Reland "[turbofan] enable switch jump tables with --no-untrusted-code-mitigations, also for stubs and Wasm"

But for builtins, jump tables are disabled to be compatible with embedded builtins. This is a reland of 884bec9f70 Original change's description: > [turbofan] enable switch jump tables with --no-untrusted-code-mitigations, > also for stubs and Wasm > > Bug: chromium:845851 > Change-Id: I9b860dc26f8b35d629235b82fc5fffe04bf10493 > Reviewed-on: https://chromium-review.googlesource.com/1076151 > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Cr-Commit-Position: refs/heads/master@{#53525} Bug: chromium:845851 Change-Id: I66c300f875a46a3f2a68730fda94b8196f38aa97 Reviewed-on: https://chromium-review.googlesource.com/1087468 Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#53612}
2018-06-08 13:28:39 +02:00 · 2018-06-08 13:28:39 +02:00 · 656dce0c0e
commit 656dce0c0e
parent 6b5cd36f37
4 changed files with 10 additions and 6 deletions
--- a/src/flag-definitions.h
+++ b/src/flag-definitions.h
@ -499,10 +499,6 @@ DEFINE_BOOL(untrusted_code_mitigations, V8_DEFAULT_UNTRUSTED_CODE_MITIGATIONS,
            "Enable mitigations for executing untrusted code")
 #undef V8_DEFAULT_UNTRUSTED_CODE_MITIGATIONS

-DEFINE_BOOL(turbo_disable_switch_jump_table, false,
-            "do not emit jump-tables in Turbofan")
-DEFINE_IMPLICATION(untrusted_code_mitigations, turbo_disable_switch_jump_table)
-
 DEFINE_BOOL(branch_load_poisoning, false, "Mask loads with branch conditions.")
 DEFINE_IMPLICATION(future, branch_load_poisoning)

--- a/src/optimized-compilation-info.cc
+++ b/src/optimized-compilation-info.cc
@ -28,7 +28,7 @@ OptimizedCompilationInfo::OptimizedCompilationInfo(
  SetFlag(kCalledWithCodeStartRegister);
  if (FLAG_function_context_specialization) MarkAsFunctionContextSpecializing();
  if (FLAG_turbo_splitting) MarkAsSplittingEnabled();
-  if (!FLAG_turbo_disable_switch_jump_table) SetFlag(kSwitchJumpTableEnabled);
+  if (!FLAG_untrusted_code_mitigations) SetFlag(kSwitchJumpTableEnabled);
  if (FLAG_untrusted_code_mitigations) MarkAsPoisoningRegisterArguments();

  // TODO(yangguo): Disable this in case of debugging for crbug.com/826613
@ -62,6 +62,13 @@ OptimizedCompilationInfo::OptimizedCompilationInfo(
 #endif
  SetTracingFlags(
      PassesFilter(debug_name, CStrVector(FLAG_trace_turbo_filter)));
+  if (!FLAG_untrusted_code_mitigations) {
+    // Embedded builtins don't support embedded absolute code addresses, so we
+    // cannot use jump tables.
+    if (code_kind != Code::BUILTIN) {
+      SetFlag(kSwitchJumpTableEnabled);
+    }
+  }
 }

 OptimizedCompilationInfo::OptimizedCompilationInfo(
--- a/src/optimized-compilation-info.h
+++ b/src/optimized-compilation-info.h
@ -63,7 +63,7 @@ class V8_EXPORT_PRIVATE OptimizedCompilationInfo final {
  OptimizedCompilationInfo(Zone* zone, Isolate* isolate,
                           Handle<SharedFunctionInfo> shared,
                           Handle<JSFunction> closure);
-  // Construct a compilation info for stub compilation (or testing).
+  // Construct a compilation info for stub compilation, Wasm, and testing.
  OptimizedCompilationInfo(Vector<const char> debug_name, Zone* zone,
                           Code::Kind code_kind);

--- a/src/wasm/wasm-code-manager.cc
+++ b/src/wasm/wasm-code-manager.cc
@ -225,6 +225,7 @@ void WasmCode::Validate() const {
      case RelocInfo::WASM_STUB_CALL:
      case RelocInfo::JS_TO_WASM_CALL:
      case RelocInfo::EXTERNAL_REFERENCE:
+      case RelocInfo::INTERNAL_REFERENCE:
      case RelocInfo::INTERNAL_REFERENCE_ENCODED:
      case RelocInfo::OFF_HEAP_TARGET:
      case RelocInfo::COMMENT: