-
Georgia Kouveli authored
This use of LR previously allowed overwriting it with arbitrary addresses that aren't signed. Change this so we never return to an arbitrary LR. Instead of loading the InterpreterTrampolineEntry address into LR directly, use an ADR instruction to place into LR the address of a piece of code that jumps to the InterpreterTrampolineEntry instead. This makes a difference because BR is also constrained by BTI, whereas RET isn't. An alternative would have been to `Call` instead of `Jump` to the target bytecode and avoid the ADR instruction altogether, but I wanted to keep the same behaviour with respect to the return stack that the existing code exhibits. Also add a comment to src/regexp/arm64/regexp-macro-assembler-arm64.cc for a similar use of LR that should eventually be removed. Bug: v8:10026 Change-Id: I24a13481f3fa416247dab8f9e5ae6f52f6b2ad42 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2764761Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#73535}
ce85e66a
