ValueType>::value>> >- PoisonedUniquePtr(Other&& ptr) >- : Base(ptr.unpoisoned()) >- { >- ptr.clearWithoutDestroy(); >- } >- >- PoisonedUniquePtr(const PoisonedUniquePtr&) = delete; >- >- ~PoisonedUniquePtr() { destroy(); } >- >- template<typename... Arguments> >- static PoisonedUniquePtr create(Arguments&&... arguments) >- { >- return new T(std::forward<Arguments>(arguments)...); >- } >- >- PoisonedUniquePtr& operator=(T* ptr) >- { >- if (LIKELY(this->unpoisoned() != ptr)) { >- this->clear(); >- this->Base::operator=(ptr); >- } >- return *this; >- } >- >- PoisonedUniquePtr& operator=(std::unique_ptr<T>&& unique) >- { >- this->clear(); >- this->Base::operator=(unique.release()); >- return *this; >- } >- >- template<typename U, typename = std::enable_if_t<std::is_base_of<T, U>::value>> >- PoisonedUniquePtr& operator=(std::unique_ptr<U>&& unique) >- { >- this->clear(); >- this->Base::operator=(unique.release()); >- return *this; >- } >- >- template<typename Other, typename = std::enable_if_t<Other::isPoisonedUniquePtrType && std::is_base_of<T, typename Other::ValueType>::value>> >- PoisonedUniquePtr& operator=(Other&& ptr) >- { >- ASSERT(this == static_cast<void*>(&ptr) || this->unpoisoned() != ptr.unpoisoned()); >- if (LIKELY(this != static_cast<void*>(&ptr))) { >- this->clear(); >- this->Base::operator=(WTFMove(ptr)); >- ptr.clearWithoutDestroy(); >- } >- return *this; >- } >- >- PoisonedUniquePtr& operator=(const PoisonedUniquePtr&) = delete; >- >- T* get() const { return this->unpoisoned(); } >- T& operator[](size_t index) const { return this->unpoisoned()[index]; } >- >- void clear() >- { >- destroy(); >- clearWithoutDestroy(); >- } >- >-private: >- void destroy() >- { >- if (!this->bits()) >- return; >- delete this->unpoisoned(); >- } >- >- void clearWithoutDestroy() { Base::clear(); } >- >- template<typename, typename, typename> friend class PoisonedUniquePtr; >-}; >- >-template<typename Poison, typename T> >-class PoisonedUniquePtr<Poison, T[]> : public Poisoned<Poison, T*> { >- WTF_MAKE_FAST_ALLOCATED; >- using Base = Poisoned<Poison, T*>; >-public: >- static constexpr bool isPoisonedUniquePtrType = true; >- using ValueType = T[]; >- >- PoisonedUniquePtr() = default; >- PoisonedUniquePtr(std::nullptr_t) : Base() { } >- PoisonedUniquePtr(T* ptr) : Base(ptr) { } >- PoisonedUniquePtr(PoisonedUniquePtr&& ptr) : Base(WTFMove(ptr)) { ptr.clearWithoutDestroy(); } >- PoisonedUniquePtr(std::unique_ptr<T[]>&& unique) : PoisonedUniquePtr(unique.release()) { } >- >- template<typename Other, typename = std::enable_if_t<Other::isPoisonedUniquePtrType && std::is_same<T[], typename Other::ValueType>::value>> >- PoisonedUniquePtr(Other&& ptr) >- : Base(ptr.unpoisoned()) >- { >- ptr.clearWithoutDestroy(); >- } >- >- PoisonedUniquePtr(const PoisonedUniquePtr&) = delete; >- >- ~PoisonedUniquePtr() { destroy(); } >- >- template<typename... Arguments> >- static PoisonedUniquePtr create(size_t count, Arguments&&... arguments) >- { >- T* result = new T[count]; >- while (count--) >- new (result + count) T(std::forward<Arguments>(arguments)...); >- return result; >- } >- >- PoisonedUniquePtr& operator=(T* ptr) >- { >- if (LIKELY(this->unpoisoned() != ptr)) { >- this->clear(); >- this->Base::operator=(ptr); >- } >- return *this; >- } >- >- PoisonedUniquePtr& operator=(std::unique_ptr<T[]>&& unique) >- { >- this->clear(); >- this->Base::operator=(unique.release()); >- return *this; >- } >- >- template<typename Other, typename = std::enable_if_t<Other::isPoisonedUniquePtrType && std::is_same<T[], typename Other::ValueType>::value>> >- PoisonedUniquePtr& operator=(Other&& ptr) >- { >- ASSERT(this == static_cast<void*>(&ptr) || this->unpoisoned() != ptr.unpoisoned()); >- if (LIKELY(this != static_cast<void*>(&ptr))) { >- this->clear(); >- this->Base::operator=(WTFMove(ptr)); >- ptr.clearWithoutDestroy(); >- } >- return *this; >- } >- >- PoisonedUniquePtr& operator=(const PoisonedUniquePtr&) = delete; >- >- T* get() const { return this->unpoisoned(); } >- T& operator[](size_t index) const { return this->unpoisoned()[index]; } >- >- void clear() >- { >- destroy(); >- clearWithoutDestroy(); >- } >- >-private: >- void destroy() >- { >- if (!this->bits()) >- return; >- delete[] this->unpoisoned(); >- } >- >- void clearWithoutDestroy() { Base::clear(); } >- >- template<typename, typename, typename> friend class PoisonedUniquePtr; >-}; >- >-} // namespace WTF >- >-using WTF::PoisonedUniquePtr; >- >Index: Source/WTF/wtf/Ref.h >=================================================================== >--- Source/WTF/wtf/Ref.h (revision 240833) >+++ Source/WTF/wtf/Ref.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2013-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2013-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -267,14 +267,8 @@ inline bool is(const Ref<ArgType, PtrTra > return is<ExpectedType>(source.get()); > } > >-template<typename Poison, typename T> struct PoisonedPtrTraits; >- >-template<typename Poison, typename T> >-using PoisonedRef = Ref<T, PoisonedPtrTraits<Poison, T>>; >- > } // namespace WTF > >-using WTF::PoisonedRef; > using WTF::Ref; > using WTF::adoptRef; > using WTF::makeRef; >Index: Source/WTF/wtf/RefCountedArray.h >=================================================================== >--- Source/WTF/wtf/RefCountedArray.h (revision 240833) >+++ Source/WTF/wtf/RefCountedArray.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2011-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2011-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -248,12 +248,6 @@ private: > typename PtrTraits::StorageType m_data { nullptr }; > }; > >-template<typename Poison, typename T> struct PoisonedPtrTraits; >- >-template<typename Poison, typename T> >-using PoisonedRefCountedArray = RefCountedArray<T, PoisonedPtrTraits<Poison, T>>; >- > } // namespace WTF > >-using WTF::PoisonedRefCountedArray; > using WTF::RefCountedArray; >Index: Source/WTF/wtf/RefPtr.h >=================================================================== >--- Source/WTF/wtf/RefPtr.h (revision 240833) >+++ Source/WTF/wtf/RefPtr.h (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2005-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2005-2019 Apple Inc. All rights reserved. > * > * This library is free software; you can redistribute it and/or > * modify it under the terms of the GNU Library General Public >@@ -271,14 +271,8 @@ inline bool is(const RefPtr<ArgType, Ptr > return is<ExpectedType>(source.get()); > } > >-template<typename Poison, typename T> struct PoisonedPtrTraits; >- >-template<typename Poison, typename T> >-using PoisonedRefPtr = RefPtr<T, PoisonedPtrTraits<Poison, T>>; >- > } // namespace WTF > >-using WTF::PoisonedRefPtr; > using WTF::RefPtr; > using WTF::adoptRef; > using WTF::makeRefPtr; >Index: Source/WTF/wtf/WTFAssertions.cpp >=================================================================== >--- Source/WTF/wtf/WTFAssertions.cpp (revision 240833) >+++ Source/WTF/wtf/WTFAssertions.cpp (working copy) >@@ -1,5 +1,5 @@ > /* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved. > * > * Redistribution and use in source and binary forms, with or without > * modification, are permitted provided that the following conditions >@@ -26,8 +26,6 @@ > #include "config.h" > > #include <wtf/Bag.h> >-#include <wtf/Poisoned.h> >-#include <wtf/PoisonedUniquePtr.h> > #include <wtf/RefCountedArray.h> > #include <wtf/RefPtr.h> > >@@ -35,24 +33,12 @@ namespace WTF { > > namespace { > struct DummyStruct { }; >-uintptr_t dummyPoison = 0; > } > > static_assert(sizeof(Bag<DummyStruct>) == sizeof(void*), ""); >-static_assert(sizeof(PoisonedBag<Poison<dummyPoison>, DummyStruct>) == sizeof(void*), ""); >- > static_assert(sizeof(Ref<DummyStruct>) == sizeof(DummyStruct*), ""); >-static_assert(sizeof(PoisonedRef<Poison<dummyPoison>, DummyStruct>) == sizeof(DummyStruct*), ""); >- > static_assert(sizeof(RefPtr<DummyStruct>) == sizeof(DummyStruct*), ""); >-static_assert(sizeof(PoisonedRefPtr<Poison<dummyPoison>, DummyStruct>) == sizeof(DummyStruct*), ""); >- >-static_assert(sizeof(PoisonedUniquePtr<Poison<dummyPoison>, DummyStruct>) == sizeof(DummyStruct*), ""); >-static_assert(sizeof(PoisonedUniquePtr<Poison<dummyPoison>, int[]>) == sizeof(int*), ""); >-static_assert(sizeof(PoisonedUniquePtr<Poison<dummyPoison>, DummyStruct[]>) == sizeof(DummyStruct*), ""); >- > static_assert(sizeof(RefCountedArray<DummyStruct>) == sizeof(void*), ""); >-static_assert(sizeof(PoisonedRefCountedArray<Poison<dummyPoison>, DummyStruct>) == sizeof(void*), ""); > > } // namespace WTF > >Index: Tools/ChangeLog >=================================================================== >--- Tools/ChangeLog (revision 240834) >+++ Tools/ChangeLog (working copy) >@@ -1,3 +1,23 @@ >+2019-01-31 Mark Lam <mark.lam@apple.com> >+ >+ Remove poisoning everywhere. >+ https://bugs.webkit.org/show_bug.cgi?id=194138 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * BuildSlaveSupport/build.webkit.org-config/steps_unittest.py: >+ * BuildSlaveSupport/ews-build/steps_unittest.py: >+ * Scripts/webkitpy/layout_tests/run_webkit_tests.py: >+ (_set_up_derived_options): >+ * TestWebKitAPI/CMakeLists.txt: >+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: >+ * TestWebKitAPI/Tests/WTF/Poisoned.cpp: Removed. >+ * TestWebKitAPI/Tests/WTF/PoisonedRef.cpp: Removed. >+ * TestWebKitAPI/Tests/WTF/PoisonedRefPtr.cpp: Removed. >+ * TestWebKitAPI/Tests/WTF/PoisonedUniquePtr.cpp: Removed. >+ * TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp: Removed. >+ * TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForTriviallyDestructibleArrays.cpp: Removed. >+ > 2019-01-31 Ryan Haddad <ryanhaddad@apple.com> > > Update flakiness dashboard configuration after recent queue changes >Index: Tools/BuildSlaveSupport/build.webkit.org-config/steps_unittest.py >=================================================================== >--- Tools/BuildSlaveSupport/build.webkit.org-config/steps_unittest.py (revision 240833) >+++ Tools/BuildSlaveSupport/build.webkit.org-config/steps_unittest.py (working copy) >@@ -389,7 +389,6 @@ Test suite failed > > Timeout > >- TestWTF.WTF_PoisonedUniquePtrForTriviallyDestructibleArrays.Assignment > > Testing completed, Exit status: 3 > """) >@@ -409,7 +408,6 @@ Test suite failed > > Timeout > >- TestWTF.WTF_PoisonedUniquePtrForTriviallyDestructibleArrays.Assignment > TestWTF.WTF_Lock.ContendedShortSection > > Testing completed, Exit status: 3 >@@ -450,7 +448,6 @@ Crashed > > Timeout > >- TestWTF.WTF_PoisonedUniquePtrForTriviallyDestructibleArrays.Assignment > TestWTF.WTF_Lock.ContendedShortSection > > Testing completed, Exit status: 3 >Index: Tools/BuildSlaveSupport/ews-build/steps_unittest.py >=================================================================== >--- Tools/BuildSlaveSupport/ews-build/steps_unittest.py (revision 240833) >+++ Tools/BuildSlaveSupport/ews-build/steps_unittest.py (working copy) >@@ -1,4 +1,4 @@ >-# Copyright (C) 2018 Apple Inc. All rights reserved. >+# Copyright (C) 2018-2019 Apple Inc. All rights reserved. > # > # Redistribution and use in source and binary forms, with or without > # modification, are permitted provided that the following conditions >@@ -1074,7 +1074,6 @@ Failed > > Timeout > >- TestWTF.WTF_PoisonedUniquePtrForTriviallyDestructibleArrays.Assignment > TestWTF.WTF_Lock.ContendedShortSection > > Testing completed, Exit status: 3 >Index: Tools/Scripts/webkitpy/layout_tests/run_webkit_tests.py >=================================================================== >--- Tools/Scripts/webkitpy/layout_tests/run_webkit_tests.py (revision 240833) >+++ Tools/Scripts/webkitpy/layout_tests/run_webkit_tests.py (working copy) >@@ -1,6 +1,6 @@ > # Copyright (C) 2010 Google Inc. All rights reserved. > # Copyright (C) 2010 Gabor Rapcsanyi (rgabor@inf.u-szeged.hu), University of Szeged >-# Copyright (C) 2011, 2016 Apple Inc. All rights reserved. >+# Copyright (C) 2011-2019 Apple Inc. All rights reserved. > # > # Redistribution and use in source and binary forms, with or without > # modification, are permitted provided that the following conditions are >@@ -430,10 +430,6 @@ def _set_up_derived_options(port, option > if options.platform in ["gtk", "wpe"]: > options.webkit_test_runner = True > >- if options.leaks: >- options.additional_env_var.append("JSC_usePoisoning=0") >- options.additional_env_var.append("__XPC_JSC_usePoisoning=0") >- > def run(port, options, args, logging_stream): > logger = logging.getLogger() > logger.setLevel(logging.DEBUG if options.debug_rwt_logging else logging.INFO) >Index: Tools/TestWebKitAPI/CMakeLists.txt >=================================================================== >--- Tools/TestWebKitAPI/CMakeLists.txt (revision 240833) >+++ Tools/TestWebKitAPI/CMakeLists.txt (working copy) >@@ -147,12 +147,6 @@ set(TestWTF_SOURCES > ${TESTWEBKITAPI_DIR}/Tests/WTF/Optional.cpp > ${TESTWEBKITAPI_DIR}/Tests/WTF/OptionSet.cpp > ${TESTWEBKITAPI_DIR}/Tests/WTF/ParkingLot.cpp >- ${TESTWEBKITAPI_DIR}/Tests/WTF/Poisoned.cpp >- ${TESTWEBKITAPI_DIR}/Tests/WTF/PoisonedRef.cpp >- ${TESTWEBKITAPI_DIR}/Tests/WTF/PoisonedRefPtr.cpp >- ${TESTWEBKITAPI_DIR}/Tests/WTF/PoisonedUniquePtr.cpp >- ${TESTWEBKITAPI_DIR}/Tests/WTF/PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp >- ${TESTWEBKITAPI_DIR}/Tests/WTF/PoisonedUniquePtrForTriviallyDestructibleArrays.cpp > ${TESTWEBKITAPI_DIR}/Tests/WTF/PriorityQueue.cpp > ${TESTWEBKITAPI_DIR}/Tests/WTF/RedBlackTree.cpp > ${TESTWEBKITAPI_DIR}/Tests/WTF/Ref.cpp >Index: Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj >=================================================================== >--- Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (revision 240833) >+++ Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (working copy) >@@ -924,12 +924,6 @@ > F6B7BE9717469B96008A3445 /* associate-form-controls.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = F6B7BE9617469B7E008A3445 /* associate-form-controls.html */; }; > F6F49C6B15545CA70007F39D /* DOMWindowExtensionNoCache_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = F6F49C6615545C8D0007F39D /* DOMWindowExtensionNoCache_Bundle.cpp */; }; > F6FDDDD614241C6F004F1729 /* push-state.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = F6FDDDD514241C48004F1729 /* push-state.html */; }; >- FE05FAEC1FDB510A00093230 /* PoisonedRef.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE05FAEB1FDB510200093230 /* PoisonedRef.cpp */; }; >- FE05FAED1FDB510E00093230 /* PoisonedRefPtr.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE05FAEA1FDB510100093230 /* PoisonedRefPtr.cpp */; }; >- FE05FAEF1FE0645B00093230 /* Poisoned.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE05FAEE1FE0643D00093230 /* Poisoned.cpp */; }; >- FE05FB061FE84FB700093230 /* PoisonedUniquePtr.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE05FB051FE84FAE00093230 /* PoisonedUniquePtr.cpp */; }; >- FEC8F4E71FE9C9050056FD8A /* PoisonedUniquePtrForTriviallyDestructibleArrays.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FEC8F4E61FE9C8DE0056FD8A /* PoisonedUniquePtrForTriviallyDestructibleArrays.cpp */; }; >- FEC8F4EB1FE9F5AF0056FD8A /* PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FEC8F4EA1FE9F5A70056FD8A /* PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp */; }; > /* End PBXBuildFile section */ > > /* Begin PBXContainerItemProxy section */ >@@ -2273,13 +2267,7 @@ > F6F49C6715545C8D0007F39D /* DOMWindowExtensionNoCache.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DOMWindowExtensionNoCache.cpp; sourceTree = "<group>"; }; > F6FDDDD214241AD4004F1729 /* PrivateBrowsingPushStateNoHistoryCallback.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PrivateBrowsingPushStateNoHistoryCallback.cpp; sourceTree = "<group>"; }; > F6FDDDD514241C48004F1729 /* push-state.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = "push-state.html"; sourceTree = "<group>"; }; >- FE05FAEA1FDB510100093230 /* PoisonedRefPtr.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PoisonedRefPtr.cpp; sourceTree = "<group>"; }; >- FE05FAEB1FDB510200093230 /* PoisonedRef.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PoisonedRef.cpp; sourceTree = "<group>"; }; >- FE05FAEE1FE0643D00093230 /* Poisoned.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Poisoned.cpp; sourceTree = "<group>"; }; >- FE05FB051FE84FAE00093230 /* PoisonedUniquePtr.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PoisonedUniquePtr.cpp; sourceTree = "<group>"; }; > FEB6F74E1B2BA44E009E4922 /* NakedPtr.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NakedPtr.cpp; sourceTree = "<group>"; }; >- FEC8F4E61FE9C8DE0056FD8A /* PoisonedUniquePtrForTriviallyDestructibleArrays.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PoisonedUniquePtrForTriviallyDestructibleArrays.cpp; sourceTree = "<group>"; }; >- FEC8F4EA1FE9F5A70056FD8A /* PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp; sourceTree = "<group>"; }; > /* End PBXFileReference section */ > > /* Begin PBXFrameworksBuildPhase section */ >@@ -3228,12 +3216,6 @@ > 1AFDE6541953B2C000C48FFA /* Optional.cpp */, > CE50D8C81C8665CE0072EA5A /* OptionSet.cpp */, > 0FE447971B76F1E3009498EB /* ParkingLot.cpp */, >- FE05FAEE1FE0643D00093230 /* Poisoned.cpp */, >- FE05FAEB1FDB510200093230 /* PoisonedRef.cpp */, >- FE05FAEA1FDB510100093230 /* PoisonedRefPtr.cpp */, >- FE05FB051FE84FAE00093230 /* PoisonedUniquePtr.cpp */, >- FEC8F4EA1FE9F5A70056FD8A /* PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp */, >- FEC8F4E61FE9C8DE0056FD8A /* PoisonedUniquePtrForTriviallyDestructibleArrays.cpp */, > 53EC253F1E96BC80000831B9 /* PriorityQueue.cpp */, > 0FC6C4CB141027E0005B7F0C /* RedBlackTree.cpp */, > 93A427AA180DA26400CD24D7 /* Ref.cpp */, >@@ -3834,12 +3816,6 @@ > 1A77BAA31D9AFFFC005FC568 /* OptionSet.cpp in Sources */, > 7C83DF021D0A590C00FEBCF3 /* OSObjectPtr.cpp in Sources */, > 7C83DF591D0A590C00FEBCF3 /* ParkingLot.cpp in Sources */, >- FE05FAEF1FE0645B00093230 /* Poisoned.cpp in Sources */, >- FE05FAEC1FDB510A00093230 /* PoisonedRef.cpp in Sources */, >- FE05FAED1FDB510E00093230 /* PoisonedRefPtr.cpp in Sources */, >- FE05FB061FE84FB700093230 /* PoisonedUniquePtr.cpp in Sources */, >- FEC8F4EB1FE9F5AF0056FD8A /* PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp in Sources */, >- FEC8F4E71FE9C9050056FD8A /* PoisonedUniquePtrForTriviallyDestructibleArrays.cpp in Sources */, > 53EC25411E96FD87000831B9 /* PriorityQueue.cpp in Sources */, > 7C83DF131D0A590C00FEBCF3 /* RedBlackTree.cpp in Sources */, > 7C83DF141D0A590C00FEBCF3 /* Ref.cpp in Sources */, >Index: Tools/TestWebKitAPI/Tests/WTF/Poisoned.cpp >=================================================================== >--- Tools/TestWebKitAPI/Tests/WTF/Poisoned.cpp (revision 240833) >+++ Tools/TestWebKitAPI/Tests/WTF/Poisoned.cpp (nonexistent) >@@ -1,609 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >- >-#include "RefLogger.h" >-#include <mutex> >-#include <wtf/Poisoned.h> >- >-namespace TestWebKitAPI { >- >-namespace { >- >-uintptr_t g_testPoisonA; >-uintptr_t g_testPoisonB; >- >-using TestPoisonA = Poison<g_testPoisonA>; >-using TestPoisonB = Poison<g_testPoisonB>; >- >-static void initializeTestPoison() >-{ >- static std::once_flag initializeOnceFlag; >- std::call_once(initializeOnceFlag, [] { >- // Make sure we get 2 different poison values. >- g_testPoisonA = makePoison(); >- while (!g_testPoisonB || g_testPoisonB == g_testPoisonA) >- g_testPoisonB = makePoison(); >- }); >-} >- >-} // namespace anonymous >- >-// For these tests, we need a base class and a derived class. For this purpose, >-// we reuse the RefLogger and DerivedRefLogger classes. >- >-TEST(WTF_Poisoned, DISABLED_Basic) >-{ >- initializeTestPoison(); >- DerivedRefLogger a("a"); >- >- { >- Poisoned<TestPoisonA, RefLogger*> empty; >- ASSERT_EQ(nullptr, empty.unpoisoned()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> empty(nullptr); >- ASSERT_EQ(nullptr, empty.unpoisoned()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> ptr(&a); >- ASSERT_EQ(&a, ptr.unpoisoned()); >- ASSERT_EQ(&a, &*ptr); >- ASSERT_EQ(&a.name, &ptr->name); >- >-#if ENABLE(POISON) >- uintptr_t ptrBits; >- std::memcpy(&ptrBits, &ptr, sizeof(ptrBits)); >- ASSERT_TRUE(ptrBits != bitwise_cast<uintptr_t>(&a)); >-#if ENABLE(POISON_ASSERTS) >- ASSERT_TRUE((Poisoned<TestPoisonA, RefLogger*>::isPoisoned(ptrBits))); >-#endif >-#endif // ENABLE(POISON) >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> ptr = &a; >- ASSERT_EQ(&a, ptr.unpoisoned()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1 = &a; >- Poisoned<TestPoisonA, RefLogger*> p2(p1); >- >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&a, p2.unpoisoned()); >- ASSERT_TRUE(p1 == p2); >- ASSERT_TRUE(p1.bits() == p2.bits()); >- >- Poisoned<TestPoisonB, RefLogger*> p3(p1); >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_TRUE(p1 == p3); >- ASSERT_TRUE(p1.bits() != p3.bits()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1 = &a; >- Poisoned<TestPoisonA, RefLogger*> p2 = p1; >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&a, p2.unpoisoned()); >- ASSERT_TRUE(p1 == p2); >- ASSERT_TRUE(p1.bits() == p2.bits()); >- >- Poisoned<TestPoisonB, RefLogger*> p3 = p1; >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_TRUE(p1 == p3); >- ASSERT_TRUE(p1.bits() != p3.bits()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1 = &a; >- Poisoned<TestPoisonA, RefLogger*> p2 = WTFMove(p1); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&a, p2.unpoisoned()); >- ASSERT_TRUE(p1 == p2); >- ASSERT_TRUE(p1.bits() == p2.bits()); >- >- Poisoned<TestPoisonA, RefLogger*> p3 = &a; >- Poisoned<TestPoisonB, RefLogger*> p4 = WTFMove(p3); >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_EQ(&a, p4.unpoisoned()); >- ASSERT_TRUE(p3 == p4); >- ASSERT_TRUE(p3.bits() != p4.bits()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1 = &a; >- Poisoned<TestPoisonA, RefLogger*> p2(WTFMove(p1)); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&a, p2.unpoisoned()); >- ASSERT_TRUE(p1 == p2); >- ASSERT_TRUE(p1.bits() == p2.bits()); >- >- Poisoned<TestPoisonA, RefLogger*> p3 = &a; >- Poisoned<TestPoisonB, RefLogger*> p4(WTFMove(p3)); >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_EQ(&a, p4.unpoisoned()); >- ASSERT_TRUE(p3 == p4); >- ASSERT_TRUE(p3.bits() != p4.bits()); >- } >- >- { >- Poisoned<TestPoisonA, DerivedRefLogger*> p1 = &a; >- Poisoned<TestPoisonA, RefLogger*> p2 = p1; >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&a, p2.unpoisoned()); >- ASSERT_TRUE(p1 == p2); >- ASSERT_TRUE(p2 == p1); >- ASSERT_TRUE(p1.bits() == p2.bits()); >- >- Poisoned<TestPoisonB, RefLogger*> p3 = p1; >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_TRUE(p1 == p3); >- ASSERT_TRUE(p3 == p1); >- ASSERT_TRUE(p1.bits() != p3.bits()); >- } >- >- { >- Poisoned<TestPoisonA, DerivedRefLogger*> p1 = &a; >- Poisoned<TestPoisonA, RefLogger*> p2 = WTFMove(p1); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&a, p2.unpoisoned()); >- ASSERT_TRUE(p1 == p2); >- ASSERT_TRUE(p2 == p1); >- ASSERT_TRUE(p1.bits() == p2.bits()); >- >- Poisoned<TestPoisonA, DerivedRefLogger*> p3 = &a; >- Poisoned<TestPoisonB, RefLogger*> p4 = WTFMove(p3); >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_EQ(&a, p4.unpoisoned()); >- ASSERT_TRUE(p3 == p4); >- ASSERT_TRUE(p4 == p3); >- ASSERT_TRUE(p3.bits() != p4.bits()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> ptr(&a); >- ASSERT_EQ(&a, ptr.unpoisoned()); >- ptr.clear(); >- ASSERT_EQ(nullptr, ptr.unpoisoned()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> pA1000a = reinterpret_cast<RefLogger*>(0x1000); >- Poisoned<TestPoisonB, RefLogger*> pB2000a = reinterpret_cast<RefLogger*>(0x2000); >- >- Poisoned<TestPoisonA, RefLogger*> pA1000b = reinterpret_cast<RefLogger*>(0x1000); >- Poisoned<TestPoisonA, RefLogger*> pA2000b = reinterpret_cast<RefLogger*>(0x2000); >- >- Poisoned<TestPoisonB, RefLogger*> pB1000c = reinterpret_cast<RefLogger*>(0x1000); >- Poisoned<TestPoisonB, RefLogger*> pB2000c = reinterpret_cast<RefLogger*>(0x2000); >- >- >- ASSERT_EQ(pA1000a == pA1000a, true); >- ASSERT_EQ(pA1000a == pA1000b, true); >- ASSERT_EQ(pA1000a == pA2000b, false); >- ASSERT_EQ(pA1000a == pB1000c, true); >- ASSERT_EQ(pA1000a == pB2000c, false); >- >- ASSERT_EQ(pA1000a != pA1000a, false); >- ASSERT_EQ(pA1000a != pA1000b, false); >- ASSERT_EQ(pA1000a != pA2000b, true); >- ASSERT_EQ(pA1000a != pB1000c, false); >- ASSERT_EQ(pA1000a != pB2000c, true); >- >- ASSERT_EQ(pA1000a < pA1000a, false); >- ASSERT_EQ(pA1000a < pA1000b, false); >- ASSERT_EQ(pA1000a < pA2000b, true); >- ASSERT_EQ(pA1000a < pB1000c, false); >- ASSERT_EQ(pA1000a < pB2000c, true); >- >- ASSERT_EQ(pB2000a < pB2000a, false); >- ASSERT_EQ(pB2000a < pA1000b, false); >- ASSERT_EQ(pB2000a < pA2000b, false); >- ASSERT_EQ(pB2000a < pB1000c, false); >- ASSERT_EQ(pB2000a < pB2000c, false); >- >- ASSERT_EQ(pA1000a <= pA1000a, true); >- ASSERT_EQ(pA1000a <= pA1000b, true); >- ASSERT_EQ(pA1000a <= pA2000b, true); >- ASSERT_EQ(pA1000a <= pB1000c, true); >- ASSERT_EQ(pA1000a <= pB2000c, true); >- >- ASSERT_EQ(pB2000a <= pB2000a, true); >- ASSERT_EQ(pB2000a <= pA1000b, false); >- ASSERT_EQ(pB2000a <= pA2000b, true); >- ASSERT_EQ(pB2000a <= pB1000c, false); >- ASSERT_EQ(pB2000a <= pB2000c, true); >- >- ASSERT_EQ(pA1000a > pA1000a, false); >- ASSERT_EQ(pA1000a > pA1000b, false); >- ASSERT_EQ(pA1000a > pA2000b, false); >- ASSERT_EQ(pA1000a > pB1000c, false); >- ASSERT_EQ(pA1000a > pB2000c, false); >- >- ASSERT_EQ(pB2000a > pB2000a, false); >- ASSERT_EQ(pB2000a > pA1000b, true); >- ASSERT_EQ(pB2000a > pA2000b, false); >- ASSERT_EQ(pB2000a > pB1000c, true); >- ASSERT_EQ(pB2000a > pB2000c, false); >- >- ASSERT_EQ(pA1000a >= pA1000a, true); >- ASSERT_EQ(pA1000a >= pA1000b, true); >- ASSERT_EQ(pA1000a >= pA2000b, false); >- ASSERT_EQ(pA1000a >= pB1000c, true); >- ASSERT_EQ(pA1000a >= pB2000c, false); >- >- ASSERT_EQ(pB2000a >= pB2000a, true); >- ASSERT_EQ(pB2000a >= pA1000b, true); >- ASSERT_EQ(pB2000a >= pA2000b, true); >- ASSERT_EQ(pB2000a >= pB1000c, true); >- ASSERT_EQ(pB2000a >= pB2000c, true); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> prA1000 = reinterpret_cast<DerivedRefLogger*>(0x1000); >- Poisoned<TestPoisonA, DerivedRefLogger*> pdA1000 = reinterpret_cast<DerivedRefLogger*>(0x1000); >- Poisoned<TestPoisonB, RefLogger*> prB1000 = reinterpret_cast<DerivedRefLogger*>(0x1000); >- Poisoned<TestPoisonB, DerivedRefLogger*> pdB1000 = reinterpret_cast<DerivedRefLogger*>(0x1000); >- >- Poisoned<TestPoisonA, RefLogger*> prA2000 = reinterpret_cast<DerivedRefLogger*>(0x2000); >- Poisoned<TestPoisonA, DerivedRefLogger*> pdA2000 = reinterpret_cast<DerivedRefLogger*>(0x2000); >- Poisoned<TestPoisonB, RefLogger*> prB2000 = reinterpret_cast<DerivedRefLogger*>(0x2000); >- Poisoned<TestPoisonB, DerivedRefLogger*> pdB2000 = reinterpret_cast<DerivedRefLogger*>(0x2000); >- >- ASSERT_EQ(prA1000 == pdA1000, true); >- ASSERT_EQ(prA1000 == pdB1000, true); >- ASSERT_EQ(prA1000 == pdA2000, false); >- ASSERT_EQ(prA1000 == pdB2000, false); >- ASSERT_EQ(pdA1000 == prA1000, true); >- ASSERT_EQ(pdA1000 == prB1000, true); >- ASSERT_EQ(pdA1000 == prA2000, false); >- ASSERT_EQ(pdA1000 == prB2000, false); >- >- ASSERT_EQ(prA1000 != pdA1000, false); >- ASSERT_EQ(prA1000 != pdB1000, false); >- ASSERT_EQ(prA1000 != pdA2000, true); >- ASSERT_EQ(prA1000 != pdB2000, true); >- ASSERT_EQ(pdA1000 != prA1000, false); >- ASSERT_EQ(pdA1000 != prB1000, false); >- ASSERT_EQ(pdA1000 != prA2000, true); >- ASSERT_EQ(pdA1000 != prB2000, true); >- >- ASSERT_EQ(prA1000 < pdA1000, false); >- ASSERT_EQ(prA1000 < pdB1000, false); >- ASSERT_EQ(prA1000 < pdA2000, true); >- ASSERT_EQ(prA1000 < pdB2000, true); >- ASSERT_EQ(pdA1000 < prA1000, false); >- ASSERT_EQ(pdA1000 < prB1000, false); >- ASSERT_EQ(pdA1000 < prA2000, true); >- ASSERT_EQ(pdA1000 < prB2000, true); >- >- ASSERT_EQ(prA2000 < pdA1000, false); >- ASSERT_EQ(prA2000 < pdB1000, false); >- ASSERT_EQ(prA2000 < pdA2000, false); >- ASSERT_EQ(prA2000 < pdB2000, false); >- ASSERT_EQ(pdA2000 < prA1000, false); >- ASSERT_EQ(pdA2000 < prB1000, false); >- ASSERT_EQ(pdA2000 < prA2000, false); >- ASSERT_EQ(pdA2000 < prB2000, false); >- >- ASSERT_EQ(prA1000 <= pdA1000, true); >- ASSERT_EQ(prA1000 <= pdB1000, true); >- ASSERT_EQ(prA1000 <= pdA2000, true); >- ASSERT_EQ(prA1000 <= pdB2000, true); >- ASSERT_EQ(pdA1000 <= prA1000, true); >- ASSERT_EQ(pdA1000 <= prB1000, true); >- ASSERT_EQ(pdA1000 <= prA2000, true); >- ASSERT_EQ(pdA1000 <= prB2000, true); >- >- ASSERT_EQ(prA2000 <= pdA1000, false); >- ASSERT_EQ(prA2000 <= pdB1000, false); >- ASSERT_EQ(prA2000 <= pdA2000, true); >- ASSERT_EQ(prA2000 <= pdB2000, true); >- ASSERT_EQ(pdA2000 <= prA1000, false); >- ASSERT_EQ(pdA2000 <= prB1000, false); >- ASSERT_EQ(pdA2000 <= prA2000, true); >- ASSERT_EQ(pdA2000 <= prB2000, true); >- >- ASSERT_EQ(prA1000 > pdA1000, false); >- ASSERT_EQ(prA1000 > pdB1000, false); >- ASSERT_EQ(prA1000 > pdA2000, false); >- ASSERT_EQ(prA1000 > pdB2000, false); >- ASSERT_EQ(pdA1000 > prA1000, false); >- ASSERT_EQ(pdA1000 > prB1000, false); >- ASSERT_EQ(pdA1000 > prA2000, false); >- ASSERT_EQ(pdA1000 > prB2000, false); >- >- ASSERT_EQ(prA2000 > pdA1000, true); >- ASSERT_EQ(prA2000 > pdB1000, true); >- ASSERT_EQ(prA2000 > pdA2000, false); >- ASSERT_EQ(prA2000 > pdB2000, false); >- ASSERT_EQ(pdA2000 > prA1000, true); >- ASSERT_EQ(pdA2000 > prB1000, true); >- ASSERT_EQ(pdA2000 > prA2000, false); >- ASSERT_EQ(pdA2000 > prB2000, false); >- >- ASSERT_EQ(prA1000 >= pdA1000, true); >- ASSERT_EQ(prA1000 >= pdB1000, true); >- ASSERT_EQ(prA1000 >= pdA2000, false); >- ASSERT_EQ(prA1000 >= pdB2000, false); >- ASSERT_EQ(pdA1000 >= prA1000, true); >- ASSERT_EQ(pdA1000 >= prB1000, true); >- ASSERT_EQ(pdA1000 >= prA2000, false); >- ASSERT_EQ(pdA1000 >= prB2000, false); >- >- ASSERT_EQ(prA2000 >= pdA1000, true); >- ASSERT_EQ(prA2000 >= pdB1000, true); >- ASSERT_EQ(prA2000 >= pdA2000, true); >- ASSERT_EQ(prA2000 >= pdB2000, true); >- ASSERT_EQ(pdA2000 >= prA1000, true); >- ASSERT_EQ(pdA2000 >= prB1000, true); >- ASSERT_EQ(pdA2000 >= prA2000, true); >- ASSERT_EQ(pdA2000 >= prB2000, true); >- } >-} >- >-TEST(WTF_Poisoned, DISABLED_Assignment) >-{ >- initializeTestPoison(); >- DerivedRefLogger a("a"); >- RefLogger b("b"); >- DerivedRefLogger c("c"); >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1(&a); >- Poisoned<TestPoisonA, RefLogger*> p2(&b); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&b, p2.unpoisoned()); >- p1 = p2; >- ASSERT_EQ(&b, p1.unpoisoned()); >- ASSERT_EQ(&b, p2.unpoisoned()); >- ASSERT_TRUE(p1.bits() == p2.bits()); >- >- Poisoned<TestPoisonA, RefLogger*> p3(&a); >- Poisoned<TestPoisonB, RefLogger*> p4(&b); >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_EQ(&b, p4.unpoisoned()); >- p3 = p4; >- ASSERT_EQ(&b, p3.unpoisoned()); >- ASSERT_EQ(&b, p4.unpoisoned()); >- ASSERT_TRUE(p3.bits() != p4.bits()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> ptr(&a); >- ASSERT_EQ(&a, ptr.unpoisoned()); >- ptr = &b; >- ASSERT_EQ(&b, ptr.unpoisoned()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> ptr(&a); >- ASSERT_EQ(&a, ptr.unpoisoned()); >- ptr = nullptr; >- ASSERT_EQ(nullptr, ptr.unpoisoned()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1(&a); >- Poisoned<TestPoisonA, RefLogger*> p2(&b); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&b, p2.unpoisoned()); >- p1 = WTFMove(p2); >- ASSERT_EQ(&b, p1.unpoisoned()); >- ASSERT_EQ(&b, p2.unpoisoned()); >- ASSERT_TRUE(p1.bits() == p2.bits()); >- >- Poisoned<TestPoisonA, RefLogger*> p3(&a); >- Poisoned<TestPoisonB, RefLogger*> p4(&b); >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_EQ(&b, p4.unpoisoned()); >- p3 = WTFMove(p4); >- ASSERT_EQ(&b, p3.unpoisoned()); >- ASSERT_EQ(&b, p4.unpoisoned()); >- ASSERT_TRUE(p3.bits() != p4.bits()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1(&a); >- Poisoned<TestPoisonA, DerivedRefLogger*> p2(&c); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&c, p2.unpoisoned()); >- p1 = p2; >- ASSERT_EQ(&c, p1.unpoisoned()); >- ASSERT_EQ(&c, p2.unpoisoned()); >- ASSERT_TRUE(p1.bits() == p2.bits()); >- >- Poisoned<TestPoisonA, RefLogger*> p3(&a); >- Poisoned<TestPoisonB, DerivedRefLogger*> p4(&c); >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_EQ(&c, p4.unpoisoned()); >- p3 = p4; >- ASSERT_EQ(&c, p3.unpoisoned()); >- ASSERT_EQ(&c, p4.unpoisoned()); >- ASSERT_TRUE(p3.bits() != p4.bits()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> ptr(&a); >- ASSERT_EQ(&a, ptr.unpoisoned()); >- ptr = &c; >- ASSERT_EQ(&c, ptr.unpoisoned()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1(&a); >- Poisoned<TestPoisonA, DerivedRefLogger*> p2(&c); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&c, p2.unpoisoned()); >- p1 = WTFMove(p2); >- ASSERT_EQ(&c, p1.unpoisoned()); >- ASSERT_EQ(&c, p2.unpoisoned()); >- ASSERT_TRUE(p1.bits() == p2.bits()); >- >- Poisoned<TestPoisonA, RefLogger*> p3(&a); >- Poisoned<TestPoisonB, DerivedRefLogger*> p4(&c); >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_EQ(&c, p4.unpoisoned()); >- p3 = WTFMove(p4); >- ASSERT_EQ(&c, p3.unpoisoned()); >- ASSERT_EQ(&c, p4.unpoisoned()); >- ASSERT_TRUE(p3.bits() != p4.bits()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> ptr(&a); >- ASSERT_EQ(&a, ptr.unpoisoned()); >-#if COMPILER(CLANG) >-#pragma clang diagnostic push >-#pragma clang diagnostic ignored "-Wunknown-pragmas" >-#pragma clang diagnostic ignored "-Wunknown-warning-option" >-#pragma clang diagnostic ignored "-Wself-assign-overloaded" >-#endif >- ptr = ptr; >-#if COMPILER(CLANG) >-#pragma clang diagnostic pop >-#endif >- ASSERT_EQ(&a, ptr.unpoisoned()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> ptr(&a); >- ASSERT_EQ(&a, ptr.unpoisoned()); >-#if COMPILER(CLANG) >-#pragma clang diagnostic push >-#pragma clang diagnostic ignored "-Wunknown-pragmas" >-#pragma clang diagnostic ignored "-Wself-move" >-#endif >- ptr = WTFMove(ptr); >-#if COMPILER(CLANG) >-#pragma clang diagnostic pop >-#endif >- ASSERT_EQ(&a, ptr.unpoisoned()); >- } >-} >- >-TEST(WTF_Poisoned, DISABLED_Swap) >-{ >- initializeTestPoison(); >- RefLogger a("a"); >- RefLogger