src/wasm · 4b9f2535c87d44a33de3983101e47777e443aec7 · Linshizhi / V8

[wasm-simd][liftoff] Fix i64x2.shr_s overwriting scratch · d5c58d9d

Ng Zhi An authored Aug 03, 2020

x64's implementation of i64x2.shr_s was overwriting the scratch
register. kScratchRegister is used to hold the extracted lane of the
SIMD register, but in certain cases [0], is also used to back up the
value of rcx. When this happens, the supposed backed-up rcx was
overwritten (definitely) by each extract lane, so we end up restoring
an incorrect value of rcx, leading to an eventual crash in certain
benchmarks, when this extracted lane was used as a memory operand (see
linked bugs).

[0] when register holding the shift value is not rcx, which sarq_cl
relies on

Bug: v8:10752
Bug: chromium:1111522
Change-Id: Iaf3264e16f94e78bad4290783757f0b722d40411
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2334354Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Zhi An Ng <zhin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#69208}

d5c58d9d

Name	Last commit	Last update
..
baseline		Loading commit data...
DEPS		Loading commit data...
OWNERS		Loading commit data...
c-api.cc		Loading commit data...
c-api.h		Loading commit data...
compilation-environment.h		Loading commit data...
decoder.h		Loading commit data...
function-body-decoder-impl.h		Loading commit data...
function-body-decoder.cc		Loading commit data...
function-body-decoder.h		Loading commit data...
function-compiler.cc		Loading commit data...
function-compiler.h		Loading commit data...
graph-builder-interface.cc		Loading commit data...
graph-builder-interface.h		Loading commit data...
jump-table-assembler.cc		Loading commit data...
jump-table-assembler.h		Loading commit data...
leb-helper.h		Loading commit data...
local-decl-encoder.cc		Loading commit data...
local-decl-encoder.h		Loading commit data...
memory-tracing.cc		Loading commit data...
memory-tracing.h		Loading commit data...
module-compiler.cc		Loading commit data...
module-compiler.h		Loading commit data...
module-decoder.cc		Loading commit data...
module-decoder.h		Loading commit data...
module-instantiate.cc		Loading commit data...
module-instantiate.h		Loading commit data...
object-access.h		Loading commit data...
signature-map.cc		Loading commit data...
signature-map.h		Loading commit data...
simd-shuffle.cc		Loading commit data...
simd-shuffle.h		Loading commit data...
streaming-decoder.cc		Loading commit data...
streaming-decoder.h		Loading commit data...
struct-types.h		Loading commit data...
sync-streaming-decoder.cc		Loading commit data...
value-type.h		Loading commit data...
wasm-arguments.h		Loading commit data...
wasm-code-manager.cc		Loading commit data...
wasm-code-manager.h		Loading commit data...
wasm-constants.h		Loading commit data...
wasm-debug-evaluate.cc		Loading commit data...
wasm-debug-evaluate.h		Loading commit data...
wasm-debug.cc		Loading commit data...
wasm-debug.h		Loading commit data...
wasm-engine.cc		Loading commit data...
wasm-engine.h		Loading commit data...
wasm-external-refs.cc		Loading commit data...
wasm-external-refs.h		Loading commit data...
wasm-feature-flags.h		Loading commit data...
wasm-features.cc		Loading commit data...
wasm-features.h		Loading commit data...
wasm-import-wrapper-cache.cc		Loading commit data...
wasm-import-wrapper-cache.h		Loading commit data...
wasm-js.cc		Loading commit data...
wasm-js.h		Loading commit data...
wasm-limits.h		Loading commit data...
wasm-linkage.h		Loading commit data...
wasm-module-builder.cc		Loading commit data...
wasm-module-builder.h		Loading commit data...
wasm-module-sourcemap.cc		Loading commit data...
wasm-module-sourcemap.h		Loading commit data...
wasm-module.cc		Loading commit data...
wasm-module.h		Loading commit data...
wasm-objects-inl.h		Loading commit data...
wasm-objects.cc		Loading commit data...
wasm-objects.h		Loading commit data...
wasm-objects.tq		Loading commit data...
wasm-opcodes-inl.h		Loading commit data...
wasm-opcodes.cc		Loading commit data...
wasm-opcodes.h		Loading commit data...
wasm-result.cc		Loading commit data...
wasm-result.h		Loading commit data...
wasm-serialization.cc		Loading commit data...
wasm-serialization.h		Loading commit data...
wasm-subtyping.cc		Loading commit data...
wasm-subtyping.h		Loading commit data...
wasm-tier.h		Loading commit data...
wasm-value.h		Loading commit data...