v8/test/cctest/test-poison-disasm-arm64.cc
Santiago Aboy Solanes 1b7f99a0cb [ptr-compr][turbofan] Specialize accesses known to be pointers.
There are some accesses that we know that are pointers, and we can
specialize them to have Pointer as their Machine Type and Write Barrier.

Drive-by fix: ForJSGeneratorObjectParametersAndRegisters can be changed
to use Pointer.

Bug: v8:7703
Change-Id: I88e371746fc5f08c84795c95b1885264ef6c067c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1741658
Commit-Queue: Santiago Aboy Solanes <solanes@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#63223}
2019-08-16 14:32:53 +00:00

158 lines
7.2 KiB
C++

// Copyright 2019 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// The C++ style guide recommends using <re2> instead of <regex>. However, the
// former isn't available in V8.
#include <regex> // NOLINT(build/c++11)
#include <vector>
#include "src/codegen/arm64/register-arm64.h"
#include "test/cctest/cctest.h"
#include "test/cctest/disasm-regex-helper.h"
namespace v8 {
namespace internal {
namespace {
// Poison register.
const int kPRegCode = kSpeculationPoisonRegister.code();
const std::string kPReg = // NOLINT(runtime/string)
"x" + std::to_string(kPRegCode);
} // namespace
TEST(DisasmPoisonMonomorphicLoad) {
#ifdef ENABLE_DISASSEMBLER
if (i::FLAG_always_opt || !i::FLAG_opt) return;
i::FLAG_allow_natives_syntax = true;
i::FLAG_untrusted_code_mitigations = true;
CcTest::InitializeVM();
v8::HandleScope scope(CcTest::isolate());
CompileRun(
"function mono(o) { return o.x; };"
"%PrepareFunctionForOptimization(mono);"
"mono({ x : 1 });"
"mono({ x : 1 });"
"%OptimizeFunctionOnNextCall(mono);"
"mono({ x : 1 });");
// Matches that the property access sequence is instrumented with
// poisoning.
#if defined(V8_COMPRESS_POINTERS)
std::vector<std::string> patterns_array = {
"ldur <<Map:w[0-9]+>>, \\[<<Obj:x[0-9]+>>, #-1\\]", // load map
"ldr <<ExpMap:w[0-9]+>>, pc", // load expected map
"cmp <<Map>>, <<ExpMap>>", // compare maps
"b.ne", // deopt if different
"csel " + kPReg + ", xzr, " + kPReg + ", ne", // update the poison
"csdb", // spec. barrier
"ldursw x<<Field:[0-9]+>>, \\[<<Obj>>, #[0-9]+\\]", // load the field
"and x<<Field>>, x<<Field>>, " + kPReg, // apply the poison
};
#else
std::vector<std::string> patterns_array = {
"ldur <<Map:x[0-9]+>>, \\[<<Obj:x[0-9]+>>, #-1\\]", // load map
"ldr <<ExpMap:x[0-9]+>>, pc", // load expected map
"cmp <<Map>>, <<ExpMap>>", // compare maps
"b.ne", // deopt if different
"csel " + kPReg + ", xzr, " + kPReg + ", ne", // update the poison
"csdb", // spec. barrier
"ldur <<Field:x[0-9]+>>, \\[<<Obj>>, #[0-9]+\\]", // load the field
"and <<Field>>, <<Field>>, " + kPReg, // apply the poison
};
#endif
CHECK(CheckDisassemblyRegexPatterns("mono", patterns_array));
#endif // ENABLE_DISASSEMBLER
}
TEST(DisasmPoisonPolymorphicLoad) {
#ifdef ENABLE_DISASSEMBLER
if (i::FLAG_always_opt || !i::FLAG_opt) return;
i::FLAG_allow_natives_syntax = true;
