[sparkplug] Support CFI on arm64

Add support for CodeEntry, ExceptionHandler, and tail-calls via x17, to
make sparkplug code pass CFI tests.

Fixed: v8:11439
Change-Id: Ic540da9d859fd981de345cf53b43ae55edd07180
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2695592
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72753}

src/baseline/arm64/baseline-compiler-arm64-inl.h

@@ -80,6 +80,11 @@ MemOperand BaselineAssembler::FeedbackVectorOperand() {
   return MemOperand(fp, BaselineFrameConstants::kFeedbackVectorFromFp);
 }
 
+void BaselineAssembler::Bind(Label* label) {
+  // All baseline compiler binds on arm64 are assumed to be for jump targets.
+  __ BindJumpTarget(label);
+}
+
 void BaselineAssembler::Jump(Label* target, Label::Distance distance) {
   __ B(target);
 }
@@ -111,8 +116,14 @@ void BaselineAssembler::CallBuiltin(Builtins::Name builtin) {
 }
 
 void BaselineAssembler::TailCallBuiltin(Builtins::Name builtin) {
-  ScratchRegisterScope temps(this);
-  Register temp = temps.AcquireScratch();
+  // x17 is used to allow using "Call" (i.e. `bti c`) rather than "Jump" (i.e.]
+  // `bti j`) landing pads for the tail-called code.
+  Register temp = x17;
+
+  // Make sure we're don't use this register as a temporary.
+  UseScratchRegisterScope temps(masm());
+  temps.Exclude(temp);
+
   __ LoadEntryFromBuiltinIndex(builtin, temp);
   __ Jump(temp);
 }

src/baseline/baseline-compiler.cc

@@ -229,6 +229,8 @@ void BaselineAssembler::GetCode(Isolate* isolate, CodeDesc* desc) {
 }
 int BaselineAssembler::pc_offset() const { return __ pc_offset(); }
 bool BaselineAssembler::emit_debug_code() const { return __ emit_debug_code(); }
+void BaselineAssembler::CodeEntry() const { __ CodeEntry(); }
+void BaselineAssembler::ExceptionHandler() const { __ ExceptionHandler(); }
 void BaselineAssembler::RecordComment(const char* string) {
   __ RecordComment(string);
 }
@@ -238,8 +240,6 @@ void BaselineAssembler::CallRuntime(Runtime::FunctionId function, int nargs) {
   __ CallRuntime(function, nargs);
 }
 
-void BaselineAssembler::Bind(Label* label) { __ bind(label); }
-
 MemOperand BaselineAssembler::ContextOperand() {
   return RegisterFrameOperand(interpreter::Register::current_context());
 }
@@ -344,6 +344,11 @@ void BaselineCompiler::GenerateCode() {
     }
     iterator_.Reset();
   }
+
+  // No code generated yet.
+  DCHECK_EQ(__ pc_offset(), 0);
+  __ CodeEntry();
+
   {
     RuntimeCallTimerScope runtimeTimer(
         stats_, RuntimeCallCounterId::kCompileBaselineVisit);
@@ -490,6 +495,7 @@ void BaselineCompiler::VisitSingleBytecode() {
   if (handler_offsets_.find(accessor().current_offset()) !=
       handler_offsets_.end()) {
     AddPosition();
+    __ ExceptionHandler();
   }
 
   if (FLAG_code_comments) {

src/baseline/baseline-compiler.h

@@ -74,6 +74,8 @@ class BaselineAssembler {
   void GetCode(Isolate* isolate, CodeDesc* desc);
   int pc_offset() const;
   bool emit_debug_code() const;
+  void CodeEntry() const;
+  void ExceptionHandler() const;
   void RecordComment(const char* string);
   void Trap();
   void DebugBreak();

src/baseline/x64/baseline-compiler-x64-inl.h

@@ -93,6 +93,8 @@ MemOperand BaselineAssembler::FeedbackVectorOperand() {
   return MemOperand(rbp, BaselineFrameConstants::kFeedbackVectorFromFp);
 }
 
+void BaselineAssembler::Bind(Label* label) { __ bind(label); }
+
 void BaselineAssembler::Jump(Label* target, Label::Distance distance) {
   __ jmp(target, distance);
 }

test/mjsunit/mjsunit.status

@@ -1460,9 +1460,5 @@
 ['arch not in (x64, arm64)', {
   'baseline/*': [SKIP],
 }],
-# TODO(v8:11439): test-baseline is broken under CFI.
-['control_flow_integrity', {
-  'baseline/*': [SKIP],
-}],
 
 ]