1ef6c4374e
This CL changes the poisoning in the interpreter to use the infrastructure used in the JIT. This does not change the original flag semantics: --branch-load-poisoning enables JIT mitigations as before. --untrusted-code-mitigation enables the interpreter mitigations (now realized using the compiler back-end), but does not enable the back-end based mitigations for the Javascript JIT. So in effect --untrusted-code-mitigation makes the CSA pipeline for bytecode handlers use the same mechanics (including changed register allocation) that --branch-load-poisoning enables for the JIT. Bug: chromium:798964 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: If7f6852ae44e32e6e0ad508e9237f24dec7e5b27 Reviewed-on: https://chromium-review.googlesource.com/928881 Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#52243}
73 lines
2.3 KiB
C++
73 lines
2.3 KiB
C++
// Copyright 2017 the V8 project authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "test/unittests/code-stub-assembler-unittest.h"
|
|
|
|
#include "src/code-factory.h"
|
|
#include "src/compiler/node.h"
|
|
#include "src/interface-descriptors.h"
|
|
#include "src/isolate.h"
|
|
#include "src/objects-inl.h"
|
|
#include "test/unittests/compiler/compiler-test-utils.h"
|
|
#include "test/unittests/compiler/node-test-utils.h"
|
|
|
|
using ::testing::_;
|
|
using v8::internal::compiler::Node;
|
|
|
|
namespace c = v8::internal::compiler;
|
|
|
|
namespace v8 {
|
|
namespace internal {
|
|
|
|
#ifdef ENABLE_VERIFY_CSA
|
|
#define IS_BITCAST_WORD_TO_TAGGED_SIGNED(x) IsBitcastWordToTaggedSigned(x)
|
|
#define IS_BITCAST_TAGGED_TO_WORD(x) IsBitcastTaggedToWord(x)
|
|
#else
|
|
#define IS_BITCAST_WORD_TO_TAGGED_SIGNED(x) (x)
|
|
#define IS_BITCAST_TAGGED_TO_WORD(x) (x)
|
|
#endif
|
|
|
|
CodeStubAssemblerTestState::CodeStubAssemblerTestState(
|
|
CodeStubAssemblerTest* test)
|
|
: compiler::CodeAssemblerState(test->isolate(), test->zone(),
|
|
VoidDescriptor(test->isolate()), Code::STUB,
|
|
"test", PoisoningMitigationLevel::kOn) {}
|
|
|
|
TARGET_TEST_F(CodeStubAssemblerTest, SmiTag) {
|
|
CodeStubAssemblerTestState state(this);
|
|
CodeStubAssemblerForTest m(&state);
|
|
Node* value = m.Int32Constant(44);
|
|
EXPECT_THAT(m.SmiTag(value),
|
|
IS_BITCAST_WORD_TO_TAGGED_SIGNED(c::IsIntPtrConstant(
|
|
static_cast<intptr_t>(44) << (kSmiShiftSize + kSmiTagSize))));
|
|
EXPECT_THAT(m.SmiUntag(value),
|
|
c::IsIntPtrConstant(static_cast<intptr_t>(44) >>
|
|
(kSmiShiftSize + kSmiTagSize)));
|
|
}
|
|
|
|
TARGET_TEST_F(CodeStubAssemblerTest, IntPtrMax) {
|
|
CodeStubAssemblerTestState state(this);
|
|
CodeStubAssemblerForTest m(&state);
|
|
{
|
|
Node* a = m.IntPtrConstant(100);
|
|
Node* b = m.IntPtrConstant(1);
|
|
Node* z = m.IntPtrMax(a, b);
|
|
EXPECT_THAT(z, c::IsIntPtrConstant(100));
|
|
}
|
|
}
|
|
|
|
TARGET_TEST_F(CodeStubAssemblerTest, IntPtrMin) {
|
|
CodeStubAssemblerTestState state(this);
|
|
CodeStubAssemblerForTest m(&state);
|
|
{
|
|
Node* a = m.IntPtrConstant(100);
|
|
Node* b = m.IntPtrConstant(1);
|
|
Node* z = m.IntPtrMin(a, b);
|
|
EXPECT_THAT(z, c::IsIntPtrConstant(1));
|
|
}
|
|
}
|
|
|
|
} // namespace internal
|
|
} // namespace v8
|