Better distribute the randomness of the Oilpan metadata canary.

third_party/WebKit/Source/platform/heap/HeapPage.h

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 855 matching lines @@
 
 inline HeapObjectHeader* HeapObjectHeader::fromPayload(const void* payload) {
   Address addr = reinterpret_cast<Address>(const_cast<void*>(payload));
   HeapObjectHeader* header =
       reinterpret_cast<HeapObjectHeader*>(addr - sizeof(HeapObjectHeader));
   ASSERT(header->checkHeader());
   return header;
 }
 
 #if CPU(64BIT)
+ALWAYS_INLINE uint32_t RotateLeft16(uint32_t x) {
+#if COMPILER(MSVC)
+  return _lrotr(x, 16);
+#else
+  // http://blog.regehr.org/archives/1063
+  return (x << 16) | (x >> (-16 & 31));
+#endif
+}
+
 inline uint32_t HeapObjectHeader::getMagic() const {
-  const uintptr_t random1 =
-      ~(reinterpret_cast<uintptr_t>(
-            base::trace_event::MemoryAllocatorDump::kNameSize) >>
-        16);
+// Ignore C4319: It is OK to 0-extend into the high-order bits of the uintptr_t
+// on 64-bit, in this case.
+#if COMPILER(MSVC)
+#pragma warning(push)
+#pragma warning(disable : 4319)
+#endif
+
+  const uintptr_t random1 = ~(RotateLeft16(reinterpret_cast<uintptr_t>(
+      base::trace_event::MemoryAllocatorDump::kNameSize)));
 
 #if OS(WIN)
-  const uintptr_t random2 = ~(reinterpret_cast<uintptr_t>(::ReadFile) << 16);
+  const uintptr_t random2 =
+      ~(RotateLeft16(reinterpret_cast<uintptr_t>(::ReadFile)));
 #elif OS(POSIX)
-  const uintptr_t random2 = ~(reinterpret_cast<uintptr_t>(::read) << 16);
+  const uintptr_t random2 =
+      ~(RotateLeft16(reinterpret_cast<uintptr_t>(::read)));
 #else
 #error OS not supported
 #endif
 
 #if CPU(64BIT)
   static_assert(sizeof(uintptr_t) == sizeof(uint64_t),
                 "uintptr_t is not uint64_t");
   const uint32_t random = static_cast<uint32_t>(
       (random1 & 0x0FFFFULL) | ((random2 >> 32) & 0x0FFFF0000ULL));
 #elif CPU(32BIT)
   // Although we don't use heap metadata canaries on 32-bit due to memory
   // pressure, keep this code around just in case we do, someday.
   static_assert(sizeof(uintptr_t) == sizeof(uint32_t),
                 "uintptr_t is not uint32_t");
   const uint32_t random = (random1 & 0x0FFFFUL) | (random2 & 0xFFFF0000UL);
 #else
 #error architecture not supported
 #endif
 
+#if COMPILER(MSVC)
+#pragma warning(pop)
+#endif
+
   return random;
 }
-#endif
+#endif  // CPU(64BIT)
 
 NO_SANITIZE_ADDRESS inline bool HeapObjectHeader::isWrapperHeaderMarked()
     const {
   ASSERT(checkHeader());
   return m_encoded & headerWrapperMarkBitMask;
 }
 
 NO_SANITIZE_ADDRESS inline void HeapObjectHeader::markWrapperHeader() {
   ASSERT(checkHeader());
   ASSERT(!isWrapperHeaderMarked());
@@ skipping 41 matching lines @@
   return outOfLineAllocate(allocationSize, gcInfoIndex);
 }
 
 inline NormalPageArena* NormalPage::arenaForNormalPage() const {
   return static_cast<NormalPageArena*>(arena());
 }
 
 }  // namespace blink
 
 #endif  // HeapPage_h