b("b"); >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1(&a); >- Poisoned<TestPoisonA, RefLogger*> p2(&b); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&b, p2.unpoisoned()); >- p1.swap(p2); >- ASSERT_EQ(&b, p1.unpoisoned()); >- ASSERT_EQ(&a, p2.unpoisoned()); >- >- ASSERT_TRUE(p1.bits() != p2.bits()); >- >- Poisoned<TestPoisonA, RefLogger*> p3(&a); >- Poisoned<TestPoisonB, RefLogger*> p4(&b); >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_EQ(&b, p4.unpoisoned()); >- p3.swap(p4); >- ASSERT_EQ(&b, p3.unpoisoned()); >- ASSERT_EQ(&a, p4.unpoisoned()); >- >- ASSERT_TRUE(p3.bits() != p4.bits()); >- ASSERT_TRUE(p1.bits() == p3.bits()); >- ASSERT_TRUE(p2.bits() != p4.bits()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1(&a); >- Poisoned<TestPoisonA, RefLogger*> p2(&b); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&b, p2.unpoisoned()); >- swap(p1, p2); >- ASSERT_EQ(&b, p1.unpoisoned()); >- ASSERT_EQ(&a, p2.unpoisoned()); >- >- ASSERT_TRUE(p1.bits() != p2.bits()); >- >- Poisoned<TestPoisonA, RefLogger*> p3(&a); >- Poisoned<TestPoisonB, RefLogger*> p4(&b); >- ASSERT_EQ(&a, p3.unpoisoned()); >- ASSERT_EQ(&b, p4.unpoisoned()); >- swap(p3, p4); >- ASSERT_EQ(&b, p3.unpoisoned()); >- ASSERT_EQ(&a, p4.unpoisoned()); >- >- ASSERT_TRUE(p3.bits() != p4.bits()); >- ASSERT_TRUE(p1.bits() == p3.bits()); >- ASSERT_TRUE(p2.bits() != p4.bits()); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1(&a); >- RefLogger* p2(&b); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&b, p2); >- swap(p1, p2); >- ASSERT_EQ(&b, p1.unpoisoned()); >- ASSERT_EQ(&a, p2); >- >- ASSERT_TRUE(p1.bits() != bitwise_cast<uintptr_t>(p2)); >- } >- >- { >- Poisoned<TestPoisonA, RefLogger*> p1(&a); >- RefLogger* p2(&b); >- ASSERT_EQ(&a, p1.unpoisoned()); >- ASSERT_EQ(&b, p2); >- p1.swap(p2); >- ASSERT_EQ(&b, p1.unpoisoned()); >- ASSERT_EQ(&a, p2); >- >- ASSERT_TRUE(p1.bits() != bitwise_cast<uintptr_t>(p2)); >- } >-} >- >-static Poisoned<TestPoisonA, RefLogger*> poisonedPtrFoo(RefLogger& logger) >-{ >- return Poisoned<TestPoisonA, RefLogger*>(&logger); >-} >- >-TEST(WTF_Poisoned, DISABLED_ReturnValue) >-{ >- initializeTestPoison(); >- DerivedRefLogger a("a"); >- >- { >- auto ptr = poisonedPtrFoo(a); >- ASSERT_EQ(&a, ptr.unpoisoned()); >- ASSERT_EQ(&a, &*ptr); >- ASSERT_EQ(&a.name, &ptr->name); >- } >-} >- >-} // namespace TestWebKitAPI >- >Index: Tools/TestWebKitAPI/Tests/WTF/PoisonedRef.cpp >=================================================================== >--- Tools/TestWebKitAPI/Tests/WTF/PoisonedRef.cpp (revision 240833) >+++ Tools/TestWebKitAPI/Tests/WTF/PoisonedRef.cpp (nonexistent) >@@ -1,356 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >- >-#include "RefLogger.h" >-#include <mutex> >-#include <wtf/Poisoned.h> >-#include <wtf/RefPtr.h> >- >-namespace TestWebKitAPI { >- >-namespace { >- >-uintptr_t g_poisonA; >-uintptr_t g_poisonB; >-uintptr_t g_poisonC; >-uintptr_t g_poisonD; >-uintptr_t g_poisonE; >-uintptr_t g_poisonF; >- >-using PoisonA = Poison<g_poisonA>; >-using PoisonB = Poison<g_poisonB>; >-using PoisonC = Poison<g_poisonC>; >-using PoisonD = Poison<g_poisonD>; >-using PoisonE = Poison<g_poisonE>; >-using PoisonF = Poison<g_poisonF>; >- >-static void initializePoisons() >-{ >- static std::once_flag initializeOnceFlag; >- std::call_once(initializeOnceFlag, [] { >- g_poisonA = makePoison(); >- g_poisonB = makePoison(); >- g_poisonC = makePoison(); >- g_poisonD = makePoison(); >- g_poisonF = makePoison(); >- g_poisonF = makePoison(); >- }); >-} >- >-} // namespace anonymous >- >-TEST(WTF_PoisonedRef, Basic) >-{ >- initializePoisons(); >- >- DerivedRefLogger a("a"); >- >- { >- PoisonedRef<PoisonA, RefLogger> ref(a); >- EXPECT_EQ(&a, ref.ptr()); >- EXPECT_EQ(&a.name, &ref->name); >- >-#if ENABLE(POISON) >- uintptr_t ptrBits; >- std::memcpy(&ptrBits, &ref, sizeof(ptrBits)); >- ASSERT_TRUE(ptrBits != bitwise_cast<uintptr_t>(&a)); >- ASSERT_EQ(ptrBits, (Poisoned<PoisonA, RefLogger*>(&a).bits())); >-#if ENABLE(POISON_ASSERTS) >- ASSERT_TRUE((Poisoned<PoisonA, RefLogger*>::isPoisoned(ptrBits))); >-#endif >-#endif // ENABLE(POISON) >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRef<PoisonB, RefLogger> ref(adoptRef(a)); >- EXPECT_EQ(&a, ref.ptr()); >- EXPECT_EQ(&a.name, &ref->name); >- } >- EXPECT_STREQ("deref(a) ", takeLogStr().c_str()); >-} >- >-TEST(WTF_PoisonedRef, Assignment) >-{ >- initializePoisons(); >- >- DerivedRefLogger a("a"); >- RefLogger b("b"); >- DerivedRefLogger c("c"); >- >- { >- PoisonedRef<PoisonC, RefLogger> ref(a); >- EXPECT_EQ(&a, ref.ptr()); >- log() << "| "; >- ref = b; >- EXPECT_EQ(&b, ref.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | ref(b) deref(a) | deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRef<PoisonD, RefLogger> ref(a); >- EXPECT_EQ(&a, ref.ptr()); >- log() << "| "; >- ref = c; >- EXPECT_EQ(&c, ref.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | ref(c) deref(a) | deref(c) ", takeLogStr().c_str()); >- >- { >- PoisonedRef<PoisonE, RefLogger> ref(a); >- EXPECT_EQ(&a, ref.ptr()); >- log() << "| "; >- ref = adoptRef(b); >- EXPECT_EQ(&b, ref.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | deref(a) | deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRef<PoisonF, RefLogger> ref(a); >- EXPECT_EQ(&a, ref.ptr()); >- log() << "| "; >- ref = adoptRef(c); >- EXPECT_EQ(&c, ref.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | deref(a) | deref(c) ", takeLogStr().c_str()); >-} >- >-static PoisonedRef<PoisonB, RefLogger> passWithRef(PoisonedRef<PoisonC, RefLogger>&& reference) >-{ >- return WTFMove(reference); >-} >- >-TEST(WTF_PoisonedRef, ReturnValue) >-{ >- initializePoisons(); >- >- DerivedRefLogger a("a"); >- RefLogger b("b"); >- DerivedRefLogger c("c"); >- >- { >- PoisonedRef<PoisonB, RefLogger> ref(passWithRef(PoisonedRef<PoisonC, RefLogger>(a))); >- EXPECT_EQ(&a, ref.ptr()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRef<PoisonD, RefLogger> ref(a); >- EXPECT_EQ(&a, ref.ptr()); >- log() << "| "; >- ref = passWithRef(b); >- EXPECT_EQ(&b, ref.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | ref(b) deref(a) | deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonE, RefLogger> ptr(passWithRef(a)); >- EXPECT_EQ(&a, ptr.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonF, DerivedRefLogger> ptr(&a); >- PoisonedRefPtr<PoisonA, RefLogger> ptr2(WTFMove(ptr)); >- EXPECT_EQ(nullptr, ptr.get()); >- EXPECT_EQ(&a, ptr2.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRef<PoisonB, DerivedRefLogger> derivedReference(a); >- PoisonedRef<PoisonC, RefLogger> baseReference(passWithRef(derivedReference.copyRef())); >- EXPECT_EQ(&a, derivedReference.ptr()); >- EXPECT_EQ(&a, baseReference.ptr()); >- } >- EXPECT_STREQ("ref(a) ref(a) deref(a) deref(a) ", takeLogStr().c_str()); >-} >- >-TEST(WTF_PoisonedRef, Swap) >-{ >- initializePoisons(); >- >- RefLogger a("a"); >- RefLogger b("b"); >- >- { >- PoisonedRef<PoisonD, RefLogger> p1(a); >- PoisonedRef<PoisonE, RefLogger> p2(b); >- log() << "| "; >- EXPECT_EQ(&a, p1.ptr()); >- EXPECT_EQ(&b, p2.ptr()); >- p1.swap(p2); >- EXPECT_EQ(&b, p1.ptr()); >- EXPECT_EQ(&a, p2.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | | deref(a) deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRef<PoisonF, RefLogger> p1(a); >- PoisonedRef<PoisonA, RefLogger> p2(b); >- log() << "| "; >- EXPECT_EQ(&a, p1.ptr()); >- EXPECT_EQ(&b, p2.ptr()); >- swap(p1, p2); >- EXPECT_EQ(&b, p1.ptr()); >- EXPECT_EQ(&a, p2.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | | deref(a) deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRef<PoisonF, RefLogger> p1(a); >- Ref<RefLogger> p2(b); >- log() << "| "; >- EXPECT_EQ(&a, p1.ptr()); >- EXPECT_EQ(&b, p2.ptr()); >- swap(p1, p2); >- EXPECT_EQ(&b, p1.ptr()); >- EXPECT_EQ(&a, p2.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | | deref(a) deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRef<PoisonF, RefLogger> p1(a); >- Ref<RefLogger> p2(b); >- log() << "| "; >- EXPECT_EQ(&a, p1.ptr()); >- EXPECT_EQ(&b, p2.ptr()); >- p1.swap(p2); >- EXPECT_EQ(&b, p1.ptr()); >- EXPECT_EQ(&a, p2.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | | deref(a) deref(b) ", takeLogStr().c_str()); >-} >- >-struct PoisonedRefCheckingRefLogger : RefLogger { >- using Ref = PoisonedRef<PoisonB, PoisonedRefCheckingRefLogger>; >- >- PoisonedRefCheckingRefLogger(const char* name); >- void ref(); >- void deref(); >- const Ref* slotToCheck { nullptr }; >-}; >- >-struct DerivedPoisonedRefCheckingRefLogger : PoisonedRefCheckingRefLogger { >- DerivedPoisonedRefCheckingRefLogger(const char* name); >-}; >- >-PoisonedRefCheckingRefLogger::PoisonedRefCheckingRefLogger(const char* name) >- : RefLogger { name } >-{ >-} >- >-void PoisonedRefCheckingRefLogger::ref() >-{ >- if (slotToCheck) >- log() << "slot=" << slotToCheck->get().name << " "; >- RefLogger::ref(); >-} >- >-void PoisonedRefCheckingRefLogger::deref() >-{ >- if (slotToCheck) >- log() << "slot=" << slotToCheck->get().name << " "; >- RefLogger::deref(); >-} >- >-DerivedPoisonedRefCheckingRefLogger::DerivedPoisonedRefCheckingRefLogger(const char* name) >- : PoisonedRefCheckingRefLogger { name } >-{ >-} >- >-TEST(WTF_PoisonedRef, AssignBeforeDeref) >-{ >- initializePoisons(); >- >- DerivedPoisonedRefCheckingRefLogger a("a"); >- PoisonedRefCheckingRefLogger b("b"); >- DerivedPoisonedRefCheckingRefLogger c("c"); >- >- { >- PoisonedRefCheckingRefLogger::Ref ref(a); >- EXPECT_EQ(&a, ref.ptr()); >- log() << "| "; >- a.slotToCheck = &ref; >- b.slotToCheck = &ref; >- ref = b; >- a.slotToCheck = nullptr; >- b.slotToCheck = nullptr; >- EXPECT_EQ(&b, ref.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | slot=a ref(b) slot=b deref(a) | deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefCheckingRefLogger::Ref ref(a); >- EXPECT_EQ(&a, ref.ptr()); >- log() << "| "; >- a.slotToCheck = &ref; >- c.slotToCheck = &ref; >- ref = c; >- a.slotToCheck = nullptr; >- c.slotToCheck = nullptr; >- EXPECT_EQ(&c, ref.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | slot=a ref(c) slot=c deref(a) | deref(c) ", takeLogStr().c_str()); >- >- { >- PoisonedRefCheckingRefLogger::Ref ref(a); >- EXPECT_EQ(&a, ref.ptr()); >- log() << "| "; >- a.slotToCheck = &ref; >- ref = adoptRef(b); >- a.slotToCheck = nullptr; >- EXPECT_EQ(&b, ref.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | slot=b deref(a) | deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefCheckingRefLogger::Ref ref(a); >- EXPECT_EQ(&a, ref.ptr()); >- log() << "| "; >- a.slotToCheck = &ref; >- ref = adoptRef(c); >- a.slotToCheck = nullptr; >- EXPECT_EQ(&c, ref.ptr()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | slot=c deref(a) | deref(c) ", takeLogStr().c_str()); >-} >- >-} // namespace TestWebKitAPI >Index: Tools/TestWebKitAPI/Tests/WTF/PoisonedRefPtr.cpp >=================================================================== >--- Tools/TestWebKitAPI/Tests/WTF/PoisonedRefPtr.cpp (revision 240833) >+++ Tools/TestWebKitAPI/Tests/WTF/PoisonedRefPtr.cpp (nonexistent) >@@ -1,614 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >- >-#include "RefLogger.h" >-#include <mutex> >-#include <wtf/NeverDestroyed.h> >-#include <wtf/Poisoned.h> >-#include <wtf/RefCounted.h> >-#include <wtf/RefPtr.h> >- >-namespace TestWebKitAPI { >- >-namespace { >- >-uintptr_t g_poisonA; >-uintptr_t g_poisonB; >-uintptr_t g_poisonC; >-uintptr_t g_poisonD; >-uintptr_t g_poisonE; >-uintptr_t g_poisonF; >- >-using PoisonA = Poison<g_poisonA>; >-using PoisonB = Poison<g_poisonB>; >-using PoisonC = Poison<g_poisonC>; >-using PoisonD = Poison<g_poisonD>; >-using PoisonE = Poison<g_poisonE>; >-using PoisonF = Poison<g_poisonF>; >- >-static void initializePoisons() >-{ >- static std::once_flag initializeOnceFlag; >- std::call_once(initializeOnceFlag, [] { >- g_poisonA = makePoison(); >- g_poisonB = makePoison(); >- g_poisonC = makePoison(); >- g_poisonD = makePoison(); >- g_poisonF = makePoison(); >- g_poisonF = makePoison(); >- }); >-} >- >-} // namespace anonymous >- >-TEST(WTF_PoisonedRefPtr, Basic) >-{ >- initializePoisons(); >- >- DerivedRefLogger a("a"); >- >- PoisonedRefPtr<PoisonA, RefLogger> empty; >- EXPECT_EQ(nullptr, empty.get()); >- >- { >- PoisonedRefPtr<PoisonB, RefLogger> ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >- EXPECT_EQ(&a, &*ptr); >- EXPECT_EQ(&a.name, &ptr->name); >- >-#if ENABLE(POISON) >- uintptr_t ptrBits; >- std::memcpy(&ptrBits, &ptr, sizeof(ptrBits)); >- ASSERT_TRUE(ptrBits != bitwise_cast<uintptr_t>(&a)); >- ASSERT_EQ(ptrBits, (Poisoned<PoisonB, RefLogger*>(&a).bits())); >-#if ENABLE(POISON_ASSERTS) >- ASSERT_TRUE((Poisoned<PoisonB, RefLogger*>::isPoisoned(ptrBits))); >-#endif >-#endif // ENABLE(POISON) >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonC, RefLogger> ptr = &a; >- EXPECT_EQ(&a, ptr.