The PACCage changes which landed in r247101 don't properly handle the case where Giga Cage is not enabled, either at compile time or runtime, and we have data pointer signing. A little restructuring is needed to make it right.
<rdar://problem/54571261>
Created attachment 377383 [details] Patch
Comment on attachment 377383 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=377383&action=review r=me > Source/JavaScriptCore/ChangeLog:3 > + Update PACCage changes for builds without Giga Cage, but with signed pointers "Giga Cage" => "Gigacage" > Source/JavaScriptCore/ChangeLog:8 > + Factored out the untaging of pointers and added that to both the Giga Cage enabled "Giga Cage" => "Gigacage" "untaging" -> "untagging"
(In reply to Saam Barati from comment #3) > Comment on attachment 377383 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=377383&action=review > > r=me > > > Source/JavaScriptCore/ChangeLog:3 > > + Update PACCage changes for builds without Giga Cage, but with signed pointers > > "Giga Cage" => "Gigacage" > > > Source/JavaScriptCore/ChangeLog:8 > > + Factored out the untaging of pointers and added that to both the Giga Cage enabled > > "Giga Cage" => "Gigacage" > "untaging" -> "untagging" I made these changes locally.
Committed r249184: <https://trac.webkit.org/changeset/249184>