Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
// Copyright 2018 the V8 project authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
|
|
// found in the LICENSE file.
|
|
|
|
|
2019-05-28 13:17:52 +00:00
|
|
|
#include "src/codegen/arm64/macro-assembler-arm64-inl.h"
|
2019-05-21 09:30:15 +00:00
|
|
|
#include "src/codegen/macro-assembler.h"
|
2019-05-22 07:55:37 +00:00
|
|
|
#include "src/execution/simulator.h"
|
2019-05-23 13:27:57 +00:00
|
|
|
#include "src/utils/ostreams.h"
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
#include "test/common/assembler-tester.h"
|
|
|
|
#include "test/unittests/test-utils.h"
|
|
|
|
#include "testing/gtest-support.h"
|
|
|
|
|
|
|
|
namespace v8 {
|
|
|
|
namespace internal {
|
|
|
|
|
|
|
|
#define __ tasm.
|
|
|
|
|
2018-08-01 11:30:36 +00:00
|
|
|
// If we are running on android and the output is not redirected (i.e. ends up
|
|
|
|
// in the android log) then we cannot find the error message in the output. This
|
|
|
|
// macro just returns the empty string in that case.
|
|
|
|
#if defined(ANDROID) && !defined(V8_ANDROID_LOG_STDOUT)
|
|
|
|
#define ERROR_MESSAGE(msg) ""
|
|
|
|
#else
|
|
|
|
#define ERROR_MESSAGE(msg) msg
|
|
|
|
#endif
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
|
|
|
|
// Test the x64 assembler by compiling some simple functions into
|
|
|
|
// a buffer and executing them. These tests do not initialize the
|
|
|
|
// V8 library, create a context, or use any V8 objects.
|
|
|
|
|
|
|
|
class TurboAssemblerTest : public TestWithIsolate {};
|
|
|
|
|
|
|
|
TEST_F(TurboAssemblerTest, TestHardAbort) {
|
2019-01-17 10:23:16 +00:00
|
|
|
auto buffer = AllocateAssemblerBuffer();
|
|
|
|
TurboAssembler tasm(nullptr, AssemblerOptions{}, CodeObjectRequired::kNo,
|
|
|
|
buffer->CreateView());
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
__ set_abort_hard(true);
|
|
|
|
|
|
|
|
__ Abort(AbortReason::kNoReason);
|
|
|
|
|
|
|
|
CodeDesc desc;
|
|
|
|
tasm.GetCode(nullptr, &desc);
|
2019-01-17 10:23:16 +00:00
|
|
|
buffer->MakeExecutable();
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
// We need an isolate here to execute in the simulator.
|
2019-01-17 10:23:16 +00:00
|
|
|
auto f = GeneratedCode<void>::FromBuffer(isolate(), buffer->start());
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
|
2018-08-01 11:30:36 +00:00
|
|
|
ASSERT_DEATH_IF_SUPPORTED({ f.Call(); }, ERROR_MESSAGE("abort: no reason"));
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TurboAssemblerTest, TestCheck) {
|
2019-01-17 10:23:16 +00:00
|
|
|
auto buffer = AllocateAssemblerBuffer();
|
|
|
|
TurboAssembler tasm(nullptr, AssemblerOptions{}, CodeObjectRequired::kNo,
|
|
|
|
buffer->CreateView());
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
__ set_abort_hard(true);
|
|
|
|
|
|
|
|
// Fail if the first parameter is 17.
|
|
|
|
__ Mov(w1, Immediate(17));
|
|
|
|
__ Cmp(w0, w1); // 1st parameter is in {w0}.
|
|
|
|
__ Check(Condition::ne, AbortReason::kNoReason);
|
|
|
|
__ Ret();
|
|
|
|
|
|
|
|
CodeDesc desc;
|
|
|
|
tasm.GetCode(nullptr, &desc);
|
2019-01-17 10:23:16 +00:00
|
|
|
buffer->MakeExecutable();
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
// We need an isolate here to execute in the simulator.
|
2019-01-17 10:23:16 +00:00
|
|
|
auto f = GeneratedCode<void, int>::FromBuffer(isolate(), buffer->start());
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
|
|
|
|
f.Call(0);
|
|
|
|
f.Call(18);
|
2018-08-01 11:30:36 +00:00
|
|
|
ASSERT_DEATH_IF_SUPPORTED({ f.Call(17); }, ERROR_MESSAGE("abort: no reason"));
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
}
|
|
|
|
|
[arm][arm64] Do not allocate temp registers for the write barrier.
Improve code generation for stores with write barriers slightly by using the
assembler's dedicated scratch registers (x16 and x17 on Arm64, ip on Arm)
instead of allocating temporaries.
To do this, we've done two things:
- Use ip as a scratch register when loading page flags.
- TurboAssembler::CallRecordWriteStub() now takes the offset of the slot
that's written to rather than its address, removing the need to allocate a
temporary register for it.
