Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
// Copyright 2018 the V8 project authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
|
|
// found in the LICENSE file.
|
|
|
|
|
2019-05-28 13:17:52 +00:00
|
|
|
#include "src/codegen/arm/assembler-arm-inl.h"
|
2019-05-21 09:30:15 +00:00
|
|
|
#include "src/codegen/macro-assembler.h"
|
2019-05-22 07:55:37 +00:00
|
|
|
#include "src/execution/simulator.h"
|
2019-05-23 13:27:57 +00:00
|
|
|
#include "src/utils/ostreams.h"
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
#include "test/common/assembler-tester.h"
|
|
|
|
#include "test/unittests/test-utils.h"
|
|
|
|
#include "testing/gtest-support.h"
|
|
|
|
|
|
|
|
namespace v8 {
|
|
|
|
namespace internal {
|
|
|
|
|
|
|
|
#define __ tasm.
|
|
|
|
|
2018-08-01 11:30:36 +00:00
|
|
|
// If we are running on android and the output is not redirected (i.e. ends up
|
|
|
|
// in the android log) then we cannot find the error message in the output. This
|
|
|
|
// macro just returns the empty string in that case.
|
|
|
|
#if defined(ANDROID) && !defined(V8_ANDROID_LOG_STDOUT)
|
|
|
|
#define ERROR_MESSAGE(msg) ""
|
|
|
|
#else
|
|
|
|
#define ERROR_MESSAGE(msg) msg
|
|
|
|
#endif
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
|
|
|
|
// Test the x64 assembler by compiling some simple functions into
|
|
|
|
// a buffer and executing them. These tests do not initialize the
|
|
|
|
// V8 library, create a context, or use any V8 objects.
|
|
|
|
|
|
|
|
class TurboAssemblerTest : public TestWithIsolate {};
|
|
|
|
|
|
|
|
TEST_F(TurboAssemblerTest, TestHardAbort) {
|
2019-01-17 10:23:16 +00:00
|
|
|
auto buffer = AllocateAssemblerBuffer();
|
2020-02-27 10:25:23 +00:00
|
|
|
TurboAssembler tasm(isolate(), AssemblerOptions{}, CodeObjectRequired::kNo,
|
2019-01-17 10:23:16 +00:00
|
|
|
buffer->CreateView());
|
2020-02-27 10:25:23 +00:00
|
|
|
__ set_root_array_available(false);
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
__ set_abort_hard(true);
|
|
|
|
|
|
|
|
__ Abort(AbortReason::kNoReason);
|
|
|
|
|
|
|
|
CodeDesc desc;
|
2020-02-27 10:25:23 +00:00
|
|
|
tasm.GetCode(isolate(), &desc);
|
2019-01-17 10:23:16 +00:00
|
|
|
buffer->MakeExecutable();
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
// We need an isolate here to execute in the simulator.
|
2019-01-17 10:23:16 +00:00
|
|
|
auto f = GeneratedCode<void>::FromBuffer(isolate(), buffer->start());
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
|
2018-08-01 11:30:36 +00:00
|
|
|
ASSERT_DEATH_IF_SUPPORTED({ f.Call(); }, ERROR_MESSAGE("abort: no reason"));
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TurboAssemblerTest, TestCheck) {
|
2019-01-17 10:23:16 +00:00
|
|
|
auto buffer = AllocateAssemblerBuffer();
|
2020-02-27 10:25:23 +00:00
|
|
|
TurboAssembler tasm(isolate(), AssemblerOptions{}, CodeObjectRequired::kNo,
|
2019-01-17 10:23:16 +00:00
|
|
|
buffer->CreateView());
|
2020-02-27 10:25:23 +00:00
|
|
|
__ set_root_array_available(false);
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
__ set_abort_hard(true);
|
|
|
|
|
|
|
|
// Fail if the first parameter is 17.
|
|
|
|
__ Move32BitImmediate(r1, Operand(17));
|
|
|
|
__ cmp(r0, r1); // 1st parameter is in {r0}.
|
|
|
|
__ Check(Condition::ne, AbortReason::kNoReason);
|
|
|
|
__ Ret();
|
|
|
|
|
|
|
|
CodeDesc desc;
|
2020-02-27 10:25:23 +00:00
|
|
|
tasm.GetCode(isolate(), &desc);
|
2019-01-17 10:23:16 +00:00
|
|
|
buffer->MakeExecutable();
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
// We need an isolate here to execute in the simulator.
|
2019-01-17 10:23:16 +00:00
|
|
|
auto f = GeneratedCode<void, int>::FromBuffer(isolate(), buffer->start());
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
|
|
|
|
f.Call(0);
|
|
|
|
f.Call(18);
|
2018-08-01 11:30:36 +00:00
|
|
|
ASSERT_DEATH_IF_SUPPORTED({ f.Call(17); }, ERROR_MESSAGE("abort: no reason"));
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
}
|
|
|
|
|
[arm][arm64] Do not allocate temp registers for the write barrier.
