Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e698dda8251bff93d56d3df5601040aacbc36155
https://github.com/WebKit/WebKit/commit/e698dda8251bff93d56d3df5601040aacbc36155
Author: Marcus Plutowski <[email protected]>
Date: 2025-12-05 (Fri, 05 Dec 2025)
Changed paths:
M Source/bmalloc/libpas/src/libpas/pas_mte.h
Log Message:
-----------
[libpas] Extend Adjacent-Tag-Exclusion to cover bitfit objects as well
https://bugs.webkit.org/show_bug.cgi?id=302810
rdar://164245530
Reviewed by Dan Hecht.
Due to how a single bitfit page can contain objects of varying size,
ensuring adjacent-tag-exclusion comes with a few extra challenges.
1. We cannot use the parity trick to divide allocations into
odd/even, so instead we directly ldg the previous/subsequent
allocations and filter those tags out of the irg computation.
2. We cannot ldg across pages, so we need to be a bit clever to ensure
that adjacent allocations on different pages do not collide. We do
so by having all bitfit page allocations be even-tagged, save for
the allocation (if any) containing the last MTE granule in the page,
which is odd-tagged.
Together, this ensures that the ATE property should apply to bitfit
objects both within and across allocator pages.
Canonical link: https://commits.webkit.org/304033@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
