src/codegen · f486a34342e1647f98865c389b121a493dcd6d28 · Linshizhi / V8

Fix speculation poisoning on x64 · 7dce6a26

Shu-yu Guo authored May 04, 2021

Pointer cage reserved another register and inadvertently broke
speculation poisoning by aliasing kSpeculationPoisonRegister with
kInterpreterBytecodeArrayRegister (r12).

This CL changes kInterpreterBytecodeArrayRegister to r11. Note that this
changes it from being callee-save to caller-save, which required code
reshuffling in a baseline builtin.

Bug: v8:11726
Change-Id: Ic2a1bd6b3a2cb4c480c84375dd3274f2efedc81f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2869985
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74364}

7dce6a26

Name	Last commit	Last update
..
arm		Loading commit data...
arm64		Loading commit data...
ia32		Loading commit data...
mips		Loading commit data...
mips64		Loading commit data...
ppc		Loading commit data...
riscv64		Loading commit data...
s390		Loading commit data...
shared-ia32-x64		Loading commit data...
x64		Loading commit data...
DEPS		Loading commit data...
DIR_METADATA		Loading commit data...
OWNERS		Loading commit data...
aligned-slot-allocator.cc		Loading commit data...
aligned-slot-allocator.h		Loading commit data...
assembler-arch.h		Loading commit data...
assembler-inl.h		Loading commit data...
assembler.cc		Loading commit data...
assembler.h		Loading commit data...
bailout-reason.cc		Loading commit data...
bailout-reason.h		Loading commit data...
callable.h		Loading commit data...
code-comments.cc		Loading commit data...
code-comments.h		Loading commit data...
code-desc.cc		Loading commit data...
code-desc.h		Loading commit data...
code-factory.cc		Loading commit data...
code-factory.h		Loading commit data...
code-reference.cc		Loading commit data...
code-reference.h		Loading commit data...
code-stub-assembler.cc		Loading commit data...
code-stub-assembler.h		Loading commit data...
compilation-cache.cc		Loading commit data...
compilation-cache.h		Loading commit data...
compiler.cc		Loading commit data...
compiler.h		Loading commit data...
constant-pool.cc		Loading commit data...
constant-pool.h		Loading commit data...
constants-arch.h		Loading commit data...
cpu-features.h		Loading commit data...
external-reference-encoder.cc		Loading commit data...
external-reference-encoder.h		Loading commit data...
external-reference-table.cc		Loading commit data...
external-reference-table.h		Loading commit data...
external-reference.cc		Loading commit data...
external-reference.h		Loading commit data...
flush-instruction-cache.cc		Loading commit data...
flush-instruction-cache.h		Loading commit data...
handler-table.cc		Loading commit data...
handler-table.h		Loading commit data...
interface-descriptors-inl.h		Loading commit data...
interface-descriptors.cc		Loading commit data...
interface-descriptors.h		Loading commit data...
label.h		Loading commit data...
machine-type.cc		Loading commit data...
machine-type.h		Loading commit data...
macro-assembler-inl.h		Loading commit data...
macro-assembler.h		Loading commit data...
optimized-compilation-info.cc		Loading commit data...
optimized-compilation-info.h		Loading commit data...
pending-optimization-table.cc		Loading commit data...
pending-optimization-table.h		Loading commit data...
register-arch.h		Loading commit data...
register-configuration.cc		Loading commit data...
register-configuration.h		Loading commit data...
register.h		Loading commit data...
reglist.h		Loading commit data...
reloc-info.cc		Loading commit data...
reloc-info.h		Loading commit data...
safepoint-table.cc		Loading commit data...
safepoint-table.h		Loading commit data...
signature.h		Loading commit data...
source-position-table.cc		Loading commit data...
source-position-table.h		Loading commit data...
source-position.cc		Loading commit data...
source-position.h		Loading commit data...
string-constants.cc		Loading commit data...
string-constants.h		Loading commit data...
tick-counter.cc		Loading commit data...
tick-counter.h		Loading commit data...
tnode.cc		Loading commit data...
tnode.h		Loading commit data...
turbo-assembler.cc		Loading commit data...
turbo-assembler.h		Loading commit data...
unoptimized-compilation-info.cc		Loading commit data...
unoptimized-compilation-info.h		Loading commit data...