diff --git a/src/compiler/backend/arm64/code-generator-arm64.cc b/src/compiler/backend/arm64/code-generator-arm64.cc index 6e25042947..33ccee0bf0 100644 --- a/src/compiler/backend/arm64/code-generator-arm64.cc +++ b/src/compiler/backend/arm64/code-generator-arm64.cc @@ -389,36 +389,6 @@ void EmitWordLoadPoisoningIfNeeded( } } -void EmitMaybePoisonedFPLoad(CodeGenerator* codegen, InstructionCode opcode, - Arm64OperandConverter* i, VRegister output_reg) { - const MemoryAccessMode access_mode = - static_cast<MemoryAccessMode>(MiscField::decode(opcode)); - AddressingMode address_mode = AddressingModeField::decode(opcode); - if (access_mode == kMemoryAccessPoisoned && address_mode != kMode_Root) { - UseScratchRegisterScope temps(codegen->tasm()); - Register address = temps.AcquireX(); - switch (address_mode) { - case kMode_MRI: // Fall through. - case kMode_MRR: - codegen->tasm()->Add(address, i->InputRegister(0), i->InputOperand(1)); - break; - case kMode_Operand2_R_LSL_I: - codegen->tasm()->Add(address, i->InputRegister(0), - i->InputOperand2_64(1)); - break; - default: - // Note: we don't need poisoning for kMode_Root loads as those loads - // target a fixed offset from root register which is set once when - // initializing the vm. - UNREACHABLE(); - } - codegen->tasm()->And(address, address, Operand(kSpeculationPoisonRegister)); - codegen->tasm()->Ldr(output_reg, MemOperand(address)); - } else { - codegen->tasm()->Ldr(output_reg, i->MemoryOperand()); - } -} - } // namespace #define ASSEMBLE_SHIFT(asm_instr, width) \ @@ -1629,13 +1599,13 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction( break; } case kArm64LdrS: - EmitMaybePoisonedFPLoad(this, opcode, &i, i.OutputDoubleRegister().S()); + __ Ldr(i.OutputDoubleRegister().S(), i.MemoryOperand()); break; case kArm64StrS: __ Str(i.InputFloat32OrZeroRegister(0), i.MemoryOperand(1)); break; case kArm64LdrD: - EmitMaybePoisonedFPLoad(this, opcode, &i, i.OutputDoubleRegister()); + __ Ldr(i.OutputDoubleRegister(), i.MemoryOperand()); break; case kArm64StrD: __ Str(i.InputFloat64OrZeroRegister(0), i.MemoryOperand(1)); diff --git a/test/cctest/test-poison-disasm-arm.cc b/test/cctest/test-poison-disasm-arm.cc index 30ec54ded0..3410e5487d 100644 --- a/test/cctest/test-poison-disasm-arm.cc +++ b/test/cctest/test-poison-disasm-arm.cc @@ -101,7 +101,7 @@ TEST(DisasmPoisonPolymorphicLoad) { "csdb", // spec. barrier "ldr <<BSt:r[0-9]+>>, \\[<<Obj>>, #\\+[0-9]+\\]", // load backing store "and <<BSt>>, <<BSt>>, " + kPReg, // apply the poison - "ldr <<Prop:r[0-9]+>>, \\[<<BSt>>, #\\+[0-9]+\\]", // load the property + "ldr <<Prop:r[0-9]+>>, \\[<<Obj>>, #\\+[0-9]+\\]", // load the property "and <<Prop>>, <<Prop>>, " + kPReg, // apply the poison // Ldone: }; @@ -109,42 +109,5 @@ TEST(DisasmPoisonPolymorphicLoad) { #endif // ENABLE_DISASSEMBLER } -TEST(DisasmPoisonMonomorphicLoadFloat64) { -#ifdef ENABLE_DISASSEMBLER - if (i::FLAG_always_opt || !i::FLAG_opt) return; - - i::FLAG_allow_natives_syntax = true; - i::FLAG_untrusted_code_mitigations = true; - - CcTest::InitializeVM(); - v8::HandleScope scope(CcTest::isolate()); - - CompileRun( - "function mono(o) { return o.x; }" - "%PrepareFunctionForOptimization(mono);" - "mono({ x : 1.1 });" - "mono({ x : 1.1 });" - "%OptimizeFunctionOnNextCall(mono);" - "mono({ x : 1.1 });"); - - // Matches that the property access sequence is instrumented with - // poisoning. - std::vector<std::string> patterns_array = { - "ldr <<Map:r[0-9]+>>, \\[<<Obj:r[0-9]+>>, #-1\\]", // load map - "ldr <<ExpMap:r[0-9]+>>, \\[pc, #", // load expected map - "cmp <<Map>>, <<ExpMap>>", // compare maps - "bne", // deopt if different - "eorne " + kPReg + ", " + kPReg + ", " + kPReg, // update the poison - "csdb", // spec. barrier - "ldr <<Field:r[0-9]+>>, \\[<<Obj>>, #\\+[0-9]+\\]", // load the field - "mov <<Mov:r[0-9]+>>, #[0-9]+", // addr. calculation - "add ip, <<Field>>, <<Mov>>", // addr. calculation - "and ip, ip, " + kPReg, // apply the poison - "vldr d[0-9]+, \\[ip", // load Float64 - }; - CHECK(CheckDisassemblyRegexPatterns("mono", patterns_array)); -#endif // ENABLE_DISASSEMBLER -} - } // namespace internal } // namespace v8 diff --git a/test/cctest/test-poison-disasm-arm64.cc b/test/cctest/test-poison-disasm-arm64.cc index fd71b09406..a428ce7b89 100644 --- a/test/cctest/test-poison-disasm-arm64.cc +++ b/test/cctest/test-poison-disasm-arm64.cc @@ -49,8 +49,8 @@ TEST(DisasmPoisonMonomorphicLoad) { "b.ne", // deopt if different "csel " + kPReg + ", xzr, " + kPReg + ", ne", // update the poison "csdb", // spec. barrier - "ldursw <<Field:x[0-9]+>>, \\[<<Obj>>, #[0-9]+\\]", // load the field - "and <<Field>>, <<Field>>, " + kPReg, // apply the poison + "ldursw x<<Field:[0-9]+>>, \\[<<Obj>>, #[0-9]+\\]", // load the field + "and x<<Field>>, x<<Field>>, " + kPReg, // apply the poison }; #else std::vector<std::string> patterns_array = { @@ -153,56 +153,5 @@ TEST(DisasmPoisonPolymorphicLoad) { #endif // ENABLE_DISASSEMBLER } -TEST(DisasmPoisonMonomorphicLoadFloat64) { -#ifdef ENABLE_DISASSEMBLER - if (i::FLAG_always_opt || !i::FLAG_opt) return; - - i::FLAG_allow_natives_syntax = true; - i::FLAG_untrusted_code_mitigations = true; - - CcTest::InitializeVM(); - v8::HandleScope scope(CcTest::isolate()); - - CompileRun( - "function mono(o) { return o.x; }" - "%PrepareFunctionForOptimization(mono);" - "mono({ x : 1.1 });" - "mono({ x : 1.1 });" - "%OptimizeFunctionOnNextCall(mono);" - "mono({ x : 1.1 });"); - - // Matches that the property access sequence is instrumented with - // poisoning. -#if defined(V8_COMPRESS_POINTERS) - std::vector<std::string> patterns_array = { - "ldur <<Map:w[0-9]+>>, \\[<<Obj:x[0-9]+>>, #-1\\]", // load map - "ldr <<ExpMap:w[0-9]+>>, pc", // load expected map - "cmp <<Map>>, <<ExpMap>>", // compare maps - "b.ne", // deopt if differ - "csel " + kPReg + ", xzr, " + kPReg + ", ne", // update the poison - "csdb", // spec. barrier - "ldursw <<F1:x[0-9]+>>, \\[<<Obj>>, #11\\]", // load field - "add <<F1>>, x26, <<F1>>", // Decompress ref - "add <<Addr:x[0-9]+>>, <<F1>>, #0x[0-9a-f]+", // addr. calculation - "and <<Addr>>, <<Addr>>, " + kPReg, // apply the poison - "ldr d[0-9]+, \\[<<Addr>>\\]", // load Float64 - }; -#else - std::vector<std::string> patterns_array = { - "ldur <<Map:x[0-9]+>>, \\[<<Obj:x[0-9]+>>, #-1\\]", // load map - "ldr <<ExpMap:x[0-9]+>>, pc", // load expected map - "cmp <<Map>>, <<ExpMap>>", // compare maps - "b.ne", // deopt if differ - "csel " + kPReg + ", xzr, " + kPReg + ", ne", // update the poison - "csdb", // spec. barrier - "add <<Addr:x[0-9]+>>, <<Obj>>, #0x[0-9a-f]+", // addr. calculation - "and <<Addr>>, <<Addr>>, " + kPReg, // apply the poison - "ldr d[0-9]+, \\[<<Addr>>\\]", // load Float64 - }; -#endif - CHECK(CheckDisassemblyRegexPatterns("mono", patterns_array)); -#endif // ENABLE_DISASSEMBLER -} - } // namespace internal } // namespace v8