In essence, we've gone from:
```
;; Do the store.
stur x19, [x9, #15]
;; Check *destination* object page flags and jump out-of-line.
and x4, x9, #0xfffffffffff80000
ldr x4, [x4, #8]
tbnz x4, #2, #+0x1e7c
| ;; Check *source* object page flags.
| `-> and x4, x19, #0xfffffffffff80000
| ldr x4, [xM, #8]
|,--- tbz x4, #1, #-0x1e80
| ;; Compute address of slot.
| add x5, x9, #0xf (15)
| ;; Setup arguments to RecordWrite
| stp x2, x3, [sp, #-32]!
| stp x4, lr, [sp, #16]
| stp x0, x1, [sp, #-16]!
| mov x0, x9 ;; Object address in x9
| mov x1, x5 ;; Slot address in x5
| movz x2, #0x0
| movz x3, #0x100000000
| ;; Call RecordWrite
| ldr x16, pc+2056
| blr x16
```
Which allocates x4 and x5 as temporaries.
To:
```
stur x19, [x9, #15]
and x16, x9, #0xfffffffffff80000 ;; Using x16 instead of allocating x4.
ldr x16, [x16, #8]
tbnz x16, #2, #+0x1e7c
| `-> and x16, x19, #0xfffffffffff80000
| ldr x16, [xM, #8]
|,--- tbz x16, #1, #-0x1e80
| stp x2, x3, [sp, #-32]!
| stp x4, lr, [sp, #16]
| stp x0, x1, [sp, #-16]!
| mov x0, x9 ;; Object address still in x9.
| add x1, x9, #0xf (15) ;; Compute the slot address directly.
| movz x2, #0x0
| movz x3, #0x100000000
| ldr x16, pc+2056
| blr x16
```
Finally, `RecordWriteField()` does not need an extra scratch register anymore.
Change-Id: Icb71310e7b8ab1ca83ced250851456166b337d00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1505793
Commit-Queue: Pierre Langlois <pierre.langlois@arm.com>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#61153}
2019-05-02 10:45:27 +00:00
|
|
|
struct MoveObjectAndSlotTestCase {
|
|
|
|
const char* comment;
|
|
|
|
Register dst_object;
|
|
|
|
Register dst_slot;
|
|
|
|
Register object;
|
|
|
|
Register offset_register = no_reg;
|
|
|
|
};
|
|
|
|
|
|
|
|
const MoveObjectAndSlotTestCase kMoveObjectAndSlotTestCases[] = {
|
|
|
|
{"no overlap", x0, x1, x2},
|
|
|
|
{"no overlap", x0, x1, x2, x3},
|
|
|
|
|
|
|
|
{"object == dst_object", x2, x1, x2},
|
|
|
|
{"object == dst_object", x2, x1, x2, x3},
|
|
|
|
|
|
|
|
{"object == dst_slot", x1, x2, x2},
|
|
|
|
{"object == dst_slot", x1, x2, x2, x3},
|
|
|
|
|
|
|
|
{"offset == dst_object", x0, x1, x2, x0},
|
|
|
|
|
|
|
|
{"offset == dst_object && object == dst_slot", x0, x1, x1, x0},
|
|
|
|
|
|
|
|
{"offset == dst_slot", x0, x1, x2, x1},
|
|
|
|
|
|
|
|
{"offset == dst_slot && object == dst_object", x0, x1, x0, x1}};
|
|
|
|
|
|
|
|
// Make sure we include offsets that cannot be encoded in an add instruction.
|
|
|
|
const int kOffsets[] = {0, 42, kMaxRegularHeapObjectSize, 0x101001};
|
|
|
|
|
|
|
|
template <typename T>
|
|
|
|
class TurboAssemblerTestWithParam : public TurboAssemblerTest,
|
|
|
|
public ::testing::WithParamInterface<T> {};
|
|
|
|
|
|
|
|
using TurboAssemblerTestMoveObjectAndSlot =
|
|
|
|
TurboAssemblerTestWithParam<MoveObjectAndSlotTestCase>;
|
|
|
|
|
|
|
|
TEST_P(TurboAssemblerTestMoveObjectAndSlot, MoveObjectAndSlot) {
|
|
|
|
const MoveObjectAndSlotTestCase test_case = GetParam();
|
|
|
|
TRACED_FOREACH(int32_t, offset, kOffsets) {
|
|
|
|
auto buffer = AllocateAssemblerBuffer();
|
|
|
|
TurboAssembler tasm(nullptr, AssemblerOptions{}, CodeObjectRequired::kNo,
|
|
|
|
buffer->CreateView());
|
|
|
|
|
|
|
|
__ Push(x0, padreg);
|
|
|
|
__ Mov(test_case.object, x1);
|
|
|
|
|
|
|
|
Register src_object = test_case.object;
|
|
|
|
Register dst_object = test_case.dst_object;
|
|
|
|
Register dst_slot = test_case.dst_slot;
|
|
|
|
|
|
|
|
Operand offset_operand(0);
|
|
|
|
if (test_case.offset_register.Is(no_reg)) {
|
|
|
|
offset_operand = Operand(offset);
|
|
|
|
} else {
|
|
|
|
__ Mov(test_case.offset_register, Operand(offset));
|
|
|
|
offset_operand = Operand(test_case.offset_register);
|
|
|
|
}
|
|
|
|
|
|
|
|
std::stringstream comment;
|
|
|
|
comment << "-- " << test_case.comment << ": MoveObjectAndSlot("
|
|
|
|
<< dst_object << ", " << dst_slot << ", " << src_object << ", ";
|
|
|
|
if (test_case.offset_register.Is(no_reg)) {
|
|
|
|
comment << "#" << offset;
|
|
|
|
} else {
|
|
|
|
comment << test_case.offset_register;
|
|
|
|
}
|
|
|
|
comment << ") --";
|
|
|
|
__ RecordComment(comment.str().c_str());
|
|
|
|
__ MoveObjectAndSlot(dst_object, dst_slot, src_object, offset_operand);
|
|
|
|
__ RecordComment("--");
|
|
|
|
|
|
|
|
// The `result` pointer was saved on the stack.