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonD, RefLogger> p1 = &a; >- PoisonedRefPtr<PoisonE, RefLogger> p2(p1); >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- } >- EXPECT_STREQ("ref(a) ref(a) deref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonF, RefLogger> p1 = &a; >- PoisonedRefPtr<PoisonB, RefLogger> p2 = p1; >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- } >- EXPECT_STREQ("ref(a) ref(a) deref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonC, RefLogger> p1 = &a; >- PoisonedRefPtr<PoisonD, RefLogger> p2 = WTFMove(p1); >- EXPECT_EQ(nullptr, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonE, RefLogger> p1 = &a; >- PoisonedRefPtr<PoisonF, RefLogger> p2(WTFMove(p1)); >- EXPECT_EQ(nullptr, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonB, DerivedRefLogger> p1 = &a; >- PoisonedRefPtr<PoisonC, RefLogger> p2 = p1; >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- } >- EXPECT_STREQ("ref(a) ref(a) deref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonD, DerivedRefLogger> p1 = &a; >- PoisonedRefPtr<PoisonE, RefLogger> p2 = WTFMove(p1); >- EXPECT_EQ(nullptr, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonF, RefLogger> ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >- ptr = nullptr; >- EXPECT_EQ(nullptr, ptr.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >-} >- >-TEST(WTF_PoisonedRefPtr, AssignPassRefToPoisonedRefPtr) >-{ >- initializePoisons(); >- >- DerivedRefLogger a("a"); >- { >- Ref<RefLogger> passRef(a); >- PoisonedRefPtr<PoisonB, RefLogger> ptr = WTFMove(passRef); >- EXPECT_EQ(&a, ptr.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >-} >- >-TEST(WTF_PoisonedRefPtr, Adopt) >-{ >- initializePoisons(); >- >- DerivedRefLogger a("a"); >- >- PoisonedRefPtr<PoisonC, RefLogger> empty; >- EXPECT_EQ(nullptr, empty.get()); >- >- { >- PoisonedRefPtr<PoisonD, RefLogger> ptr(adoptRef(&a)); >- EXPECT_EQ(&a, ptr.get()); >- EXPECT_EQ(&a, &*ptr); >- EXPECT_EQ(&a.name, &ptr->name); >- } >- EXPECT_STREQ("deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonE, RefLogger> ptr = adoptRef(&a); >- EXPECT_EQ(&a, ptr.get()); >- } >- EXPECT_STREQ("deref(a) ", takeLogStr().c_str()); >-} >- >-TEST(WTF_PoisonedRefPtr, Assignment) >-{ >- initializePoisons(); >- >- DerivedRefLogger a("a"); >- RefLogger b("b"); >- DerivedRefLogger c("c"); >- >- { >- PoisonedRefPtr<PoisonF, RefLogger> p1(&a); >- PoisonedRefPtr<PoisonB, RefLogger> p2(&b); >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&b, p2.get()); >- log() << "| "; >- p1 = p2; >- EXPECT_EQ(&b, p1.get()); >- EXPECT_EQ(&b, p2.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | ref(b) deref(a) | deref(b) deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonC, RefLogger> ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >- log() << "| "; >- ptr = &b; >- EXPECT_EQ(&b, ptr.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | ref(b) deref(a) | deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonD, RefLogger> ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >- log() << "| "; >- ptr = adoptRef(&b); >- EXPECT_EQ(&b, ptr.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | deref(a) | deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonE, RefLogger> ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >- ptr = nullptr; >- EXPECT_EQ(nullptr, ptr.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonB, RefLogger> p1(&a); >- PoisonedRefPtr<PoisonC, RefLogger> p2(&b); >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&b, p2.get()); >- log() << "| "; >- p1 = WTFMove(p2); >- EXPECT_EQ(&b, p1.get()); >- EXPECT_EQ(nullptr, p2.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | deref(a) | deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonD, RefLogger> p1(&a); >- PoisonedRefPtr<PoisonE, DerivedRefLogger> p2(&c); >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&c, p2.get()); >- log() << "| "; >- p1 = p2; >- EXPECT_EQ(&c, p1.get()); >- EXPECT_EQ(&c, p2.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(c) | ref(c) deref(a) | deref(c) deref(c) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonF, RefLogger> ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >- log() << "| "; >- ptr = &c; >- EXPECT_EQ(&c, ptr.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | ref(c) deref(a) | deref(c) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonB, RefLogger> ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >- log() << "| "; >- ptr = adoptRef(&c); >- EXPECT_EQ(&c, ptr.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | deref(a) | deref(c) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonC, RefLogger> p1(&a); >- PoisonedRefPtr<PoisonD, DerivedRefLogger> p2(&c); >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&c, p2.get()); >- log() << "| "; >- p1 = WTFMove(p2); >- EXPECT_EQ(&c, p1.get()); >- EXPECT_EQ(nullptr, p2.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(c) | deref(a) | deref(c) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonE, RefLogger> ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >- log() << "| "; >-#if COMPILER(CLANG) >-#pragma clang diagnostic push >-#pragma clang diagnostic ignored "-Wunknown-pragmas" >-#pragma clang diagnostic ignored "-Wunknown-warning-option" >-#pragma clang diagnostic ignored "-Wself-assign-overloaded" >-#endif >- ptr = ptr; >-#if COMPILER(CLANG) >-#pragma clang diagnostic pop >-#endif >- EXPECT_EQ(&a, ptr.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | ref(a) deref(a) | deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonF, RefLogger> ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >-#if COMPILER(CLANG) >-#pragma clang diagnostic push >-#pragma clang diagnostic ignored "-Wunknown-pragmas" >-#pragma clang diagnostic ignored "-Wself-move" >-#endif >- ptr = WTFMove(ptr); >-#if COMPILER(CLANG) >-#pragma clang diagnostic pop >-#endif >- EXPECT_EQ(&a, ptr.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >-} >- >-TEST(WTF_PoisonedRefPtr, Swap) >-{ >- initializePoisons(); >- >- RefLogger a("a"); >- RefLogger b("b"); >- >- { >- PoisonedRefPtr<PoisonB, RefLogger> p1(&a); >- PoisonedRefPtr<PoisonC, RefLogger> p2(&b); >- log() << "| "; >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&b, p2.get()); >- p1.swap(p2); >- EXPECT_EQ(&b, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | | deref(a) deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonD, RefLogger> p1(&a); >- PoisonedRefPtr<PoisonE, RefLogger> p2(&b); >- log() << "| "; >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&b, p2.get()); >- swap(p1, p2); >- EXPECT_EQ(&b, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | | deref(a) deref(b) ", takeLogStr().c_str()); >-} >- >-TEST(WTF_PoisonedRefPtr, ReleaseNonNull) >-{ >- initializePoisons(); >- >- RefLogger a("a"); >- >- { >- PoisonedRefPtr<PoisonF, RefLogger> refPtr = &a; >- PoisonedRefPtr<PoisonB, RefLogger> ref = refPtr.releaseNonNull(); >- } >- >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >-} >- >-TEST(WTF_PoisonedRefPtr, Release) >-{ >- initializePoisons(); >- >- DerivedRefLogger a("a"); >- RefLogger b("b"); >- DerivedRefLogger c("c"); >- >- { >- PoisonedRefPtr<PoisonC, RefLogger> p1 = &a; >- PoisonedRefPtr<PoisonD, RefLogger> p2 = WTFMove(p1); >- EXPECT_EQ(nullptr, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonE, RefLogger> p1 = &a; >- PoisonedRefPtr<PoisonF, RefLogger> p2(WTFMove(p1)); >- EXPECT_EQ(nullptr, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonB, DerivedRefLogger> p1 = &a; >- PoisonedRefPtr<PoisonC, RefLogger> p2 = WTFMove(p1); >- EXPECT_EQ(nullptr, p1.get()); >- EXPECT_EQ(&a, p2.get()); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonD, RefLogger> p1(&a); >- PoisonedRefPtr<PoisonE, RefLogger> p2(&b); >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&b, p2.get()); >- log() << "| "; >- p1 = WTFMove(p2); >- EXPECT_EQ(&b, p1.get()); >- EXPECT_EQ(nullptr, p2.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | deref(a) | deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtr<PoisonF, RefLogger> p1(&a); >- PoisonedRefPtr<PoisonB, DerivedRefLogger> p2(&c); >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&c, p2.get()); >- log() << "| "; >- p1 = WTFMove(p2); >- EXPECT_EQ(&c, p1.get()); >- EXPECT_EQ(nullptr, p2.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(c) | deref(a) | deref(c) ", takeLogStr().c_str()); >-} >- >-static PoisonedRefPtr<PoisonC, RefLogger> f1(RefLogger& logger) >-{ >- return PoisonedRefPtr<PoisonC, RefLogger>(&logger); >-} >- >-TEST(WTF_PoisonedRefPtr, ReturnValue) >-{ >- initializePoisons(); >- >- DerivedRefLogger a("a"); >- >- { >- f1(a); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >- >- { >- auto ptr = f1(a); >- } >- EXPECT_STREQ("ref(a) deref(a) ", takeLogStr().c_str()); >-} >- >-struct ConstRefCounted : RefCounted<ConstRefCounted> { >- static Ref<ConstRefCounted> create() { return adoptRef(*new ConstRefCounted); } >-}; >- >-static const ConstRefCounted& returnConstRefCountedRef() >-{ >- static NeverDestroyed<ConstRefCounted> instance; >- return instance.get(); >-} >-static ConstRefCounted& returnRefCountedRef() >-{ >- static NeverDestroyed<ConstRefCounted> instance; >- return instance.get(); >-} >- >-TEST(WTF_PoisonedRefPtr, Const) >-{ >- initializePoisons(); >- >- // This test passes if it compiles without an error. >- auto a = ConstRefCounted::create(); >- Ref<const ConstRefCounted> b = WTFMove(a); >- PoisonedRefPtr<PoisonD, const ConstRefCounted> c = b.ptr(); >- Ref<const ConstRefCounted> d = returnConstRefCountedRef(); >- PoisonedRefPtr<PoisonE, const ConstRefCounted> e = &returnConstRefCountedRef(); >- PoisonedRefPtr<PoisonF, ConstRefCounted> f = ConstRefCounted::create(); >- PoisonedRefPtr<PoisonB, const ConstRefCounted> g = f; >- PoisonedRefPtr<PoisonC, const ConstRefCounted> h(f); >- Ref<const ConstRefCounted> i(returnRefCountedRef()); >-} >- >-struct PoisonedRefPtrCheckingRefLogger : RefLogger { >- using Ref = PoisonedRefPtr<PoisonD, PoisonedRefPtrCheckingRefLogger>; >- >- PoisonedRefPtrCheckingRefLogger(const char* name); >- void ref(); >- void deref(); >- const Ref* slotToCheck { nullptr }; >-}; >- >-PoisonedRefPtrCheckingRefLogger::PoisonedRefPtrCheckingRefLogger(const char* name) >- : RefLogger { name } >-{ >-} >- >-static const char* loggerName(const PoisonedRefPtrCheckingRefLogger::Ref& pointer) >-{ >- return pointer ? &pointer->name : "null"; >-} >- >-void PoisonedRefPtrCheckingRefLogger::ref() >-{ >- if (slotToCheck) >- log() << "slot=" << loggerName(*slotToCheck) << " "; >- RefLogger::ref(); >-} >- >-void PoisonedRefPtrCheckingRefLogger::deref() >-{ >- if (slotToCheck) >- log() << "slot=" << loggerName(*slotToCheck) << " "; >- RefLogger::deref(); >-} >- >-TEST(WTF_PoisonedRefPtr, AssignBeforeDeref) >-{ >- initializePoisons(); >- >- PoisonedRefPtrCheckingRefLogger a("a"); >- PoisonedRefPtrCheckingRefLogger b("b"); >- >- { >- PoisonedRefPtrCheckingRefLogger::Ref p1(&a); >- PoisonedRefPtrCheckingRefLogger::Ref p2(&b); >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&b, p2.get()); >- log() << "| "; >- a.slotToCheck = &p1; >- b.slotToCheck = &p1; >- p1 = p2; >- a.slotToCheck = nullptr; >- b.slotToCheck = nullptr; >- EXPECT_EQ(&b, p1.get()); >- EXPECT_EQ(&b, p2.