chore: cherry-pick fix for 1231950 from v8 #30584
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[liftoff][arm64] Zero-extend offsets also for SIMD
This extends https://crrev.com/c/2917612 also for SIMD, which
(sometimes) uses the special {GetMemOpWithImmOffsetZero} method.
As part of this CL, that method is renamed to {GetEffectiveAddress}
which IMO is a better name. Also, it just returns a register to make the
semantic of that function obvious in the signature.
Drive-by: When sign extending to 32 bit, only write to the W portion of
the register. This is a bit cleaner, and I first thought that
this would be the bug.
R=jkummerow@chromium.org
CC=thibaudm@chromium.org
Bug: chromium:1231950, v8:12018
Change-Id: Ifaefe1f18e3a00534a30c99e3c37ed09d9508f6e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3049073
Reviewed-by: Zhi An Ng zhin@chromium.org
Commit-Queue: Clemens Backes clemensb@chromium.org
[modify] https://crrev.com/b99fe75c6db86d86ad8989458d28978b001d9234/src/wasm/baseline/arm64/liftoff-assembler-arm64.h
[modify] https://crrev.com/b99fe75c6db86d86ad8989458d28978b001d9234/test/mjsunit/mjsunit.status
[add] https://crrev.com/b99fe75c6db86d86ad8989458d28978b001d9234/test/mjsunit/regress/wasm/regress-1231950.js
Notes: Security: Backported fix for 1231950.