-
Clemens Backes authored
This refactors the {GetMemOp} function once again: Instead of computing (mem_start + (offset_reg + offset_imm)), do compute ((mem_start + offset_imm) + offset_reg). This avoids an overflow in (offset_reg + offset_imm) when using 32-bit computations, which hides OOB memory accesses when relying on the trap handler. As a nice side-effect, this change makes the whole method a lot nicer to read. We also need to change {StoreTaggedPointer} now, which was relying on the inner working of {GetMemOp}. The new version makes the semantics more transparent at the cost of repeating some logic from (the previous version of) {GetMemOp}. R=jkummerow@chromium.org Bug: v8:11955, chromium:1227465, v8:11951 Change-Id: Ia068ca7c4f7db89b81529edd3438b0e4eee7d23d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015566 Commit-Queue: Clemens Backes <clemensb@chromium.org> Reviewed-by:Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#75693}
c8d60d7e
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| liftoff-assembler-arm64.h |