i::FLAG_untrusted_code_mitigations = true;
CcTest::InitializeVM();
v8::HandleScope scope(CcTest::isolate());
CompileRun(
"function poly(o) { return o.x + 1; };"
"let o1 = { x : 1 };"
"let o2 = { y : 1 };"
"o2.x = 2;"
"%PrepareFunctionForOptimization(poly);"
"poly(o2);"
"poly(o1);"
"poly(o2);"
"%OptimizeFunctionOnNextCall(poly);"
"poly(o1);");
// Matches that the property access sequence is instrumented with
// poisoning.
#if defined(V8_COMPRESS_POINTERS)
std::vector<std::string> patterns_array = {
"ldur <<Map0:w[0-9]+>>, \\[<<Obj:x[0-9]+>>, #-1\\]", // load map
"ldr <<ExpMap:w[0-9]+>>, pc", // load map const #1
"cmp <<Map0>>, <<ExpMap>>", // compare maps
"b.eq", // ? go to the load
"csel " + kPReg + ", xzr, " + kPReg + ", eq", // update the poison
"csdb", // spec. barrier
"ldur <<Map1:w[0-9]+>>, \\[<<Obj>>, #-1\\]", // load map
"ldr <<ExpMap1:w[0-9]+>>, pc", // load map const #2
"cmp <<Map1>>, <<ExpMap1>>", // compare maps
"b.ne", // deopt if different
"csel " + kPReg + ", xzr, " + kPReg + ", ne", // update the poison
"csdb", // spec. barrier
"ldur w<<Field:[0-9]+>>, \\[<<Obj>>, #[0-9]+\\]", // load the field
"and x<<Field>>, x<<Field>>, " + kPReg, // apply the poison
"asr w[0-9]+, w<<Field>>, #1", // untag
"b", // goto merge point
// Lcase1:
"csel " + kPReg + ", xzr, " + kPReg + ", ne", // update the poison
"csdb", // spec. barrier
"ldursw x<<BSt:[0-9]+>>, \\[<<Obj>>, #[0-9]+\\]", // load backing store
// branchful decompress
"add x<<BSt>>, x26, x<<BSt>>", // Add root to ref
"and x<<BSt>>, x<<BSt>>, " + kPReg, // apply the poison
"ldur w<<Prop:[0-9]+>>, \\[x<<BSt>>, #[0-9]+\\]", // load the property
"and x<<Prop>>, x<<Prop>>, " + kPReg, // apply the poison
// Ldone:
};
#else
std::vector<std::string> patterns_array = {
"ldur <<Map0:x[0-9]+>>, \\[<<Obj:x[0-9]+>>, #-1\\]", // load map
"ldr <<ExpMap0:x[0-9]+>>, pc", // load map const #1
"cmp <<Map0>>, <<ExpMap0>>", // compare maps
"b.eq", // ? go to the load
"csel " + kPReg + ", xzr, " + kPReg + ", eq", // update the poison
"csdb", // spec. barrier
"ldur <<Map1:x[0-9]+>>, \\[<<Obj>>, #-1\\]", // load map
"ldr <<ExpMap1:x[0-9]+>>, pc", // load map const #2
"cmp <<Map1>>, <<ExpMap1>>", // compare maps
"b.ne", // deopt if different
"csel " + kPReg + ", xzr, " + kPReg + ", ne", // update the poison
"csdb", // spec. barrier
"ldur <<Field:x[0-9]+>>, \\[<<Obj>>, #[0-9]+\\]", // load the field
"and <<Field>>, <<Field>>, " + kPReg, // apply the poison
"asr x[0-9]+, <<Field>>, #32", // untag
"b", // goto merge point
// Lcase1:
"csel " + kPReg + ", xzr, " + kPReg + ", ne", // update the poison
"csdb", // spec. barrier
"ldur <<BSt:x[0-9]+>>, \\[<<Obj>>, #[0-9]+\\]", // load backing store
"and <<BSt>>, <<BSt>>, " + kPReg, // apply the poison
"ldur <<Prop:x[0-9]+>>, \\[<<BSt>>, #[0-9]+\\]", // load the property
"and <<Prop>>, <<Prop>>, " + kPReg, // apply the poison
// Ldone:
};
#endif
CHECK(CheckDisassemblyRegexPatterns("poly", patterns_array));
#endif // ENABLE_DISASSEMBLER
}
} // namespace internal
} // namespace v8