1ef6c4374e
This CL changes the poisoning in the interpreter to use the infrastructure used in the JIT. This does not change the original flag semantics: --branch-load-poisoning enables JIT mitigations as before. --untrusted-code-mitigation enables the interpreter mitigations (now realized using the compiler back-end), but does not enable the back-end based mitigations for the Javascript JIT. So in effect --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers use the same mechanics (including changed register allocation) that --branch-load-poisoning enables for the JIT. Bug: chromium:798964 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27 Reviewed-on: https://chromium-review.googlesource.com/928881 Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#52243} |
||
---|---|---|
.. | ||
api | ||
asmjs | ||
base | ||
compiler | ||
compiler-dispatcher | ||
heap | ||
interpreter | ||
libplatform | ||
parser | ||
wasm | ||
zone | ||
allocation-unittest.cc | ||
bigint-unittest.cc | ||
BUILD.gn | ||
cancelable-tasks-unittest.cc | ||
char-predicates-unittest.cc | ||
code-stub-assembler-unittest.cc | ||
code-stub-assembler-unittest.h | ||
counters-unittest.cc | ||
DEPS | ||
detachable-vector-unittest.cc | ||
eh-frame-iterator-unittest.cc | ||
eh-frame-writer-unittest.cc | ||
locked-queue-unittest.cc | ||
object-unittest.cc | ||
register-configuration-unittest.cc | ||
run-all-unittests.cc | ||
source-position-table-unittest.cc | ||
test-helpers.cc | ||
test-helpers.h | ||
test-utils.cc | ||
test-utils.h | ||
testcfg.py | ||
unicode-unittest.cc | ||
unittests.isolate | ||
unittests.status | ||
utils-unittest.cc | ||
value-serializer-unittest.cc |