[wasm] Limit code targets in {WasmCode} object.
This limits the call targets of {WasmCode} to only reference a limited set of builtins via the {RelocInfo::CODE_TARGET} relocation mode. By now most calls have been made independent of the Isolate. R=clemensh@chromium.org BUG=v8:7424 Change-Id: If4c643a7104e2ff0536ceb0f0de7fd30a923d854 Reviewed-on: https://chromium-review.googlesource.com/1092576 Reviewed-by: Clemens Hammacher <clemensh@chromium.org> Commit-Queue: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#53665}
This commit is contained in:
parent
bbbfd81cfc
commit
68864d3990
@ -218,8 +218,21 @@ void WasmCode::Validate() const {
|
||||
!it.done(); it.next()) {
|
||||
RelocInfo::Mode mode = it.rinfo()->rmode();
|
||||
switch (mode) {
|
||||
case RelocInfo::CODE_TARGET:
|
||||
// TODO(mstarzinger): Validate that we go through a trampoline.
|
||||
case RelocInfo::CODE_TARGET: {
|
||||
Address target = it.rinfo()->target_address();
|
||||
Code* code = native_module_->ReverseTrampolineLookup(target);
|
||||
// TODO(7424): This is by now limited to only contain references to a
|
||||
// limited set of builtins. This code will eventually be completely free
|
||||
// of {RelocInfo::CODE_TARGET} relocation entries altogether.
|
||||
int builtin_index = code->builtin_index();
|
||||
CHECK(builtin_index == Builtins::kAbort ||
|
||||
builtin_index == Builtins::kAllocateHeapNumber ||
|
||||
builtin_index == Builtins::kArgumentsAdaptorTrampoline ||
|
||||
builtin_index == Builtins::kCall_ReceiverIsAny ||
|
||||
builtin_index == Builtins::kDoubleToI ||
|
||||
builtin_index == Builtins::kToNumber);
|
||||
break;
|
||||
}
|
||||
case RelocInfo::WASM_CODE_TABLE_ENTRY:
|
||||
case RelocInfo::WASM_CALL:
|
||||
case RelocInfo::WASM_STUB_CALL:
|
||||
@ -407,7 +420,6 @@ WasmCode* NativeModule::AddOwnedCode(
|
||||
Assembler::FlushICache(ret->instructions().start(),
|
||||
ret->instructions().size());
|
||||
}
|
||||
ret->Validate();
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -521,6 +533,7 @@ WasmCode* NativeModule::AddAnonymousCode(Handle<Code> code,
|
||||
// TODO(mstarzinger): don't need the isolate here.
|
||||
ret->Print(code->GetIsolate());
|
||||
}
|
||||
ret->Validate();
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -589,6 +602,7 @@ WasmCode* NativeModule::AddCode(
|
||||
// TODO(mstarzinger): don't need the isolate here.
|
||||
ret->Print(source_pos_table->GetIsolate());
|
||||
}
|
||||
ret->Validate();
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -643,6 +657,17 @@ Address NativeModule::GetLocalAddressFor(Handle<Code> code) {
|
||||
}
|
||||
}
|
||||
|
||||
Code* NativeModule::ReverseTrampolineLookup(Address target) {
|
||||
// Uses sub-optimal linear search, but is only used for debugging.
|
||||
for (auto pair : trampolines_) {
|
||||
if (pair.second == target) {
|
||||
return Code::GetCodeFromTargetAddress(pair.first);
|
||||
}
|
||||
}
|
||||
UNREACHABLE();
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
Address NativeModule::AllocateForCode(size_t size) {
|
||||
// This happens under a lock assumed by the caller.
|
||||
size = RoundUp(size, kCodeAlignment);
|
||||
|
@ -307,6 +307,9 @@ class V8_EXPORT_PRIVATE NativeModule final {
|
||||
|
||||
bool SetExecutable(bool executable);
|
||||
|
||||
// TODO(7424): Only used for debugging in {WasmCode::Validate}. Remove.
|
||||
Code* ReverseTrampolineLookup(Address target);
|
||||
|
||||
// For cctests, where we build both WasmModule and the runtime objects
|
||||
// on the fly, and bypass the instance builder pipeline.
|
||||
void ReserveCodeTableForTesting(uint32_t max_functions);
|
||||
|
Loading…
Reference in New Issue
Block a user