Improve code generation for stores with write barriers slightly by using the
assembler's dedicated scratch registers (x16 and x17 on Arm64, ip on Arm)
instead of allocating temporaries.
To do this, we've done two things:
- Use ip as a scratch register when loading page flags.
- TurboAssembler::CallRecordWriteStub() now takes the offset of the slot
that's written to rather than its address, removing the need to allocate a
temporary register for it.
In essence, we've gone from:
```
;; Do the store.
stur x19, [x9, #15]
;; Check *destination* object page flags and jump out-of-line.
and x4, x9, #0xfffffffffff80000
ldr x4, [x4, #8]
tbnz x4, #2, #+0x1e7c
| ;; Check *source* object page flags.
| `-> and x4, x19, #0xfffffffffff80000
| ldr x4, [xM, #8]
|,--- tbz x4, #1, #-0x1e80
| ;; Compute address of slot.
| add x5, x9, #0xf (15)
| ;; Setup arguments to RecordWrite
| stp x2, x3, [sp, #-32]!
| stp x4, lr, [sp, #16]
| stp x0, x1, [sp, #-16]!
| mov x0, x9 ;; Object address in x9
| mov x1, x5 ;; Slot address in x5
| movz x2, #0x0
| movz x3, #0x100000000
| ;; Call RecordWrite
| ldr x16, pc+2056
| blr x16
```
Which allocates x4 and x5 as temporaries.
To:
```
stur x19, [x9, #15]
and x16, x9, #0xfffffffffff80000 ;; Using x16 instead of allocating x4.
ldr x16, [x16, #8]
tbnz x16, #2, #+0x1e7c
| `-> and x16, x19, #0xfffffffffff80000
| ldr x16, [xM, #8]
|,--- tbz x16, #1, #-0x1e80
| stp x2, x3, [sp, #-32]!
| stp x4, lr, [sp, #16]
| stp x0, x1, [sp, #-16]!
| mov x0, x9 ;; Object address still in x9.
| add x1, x9, #0xf (15) ;; Compute the slot address directly.
| movz x2, #0x0
| movz x3, #0x100000000
| ldr x16, pc+2056
| blr x16
```
Finally, `RecordWriteField()` does not need an extra scratch register anymore.
Change-Id: Icb71310e7b8ab1ca83ced250851456166b337d00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505793
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61153}
2019-05-02 10:45:27 +00:00
|
|
|
struct MoveObjectAndSlotTestCase {
|
|
|
|
const char* comment;
|
|
|
|
Register dst_object;
|
|
|
|
Register dst_slot;
|
|
|
|
Register object;
|
|
|
|
Register offset_register = no_reg;
|
|
|
|
};
|
|
|
|
|
|
|
|
const MoveObjectAndSlotTestCase kMoveObjectAndSlotTestCases[] = {
|
|
|
|
{"no overlap", r0, r1, r2},
|
|
|
|
{"no overlap", r0, r1, r2, r3},
|
|
|
|
|
|
|
|
{"object == dst_object", r2, r1, r2},
|
|
|
|
{"object == dst_object", r2, r1, r2, r3},
|
|
|
|
|
|
|
|
{"object == dst_slot", r1, r2, r2},
|
|
|
|
{"object == dst_slot", r1, r2, r2, r3},
|
|
|
|
|
|
|
|
{"offset == dst_object", r0, r1, r2, r0},
|
|
|
|
|
|
|
|
{"offset == dst_object && object == dst_slot", r0, r1, r1, r0},
|
|
|
|
|
|
|
|
{"offset == dst_slot", r0, r1, r2, r1},
|
|
|
|
|
|
|
|
{"offset == dst_slot && object == dst_object", r0, r1, r0, r1}};
|
|
|
|
|
|
|
|
// Make sure we include offsets that cannot be encoded in an add instruction.
|
|
|
|
const int kOffsets[] = {0, 42, kMaxRegularHeapObjectSize, 0x101001};
|
|
|
|
|
|
|
|
template <typename T>
|
|
|
|
class TurboAssemblerTestWithParam : public TurboAssemblerTest,
|
|
|
|
public ::testing::WithParamInterface<T> {};
|
|
|
|
|
|
|
|
using TurboAssemblerTestMoveObjectAndSlot =
|
|
|
|
TurboAssemblerTestWithParam<MoveObjectAndSlotTestCase>;
|
|
|
|
|
|
|
|
TEST_P(TurboAssemblerTestMoveObjectAndSlot, MoveObjectAndSlot) {
|
|
|
|
const MoveObjectAndSlotTestCase test_case = GetParam();
|
|
|
|
TRACED_FOREACH(int32_t, offset, kOffsets) {
|
|
|
|
auto buffer = AllocateAssemblerBuffer();
|
|
|
|
TurboAssembler tasm(nullptr, AssemblerOptions{}, CodeObjectRequired::kNo,
|
|
|
|
buffer->CreateView());
|
|
|
|
__ Push(r0);
|
|
|
|
__ Move(test_case.object, r1);
|
|
|
|
|
|
|
|
Register src_object = test_case.object;
|
|
|
|
Register dst_object = test_case.dst_object;
|
|
|
|
Register dst_slot = test_case.dst_slot;
|
|
|
|
|
|
|
|
Operand offset_operand(0);
|
|
|
|
if (test_case.offset_register == no_reg) {
|
|
|
|
offset_operand = Operand(offset);
|
|
|
|
} else {
|
|
|
|
__ mov(test_case.offset_register, Operand(offset));
|
|
|
|
offset_operand = Operand(test_case.offset_register);
|
|
|
|
}
|
|
|
|
|
|
|
|
std::stringstream comment;
|
|
|
|
comment << "-- " << test_case.comment << ": MoveObjectAndSlot("
|
|
|
|
<< dst_object << ", " << dst_slot << ", " << src_object << ", ";
|
|
|
|
if (test_case.offset_register == no_reg) {
|
|
|
|
comment << "#" << offset;
|
|
|
|
} else {
|
|
|
|
comment << test_case.offset_register;
|
|
|
|
}
|
|
|
|
comment << ") --";
|
|
|
|
__ RecordComment(comment.str().c_str());
|
|
|
|
__ MoveObjectAndSlot(dst_object, dst_slot, src_object, offset_operand);
|
|
|
|
__ RecordComment("--");
|
|
|
|
|
|
|
|
// The `result` pointer was saved on the stack.
|
|
|
|
UseScratchRegisterScope temps(&tasm);
|
|
|
|
Register scratch = temps.Acquire();
|
|
|
|
__ Pop(scratch);
|
|
|
|
__ str(dst_object, MemOperand(scratch));
|
|
|
|
__ str(dst_slot, MemOperand(scratch, kSystemPointerSize));
|
|
|
|
|
|
|
|
__ Ret();
|
|
|
|
|
|
|
|
CodeDesc desc;
|
|
|
|
tasm.GetCode(nullptr, &desc);
|
|
|
|
if (FLAG_print_code) {
|
|
|
|
Handle<Code> code =
|
[deoptimizer] Change deopt entries into builtins
While the overall goal of this commit is to change deoptimization
entries into builtins, there are multiple related things happening:
- Deoptimization entries, formerly stubs (i.e. Code objects generated
at runtime, guaranteed to be immovable), have been converted into
builtins. The major restriction is that we now need to preserve the
kRootRegister, which was formerly used on most architectures to pass
the deoptimization id. The solution differs based on platform.
- Renamed DEOPT_ENTRIES_OR_FOR_TESTING code kind to FOR_TESTING.
- Removed heap/ support for immovable Code generation.
- Removed the DeserializerData class (no longer needed).
- arm64: to preserve 4-byte deopt exits, introduced a new optimization
in which the final jump to the deoptimization entry is generated
once per Code object, and deopt exits can continue to emit a
near-call.
- arm,ia32,x64: change to fixed-size deopt exits. This reduces exit
sizes by 4/8, 5, and 5 bytes, respectively.
On arm the deopt exit size is reduced from 12 (or 16) bytes to 8 bytes
by using the same strategy as on arm64 (recalc deopt id from return
address). Before:
e300a002 movw r10, <id>
e59fc024 ldr ip, [pc, <entry offset>]
e12fff3c blx ip
After:
e59acb35 ldr ip, [r10, <entry offset>]
e12fff3c blx ip
On arm64 the deopt exit size remains 4 bytes (or 8 bytes in same cases
with CFI). Additionally, up to 4 builtin jumps are emitted per Code
object (max 32 bytes added overhead per Code object). Before:
9401cdae bl <entry offset>
After:
# eager deoptimization entry jump.
f95b1f50 ldr x16, [x26, <eager entry offset>]
d61f0200 br x16
# lazy deoptimization entry jump.
f95b2b50 ldr x16, [x26, <lazy entry offset>]
