codecov-io
commented
5 years ago Codecov Report
Merging #129 into master will increase coverage by
1.05%. The diff coverage is82.29%.
@@ Coverage Diff @@
## master #129 +/- ##
==========================================
+ Coverage 66.5% 67.55% +1.05%
==========================================
Files 41 41
Lines 4490 4787 +297
==========================================
+ Hits 2986 3234 +248
- Misses 1233 1281 +48
- Partials 271 272 +1| Impacted Files | Coverage Δ | |
|---|---|---|
| exec/internal/compile/native.go | 54.54% <ø> (ø) |
:arrow_up: |
| exec/internal/compile/scanner.go | 0% <0%> (ø) |
:arrow_up: |
| exec/internal/compile/native_exec.go | 100% <100%> (ø) |
:arrow_up: |
| exec/native_compile.go | 58.92% <100%> (+3.57%) |
:arrow_up: |
| exec/internal/compile/backend_amd64.go | 79.42% <85.46%> (+2.39%) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 83c8885...41e25dd. Read the comment docs.
twitchyliquid64
This PR starts implementing more tablestakes.
All the complexity here is in mitigating Spectre. We use the same technique as v8, which is this:
0xffff... before the bounds checkThis works because CPUs do not speculate through bitmask operations, and because if the bounds check was mis-speculated, the poison register would be set to zero. As a result, attacker-controlled instructions later on would always get a zero value for their speculation attack, so they cannot build any measurement primitives to determine the value from the speculated out-of-bounds access.