src/wasm · c8d60d7e159bac303dae89c1e567bd4aaade772d · Linshizhi / V8

[liftoff][arm64] Fix address computation for trap handling · c8d60d7e

Clemens Backes authored Jul 12, 2021

This refactors the {GetMemOp} function once again:
Instead of computing (mem_start + (offset_reg + offset_imm)), do compute
((mem_start + offset_imm) + offset_reg). This avoids an overflow in
(offset_reg + offset_imm) when using 32-bit computations, which hides
OOB memory accesses when relying on the trap handler.

As a nice side-effect, this change makes the whole method a lot nicer to
read.

We also need to change {StoreTaggedPointer} now, which was relying on the
inner working of {GetMemOp}. The new version makes the semantics more
transparent at the cost of repeating some logic from (the previous version
of) {GetMemOp}.

R=jkummerow@chromium.org

Bug: v8:11955, chromium:1227465, v8:11951
Change-Id: Ia068ca7c4f7db89b81529edd3438b0e4eee7d23d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015566
Commit-Queue: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75693}

c8d60d7e

Name	Last commit	Last update
..
baseline		Loading commit data...
DEPS		Loading commit data...
DIR_METADATA		Loading commit data...
OWNERS		Loading commit data...
branch-hint-map.h		Loading commit data...
c-api.cc		Loading commit data...
c-api.h		Loading commit data...
code-space-access.cc		Loading commit data...
code-space-access.h		Loading commit data...
compilation-environment.h		Loading commit data...
decoder.h		Loading commit data...
function-body-decoder-impl.h		Loading commit data...
function-body-decoder.cc		Loading commit data...
function-body-decoder.h		Loading commit data...
function-compiler.cc		Loading commit data...
function-compiler.h		Loading commit data...
graph-builder-interface.cc		Loading commit data...
graph-builder-interface.h		Loading commit data...
init-expr-interface.cc		Loading commit data...
init-expr-interface.h		Loading commit data...
jump-table-assembler.cc		Loading commit data...
jump-table-assembler.h		Loading commit data...
leb-helper.h		Loading commit data...
local-decl-encoder.cc		Loading commit data...
local-decl-encoder.h		Loading commit data...
memory-protection-key.cc		Loading commit data...
memory-protection-key.h		Loading commit data...
memory-tracing.cc		Loading commit data...
memory-tracing.h		Loading commit data...
module-compiler.cc		Loading commit data...
module-compiler.h		Loading commit data...
module-decoder.cc		Loading commit data...
module-decoder.h		Loading commit data...
module-instantiate.cc		Loading commit data...
module-instantiate.h		Loading commit data...
object-access.h		Loading commit data...
signature-map.cc		Loading commit data...
signature-map.h		Loading commit data...
simd-shuffle.cc		Loading commit data...
simd-shuffle.h		Loading commit data...
streaming-decoder.cc		Loading commit data...
streaming-decoder.h		Loading commit data...
struct-types.h		Loading commit data...
sync-streaming-decoder.cc		Loading commit data...
value-type.cc		Loading commit data...
value-type.h		Loading commit data...
wasm-arguments.h		Loading commit data...
wasm-code-manager.cc		Loading commit data...
wasm-code-manager.h		Loading commit data...
wasm-constants.h		Loading commit data...
wasm-debug.cc		Loading commit data...
wasm-debug.h		Loading commit data...
wasm-engine.cc		Loading commit data...
wasm-engine.h		Loading commit data...
wasm-external-refs.cc		Loading commit data...
wasm-external-refs.h		Loading commit data...
wasm-feature-flags.h		Loading commit data...
wasm-features.cc		Loading commit data...
wasm-features.h		Loading commit data...
wasm-import-wrapper-cache.cc		Loading commit data...
wasm-import-wrapper-cache.h		Loading commit data...
wasm-init-expr.cc		Loading commit data...
wasm-init-expr.h		Loading commit data...
wasm-js.cc		Loading commit data...
wasm-js.h		Loading commit data...
wasm-limits.h		Loading commit data...
wasm-linkage.h		Loading commit data...
wasm-module-builder.cc		Loading commit data...
wasm-module-builder.h		Loading commit data...
wasm-module-sourcemap.cc		Loading commit data...
wasm-module-sourcemap.h		Loading commit data...
wasm-module.cc		Loading commit data...
wasm-module.h		Loading commit data...
wasm-objects-inl.h		Loading commit data...
wasm-objects.cc		Loading commit data...
wasm-objects.h		Loading commit data...
wasm-objects.tq		Loading commit data...
wasm-opcodes-inl.h		Loading commit data...
wasm-opcodes.cc		Loading commit data...
wasm-opcodes.h		Loading commit data...
wasm-result.cc		Loading commit data...
wasm-result.h		Loading commit data...
wasm-serialization.cc		Loading commit data...
wasm-serialization.h		Loading commit data...
wasm-subtyping.cc		Loading commit data...
wasm-subtyping.h		Loading commit data...
wasm-tier.h		Loading commit data...
wasm-value.h		Loading commit data...