• Tobias Tebbi's avatar
    [turbofan] unify interpreter and JIT speculation poisoning · 1ef6c437
    Tobias Tebbi authored
    This CL changes the poisoning in the interpreter to use the
    infrastructure used in the JIT.
    
    This does not change the original flag semantics:
    
    --branch-load-poisoning enables JIT mitigations as before.
    
    --untrusted-code-mitigation enables the interpreter mitigations
      (now realized using the compiler back-end), but does not enable
      the back-end based mitigations for the Javascript JIT. So in effect
      --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers
      use the same mechanics (including changed register allocation) that
      --branch-load-poisoning enables for the JIT.
    
    Bug: chromium:798964
    Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
    Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27
    Reviewed-on: https://chromium-review.googlesource.com/928881Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
    Reviewed-by: 's avatarJaroslav Sevcik <jarin@chromium.org>
    Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#52243}
    1ef6c437
verifier.cc 72.7 KB