d61f0200 br x16
# the deopt exit.
97fffffc bl <eager deoptimization entry jump offset>
On ia32 the deopt exit size is reduced from 10 to 5 bytes. Before:
bb00000000 mov ebx,<id>
e825f5372b call <entry>
After:
e8ea2256ba call <entry>
On x64 the deopt exit size is reduced from 12 to 7 bytes. Before:
49c7c511000000 REX.W movq r13,<id>
e8ea2f0700 call <entry>
After:
41ff9560360000 call [r13+<entry offset>]
Bug: v8:8661,v8:8768
Change-Id: I13e30aedc360474dc818fecc528ce87c3bfeed42
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2465834
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Reviewed-by: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70597}
2020-10-19 06:47:30 +00:00
|
|
|
Factory::CodeBuilder(isolate(), desc, CodeKind::FOR_TESTING).Build();
|
[arm][arm64] Do not allocate temp registers for the write barrier.
Improve code generation for stores with write barriers slightly by using the
assembler's dedicated scratch registers (x16 and x17 on Arm64, ip on Arm)
instead of allocating temporaries.
To do this, we've done two things:
- Use ip as a scratch register when loading page flags.
- TurboAssembler::CallRecordWriteStub() now takes the offset of the slot
that's written to rather than its address, removing the need to allocate a
temporary register for it.
In essence, we've gone from:
```
;; Do the store.
stur x19, [x9, #15]
;; Check *destination* object page flags and jump out-of-line.
and x4, x9, #0xfffffffffff80000
ldr x4, [x4, #8]
tbnz x4, #2, #+0x1e7c
| ;; Check *source* object page flags.
| `-> and x4, x19, #0xfffffffffff80000
| ldr x4, [xM, #8]
|,--- tbz x4, #1, #-0x1e80
| ;; Compute address of slot.
| add x5, x9, #0xf (15)
| ;; Setup arguments to RecordWrite
| stp x2, x3, [sp, #-32]!
| stp x4, lr, [sp, #16]
| stp x0, x1, [sp, #-16]!
| mov x0, x9 ;; Object address in x9
| mov x1, x5 ;; Slot address in x5
| movz x2, #0x0
| movz x3, #0x100000000
| ;; Call RecordWrite
| ldr x16, pc+2056
| blr x16
```
Which allocates x4 and x5 as temporaries.
To:
```
stur x19, [x9, #15]
and x16, x9, #0xfffffffffff80000 ;; Using x16 instead of allocating x4.
ldr x16, [x16, #8]
tbnz x16, #2, #+0x1e7c
| `-> and x16, x19, #0xfffffffffff80000
| ldr x16, [xM, #8]
|,--- tbz x16, #1, #-0x1e80
| stp x2, x3, [sp, #-32]!
| stp x4, lr, [sp, #16]
| stp x0, x1, [sp, #-16]!
| mov x0, x9 ;; Object address still in x9.
| add x1, x9, #0xf (15) ;; Compute the slot address directly.
| movz x2, #0x0
| movz x3, #0x100000000
| ldr x16, pc+2056
| blr x16
```
Finally, `RecordWriteField()` does not need an extra scratch register anymore.
Change-Id: Icb71310e7b8ab1ca83ced250851456166b337d00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505793
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61153}
2019-05-02 10:45:27 +00:00
|
|
|
StdoutStream os;
|
|
|
|
code->Print(os);
|
|
|
|
}
|
|
|
|
|
|
|
|
buffer->MakeExecutable();
|
|
|
|
// We need an isolate here to execute in the simulator.
|
|
|
|
auto f = GeneratedCode<void, byte**, byte*>::FromBuffer(isolate(),
|
|
|
|
buffer->start());
|
|
|
|
|
|
|
|
byte* object = new byte[offset];
|
|
|
|
byte* result[] = {nullptr, nullptr};
|
|
|
|
|
|
|
|
f.Call(result, object);
|
|
|
|
|
|
|
|
// The first element must be the address of the object, and the second the
|
|
|
|
// slot addressed by `offset`.
|
|
|
|
EXPECT_EQ(result[0], &object[0]);
|
|
|
|
EXPECT_EQ(result[1], &object[offset]);
|
|
|
|
|
|
|
|
delete[] object;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
INSTANTIATE_TEST_SUITE_P(TurboAssemblerTest,
|
|
|
|
TurboAssemblerTestMoveObjectAndSlot,
|
|
|
|
::testing::ValuesIn(kMoveObjectAndSlotTestCases));
|
|
|
|
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
#undef __
|
2018-08-01 11:30:36 +00:00
|
|
|
#undef ERROR_MESSAGE
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
|
|
|
|
} // namespace internal
|
|
|
|
} // namespace v8
|