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | slot=a ref(b) slot=b deref(a) | deref(b) deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtrCheckingRefLogger::Ref ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >- log() << "| "; >- a.slotToCheck = &ptr; >- b.slotToCheck = &ptr; >- ptr = &b; >- a.slotToCheck = nullptr; >- b.slotToCheck = nullptr; >- EXPECT_EQ(&b, ptr.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) | slot=a ref(b) slot=b deref(a) | deref(b) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtrCheckingRefLogger::Ref ptr(&a); >- EXPECT_EQ(&a, ptr.get()); >- a.slotToCheck = &ptr; >- ptr = nullptr; >- a.slotToCheck = nullptr; >- EXPECT_EQ(nullptr, ptr.get()); >- } >- EXPECT_STREQ("ref(a) slot=null deref(a) ", takeLogStr().c_str()); >- >- { >- PoisonedRefPtrCheckingRefLogger::Ref p1(&a); >- PoisonedRefPtrCheckingRefLogger::Ref p2(&b); >- EXPECT_EQ(&a, p1.get()); >- EXPECT_EQ(&b, p2.get()); >- log() << "| "; >- a.slotToCheck = &p1; >- b.slotToCheck = &p1; >- p1 = WTFMove(p2); >- a.slotToCheck = nullptr; >- b.slotToCheck = nullptr; >- EXPECT_EQ(&b, p1.get()); >- EXPECT_EQ(nullptr, p2.get()); >- log() << "| "; >- } >- EXPECT_STREQ("ref(a) ref(b) | slot=b deref(a) | deref(b) ", takeLogStr().c_str()); >-} >- >-TEST(WTF_PoisonedRefPtr, ReleaseNonNullBeforeDeref) >-{ >- initializePoisons(); >- >- PoisonedRefPtrCheckingRefLogger a("a"); >- >- { >- PoisonedRefPtrCheckingRefLogger::Ref refPtr = &a; >- a.slotToCheck = &refPtr; >- refPtr.releaseNonNull(); >- a.slotToCheck = nullptr; >- } >- >- EXPECT_STREQ("ref(a) slot=null deref(a) ", takeLogStr().c_str()); >-} >- >-} // namespace TestWebKitAPI >Index: Tools/TestWebKitAPI/Tests/WTF/PoisonedUniquePtr.cpp >=================================================================== >--- Tools/TestWebKitAPI/Tests/WTF/PoisonedUniquePtr.cpp (revision 240833) >+++ Tools/TestWebKitAPI/Tests/WTF/PoisonedUniquePtr.cpp (nonexistent) >@@ -1,586 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >- >-#include <mutex> >-#include <wtf/PoisonedUniquePtr.h> >- >-namespace TestWebKitAPI { >- >-namespace { >- >-uintptr_t g_poisonA; >-uintptr_t g_poisonB; >- >-using PoisonA = Poison<g_poisonA>; >-using PoisonB = Poison<g_poisonB>; >- >-static void initializePoisons() >-{ >- static std::once_flag initializeOnceFlag; >- std::call_once(initializeOnceFlag, [] { >- // Make sure we get 2 different poison values. >- g_poisonA = makePoison(); >- while (!g_poisonB || g_poisonB == g_poisonA) >- g_poisonB = makePoison(); >- }); >-} >- >-struct Logger { >- Logger(const char* name, int& destructCount) >- : name(*name) >- , destructCount(destructCount) >- { } >- >- ~Logger() { ++destructCount; } >- >- const char& name; >- int& destructCount; >-}; >- >-struct DerivedLogger : Logger { >- DerivedLogger(const char* name, int& destructCount) >- : Logger(name, destructCount) >- { } >-}; >- >-struct Other { >- Other(const char*, int&) >- { } >-}; >- >-} // anonymous namespace >- >-TEST(WTF_PoisonedUniquePtr, DISABLED_Basic) >-{ >- initializePoisons(); >- >- { >- PoisonedUniquePtr<PoisonA, Logger> empty; >- ASSERT_EQ(nullptr, empty.unpoisoned()); >- ASSERT_EQ(0u, empty.bits()); >- } >- { >- PoisonedUniquePtr<PoisonA, Logger> empty(nullptr); >- ASSERT_EQ(nullptr, empty.unpoisoned()); >- ASSERT_EQ(0u, empty.bits()); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ASSERT_EQ(a, &*ptr); >- ASSERT_EQ(&a->name, &ptr->name); >- >-#if ENABLE(POISON) >- uintptr_t ptrBits; >- std::memcpy(&ptrBits, &ptr, sizeof(ptrBits)); >- ASSERT_TRUE(ptrBits != bitwise_cast<uintptr_t>(a)); >-#if ENABLE(POISON_ASSERTS) >- ASSERT_TRUE((PoisonedUniquePtr<PoisonA, Logger>::isPoisoned(ptrBits))); >-#endif >-#endif // ENABLE(POISON) >- } >- ASSERT_EQ(1, aDestructCount); >- >- int bDestructCount = 0; >- DerivedLogger* b = new DerivedLogger("b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr(b); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(b, ptr.unpoisoned()); >- ASSERT_EQ(b, &*ptr); >- ASSERT_EQ(&b->name, &ptr->name); >- } >- ASSERT_EQ(1, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr = a; >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- >- int bDestructCount = 0; >- DerivedLogger* b = new DerivedLogger("b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr = b; >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(b, ptr.unpoisoned()); >- } >- ASSERT_EQ(1, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- const char* aName = "a"; >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr = PoisonedUniquePtr<PoisonA, Logger>::create(aName, aDestructCount); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_TRUE(nullptr != ptr.unpoisoned()); >- ASSERT_EQ(aName, &ptr->name); >- } >- ASSERT_EQ(1, aDestructCount); >- >- int bDestructCount = 0; >- const char* bName = "b"; >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr = PoisonedUniquePtr<PoisonA, DerivedLogger>::create(bName, bDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_TRUE(nullptr != ptr.unpoisoned()); >- ASSERT_EQ(bName, &ptr->name); >- } >- ASSERT_EQ(1, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- const char* aName = "a"; >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr = std::make_unique<Logger>(aName, aDestructCount); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_TRUE(nullptr != ptr.unpoisoned()); >- ASSERT_EQ(aName, &ptr->name); >- } >- ASSERT_EQ(1, aDestructCount); >- >- int bDestructCount = 0; >- const char* bName = "b"; >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr = std::make_unique<DerivedLogger>(bName, bDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_TRUE(nullptr != ptr.unpoisoned()); >- ASSERT_EQ(bName, &ptr->name); >- } >- ASSERT_EQ(1, bDestructCount); >- >- int uniqueDestructCount = 0; >- const char* uniqueName = "unique"; >- { >- PoisonedUniquePtr<PoisonA, DerivedLogger> ptr = std::make_unique<DerivedLogger>(uniqueName, uniqueDestructCount); >- ASSERT_EQ(0, uniqueDestructCount); >- ASSERT_TRUE(nullptr != ptr.unpoisoned()); >- ASSERT_EQ(uniqueName, &ptr->name); >- } >- ASSERT_EQ(1, uniqueDestructCount); >- >- int uniqueDerivedDestructCount = 0; >- const char* uniqueDerivedName = "unique derived"; >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr = std::make_unique<DerivedLogger>(uniqueDerivedName, uniqueDerivedDestructCount); >- ASSERT_EQ(0, uniqueDerivedDestructCount); >- ASSERT_TRUE(nullptr != ptr.unpoisoned()); >- ASSERT_EQ(uniqueDerivedName, &ptr->name); >- } >- ASSERT_EQ(1, uniqueDerivedDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- Logger* b = new Logger("b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger> p2 = WTFMove(p1); >- ASSERT_EQ(aDestructCount, 0); >- ASSERT_EQ(nullptr, p1.unpoisoned()); >- ASSERT_EQ(0u, p1.bits()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger> p4 = WTFMove(p3); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(nullptr, p3.unpoisoned()); >- ASSERT_EQ(0u, p3.bits()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(1, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- Logger* b = new Logger("b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger> p2(WTFMove(p1)); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(nullptr, p1.unpoisoned()); >- ASSERT_EQ(0u, p1.bits()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger> p4(WTFMove(p3)); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(nullptr, p3.unpoisoned()); >- ASSERT_EQ(0u, p3.bits()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(1, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- DerivedLogger* a = new DerivedLogger("a", aDestructCount); >- DerivedLogger* b = new DerivedLogger("b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger> p2 = WTFMove(p1); >- ASSERT_EQ(aDestructCount, 0); >- ASSERT_TRUE(!p1.unpoisoned()); >- ASSERT_TRUE(!p1.bits()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger> p4 = WTFMove(p3); >- ASSERT_EQ(bDestructCount, 0); >- ASSERT_TRUE(!p3.unpoisoned()); >- ASSERT_TRUE(!p3.bits()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(1, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- DerivedLogger* a = new DerivedLogger("a", aDestructCount); >- DerivedLogger* b = new DerivedLogger("b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger> p2(WTFMove(p1)); >- ASSERT_EQ(aDestructCount, 0); >- ASSERT_TRUE(!p1.unpoisoned()); >- ASSERT_TRUE(!p1.bits()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger> p4(WTFMove(p3)); >- ASSERT_EQ(bDestructCount, 0); >- ASSERT_TRUE(!p3.unpoisoned()); >- ASSERT_TRUE(!p3.bits()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(1, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr(a); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr.clear(); >- ASSERT_TRUE(!ptr.unpoisoned()); >- ASSERT_TRUE(!ptr.bits()); >- ASSERT_EQ(1, aDestructCount); >- } >- ASSERT_EQ(1, aDestructCount); >- } >-} >- >-TEST(WTF_PoisonedUniquePtr, DISABLED_Assignment) >-{ >- initializePoisons(); >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- Logger* b = new Logger("b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr = b; >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(b, ptr.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(1, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr = nullptr; >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(nullptr, ptr.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- int cDestructCount = 0; >- int dDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- Logger* b = new Logger("b", bDestructCount); >- Logger* c = new Logger("c", cDestructCount); >- Logger* d = new Logger("d", dDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> p1(a); >- PoisonedUniquePtr<PoisonA, Logger> p2(b); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(a, p1.unpoisoned()); >- ASSERT_EQ(b, p2.unpoisoned()); >- p1 = WTFMove(p2); >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(b, p1.unpoisoned()); >- ASSERT_EQ(nullptr, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger> p3(c); >- PoisonedUniquePtr<PoisonB, Logger> p4(d); >- ASSERT_EQ(0, cDestructCount); >- ASSERT_EQ(0, dDestructCount); >- ASSERT_EQ(c, p3.unpoisoned()); >- ASSERT_EQ(d, p4.unpoisoned()); >- p3 = WTFMove(p4); >- ASSERT_EQ(1, cDestructCount); >- ASSERT_EQ(0, dDestructCount); >- ASSERT_EQ(d, p3.unpoisoned()); >- ASSERT_EQ(nullptr, p4.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(1, bDestructCount); >- ASSERT_EQ(1, cDestructCount); >- ASSERT_EQ(1, dDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- DerivedLogger* a = new DerivedLogger("a", aDestructCount); >- DerivedLogger* b = new DerivedLogger("b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr = b; >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(b, ptr.