PPC: protect against malformed branch and memory access instructions.

R=dstence@us.ibm.com, michael_dawson@ca.ibm.com

Review URL: https://codereview.chromium.org/1239583002

Cr-Commit-Position: refs/heads/master@{#29627}

src/ppc/assembler-ppc-inl.h

@@ -597,12 +597,12 @@ void Assembler::PatchConstantPoolAccessInstruction(
     ConstantPoolEntry::Type type) {
   Address pc = buffer_ + pc_offset;
   bool overflowed = (access == ConstantPoolEntry::OVERFLOWED);
+  CHECK(overflowed != is_int16(offset));
 #ifdef DEBUG
   ConstantPoolEntry::Access access_check =
       static_cast<ConstantPoolEntry::Access>(-1);
   DCHECK(IsConstantPoolLoadStart(pc, &access_check));
   DCHECK(access_check == access);
-  DCHECK(overflowed != is_int16(offset));
 #endif
   if (overflowed) {
     int hi_word = static_cast<int>(offset >> 16);

src/ppc/assembler-ppc.cc

@@ -434,7 +434,7 @@ void Assembler::target_at_put(int pos, int target_pos) {
   switch (opcode) {
     case BX: {
       int imm26 = target_pos - pos;
-      DCHECK(is_int26(imm26) && (imm26 & (kAAMask | kLKMask)) == 0);
+      CHECK(is_int26(imm26) && (imm26 & (kAAMask | kLKMask)) == 0);
       if (imm26 == kInstrSize && !(instr & kLKMask)) {
         // Branch to next instr without link.
         instr = ORI;  // nop: ori, 0,0,0
@@ -447,7 +447,7 @@ void Assembler::target_at_put(int pos, int target_pos) {
     }
     case BCX: {
       int imm16 = target_pos - pos;
-      DCHECK(is_int16(imm16) && (imm16 & (kAAMask | kLKMask)) == 0);
+      CHECK(is_int16(imm16) && (imm16 & (kAAMask | kLKMask)) == 0);
       if (imm16 == kInstrSize && !(instr & kLKMask)) {
         // Branch to next instr without link.
         instr = ORI;  // nop: ori, 0,0,0
@@ -598,14 +598,14 @@ void Assembler::d_form(Instr instr, Register rt, Register ra,
     if (!is_int16(val)) {
       PrintF("val = %" V8PRIdPTR ", 0x%" V8PRIxPTR "\n", val, val);
     }
-    DCHECK(is_int16(val));
+    CHECK(is_int16(val));
   } else {
     if (!is_uint16(val)) {
       PrintF("val = %" V8PRIdPTR ", 0x%" V8PRIxPTR
              ", is_unsigned_imm16(val)=%d, kImm16Mask=0x%x\n",
              val, val, is_uint16(val), kImm16Mask);
     }
-    DCHECK(is_uint16(val));
+    CHECK(is_uint16(val));
   }
   emit(instr | rt.code() * B21 | ra.code() * B16 | (kImm16Mask & val));
 }
@@ -715,8 +715,9 @@ void Assembler::bc(int branch_offset, BOfield bo, int condition_bit, LKBit lk) {
   if (lk == SetLK) {
     positions_recorder()->WriteRecordedPositions();
   }
-  DCHECK(is_int16(branch_offset));
-  emit(BCX | bo | condition_bit * B16 | (kImm16Mask & branch_offset) | lk);
+  int imm16 = branch_offset;
+  CHECK(is_int16(imm16) && (imm16 & (kAAMask | kLKMask)) == 0);
+  emit(BCX | bo | condition_bit * B16 | (imm16 & kImm16Mask) | lk);
 }
 
 
@@ -724,10 +725,8 @@ void Assembler::b(int branch_offset, LKBit lk) {
   if (lk == SetLK) {
     positions_recorder()->WriteRecordedPositions();
   }
-  DCHECK((branch_offset & 3) == 0);
   int imm26 = branch_offset;
-  DCHECK(is_int26(imm26));
-  // todo add AA and LK bits
+  CHECK(is_int26(imm26) && (imm26 & (kAAMask | kLKMask)) == 0);
   emit(BX | (imm26 & kImm26Mask) | lk);
 }
 
