Reland "[turbofan] disable indirect jumps in Turbofan generated switches"

This is a reland of 957ac364. To avoid a race condition TSAN found when accessing FLAG_turbo_disable_switch_jump_table in the InstructionSelector, this now threads the flag through the CompilationInfo. Original change's description: > [turbofan] disable indirect jumps in Turbofan generated switches > > Bug: > Change-Id: I326bf518f895e7c030376210e7797f3dd4a9ae1f > Reviewed-on: https://chromium-review.googlesource.com/873643 > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50984} Change-Id: I76c2804f140cc116e30881bfd05365a09240e605 Reviewed-on: https://chromium-review.googlesource.com/895643Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#51014}

Reland "[turbofan] disable indirect jumps in Turbofan generated switches"
This is a reland of 957ac364. To avoid a race condition TSAN found when accessing FLAG_turbo_disable_switch_jump_table in the InstructionSelector, this now threads the flag through the CompilationInfo. Original change's description: > [turbofan] disable indirect jumps in Turbofan generated switches > > Bug: > Change-Id: I326bf518f895e7c030376210e7797f3dd4a9ae1f > Reviewed-on: https://chromium-review.googlesource.com/873643 > Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> > Commit-Queue: Tobias Tebbi <tebbi@chromium.org> > Cr-Commit-Position: refs/heads/master@{#50984} Change-Id: I76c2804f140cc116e30881bfd05365a09240e605 Reviewed-on: https://chromium-review.googlesource.com/895643Reviewed-by: Jaroslav Sevcik <jarin@chromium.org> Commit-Queue: Tobias Tebbi <tebbi@chromium.org> Cr-Commit-Position: refs/heads/master@{#51014}
2778b460 · Tobias Tebbi · Commit Bot · 1efdab82 · 2778b460 · 2778b460
Commit 2778b460 authored Jan 31, 2018 by Tobias Tebbi Committed by Commit Bot Feb 01, 2018
15 changed files
--- a/src/compilation-info.cc
+++ b/src/compilation-info.cc
@@ -47,6 +47,7 @@ CompilationInfo::CompilationInfo(Zone* zone, Isolate* isolate,
  if (FLAG_function_context_specialization) MarkAsFunctionContextSpecializing();
  if (FLAG_turbo_splitting) MarkAsSplittingEnabled();
+  if (!FLAG_turbo_disable_switch_jump_table) SetFlag(kSwitchJumpTableEnabled);
  // Collect source positions for optimized code when profiling or if debugger
  // is active, to be able to get more precise source positions at the price of

--- a/src/compilation-info.h
+++ b/src/compilation-info.h
@@ -51,6 +51,7 @@ class V8_EXPORT_PRIVATE CompilationInfo final {
    kBailoutOnUninitialized = 1 << 9,
    kLoopPeelingEnabled = 1 << 10,
    kUntrustedCodeMitigations = 1 << 11,
+    kSwitchJumpTableEnabled = 1 << 12,
  };
  // TODO(mtrofin): investigate if this might be generalized outside wasm, with
@@ -169,6 +170,10 @@ class V8_EXPORT_PRIVATE CompilationInfo final {
    return GetFlag(kUntrustedCodeMitigations);
  }
+  bool switch_jump_table_enabled() const {
+    return GetFlag(kSwitchJumpTableEnabled);
+  }
  // Code getters and setters.
  void SetCode(Handle<Code> code) { code_ = code; }

--- a/src/compiler/arm/instruction-selector-arm.cc
+++ b/src/compiler/arm/instruction-selector-arm.cc
@@ -1980,6 +1980,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
  InstructionOperand value_operand = g.UseRegister(node->InputAt(0));
  // Emit either ArchTableSwitch or ArchLookupSwitch.
+  if (enable_switch_jump_table_ == kEnableSwitchJumpTable) {
    static const size_t kMaxTableSwitchValueRange = 2 << 16;
    size_t table_space_cost = 4 + sw.value_range;
    size_t table_time_cost = 3;
@@ -1999,6 +2000,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
      // Generate a table lookup.
      return EmitTableSwitch(sw, index_operand);
    }
+  }
  // Generate a sequence of conditional jumps.
  return EmitLookupSwitch(sw, value_operand);

--- a/src/compiler/arm64/instruction-selector-arm64.cc
+++ b/src/compiler/arm64/instruction-selector-arm64.cc
@@ -2361,6 +2361,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
  InstructionOperand value_operand = g.UseRegister(node->InputAt(0));
  // Emit either ArchTableSwitch or ArchLookupSwitch.
+  if (enable_switch_jump_table_ == kEnableSwitchJumpTable) {
    static const size_t kMaxTableSwitchValueRange = 2 << 16;
    size_t table_space_cost = 4 + sw.value_range;
    size_t table_time_cost = 3;
@@ -2380,6 +2381,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
      // Generate a table lookup.
      return EmitTableSwitch(sw, index_operand);
    }
+  }
  // Generate a sequence of conditional jumps.
  return EmitLookupSwitch(sw, value_operand);