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(1, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- int cDestructCount = 0; >- int dDestructCount = 0; >- DerivedLogger* a = new DerivedLogger("a", aDestructCount); >- DerivedLogger* b = new DerivedLogger("b", bDestructCount); >- DerivedLogger* c = new DerivedLogger("c", cDestructCount); >- DerivedLogger* d = new DerivedLogger("d", dDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> p1(a); >- PoisonedUniquePtr<PoisonA, DerivedLogger> p2(b); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(a, p1.unpoisoned()); >- ASSERT_EQ(b, p2.unpoisoned()); >- p1 = WTFMove(p2); >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(b, p1.unpoisoned()); >- ASSERT_EQ(nullptr, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger> p3(c); >- PoisonedUniquePtr<PoisonB, DerivedLogger> p4(d); >- ASSERT_EQ(0, cDestructCount); >- ASSERT_EQ(0, dDestructCount); >- ASSERT_EQ(c, p3.unpoisoned()); >- ASSERT_EQ(d, p4.unpoisoned()); >- p3 = WTFMove(p4); >- ASSERT_EQ(1, cDestructCount); >- ASSERT_EQ(0, dDestructCount); >- ASSERT_EQ(d, p3.unpoisoned()); >- ASSERT_EQ(nullptr, p4.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(1, bDestructCount); >- ASSERT_EQ(1, cDestructCount); >- ASSERT_EQ(1, dDestructCount); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr = a; >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >-#if COMPILER(CLANG) >-#pragma clang diagnostic push >-#pragma clang diagnostic ignored "-Wunknown-pragmas" >-#pragma clang diagnostic ignored "-Wself-move" >-#endif >- ptr = WTFMove(ptr); >-#if COMPILER(CLANG) >-#pragma clang diagnostic pop >-#endif >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- } >-} >- >-TEST(WTF_PoisonedUniquePtr, DISABLED_Swap) >-{ >- initializePoisons(); >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- Logger* b = new Logger("b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger> p2; >- ASSERT_EQ(a, p1.unpoisoned()); >- ASSERT_TRUE(!p2.bits()); >- ASSERT_TRUE(!p2.unpoisoned()); >- p2.swap(p1); >- ASSERT_EQ(aDestructCount, 0); >- ASSERT_TRUE(!p1.bits()); >- ASSERT_TRUE(!p1.unpoisoned()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger> p4; >- ASSERT_EQ(b, p3.unpoisoned()); >- ASSERT_TRUE(!p4.bits()); >- ASSERT_TRUE(!p4.unpoisoned()); >- p4.swap(p3); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_TRUE(!p3.bits()); >- ASSERT_TRUE(!p3.unpoisoned()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(1, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- Logger* b = new Logger("b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger> p2; >- ASSERT_EQ(a, p1.unpoisoned()); >- ASSERT_TRUE(!p2.bits()); >- ASSERT_TRUE(!p2.unpoisoned()); >- swap(p1, p2); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_TRUE(!p1.bits()); >- ASSERT_TRUE(!p1.unpoisoned()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger> p4; >- ASSERT_EQ(b, p3.unpoisoned()); >- ASSERT_TRUE(!p4.bits()); >- ASSERT_TRUE(!p4.unpoisoned()); >- swap(p3, p4); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_TRUE(!p3.bits()); >- ASSERT_TRUE(!p3.unpoisoned()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(1, aDestructCount); >- ASSERT_EQ(1, bDestructCount); >- } >-} >- >-static PoisonedUniquePtr<PoisonA, Logger> poisonedPtrFoo(Logger* logger) >-{ >- return PoisonedUniquePtr<PoisonA, Logger>(logger); >-} >- >-TEST(WTF_PoisonedUniquePtr, DISABLED_ReturnValue) >-{ >- initializePoisons(); >- >- { >- int aDestructCount = 0; >- Logger* a = new Logger("a", aDestructCount); >- { >- auto ptr = poisonedPtrFoo(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ASSERT_EQ(a, &*ptr); >- ASSERT_EQ(&a->name, &ptr->name); >- } >- ASSERT_EQ(1, aDestructCount); >- } >-} >- >-} // namespace TestWebKitAPI >- >Index: Tools/TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp >=================================================================== >--- Tools/TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp (revision 240833) >+++ Tools/TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForNonTriviallyDestructibleArrays.cpp (nonexistent) >@@ -1,456 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >- >-#include <mutex> >-#include <wtf/PoisonedUniquePtr.h> >- >-namespace TestWebKitAPI { >- >-namespace { >- >-uintptr_t g_poisonA; >-uintptr_t g_poisonB; >- >-using PoisonA = Poison<g_poisonA>; >-using PoisonB = Poison<g_poisonB>; >- >-static void initializePoisons() >-{ >- static std::once_flag initializeOnceFlag; >- std::call_once(initializeOnceFlag, [] { >- // Make sure we get 2 different poison values. >- g_poisonA = makePoison(); >- while (!g_poisonB || g_poisonB == g_poisonA) >- g_poisonB = makePoison(); >- }); >-} >- >-struct Logger { >- Logger() { } >- Logger(const char* name, int& destructCount) >- : name(name) >- , destructCount(&destructCount) >- { } >- >- ~Logger() { ++(*destructCount); } >- >- const char* name; >- int* destructCount; >-}; >- >-template<typename T, typename... Arguments> >-T* makeArray(size_t count, Arguments&&... arguments) >-{ >- T* result = new T[count]; >- while (count--) >- new (result + count) T(std::forward<Arguments>(arguments)...); >- return result; >-} >- >-const int arraySize = 5; >- >-} // anonymous namespace >- >-TEST(WTF_PoisonedUniquePtrForNonTriviallyDestructibleArrays, DISABLED_Basic) >-{ >- initializePoisons(); >- >- { >- PoisonedUniquePtr<PoisonA, Logger[]> empty; >- ASSERT_EQ(nullptr, empty.unpoisoned()); >- ASSERT_EQ(0u, empty.bits()); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ASSERT_EQ(a, &*ptr); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(a[i].name, ptr[i].name); >- >-#if ENABLE(POISON) >- uintptr_t ptrBits; >- std::memcpy(&ptrBits, &ptr, sizeof(ptrBits)); >- ASSERT_TRUE(ptrBits != bitwise_cast<uintptr_t>(a)); >-#if ENABLE(POISON_ASSERTS) >- ASSERT_TRUE((PoisonedUniquePtr<PoisonA, Logger[]>::isPoisoned(ptrBits))); >-#endif >-#endif // ENABLE(POISON) >- } >- ASSERT_EQ(arraySize, aDestructCount); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> ptr = a; >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(a[i].name, ptr[i].name); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- } >- >- { >- int aDestructCount = 0; >- const char* aName = "a"; >- { >- PoisonedUniquePtr<PoisonA, Logger[]> ptr = PoisonedUniquePtr<PoisonA, Logger[]>::create(arraySize, aName, aDestructCount); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_TRUE(nullptr != ptr.unpoisoned()); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(aName, ptr[i].name); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- Logger* b = makeArray<Logger>(arraySize, "b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger[]> p2 = WTFMove(p1); >- ASSERT_EQ(aDestructCount, 0); >- ASSERT_EQ(nullptr, p1.unpoisoned()); >- ASSERT_EQ(0u, p1.bits()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger[]> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger[]> p4 = WTFMove(p3); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(nullptr, p3.unpoisoned()); >- ASSERT_EQ(0u, p3.bits()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(arraySize, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- Logger* b = makeArray<Logger>(arraySize, "b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger[]> p2(WTFMove(p1)); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(nullptr, p1.unpoisoned()); >- ASSERT_EQ(0u, p1.bits()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger[]> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger[]> p4(WTFMove(p3)); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(nullptr, p3.unpoisoned()); >- ASSERT_EQ(0u, p3.bits()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(arraySize, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- Logger* b = makeArray<Logger>(arraySize, "b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger[]> p2 = WTFMove(p1); >- ASSERT_EQ(aDestructCount, 0); >- ASSERT_TRUE(!p1.unpoisoned()); >- ASSERT_TRUE(!p1.bits()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger[]> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger[]> p4 = WTFMove(p3); >- ASSERT_EQ(bDestructCount, 0); >- ASSERT_TRUE(!p3.unpoisoned()); >- ASSERT_TRUE(!p3.bits()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(arraySize, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- Logger* b = makeArray<Logger>(arraySize, "b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger[]> p2(WTFMove(p1)); >- ASSERT_EQ(aDestructCount, 0); >- ASSERT_TRUE(!p1.unpoisoned()); >- ASSERT_TRUE(!p1.bits()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger[]> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger[]> p4(WTFMove(p3)); >- ASSERT_EQ(bDestructCount, 0); >- ASSERT_TRUE(!p3.unpoisoned()); >- ASSERT_TRUE(!p3.bits()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(arraySize, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> ptr(a); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr.clear(); >- ASSERT_TRUE(!ptr.unpoisoned()); >- ASSERT_TRUE(!ptr.bits()); >- ASSERT_EQ(arraySize, aDestructCount); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- } >-} >- >-TEST(WTF_PoisonedUniquePtrForNonTriviallyDestructibleArrays, DISABLED_Assignment) >-{ >- initializePoisons(); >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- Logger* b = makeArray<Logger>(arraySize, "b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr = b; >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(b, ptr.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(arraySize, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr = nullptr; >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(nullptr, ptr.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- int cDestructCount = 0; >- int dDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- Logger* b = makeArray<Logger>(arraySize, "b", bDestructCount); >- Logger* c = makeArray<Logger>(arraySize, "c", cDestructCount); >- Logger* d = makeArray<Logger>(arraySize, "d", dDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> p1(a); >- PoisonedUniquePtr<PoisonA, Logger[]> p2(b); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(a, p1.unpoisoned()); >- ASSERT_EQ(b, p2.unpoisoned()); >- p1 = WTFMove(p2); >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_EQ(b, p1.unpoisoned()); >- ASSERT_EQ(nullptr, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger[]> p3(c); >- PoisonedUniquePtr<PoisonB, Logger[]> p4(d); >- ASSERT_EQ(0, cDestructCount); >- ASSERT_EQ(0, dDestructCount); >- ASSERT_EQ(c, p3.unpoisoned()); >- ASSERT_EQ(d, p4.unpoisoned()); >- p3 = WTFMove(p4); >- ASSERT_EQ(arraySize, cDestructCount); >- ASSERT_EQ(0, dDestructCount); >- ASSERT_EQ(d, p3.unpoisoned()); >- ASSERT_EQ(nullptr, p4.