@@ -1192,7 +1191,7 @@ void Assembler::lwa(Register dst, const MemOperand& src) {
 #if V8_TARGET_ARCH_PPC64
   int offset = src.offset();
   DCHECK(!src.ra_.is(r0));
-  DCHECK(!(offset & 3) && is_int16(offset));
+  CHECK(!(offset & 3) && is_int16(offset));
   offset = kImm16Mask & offset;
   emit(LD | dst.code() * B21 | src.ra().code() * B16 | offset | 2);
 #else
@@ -1326,7 +1325,7 @@ void Assembler::andc(Register dst, Register src1, Register src2, RCBit rc) {
 void Assembler::ld(Register rd, const MemOperand& src) {
   int offset = src.offset();
   DCHECK(!src.ra_.is(r0));
-  DCHECK(!(offset & 3) && is_int16(offset));
+  CHECK(!(offset & 3) && is_int16(offset));
   offset = kImm16Mask & offset;
   emit(LD | rd.code() * B21 | src.ra().code() * B16 | offset);
 }
@@ -1343,7 +1342,7 @@ void Assembler::ldx(Register rd, const MemOperand& src) {
 void Assembler::ldu(Register rd, const MemOperand& src) {
   int offset = src.offset();
   DCHECK(!src.ra_.is(r0));
-  DCHECK(!(offset & 3) && is_int16(offset));
+  CHECK(!(offset & 3) && is_int16(offset));
   offset = kImm16Mask & offset;
   emit(LD | rd.code() * B21 | src.ra().code() * B16 | offset | 1);
 }
@@ -1360,7 +1359,7 @@ void Assembler::ldux(Register rd, const MemOperand& src) {
 void Assembler::std(Register rs, const MemOperand& src) {
   int offset = src.offset();
   DCHECK(!src.ra_.is(r0));
-  DCHECK(!(offset & 3) && is_int16(offset));
+  CHECK(!(offset & 3) && is_int16(offset));
   offset = kImm16Mask & offset;
   emit(STD | rs.code() * B21 | src.ra().code() * B16 | offset);
 }
@@ -1377,7 +1376,7 @@ void Assembler::stdx(Register rs, const MemOperand& src) {
 void Assembler::stdu(Register rs, const MemOperand& src) {
   int offset = src.offset();
   DCHECK(!src.ra_.is(r0));
-  DCHECK(!(offset & 3) && is_int16(offset));
+  CHECK(!(offset & 3) && is_int16(offset));
   offset = kImm16Mask & offset;
   emit(STD | rs.code() * B21 | src.ra().code() * B16 | offset | 1);
 }
@@ -1928,7 +1927,7 @@ void Assembler::lfd(const DoubleRegister frt, const MemOperand& src) {
   int offset = src.offset();
   Register ra = src.ra();
   DCHECK(!ra.is(r0));
-  DCHECK(is_int16(offset));
+  CHECK(is_int16(offset));
   int imm16 = offset & kImm16Mask;
   // could be x_form instruction with some casting magic
   emit(LFD | frt.code() * B21 | ra.code() * B16 | imm16);
@@ -1939,7 +1938,7 @@ void Assembler::lfdu(const DoubleRegister frt, const MemOperand& src) {
   int offset = src.offset();
   Register ra = src.ra();
   DCHECK(!ra.is(r0));
-  DCHECK(is_int16(offset));
+  CHECK(is_int16(offset));
   int imm16 = offset & kImm16Mask;
   // could be x_form instruction with some casting magic
   emit(LFDU | frt.code() * B21 | ra.code() * B16 | imm16);
@@ -1967,7 +1966,7 @@ void Assembler::lfdux(const DoubleRegister frt, const MemOperand& src) {
 void Assembler::lfs(const DoubleRegister frt, const MemOperand& src) {
   int offset = src.offset();
   Register ra = src.ra();
-  DCHECK(is_int16(offset));
+  CHECK(is_int16(offset));
   DCHECK(!ra.is(r0));
   int imm16 = offset & kImm16Mask;
   // could be x_form instruction with some casting magic
@@ -1978,7 +1977,7 @@ void Assembler::lfs(const DoubleRegister frt, const MemOperand& src) {
 void Assembler::lfsu(const DoubleRegister frt, const MemOperand& src) {
   int offset = src.offset();
   Register ra = src.ra();
-  DCHECK(is_int16(offset));
+  CHECK(is_int16(offset));
   DCHECK(!ra.is(r0));
   int imm16 = offset & kImm16Mask;
   // could be x_form instruction with some casting magic
@@ -2007,7 +2006,7 @@ void Assembler::lfsux(const DoubleRegister frt, const MemOperand& src) {
 void Assembler::stfd(const DoubleRegister frs, const MemOperand& src) {
   int offset = src.offset();
   Register ra = src.ra();
-  DCHECK(is_int16(offset));
+  CHECK(is_int16(offset));
   DCHECK(!ra.is(r0));
   int imm16 = offset & kImm16Mask;
   // could be x_form instruction with some casting magic
@@ -2018,7 +2017,7 @@ void Assembler::stfd(const DoubleRegister frs, const MemOperand& src) {
 void Assembler::stfdu(const DoubleRegister frs, const MemOperand& src) {
   int offset = src.offset();
   Register ra = src.ra();
-  DCHECK(is_int16(offset));
+  CHECK(is_int16(offset));
   DCHECK(!ra.is(r0));
   int imm16 = offset & kImm16Mask;
   // could be x_form instruction with some casting magic
@@ -2047,7 +2046,7 @@ void Assembler::stfdux(const DoubleRegister frs, const MemOperand& src) {
 void Assembler::stfs(const DoubleRegister frs, const MemOperand& src) {
   int offset = src.offset();
   Register ra = src.ra();
-  DCHECK(is_int16(offset));
+  CHECK(is_int16(offset));
   DCHECK(!ra.is(r0));
   int imm16 = offset & kImm16Mask;
   // could be x_form instruction with some casting magic
@@ -2058,7 +2057,7 @@ void Assembler::stfs(const DoubleRegister frs, const MemOperand& src) {
 void Assembler::stfsu(const DoubleRegister frs, const MemOperand& src) {
   int offset = src.offset();
   Register ra = src.ra();
-  DCHECK(is_int16(offset));
+  CHECK(is_int16(offset));
   DCHECK(!ra.is(r0));
   int imm16 = offset & kImm16Mask;
   // could be x_form instruction with some casting magic