--- a/src/compiler/ia32/instruction-selector-ia32.cc
+++ b/src/compiler/ia32/instruction-selector-ia32.cc
@@ -1431,6 +1431,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
  InstructionOperand value_operand = g.UseRegister(node->InputAt(0));
  // Emit either ArchTableSwitch or ArchLookupSwitch.
+  if (enable_switch_jump_table_ == kEnableSwitchJumpTable) {
    static const size_t kMaxTableSwitchValueRange = 2 << 16;
    size_t table_space_cost = 4 + sw.value_range;
    size_t table_time_cost = 3;
@@ -1450,6 +1451,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
      // Generate a table lookup.
      return EmitTableSwitch(sw, index_operand);
    }
+  }
  // Generate a sequence of conditional jumps.
  return EmitLookupSwitch(sw, value_operand);

--- a/src/compiler/instruction-selector.cc
+++ b/src/compiler/instruction-selector.cc
@@ -24,6 +24,7 @@ InstructionSelector::InstructionSelector(
    Zone* zone, size_t node_count, Linkage* linkage,
    InstructionSequence* sequence, Schedule* schedule,
    SourcePositionTable* source_positions, Frame* frame,
+    EnableSwitchJumpTable enable_switch_jump_table,
    SourcePositionMode source_position_mode, Features features,
    EnableScheduling enable_scheduling,
    EnableSerialization enable_serialization)
@@ -45,6 +46,7 @@ InstructionSelector::InstructionSelector(
      scheduler_(nullptr),
      enable_scheduling_(enable_scheduling),
      enable_serialization_(enable_serialization),
+      enable_switch_jump_table_(enable_switch_jump_table),
      frame_(frame),
      instruction_selection_failed_(false) {
  instructions_.reserve(node_count);

--- a/src/compiler/instruction-selector.h
+++ b/src/compiler/instruction-selector.h
@@ -51,11 +51,16 @@ class V8_EXPORT_PRIVATE InstructionSelector final {
  enum SourcePositionMode { kCallSourcePositions, kAllSourcePositions };
  enum EnableScheduling { kDisableScheduling, kEnableScheduling };
  enum EnableSerialization { kDisableSerialization, kEnableSerialization };
+  enum EnableSwitchJumpTable {
+    kDisableSwitchJumpTable,
+    kEnableSwitchJumpTable
+  };
  InstructionSelector(
      Zone* zone, size_t node_count, Linkage* linkage,
      InstructionSequence* sequence, Schedule* schedule,
      SourcePositionTable* source_positions, Frame* frame,
+      EnableSwitchJumpTable enable_switch_jump_table,
      SourcePositionMode source_position_mode = kCallSourcePositions,
      Features features = SupportedFeatures(),
      EnableScheduling enable_scheduling = FLAG_turbo_instruction_scheduling
@@ -445,6 +450,7 @@ class V8_EXPORT_PRIVATE InstructionSelector final {
  InstructionScheduler* scheduler_;
  EnableScheduling enable_scheduling_;
  EnableSerialization enable_serialization_;
+  EnableSwitchJumpTable enable_switch_jump_table_;
  Frame* frame_;
  bool instruction_selection_failed_;
 };

--- a/src/compiler/mips/instruction-selector-mips.cc
+++ b/src/compiler/mips/instruction-selector-mips.cc
@@ -1608,6 +1608,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
  InstructionOperand value_operand = g.UseRegister(node->InputAt(0));
  // Emit either ArchTableSwitch or ArchLookupSwitch.
+  if (enable_switch_jump_table_ == kEnableSwitchJumpTable) {
    static const size_t kMaxTableSwitchValueRange = 2 << 16;
    size_t table_space_cost = 9 + sw.value_range;
    size_t table_time_cost = 3;
@@ -1627,6 +1628,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
      // Generate a table lookup.
      return EmitTableSwitch(sw, index_operand);
    }
+  }
  // Generate a sequence of conditional jumps.
  return EmitLookupSwitch(sw, value_operand);

--- a/src/compiler/mips64/instruction-selector-mips64.cc
+++ b/src/compiler/mips64/instruction-selector-mips64.cc
@@ -2216,6 +2216,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
  InstructionOperand value_operand = g.UseRegister(node->InputAt(0));
  // Emit either ArchTableSwitch or ArchLookupSwitch.
+  if (enable_switch_jump_table_ == kEnableSwitchJumpTable) {
    static const size_t kMaxTableSwitchValueRange = 2 << 16;
    size_t table_space_cost = 10 + 2 * sw.value_range;
    size_t table_time_cost = 3;
@@ -2235,6 +2236,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
      // Generate a table lookup.
      return EmitTableSwitch(sw, index_operand);
    }
+  }
  // Generate a sequence of conditional jumps.
  return EmitLookupSwitch(sw, value_operand);