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(arraySize, bDestructCount); >- ASSERT_EQ(arraySize, cDestructCount); >- ASSERT_EQ(arraySize, dDestructCount); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr = a; >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- } >- >- { >- int aDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> ptr(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >-#if COMPILER(CLANG) >-#pragma clang diagnostic push >-#pragma clang diagnostic ignored "-Wunknown-pragmas" >-#pragma clang diagnostic ignored "-Wself-move" >-#endif >- ptr = WTFMove(ptr); >-#if COMPILER(CLANG) >-#pragma clang diagnostic pop >-#endif >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- } >-} >- >-TEST(WTF_PoisonedUniquePtrForNonTriviallyDestructibleArrays, DISABLED_Swap) >-{ >- initializePoisons(); >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- Logger* b = makeArray<Logger>(arraySize, "b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger[]> p2; >- ASSERT_EQ(a, p1.unpoisoned()); >- ASSERT_TRUE(!p2.bits()); >- ASSERT_TRUE(!p2.unpoisoned()); >- p2.swap(p1); >- ASSERT_EQ(aDestructCount, 0); >- ASSERT_TRUE(!p1.bits()); >- ASSERT_TRUE(!p1.unpoisoned()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger[]> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger[]> p4; >- ASSERT_EQ(b, p3.unpoisoned()); >- ASSERT_TRUE(!p4.bits()); >- ASSERT_TRUE(!p4.unpoisoned()); >- p4.swap(p3); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_TRUE(!p3.bits()); >- ASSERT_TRUE(!p3.unpoisoned()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(arraySize, bDestructCount); >- } >- >- { >- int aDestructCount = 0; >- int bDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- Logger* b = makeArray<Logger>(arraySize, "b", bDestructCount); >- { >- PoisonedUniquePtr<PoisonA, Logger[]> p1 = a; >- PoisonedUniquePtr<PoisonA, Logger[]> p2; >- ASSERT_EQ(a, p1.unpoisoned()); >- ASSERT_TRUE(!p2.bits()); >- ASSERT_TRUE(!p2.unpoisoned()); >- swap(p1, p2); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_TRUE(!p1.bits()); >- ASSERT_TRUE(!p1.unpoisoned()); >- ASSERT_EQ(a, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, Logger[]> p3 = b; >- PoisonedUniquePtr<PoisonB, Logger[]> p4; >- ASSERT_EQ(b, p3.unpoisoned()); >- ASSERT_TRUE(!p4.bits()); >- ASSERT_TRUE(!p4.unpoisoned()); >- swap(p3, p4); >- ASSERT_EQ(0, bDestructCount); >- ASSERT_TRUE(!p3.bits()); >- ASSERT_TRUE(!p3.unpoisoned()); >- ASSERT_EQ(b, p4.unpoisoned()); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- ASSERT_EQ(arraySize, bDestructCount); >- } >-} >- >-static PoisonedUniquePtr<PoisonA, Logger[]> poisonedPtrFoo(Logger* array) >-{ >- return PoisonedUniquePtr<PoisonA, Logger[]>(array); >-} >- >-TEST(WTF_PoisonedUniquePtrForNonTriviallyDestructibleArrays, DISABLED_ReturnValue) >-{ >- initializePoisons(); >- >- { >- int aDestructCount = 0; >- Logger* a = makeArray<Logger>(arraySize, "a", aDestructCount); >- { >- auto ptr = poisonedPtrFoo(a); >- ASSERT_EQ(0, aDestructCount); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ASSERT_EQ(a, &*ptr); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(a[i].name, ptr[i].name); >- } >- ASSERT_EQ(arraySize, aDestructCount); >- } >-} >- >-} // namespace TestWebKitAPI >- >Index: Tools/TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForTriviallyDestructibleArrays.cpp >=================================================================== >--- Tools/TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForTriviallyDestructibleArrays.cpp (revision 240833) >+++ Tools/TestWebKitAPI/Tests/WTF/PoisonedUniquePtrForTriviallyDestructibleArrays.cpp (nonexistent) >@@ -1,340 +0,0 @@ >-/* >- * Copyright (C) 2017-2018 Apple Inc. All rights reserved. >- * >- * Redistribution and use in source and binary forms, with or without >- * modification, are permitted provided that the following conditions >- * are met: >- * 1. Redistributions of source code must retain the above copyright >- * notice, this list of conditions and the following disclaimer. >- * 2. Redistributions in binary form must reproduce the above copyright >- * notice, this list of conditions and the following disclaimer in the >- * documentation and/or other materials provided with the distribution. >- * >- * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >- * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >- * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >- * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >- */ >- >-#include "config.h" >- >-#include <mutex> >-#include <wtf/FastMalloc.h> >-#include <wtf/PoisonedUniquePtr.h> >- >-namespace TestWebKitAPI { >- >-namespace { >- >-uintptr_t g_poisonA; >-uintptr_t g_poisonB; >- >-using PoisonA = Poison<g_poisonA>; >-using PoisonB = Poison<g_poisonB>; >- >-static void initializePoisons() >-{ >- static std::once_flag initializeOnceFlag; >- std::call_once(initializeOnceFlag, [] { >- // Make sure we get 2 different poison values. >- g_poisonA = makePoison(); >- while (!g_poisonB || g_poisonB == g_poisonA) >- g_poisonB = makePoison(); >- }); >-} >- >-template<typename T> >-static void fillArray(T& array, int size) >-{ >- for (int i = 0; i < size; ++i) >- array[i] = i + 100; >-} >- >-static const int arraySize = 5; >- >-} // anonymous namespace >- >-TEST(WTF_PoisonedUniquePtrForTriviallyDestructibleArrays, DISABLED_Basic) >-{ >- initializePoisons(); >- >- { >- PoisonedUniquePtr<PoisonA, int[]> empty; >- ASSERT_EQ(nullptr, empty.unpoisoned()); >- ASSERT_EQ(0u, empty.bits()); >- } >- { >- PoisonedUniquePtr<PoisonA, int[]> empty(nullptr); >- ASSERT_EQ(nullptr, empty.unpoisoned()); >- ASSERT_EQ(0u, empty.bits()); >- } >- >- { >- auto* a = new int[arraySize]; >- fillArray(a, arraySize); >- { >- PoisonedUniquePtr<PoisonA, int[]> ptr(a); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ASSERT_EQ(a, &*ptr); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(a[i], ptr[i]); >- >-#if ENABLE(POISON) >- uintptr_t ptrBits; >- std::memcpy(&ptrBits, &ptr, sizeof(ptrBits)); >- ASSERT_TRUE(ptrBits != bitwise_cast<uintptr_t>(a)); >-#if ENABLE(POISON_ASSERTS) >- ASSERT_TRUE((PoisonedUniquePtr<PoisonA, int[]>::isPoisoned(ptrBits))); >-#endif >-#endif // ENABLE(POISON) >- } >- } >- >- { >- auto* a = new int[arraySize]; >- fillArray(a, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> ptr = a; >- ASSERT_EQ(a, ptr.unpoisoned()); >- ASSERT_EQ(a, &*ptr); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(a[i], ptr[i]); >- } >- >- { >- PoisonedUniquePtr<PoisonA, int[]> ptr = PoisonedUniquePtr<PoisonA, int[]>::create(arraySize); >- ASSERT_TRUE(nullptr != ptr.unpoisoned()); >- fillArray(ptr, arraySize); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ((100 + i), ptr[i]); >- } >- >- { >- auto* a = new int[arraySize]; >- fillArray(a, arraySize); >- auto* b = new int[arraySize]; >- fillArray(b, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> p1 = a; >- PoisonedUniquePtr<PoisonA, int[]> p2 = WTFMove(p1); >- ASSERT_EQ(nullptr, p1.unpoisoned()); >- ASSERT_EQ(0u, p1.bits()); >- ASSERT_EQ(a, p2.unpoisoned()); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(a[i], p2[i]); >- >- PoisonedUniquePtr<PoisonA, int[]> p3 = b; >- PoisonedUniquePtr<PoisonB, int[]> p4 = WTFMove(p3); >- ASSERT_EQ(nullptr, p3.unpoisoned()); >- ASSERT_EQ(0u, p3.bits()); >- ASSERT_EQ(b, p4.unpoisoned()); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(b[i], p4[i]); >- } >- >- { >- auto* a = new int[arraySize]; >- fillArray(a, arraySize); >- auto* b = new int[arraySize]; >- fillArray(b, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> p1 = a; >- PoisonedUniquePtr<PoisonA, int[]> p2(WTFMove(p1)); >- ASSERT_EQ(nullptr, p1.unpoisoned()); >- ASSERT_EQ(0u, p1.bits()); >- ASSERT_EQ(a, p2.unpoisoned()); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(a[i], p2[i]); >- >- PoisonedUniquePtr<PoisonA, int[]> p3 = b; >- PoisonedUniquePtr<PoisonB, int[]> p4(WTFMove(p3)); >- ASSERT_EQ(nullptr, p3.unpoisoned()); >- ASSERT_EQ(0u, p3.bits()); >- ASSERT_EQ(b, p4.unpoisoned()); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(b[i], p4[i]); >- } >- >- { >- auto* a = new int[arraySize]; >- fillArray(a, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> ptr(a); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr.clear(); >- ASSERT_TRUE(!ptr.unpoisoned()); >- ASSERT_TRUE(!ptr.bits()); >- } >-} >- >-TEST(WTF_PoisonedUniquePtrForTriviallyDestructibleArrays, DISABLED_Assignment) >-{ >- initializePoisons(); >- >- { >- auto* a = new int[arraySize]; >- auto* b = new int[arraySize]; >- fillArray(a, arraySize); >- fillArray(b, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> ptr(a); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr = b; >- ASSERT_EQ(b, ptr.unpoisoned()); >- } >- >- { >- auto* a = new int[arraySize]; >- fillArray(a, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> ptr(a); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr = nullptr; >- ASSERT_EQ(nullptr, ptr.unpoisoned()); >- } >- >- { >- auto* a = new int[arraySize]; >- auto* b = new int[arraySize]; >- auto* c = new int[arraySize]; >- auto* d = new int[arraySize]; >- fillArray(a, arraySize); >- fillArray(b, arraySize); >- fillArray(c, arraySize); >- fillArray(d, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> p1(a); >- PoisonedUniquePtr<PoisonA, int[]> p2(b); >- ASSERT_EQ(a, p1.unpoisoned()); >- ASSERT_EQ(b, p2.unpoisoned()); >- p1 = WTFMove(p2); >- ASSERT_EQ(b, p1.unpoisoned()); >- ASSERT_EQ(nullptr, p2.unpoisoned()); >- >- PoisonedUniquePtr<PoisonA, int[]> p3(c); >- PoisonedUniquePtr<PoisonB, int[]> p4(d); >- ASSERT_EQ(c, p3.unpoisoned()); >- ASSERT_EQ(d, p4.unpoisoned()); >- p3 = WTFMove(p4); >- ASSERT_EQ(d, p3.unpoisoned()); >- ASSERT_EQ(nullptr, p4.unpoisoned()); >- } >- >- { >- auto* a = new int[arraySize]; >- fillArray(a, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> ptr(a); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ptr = a; >- ASSERT_EQ(a, ptr.unpoisoned()); >- } >- >- { >- auto* a = new int[arraySize]; >- fillArray(a, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> ptr(a); >- ASSERT_EQ(a, ptr.unpoisoned()); >-#if COMPILER(CLANG) >-#pragma clang diagnostic push >-#pragma clang diagnostic ignored "-Wunknown-pragmas" >-#pragma clang diagnostic ignored "-Wself-move" >-#endif >- ptr = WTFMove(ptr); >-#if COMPILER(CLANG) >-#pragma clang diagnostic pop >-#endif >- ASSERT_EQ(a, ptr.unpoisoned()); >- } >-} >- >-TEST(WTF_PoisonedUniquePtrForTriviallyDestructibleArrays, DISABLED_Swap) >-{ >- initializePoisons(); >- >- { >- auto* a = new int[arraySize]; >- auto* b = new int[arraySize]; >- fillArray(a, arraySize); >- fillArray(b, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> p1 = a; >- PoisonedUniquePtr<PoisonA, int[]> p2; >- ASSERT_EQ(p1.unpoisoned(), a); >- ASSERT_TRUE(!p2.bits()); >- ASSERT_TRUE(!p2.unpoisoned()); >- p2.swap(p1); >- ASSERT_TRUE(!p1.bits()); >- ASSERT_TRUE(!p1.unpoisoned()); >- ASSERT_EQ(p2.unpoisoned(), a); >- >- PoisonedUniquePtr<PoisonA, int[]> p3 = b; >- PoisonedUniquePtr<PoisonB, int[]> p4; >- ASSERT_EQ(p3.unpoisoned(), b); >- ASSERT_TRUE(!p4.bits()); >- ASSERT_TRUE(!p4.unpoisoned()); >- p4.swap(p3); >- ASSERT_TRUE(!p3.bits()); >- ASSERT_TRUE(!p3.unpoisoned()); >- ASSERT_EQ(p4.unpoisoned(), b); >- } >- >- { >- auto* a = new int[arraySize]; >- auto* b = new int[arraySize]; >- fillArray(a, arraySize); >- fillArray(b, arraySize); >- >- PoisonedUniquePtr<PoisonA, int[]> p1 = a; >- PoisonedUniquePtr<PoisonA, int[]> p2; >- ASSERT_EQ(p1.unpoisoned(), a); >- ASSERT_TRUE(!p2.bits()); >- ASSERT_TRUE(!p2.unpoisoned()); >- swap(p1, p2); >- ASSERT_TRUE(!p1.bits()); >- ASSERT_TRUE(!p1.unpoisoned()); >- ASSERT_EQ(p2.unpoisoned(), a); >- >- PoisonedUniquePtr<PoisonA, int[]> p3 = b; >- PoisonedUniquePtr<PoisonB, int[]> p4; >- ASSERT_EQ(p3.unpoisoned(), b); >- ASSERT_TRUE(!p4.bits()); >- ASSERT_TRUE(!p4.unpoisoned()); >- swap(p3, p4); >- ASSERT_TRUE(!p3.bits()); >- ASSERT_TRUE(!p3.unpoisoned()); >- ASSERT_EQ(p4.unpoisoned(), b); >- } >-} >- >-static PoisonedUniquePtr<PoisonA, int[]> poisonedPtrFoo(int* ptr) >-{ >- return PoisonedUniquePtr<PoisonA, int[]>(ptr); >-} >- >-TEST(WTF_PoisonedUniquePtrForTriviallyDestructibleArrays, DISABLED_ReturnValue) >-{ >- initializePoisons(); >- >- { >- auto* a = new int[arraySize]; >- fillArray(a, arraySize); >- >- auto ptr = poisonedPtrFoo(a); >- ASSERT_EQ(a, ptr.unpoisoned()); >- ASSERT_EQ(a, &*ptr); >- for (auto i = 0; i < arraySize; ++i) >- ASSERT_EQ(a[i], ptr[i]); >- } >-} >- >-} // namespace TestWebKitAPI >-
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=360828">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194138
:
360825
|
360828
|
360829
|
360831
|
360836
|
360837
|
360839
|
360844
|
363072
|
363073