|
|
|
|
UseScratchRegisterScope temps(&tasm);
|
|
|
|
Register scratch = temps.AcquireX();
|
|
|
|
__ Pop(padreg, scratch);
|
|
|
|
__ Str(dst_object, MemOperand(scratch));
|
|
|
|
__ Str(dst_slot, MemOperand(scratch, kSystemPointerSize));
|
|
|
|
|
|
|
|
__ Ret();
|
|
|
|
|
|
|
|
CodeDesc desc;
|
|
|
|
tasm.GetCode(nullptr, &desc);
|
|
|
|
if (FLAG_print_code) {
|
|
|
|
Handle<Code> code =
|
|
|
|
Factory::CodeBuilder(isolate(), desc, Code::STUB).Build();
|
|
|
|
StdoutStream os;
|
|
|
|
code->Print(os);
|
|
|
|
}
|
|
|
|
|
|
|
|
buffer->MakeExecutable();
|
|
|
|
// We need an isolate here to execute in the simulator.
|
|
|
|
auto f = GeneratedCode<void, byte**, byte*>::FromBuffer(isolate(),
|
|
|
|
buffer->start());
|
|
|
|
|
|
|
|
byte* object = new byte[offset];
|
|
|
|
byte* result[] = {nullptr, nullptr};
|
|
|
|
|
|
|
|
f.Call(result, object);
|
|
|
|
|
|
|
|
// The first element must be the address of the object, and the second the
|
|
|
|
// slot addressed by `offset`.
|
|
|
|
EXPECT_EQ(result[0], &object[0]);
|
|
|
|
EXPECT_EQ(result[1], &object[offset]);
|
|
|
|
|
|
|
|
delete[] object;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
INSTANTIATE_TEST_SUITE_P(TurboAssemblerTest,
|
|
|
|
TurboAssemblerTestMoveObjectAndSlot,
|
|
|
|
::testing::ValuesIn(kMoveObjectAndSlotTestCases));
|
|
|
|
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
#undef __
|
2018-08-01 11:30:36 +00:00
|
|
|
#undef ERROR_MESSAGE
|
Reland "[turboassembler] Introduce hard-abort mode"
This is a reland of a462a7854a081f4f34bb4c112ee33f3d69efa309
Original change's description:
> [turboassembler] Introduce hard-abort mode
>
> For checks and assertions (mostly for debug code, like stack alignment
> or zero extension), we had two modes: Emit a call to the {Abort}
> runtime function (the default), and emit a debug break (used for
> testing, enabled via --trap-on-abort).
> In wasm, where we cannot just call a runtime function because code must
> be isolate independent, we always used the trap-on-abort behaviour.
> This causes problems for our fuzzers, which do not catch SIGTRAP, and
> hence do not detect debug code failures.
>
> This CL introduces a third mode ("hard abort"), which calls a C
> function via {ExternalReference}. The C function still outputs the
> abort reason, but does not print the stack trace. It then aborts via
> "OS::Abort", just like the runtime function.
> This will allow fuzzers to detect the crash and even find a nice error
> message.
>
> Even though this looks like a lot of code churn, it is actually not.
> Most added lines are new tests, and other changes are minimal.
>
> R=mstarzinger@chromium.org
>
> Bug: chromium:863799
> Change-Id: I77c58ff72db552d49014614436259ccfb49ba87b
> Reviewed-on: https://chromium-review.googlesource.com/1142163
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#54592}
Bug: chromium:863799
Change-Id: I7729a47b4823a982a8e201df36520aa2b6ef5326
Reviewed-on: https://chromium-review.googlesource.com/1146100
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54656}
2018-07-24 14:12:47 +00:00
|
|
|
|
|
|
|
} // namespace internal
|
|
|
|
} // namespace v8
|