diff options
author | Clemens Backes <clemensb@chromium.org> | 2022-12-12 17:20:08 +0100 |
---|---|---|
committer | Michael Brüning <michael.bruning@qt.io> | 2023-01-20 14:54:07 +0000 |
commit | 83f89843310c5e690b6fa01faf67bca409669cbd (patch) | |
tree | b1183f612d6ab2f72e222e77b87cbd766ee0d964 | |
parent | 9c908e9c9f81ae234795c4f6350920d55132b998 (diff) | |
download | qtwebengine-chromium-83f89843310c5e690b6fa01faf67bca409669cbd.tar.gz |
[Backport] Security bug 1395604
Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/4111948:
Load 32-bit values more efficiently
When loading a 32-bit value from the stack, just load 32 bit and
zero-extend them into the target register, instead of loading the full
64 bits.
As there are things to fix (see https://crbug.com/1356461), we only
enable this optimization for Wasm for now.
R=jkummerow@chromium.org
(cherry picked from commit a38209949fcbf045231c316e2d790b8b70ccb7ef)
Bug: chromium:1395604
No-Try: true
No-Presubmit: true
No-Tree-Checks: true
Change-Id: Ibdd2d80704973362906aec9b38faa762d3b43f3f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4097424
Cr-Original-Commit-Position: refs/heads/main@{#84796}
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4111948
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Commit-Queue: Roger Felipe Zanoni da Silva <rzanoni@google.com>
Cr-Commit-Position: refs/branch-heads/10.2@{#45}
Cr-Branched-From: 374091f382e88095694c1283cbdc2acddc1b1417-refs/heads/10.2.154@{#1}
Cr-Branched-From: f0c353f6315eeb2212ba52478983a3b3af07b5b1-refs/heads/main@{#79976}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/454383
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/v8/src/compiler/backend/x64/code-generator-x64.cc | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/chromium/v8/src/compiler/backend/x64/code-generator-x64.cc b/chromium/v8/src/compiler/backend/x64/code-generator-x64.cc index e0cf602b11e..3e6819bf506 100644 --- a/chromium/v8/src/compiler/backend/x64/code-generator-x64.cc +++ b/chromium/v8/src/compiler/backend/x64/code-generator-x64.cc @@ -4819,7 +4819,22 @@ void CodeGenerator::AssembleMove(InstructionOperand* source, case MoveType::kStackToRegister: { Operand src = g.ToOperand(source); if (source->IsStackSlot()) { - __ movq(g.ToRegister(destination), src); + MachineRepresentation mr = + LocationOperand::cast(source)->representation(); + const bool is_32_bit = mr == MachineRepresentation::kWord32 || + mr == MachineRepresentation::kCompressed || + mr == MachineRepresentation::kCompressedPointer; + // TODO(13581): Fix this for other code kinds (see + // https://crbug.com/1356461). + if (code_kind() == CodeKind::WASM_FUNCTION && is_32_bit) { + // When we need only 32 bits, move only 32 bits. Benefits: + // - Save a byte here and there (depending on the destination + // register; "movl eax, ..." is smaller than "movq rax, ..."). + // - Safeguard against accidental decompression of compressed slots. + __ movl(g.ToRegister(destination), src); + } else { + __ movq(g.ToRegister(destination), src); + } } else { DCHECK(source->IsFPStackSlot()); XMMRegister dst = g.ToDoubleRegister(destination); |