--- a/src/compiler/pipeline.cc
+++ b/src/compiler/pipeline.cc
@@ -1525,6 +1525,9 @@ struct InstructionSelectionPhase {
    InstructionSelector selector(
        temp_zone, data->graph()->NodeCount(), linkage, data->sequence(),
        data->schedule(), data->source_positions(), data->frame(),
+        data->info()->switch_jump_table_enabled()
+            ? InstructionSelector::kEnableSwitchJumpTable
+            : InstructionSelector::kDisableSwitchJumpTable,
        data->info()->is_source_positions_enabled()
            ? InstructionSelector::kAllSourcePositions
            : InstructionSelector::kCallSourcePositions,

--- a/src/compiler/ppc/instruction-selector-ppc.cc
+++ b/src/compiler/ppc/instruction-selector-ppc.cc
@@ -1762,6 +1762,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
  InstructionOperand value_operand = g.UseRegister(node->InputAt(0));
  // Emit either ArchTableSwitch or ArchLookupSwitch.
+  if (enable_switch_jump_table_ == kEnableSwitchJumpTable) {
    static const size_t kMaxTableSwitchValueRange = 2 << 16;
    size_t table_space_cost = 4 + sw.value_range;
    size_t table_time_cost = 3;
@@ -1781,6 +1782,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
      // Generate a table lookup.
      return EmitTableSwitch(sw, index_operand);
    }
+  }
  // Generate a sequence of conditional jumps.
  return EmitLookupSwitch(sw, value_operand);

--- a/src/compiler/s390/instruction-selector-s390.cc
+++ b/src/compiler/s390/instruction-selector-s390.cc
@@ -2138,6 +2138,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
  InstructionOperand value_operand = g.UseRegister(node->InputAt(0));
  // Emit either ArchTableSwitch or ArchLookupSwitch.
+  if (enable_switch_jump_table_ == kEnableSwitchJumpTable) {
    static const size_t kMaxTableSwitchValueRange = 2 << 16;
    size_t table_space_cost = 4 + sw.value_range;
    size_t table_time_cost = 3;
@@ -2162,6 +2163,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
    // Generate a table lookup.
    return EmitTableSwitch(sw, index_operand);
  }
+  }
  // Generate a sequence of conditional jumps.
  return EmitLookupSwitch(sw, value_operand);

--- a/src/compiler/x64/instruction-selector-x64.cc
+++ b/src/compiler/x64/instruction-selector-x64.cc
@@ -1959,6 +1959,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
  InstructionOperand value_operand = g.UseRegister(node->InputAt(0));
  // Emit either ArchTableSwitch or ArchLookupSwitch.
+  if (enable_switch_jump_table_ == kEnableSwitchJumpTable) {
    static const size_t kMaxTableSwitchValueRange = 2 << 16;
    size_t table_space_cost = 4 + sw.value_range;
    size_t table_time_cost = 3;
@@ -1971,7 +1972,8 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
        sw.value_range <= kMaxTableSwitchValueRange) {
      InstructionOperand index_operand = g.TempRegister();
      if (sw.min_value) {
-      // The leal automatically zero extends, so result is a valid 64-bit index.
+        // The leal automatically zero extends, so result is a valid 64-bit
+        // index.
        Emit(kX64Lea32 | AddressingModeField::encode(kMode_MRI), index_operand,
             value_operand, g.TempImmediate(-sw.min_value));
      } else {
@@ -1981,6 +1983,7 @@ void InstructionSelector::VisitSwitch(Node* node, const SwitchInfo& sw) {
      // Generate a table lookup.
      return EmitTableSwitch(sw, index_operand);
    }
+  }
  // Generate a sequence of conditional jumps.
  return EmitLookupSwitch(sw, value_operand);

--- a/src/flag-definitions.h
+++ b/src/flag-definitions.h
@@ -490,6 +490,10 @@ DEFINE_BOOL(untrusted_code_mitigations, V8_DEFAULT_UNTRUSTED_CODE_MITIGATIONS,
            "Enable mitigations for executing untrusted code")
 #undef V8_DEFAULT_UNTRUSTED_CODE_MITIGATIONS
+DEFINE_BOOL(turbo_disable_switch_jump_table, false,
+            "do not emit jump-tables in Turbofan")
+DEFINE_IMPLICATION(untrusted_code_mitigations, turbo_disable_switch_jump_table)
 // Flags to help platform porters
 DEFINE_BOOL(minimal, false,
            "simplifies execution model to make porting "

--- a/test/unittests/compiler/instruction-selector-unittest.cc
+++ b/test/unittests/compiler/instruction-selector-unittest.cc
@@ -43,6 +43,7 @@ InstructionSelectorTest::Stream InstructionSelectorTest::StreamBuilder::Build(
  SourcePositionTable source_position_table(graph());
  InstructionSelector selector(test_->zone(), node_count, &linkage, &sequence,
                               schedule, &source_position_table, nullptr,
+                               InstructionSelector::kEnableSwitchJumpTable,
                               source_position_mode, features,
                               InstructionSelector::kDisableScheduling);
  selector.SelectInstructions();