• Mike Stanton's avatar
    [turbofan] Masking/poisoning in codegen (optimized code, x64) · 8f489e73
    Mike Stanton authored
    This introduces masking of loads with speculation bit during code generation.
    At the moment, this is done only for x64 optimized code, under the
    --branch-load-poisoning flag.
    
    Overview of changes:
    - new register configuration configuration with one register reserved for
      the speculation poison/mask (kSpeculationPoisonRegister).
    - in codegen, we introduce an update to the poison register at the starts
      of all successors of branches (and deopts) that are marked as safety
      branches (deopts).
    - in memory optimizer, we lower all field and element loads to PoisonedLoads.
    - poisoned loads are then masked in codegen with the poison register.
      * only integer loads are masked at the moment.
    
    Bug: chromium:798964
    Change-Id: Ie51fdbde578fc289dff029794f3cfe8eaf33e1ef
    Reviewed-on: https://chromium-review.googlesource.com/901625
    Commit-Queue: Michael Stanton <mvstanton@chromium.org>
    Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#51272}
    8f489e73
code-generator.cc 45.1 KB