From 787e85a561a5a979037a96d47136827bc7fb1513 Mon Sep 17 00:00:00 2001 From: Ted Campbell Date: Sat, 13 Mar 2021 16:46:57 +0000 Subject: [PATCH] Bug 1697935 - Remove unused javascript.options.spectre.object_mitigations.barriers pref. r=iain The "barriers" here refered to type-barriers which no longer exist after IonBuilder was removed so this pref is now dead. Also remove the .misc suffix of the sibling pref. Differential Revision: https://phabricator.services.mozilla.com/D108123 --- js/src/jit/CacheIRCompiler.h | 2 +- js/src/jit/JitOptions.cpp | 6 ++---- js/src/jit/JitOptions.h | 3 +-- js/src/jit/Lowering.cpp | 2 +- js/src/jit/MacroAssembler-inl.h | 14 +++++++------- js/src/jsapi.cpp | 7 ++----- js/src/jsapi.h | 3 +-- js/src/shell/js.cpp | 6 ++---- js/xpconnect/src/XPCJSContext.cpp | 14 ++++---------- modules/libpref/init/all.js | 2 -- 10 files changed, 21 insertions(+), 38 deletions(-) diff --git a/js/src/jit/CacheIRCompiler.h b/js/src/jit/CacheIRCompiler.h index 41e7885063c3..2140efe346fa 100644 --- a/js/src/jit/CacheIRCompiler.h +++ b/js/src/jit/CacheIRCompiler.h @@ -766,7 +766,7 @@ class MOZ_RAII CacheIRCompiler { // (1) mitigations are enabled and (2) the object is used by other // instructions (if the object is *not* used by other instructions, // zeroing its register is pointless). - return JitOptions.spectreObjectMitigationsMisc && + return JitOptions.spectreObjectMitigations && !allocator.isDeadAfterInstruction(objId); } diff --git a/js/src/jit/JitOptions.cpp b/js/src/jit/JitOptions.cpp index 431bfe9deef1..8da2d1e5e99d 100644 --- a/js/src/jit/JitOptions.cpp +++ b/js/src/jit/JitOptions.cpp @@ -251,15 +251,13 @@ DefaultJitOptions::DefaultJitOptions() { #if defined(JS_CODEGEN_MIPS32) || defined(JS_CODEGEN_MIPS64) SET_DEFAULT(spectreIndexMasking, false); - SET_DEFAULT(spectreObjectMitigationsBarriers, false); - SET_DEFAULT(spectreObjectMitigationsMisc, false); + SET_DEFAULT(spectreObjectMitigations, false); SET_DEFAULT(spectreStringMitigations, false); SET_DEFAULT(spectreValueMasking, false); SET_DEFAULT(spectreJitToCxxCalls, false); #else SET_DEFAULT(spectreIndexMasking, true); - SET_DEFAULT(spectreObjectMitigationsBarriers, true); - SET_DEFAULT(spectreObjectMitigationsMisc, true); + SET_DEFAULT(spectreObjectMitigations, true); SET_DEFAULT(spectreStringMitigations, true); SET_DEFAULT(spectreValueMasking, true); SET_DEFAULT(spectreJitToCxxCalls, true); diff --git a/js/src/jit/JitOptions.h b/js/src/jit/JitOptions.h index 4139b1166acf..60ad51ec1c4f 100644 --- a/js/src/jit/JitOptions.h +++ b/js/src/jit/JitOptions.h @@ -113,8 +113,7 @@ struct DefaultJitOptions { // measure the effectiveness of each mitigation with various proof of // concept. bool spectreIndexMasking; - bool spectreObjectMitigationsBarriers; - bool spectreObjectMitigationsMisc; + bool spectreObjectMitigations; bool spectreStringMitigations; bool spectreValueMasking; bool spectreJitToCxxCalls; diff --git a/js/src/jit/Lowering.cpp b/js/src/jit/Lowering.cpp index 9a9bb9e7eed1..f20f23d147c6 100644 --- a/js/src/jit/Lowering.cpp +++ b/js/src/jit/Lowering.cpp @@ -3961,7 +3961,7 @@ void LIRGenerator::visitGuardNoDenseElements(MGuardNoDenseElements* ins) { void LIRGenerator::visitGuardShape(MGuardShape* ins) { MOZ_ASSERT(ins->object()->type() == MIRType::Object); - if (JitOptions.spectreObjectMitigationsMisc) { + if (JitOptions.spectreObjectMitigations) { auto* lir = new (alloc()) LGuardShape(useRegisterAtStart(ins->object()), temp()); assignSnapshot(lir, ins->bailoutKind()); diff --git a/js/src/jit/MacroAssembler-inl.h b/js/src/jit/MacroAssembler-inl.h index 5281e2b8b875..d2b8d672a5c4 100644 --- a/js/src/jit/MacroAssembler-inl.h +++ b/js/src/jit/MacroAssembler-inl.h @@ -542,7 +542,7 @@ void MacroAssembler::branchTestObjClass(Condition cond, Register obj, branchPtr(cond, Address(scratch, BaseShape::offsetOfClasp()), ImmPtr(clasp), label); - if (JitOptions.spectreObjectMitigationsMisc) { + if (JitOptions.spectreObjectMitigations) { spectreZeroRegister(cond, scratch, spectreRegToZero); } } @@ -568,7 +568,7 @@ void MacroAssembler::branchTestObjClass(Condition cond, Register obj, loadPtr(Address(scratch, BaseShape::offsetOfClasp()), scratch); branchPtr(cond, clasp, scratch, label); - if (JitOptions.spectreObjectMitigationsMisc) { + if (JitOptions.spectreObjectMitigations) { spectreZeroRegister(cond, scratch, spectreRegToZero); } } @@ -595,7 +595,7 @@ void MacroAssembler::branchTestObjClass(Condition cond, Register obj, loadPtr(Address(scratch, BaseShape::offsetOfClasp()), scratch); branchPtr(cond, clasp, scratch, label); - if (JitOptions.spectreObjectMitigationsMisc) { + if (JitOptions.spectreObjectMitigations) { spectreZeroRegister(cond, scratch, spectreRegToZero); } } @@ -607,14 +607,14 @@ void MacroAssembler::branchTestObjShape(Condition cond, Register obj, MOZ_ASSERT(obj != scratch); MOZ_ASSERT(spectreRegToZero != scratch); - if (JitOptions.spectreObjectMitigationsMisc) { + if (JitOptions.spectreObjectMitigations) { move32(Imm32(0), scratch); } branchPtr(cond, Address(obj, JSObject::offsetOfShape()), ImmGCPtr(shape), label); - if (JitOptions.spectreObjectMitigationsMisc) { + if (JitOptions.spectreObjectMitigations) { spectreMovePtr(cond, scratch, spectreRegToZero); } } @@ -635,13 +635,13 @@ void MacroAssembler::branchTestObjShape(Condition cond, Register obj, MOZ_ASSERT(obj != shape); MOZ_ASSERT(spectreRegToZero != scratch); - if (JitOptions.spectreObjectMitigationsMisc) { + if (JitOptions.spectreObjectMitigations) { move32(Imm32(0), scratch); } branchPtr(cond, Address(obj, JSObject::offsetOfShape()), shape, label); - if (JitOptions.spectreObjectMitigationsMisc) { + if (JitOptions.spectreObjectMitigations) { spectreMovePtr(cond, scratch, spectreRegToZero); } } diff --git a/js/src/jsapi.cpp b/js/src/jsapi.cpp index 3f90a9aa83b3..446bb5c027b8 100644 --- a/js/src/jsapi.cpp +++ b/js/src/jsapi.cpp @@ -5293,11 +5293,8 @@ JS_PUBLIC_API void JS_SetGlobalJitCompilerOption(JSContext* cx, case JSJITCOMPILER_SPECTRE_INDEX_MASKING: jit::JitOptions.spectreIndexMasking = !!value; break; - case JSJITCOMPILER_SPECTRE_OBJECT_MITIGATIONS_BARRIERS: - jit::JitOptions.spectreObjectMitigationsBarriers = !!value; - break; - case JSJITCOMPILER_SPECTRE_OBJECT_MITIGATIONS_MISC: - jit::JitOptions.spectreObjectMitigationsMisc = !!value; + case JSJITCOMPILER_SPECTRE_OBJECT_MITIGATIONS: + jit::JitOptions.spectreObjectMitigations = !!value; break; case JSJITCOMPILER_SPECTRE_STRING_MITIGATIONS: jit::JitOptions.spectreStringMitigations = !!value; diff --git a/js/src/jsapi.h b/js/src/jsapi.h index 2f168210962b..da5902a6c346 100644 --- a/js/src/jsapi.h +++ b/js/src/jsapi.h @@ -2640,8 +2640,7 @@ extern JS_PUBLIC_API void JS_SetOffthreadIonCompilationEnabled(JSContext* cx, Register(NATIVE_REGEXP_ENABLE, "native_regexp.enable") \ Register(SIMULATOR_ALWAYS_INTERRUPT, "simulator.always-interrupt") \ Register(SPECTRE_INDEX_MASKING, "spectre.index-masking") \ - Register(SPECTRE_OBJECT_MITIGATIONS_BARRIERS, "spectre.object-mitigations.barriers") \ - Register(SPECTRE_OBJECT_MITIGATIONS_MISC, "spectre.object-mitigations.misc") \ + Register(SPECTRE_OBJECT_MITIGATIONS, "spectre.object-mitigations") \ Register(SPECTRE_STRING_MITIGATIONS, "spectre.string-mitigations") \ Register(SPECTRE_VALUE_MASKING, "spectre.value-masking") \ Register(SPECTRE_JIT_TO_CXX_CALLS, "spectre.jit-to-C++-calls") \ diff --git a/js/src/shell/js.cpp b/js/src/shell/js.cpp index 9f43da2c6c85..63eba7472616 100644 --- a/js/src/shell/js.cpp +++ b/js/src/shell/js.cpp @@ -10994,15 +10994,13 @@ static bool SetContextOptions(JSContext* cx, const OptionParser& op) { if (const char* str = op.getStringOption("spectre-mitigations")) { if (strcmp(str, "on") == 0) { jit::JitOptions.spectreIndexMasking = true; - jit::JitOptions.spectreObjectMitigationsBarriers = true; - jit::JitOptions.spectreObjectMitigationsMisc = true; + jit::JitOptions.spectreObjectMitigations = true; jit::JitOptions.spectreStringMitigations = true; jit::JitOptions.spectreValueMasking = true; jit::JitOptions.spectreJitToCxxCalls = true; } else if (strcmp(str, "off") == 0) { jit::JitOptions.spectreIndexMasking = false; - jit::JitOptions.spectreObjectMitigationsBarriers = false; - jit::JitOptions.spectreObjectMitigationsMisc = false; + jit::JitOptions.spectreObjectMitigations = false; jit::JitOptions.spectreStringMitigations = false; jit::JitOptions.spectreValueMasking = false; jit::JitOptions.spectreJitToCxxCalls = false; diff --git a/js/xpconnect/src/XPCJSContext.cpp b/js/xpconnect/src/XPCJSContext.cpp index ffe8ddb49d74..1e1007ccd097 100644 --- a/js/xpconnect/src/XPCJSContext.cpp +++ b/js/xpconnect/src/XPCJSContext.cpp @@ -856,10 +856,8 @@ static void LoadStartupJSPrefs(XPCJSContext* xpccx) { bool spectreIndexMasking = Preferences::GetBool(JS_OPTIONS_DOT_STR "spectre.index_masking"); - bool spectreObjectMitigationsBarriers = Preferences::GetBool( - JS_OPTIONS_DOT_STR "spectre.object_mitigations.barriers"); - bool spectreObjectMitigationsMisc = Preferences::GetBool( - JS_OPTIONS_DOT_STR "spectre.object_mitigations.misc"); + bool spectreObjectMitigations = + Preferences::GetBool(JS_OPTIONS_DOT_STR "spectre.object_mitigations"); bool spectreStringMitigations = Preferences::GetBool(JS_OPTIONS_DOT_STR "spectre.string_mitigations"); bool spectreValueMasking = @@ -912,12 +910,8 @@ static void LoadStartupJSPrefs(XPCJSContext* xpccx) { JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_SPECTRE_INDEX_MASKING, spectreIndexMasking); - JS_SetGlobalJitCompilerOption( - cx, JSJITCOMPILER_SPECTRE_OBJECT_MITIGATIONS_BARRIERS, - spectreObjectMitigationsBarriers); - JS_SetGlobalJitCompilerOption(cx, - JSJITCOMPILER_SPECTRE_OBJECT_MITIGATIONS_MISC, - spectreObjectMitigationsMisc); + JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_SPECTRE_OBJECT_MITIGATIONS, + spectreObjectMitigations); JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_SPECTRE_STRING_MITIGATIONS, spectreStringMitigations); JS_SetGlobalJitCompilerOption(cx, JSJITCOMPILER_SPECTRE_VALUE_MASKING, diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index ee17de7c880b..26714fc0c375 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -1212,14 +1212,12 @@ pref("javascript.options.dump_stack_on_debuggee_would_run", false); // Spectre security vulnerability mitigations. #if defined(JS_CODEGEN_MIPS32) || defined(JS_CODEGEN_MIPS64) pref("javascript.options.spectre.index_masking", false); - pref("javascript.options.spectre.object_mitigations.barriers", false); pref("javascript.options.spectre.object_mitigations.misc", false); pref("javascript.options.spectre.string_mitigations", false); pref("javascript.options.spectre.value_masking", false); pref("javascript.options.spectre.jit_to_C++_calls", false); #else pref("javascript.options.spectre.index_masking", true); - pref("javascript.options.spectre.object_mitigations.barriers", true); pref("javascript.options.spectre.object_mitigations.misc", true); pref("javascript.options.spectre.string_mitigations", true); pref("javascript.options.spectre.value_masking", true);