[regexp] Fix crash due to unsetting NoRootArrayScope after free

This fixes a crash related to access after free on platforms that
store the MacroAssembler as a pointer. The intended behavior is
restored by explicitly setting the flag in the macro assembler
instead of using NoRootArrayScope.

Landing as TBR as it's blocking fuzzers and fix seems simple enough.

TBR=jgruber@chromium.org
R=jyan@ca.ibm.com
R=miladfar@ca.ibm.com

Bug: chromium:1057018
Change-Id: Ib6de82b47bb1abb74da58b3d476b359669372bb5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2080242
Commit-Queue: Emanuel Ziegler <ecmziegler@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66500}

src/regexp/arm/regexp-macro-assembler-arm.cc

@@ -102,7 +102,6 @@ RegExpMacroAssemblerARM::RegExpMacroAssemblerARM(Isolate* isolate, Zone* zone,
     : NativeRegExpMacroAssembler(isolate, zone),
       masm_(new MacroAssembler(isolate, CodeObjectRequired::kYes,
                                NewAssemblerBuffer(kRegExpCodeSize))),
-      no_root_array_scope_(masm_),
       mode_(mode),
       num_registers_(registers_to_save),
       num_saved_registers_(registers_to_save),
@@ -111,6 +110,8 @@ RegExpMacroAssemblerARM::RegExpMacroAssemblerARM(Isolate* isolate, Zone* zone,
       success_label_(),
       backtrack_label_(),
       exit_label_() {
+  masm_->set_root_array_available(false);
+
   DCHECK_EQ(0, registers_to_save % 2);
   __ jmp(&entry_label_);   // We'll write the entry code later.
   __ bind(&start_label_);  // And then continue from here.

src/regexp/arm/regexp-macro-assembler-arm.h

@@ -189,7 +189,6 @@ class V8_EXPORT_PRIVATE RegExpMacroAssemblerARM
   Isolate* isolate() const { return masm_->isolate(); }
 
   MacroAssembler* masm_;
-  NoRootArrayScope no_root_array_scope_;
 
   // Which mode to generate code for (Latin1 or UC16).
   Mode mode_;

src/regexp/arm64/regexp-macro-assembler-arm64.cc

@@ -112,7 +112,6 @@ RegExpMacroAssemblerARM64::RegExpMacroAssemblerARM64(Isolate* isolate,
     : NativeRegExpMacroAssembler(isolate, zone),
       masm_(new MacroAssembler(isolate, CodeObjectRequired::kYes,
                                NewAssemblerBuffer(kRegExpCodeSize))),
-      no_root_array_scope_(masm_),
       mode_(mode),
       num_registers_(registers_to_save),
       num_saved_registers_(registers_to_save),
@@ -121,6 +120,8 @@ RegExpMacroAssemblerARM64::RegExpMacroAssemblerARM64(Isolate* isolate,
       success_label_(),
       backtrack_label_(),
       exit_label_() {
+  masm_->set_root_array_available(false);
+
   DCHECK_EQ(0, registers_to_save % 2);
   // We can cache at most 16 W registers in x0-x7.
   STATIC_ASSERT(kNumCachedRegisters <= 16);

src/regexp/arm64/regexp-macro-assembler-arm64.h

@@ -264,7 +264,6 @@ class V8_EXPORT_PRIVATE RegExpMacroAssemblerARM64
   Isolate* isolate() const { return masm_->isolate(); }
 
   MacroAssembler* masm_;
-  NoRootArrayScope no_root_array_scope_;
 
   // Which mode to generate code for (LATIN1 or UC16).
   Mode mode_;

src/regexp/ia32/regexp-macro-assembler-ia32.cc

@@ -90,7 +90,6 @@ RegExpMacroAssemblerIA32::RegExpMacroAssemblerIA32(Isolate* isolate, Zone* zone,
     : NativeRegExpMacroAssembler(isolate, zone),
       masm_(new MacroAssembler(isolate, CodeObjectRequired::kYes,
                                NewAssemblerBuffer(kRegExpCodeSize))),
-      no_root_array_scope_(masm_),
       mode_(mode),
       num_registers_(registers_to_save),
       num_saved_registers_(registers_to_save),

src/regexp/ia32/regexp-macro-assembler-ia32.h

@@ -178,7 +178,6 @@ class V8_EXPORT_PRIVATE RegExpMacroAssemblerIA32
   Isolate* isolate() const { return masm_->isolate(); }
 
   MacroAssembler* masm_;
-  NoRootArrayScope no_root_array_scope_;
 
   // Which mode to generate code for (LATIN1 or UC16).
   Mode mode_;

src/regexp/ppc/regexp-macro-assembler-ppc.cc

@@ -102,7 +102,6 @@ RegExpMacroAssemblerPPC::RegExpMacroAssemblerPPC(Isolate* isolate, Zone* zone,
     : NativeRegExpMacroAssembler(isolate, zone),
       masm_(new MacroAssembler(isolate, CodeObjectRequired::kYes,
                                NewAssemblerBuffer(kRegExpCodeSize))),
-      no_root_array_scope_(masm_),
       mode_(mode),
       num_registers_(registers_to_save),
       num_saved_registers_(registers_to_save),
@@ -112,6 +111,8 @@ RegExpMacroAssemblerPPC::RegExpMacroAssemblerPPC(Isolate* isolate, Zone* zone,
       backtrack_label_(),
       exit_label_(),
       internal_failure_label_() {
+  masm_->set_root_array_available(false);
+
   DCHECK_EQ(0, registers_to_save % 2);
 
 

src/regexp/ppc/regexp-macro-assembler-ppc.h

@@ -181,7 +181,6 @@ class V8_EXPORT_PRIVATE RegExpMacroAssemblerPPC
   Isolate* isolate() const { return masm_->isolate(); }
 
   MacroAssembler* masm_;
-  NoRootArrayScope no_root_array_scope_;
 
   // Which mode to generate code for (Latin1 or UC16).
   Mode mode_;

src/regexp/s390/regexp-macro-assembler-s390.cc

@@ -104,7 +104,6 @@ RegExpMacroAssemblerS390::RegExpMacroAssemblerS390(Isolate* isolate, Zone* zone,
     : NativeRegExpMacroAssembler(isolate, zone),
       masm_(new MacroAssembler(isolate, CodeObjectRequired::kYes,
                                NewAssemblerBuffer(kRegExpCodeSize))),
-      no_root_array_scope_(masm_),
       mode_(mode),
       num_registers_(registers_to_save),
       num_saved_registers_(registers_to_save),
@@ -114,6 +113,8 @@ RegExpMacroAssemblerS390::RegExpMacroAssemblerS390(Isolate* isolate, Zone* zone,
       backtrack_label_(),
       exit_label_(),
       internal_failure_label_() {
+  masm_->set_root_array_available(false);
+
   DCHECK_EQ(0, registers_to_save % 2);
 
   __ b(&entry_label_);  // We'll write the entry code later.

src/regexp/s390/regexp-macro-assembler-s390.h

@@ -183,7 +183,6 @@ class V8_EXPORT_PRIVATE RegExpMacroAssemblerS390
   Isolate* isolate() const { return masm_->isolate(); }
 
   MacroAssembler* masm_;
-  NoRootArrayScope no_root_array_scope_;
 
   // Which mode to generate code for (Latin1 or UC16).
   Mode mode_;