Title: [135757] trunk/Source/_javascript_Core
- Revision
- 135757
- Author
- [email protected]
- Date
- 2012-11-26 13:20:37 -0800 (Mon, 26 Nov 2012)
Log Message
Don't blind all the things.
https://bugs.webkit.org/show_bug.cgi?id=102572
Reviewed by Gavin Barraclough.
No longer blind all the constants in the instruction stream. We use a
simple non-deterministic filter to avoid blinding everything. Also modified
the basic integer blinding logic to avoid blinding small negative values.
* assembler/MacroAssembler.h:
(MacroAssembler):
(JSC::MacroAssembler::shouldConsiderBlinding):
(JSC::MacroAssembler::shouldBlind):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (135756 => 135757)
--- trunk/Source/_javascript_Core/ChangeLog 2012-11-26 21:00:07 UTC (rev 135756)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-11-26 21:20:37 UTC (rev 135757)
@@ -1,3 +1,19 @@
+2012-11-26 Oliver Hunt <[email protected]>
+
+ Don't blind all the things.
+ https://bugs.webkit.org/show_bug.cgi?id=102572
+
+ Reviewed by Gavin Barraclough.
+
+ No longer blind all the constants in the instruction stream. We use a
+ simple non-deterministic filter to avoid blinding everything. Also modified
+ the basic integer blinding logic to avoid blinding small negative values.
+
+ * assembler/MacroAssembler.h:
+ (MacroAssembler):
+ (JSC::MacroAssembler::shouldConsiderBlinding):
+ (JSC::MacroAssembler::shouldBlind):
+
2012-11-26 Mark Hahnenberg <[email protected]>
JSObject::copyButterfly doesn't handle undecided indexing types correctly
Modified: trunk/Source/_javascript_Core/assembler/MacroAssembler.h (135756 => 135757)
--- trunk/Source/_javascript_Core/assembler/MacroAssembler.h 2012-11-26 21:00:07 UTC (rev 135756)
+++ trunk/Source/_javascript_Core/assembler/MacroAssembler.h 2012-11-26 21:20:37 UTC (rev 135757)
@@ -839,26 +839,30 @@
using MacroAssemblerBase::and64;
using MacroAssemblerBase::convertInt32ToDouble;
using MacroAssemblerBase::store64;
-
+ static const unsigned BlindingModulus = 64;
+ bool shouldConsiderBlinding()
+ {
+ return !(random() & (BlindingModulus - 1));
+ }
bool shouldBlindDouble(double value)
{
// Don't trust NaN or +/-Infinity
if (!isfinite(value))
- return true;
+ return shouldConsiderBlinding();
// Try to force normalisation, and check that there's no change
// in the bit pattern
if (bitwise_cast<uint64_t>(value * 1.0) != bitwise_cast<uint64_t>(value))
- return true;
+ return shouldConsiderBlinding();
value = abs(value);
// Only allow a limited set of fractional components
double scaledValue = value * 8;
if (scaledValue / 8 != value)
- return true;
+ return shouldConsiderBlinding();
double frac = scaledValue - floor(scaledValue);
if (frac != 0.0)
- return true;
+ return shouldConsiderBlinding();
return value > 0xff;
}
@@ -887,8 +891,14 @@
default: {
if (value <= 0xff)
return false;
+ if (~value <= 0xff)
+ return false;
}
}
+
+ if (!shouldConsiderBlinding())
+ return false;
+
return shouldBlindForSpecificArch(value);
}
@@ -940,6 +950,9 @@
default: {
if (value <= 0xff)
return false;
+ if (~value <= 0xff)
+ return false;
+
JSValue jsValue = JSValue::decode(value);
if (jsValue.isInt32())
return shouldBlind(Imm32(jsValue.asInt32()));
@@ -950,6 +963,10 @@
return false;
}
}
+
+ if (!shouldConsiderBlinding())
+ return false;
+
return shouldBlindForSpecificArch(value);
}
@@ -1068,7 +1085,13 @@
default:
if (value <= 0xff)
return false;
+ if (~value <= 0xff)
+ return false;
}
+
+ if (!shouldConsiderBlinding())
+ return false;
+
return shouldBlindForSpecificArch(value);
#endif
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes
