Bug 195476

Summary: Randomize the LocalAllocator free list.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED WONTFIX    
Severity: Normal CC: fpizlo, keith_miller, msaboff, rmorisset, saam, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch.
none
proposed patch. none

Mark Lam
Reported 2019-03-08 12:42:45 PST
<rdar://problem/48722162>
Attachments
proposed patch. (3.60 KB, patch)
2019-03-08 12:48 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
proposed patch. (3.71 KB, patch)
2019-03-08 13:28 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2019-03-08 12:48:22 PST
Created attachment 364052 [details] proposed patch.
Mark Lam
Comment 2 2019-03-08 12:55:07 PST
Comment on attachment 364052 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=364052&action=review > Source/JavaScriptCore/heap/MarkedBlockInlines.h:308 > // This produces a free list that is ordered in reverse through the block. > // This is fine, since the allocation code makes no assumptions about the > // order of the free list. I should also fix this comment.
Mark Lam
Comment 3 2019-03-08 13:28:18 PST
Created attachment 364054 [details] proposed patch.
Filip Pizlo
Comment 4 2019-03-08 13:29:10 PST
Since this does not randomize bump pointer, I'm not sure there is much protection here.
Mark Lam
Comment 5 2019-03-08 14:34:35 PST
Comment on attachment 364054 [details] proposed patch. Taking this out of review while I do some A/B testing.
Mark Lam
Comment 6 2024-12-06 11:36:14 PST
We decided we're not going to do this. It is of questionable value.
Note You need to log in before you can comment on or make changes to this bug.