wowgetoffyourcellphone/0ad
1
0
Fork 0
forked from 0ad/0ad
Code Pull Requests Activity

Turn off SPECTRE mitigation in jit code

Browse Source 
SPECTRE attacks mitigations were added to SpiderMonkey's JIT output in
version 57. Turning these off is a very large speedup, around 10-20%
wall time (on my computer) depending on the map and the situation.
For the most part, from profiling on my machine, this is from memory
fences after JIT -> C++ calls. 0 A.D. does a lot of these.

The SPECTRE class of attack is a timing attack based on speculative
execution to leak sensitive information, and it seems extraordinarily
unlikely that something like this could be successfully mounted using 0
A.D.

Differential Revision: https://code.wildfiregames.com/D5014
This was SVN commit r27699.
This commit is contained in:
wraitii 2023-06-14 07:44:23 +00:00
parent 9399ba043e
commit 61e932a890
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source/scriptinterface/ScriptContext.cpp
View File

@ -120,6 +120,13 @@ ScriptContext::ScriptContext(int contextSize, int heapGrowthBytesGCTrigger):
JS_SetGlobalJitCompilerOption(m_cx, JSJITCOMPILER_ION_ENABLE, 1);
JS_SetGlobalJitCompilerOption(m_cx, JSJITCOMPILER_BASELINE_ENABLE, 1);
// Turn off Spectre mitigations - this is a huge speedup on JS code, particularly JS -> C++ calls.
JS_SetGlobalJitCompilerOption(m_cx, JSJITCOMPILER_SPECTRE_JIT_TO_CXX_CALLS, 0);
JS_SetGlobalJitCompilerOption(m_cx, JSJITCOMPILER_SPECTRE_INDEX_MASKING, 0);
JS_SetGlobalJitCompilerOption(m_cx, JSJITCOMPILER_SPECTRE_VALUE_MASKING, 0);
JS_SetGlobalJitCompilerOption(m_cx, JSJITCOMPILER_SPECTRE_STRING_MITIGATIONS, 0);
JS_SetGlobalJitCompilerOption(m_cx, JSJITCOMPILER_SPECTRE_OBJECT_MITIGATIONS, 0);
JS::ContextOptionsRef(m_cx).setStrictMode(true);
ScriptEngine::GetSingleton().RegisterContext(m_cx);