Reland "[turbofan] enable switch jump tables with...

Reland "[turbofan] enable switch jump tables with --no-untrusted-code-mitigations, also for stubs and Wasm"

But for builtins, jump tables are disabled
to be compatible with embedded builtins.

This is a reland of 884bec9f

Original change's description:
> [turbofan] enable switch jump tables with --no-untrusted-code-mitigations,
> also for stubs and Wasm
>
> Bug: chromium:845851
> Change-Id: I9b860dc26f8b35d629235b82fc5fffe04bf10493
> Reviewed-on: https://chromium-review.googlesource.com/1076151
> Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Reviewed-by: Jaroslav Sevcik <jarin@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#53525}

Bug: chromium:845851
Change-Id: I66c300f875a46a3f2a68730fda94b8196f38aa97
Reviewed-on: https://chromium-review.googlesource.com/1087468
Commit-Queue: Tobias Tebbi <tebbi@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53612}

src/flag-definitions.h

@@ -499,10 +499,6 @@ DEFINE_BOOL(untrusted_code_mitigations, V8_DEFAULT_UNTRUSTED_CODE_MITIGATIONS,
             "Enable mitigations for executing untrusted code")
 #undef V8_DEFAULT_UNTRUSTED_CODE_MITIGATIONS
 
-DEFINE_BOOL(turbo_disable_switch_jump_table, false,
-            "do not emit jump-tables in Turbofan")
-DEFINE_IMPLICATION(untrusted_code_mitigations, turbo_disable_switch_jump_table)
-
 DEFINE_BOOL(branch_load_poisoning, false, "Mask loads with branch conditions.")
 DEFINE_IMPLICATION(future, branch_load_poisoning)
 

src/optimized-compilation-info.cc

@@ -28,7 +28,7 @@ OptimizedCompilationInfo::OptimizedCompilationInfo(
   SetFlag(kCalledWithCodeStartRegister);
   if (FLAG_function_context_specialization) MarkAsFunctionContextSpecializing();
   if (FLAG_turbo_splitting) MarkAsSplittingEnabled();
-  if (!FLAG_turbo_disable_switch_jump_table) SetFlag(kSwitchJumpTableEnabled);
+  if (!FLAG_untrusted_code_mitigations) SetFlag(kSwitchJumpTableEnabled);
   if (FLAG_untrusted_code_mitigations) MarkAsPoisoningRegisterArguments();
 
   // TODO(yangguo): Disable this in case of debugging for crbug.com/826613
@@ -62,6 +62,13 @@ OptimizedCompilationInfo::OptimizedCompilationInfo(
 #endif
   SetTracingFlags(
       PassesFilter(debug_name, CStrVector(FLAG_trace_turbo_filter)));
+  if (!FLAG_untrusted_code_mitigations) {
+    // Embedded builtins don't support embedded absolute code addresses, so we
+    // cannot use jump tables.
+    if (code_kind != Code::BUILTIN) {
+      SetFlag(kSwitchJumpTableEnabled);
+    }
+  }
 }
 
 OptimizedCompilationInfo::OptimizedCompilationInfo(

src/optimized-compilation-info.h

@@ -63,7 +63,7 @@ class V8_EXPORT_PRIVATE OptimizedCompilationInfo final {
   OptimizedCompilationInfo(Zone* zone, Isolate* isolate,
                            Handle<SharedFunctionInfo> shared,
                            Handle<JSFunction> closure);
-  // Construct a compilation info for stub compilation (or testing).
+  // Construct a compilation info for stub compilation, Wasm, and testing.
   OptimizedCompilationInfo(Vector<const char> debug_name, Zone* zone,
                            Code::Kind code_kind);
 

src/wasm/wasm-code-manager.cc

@@ -225,6 +225,7 @@ void WasmCode::Validate() const {
       case RelocInfo::WASM_STUB_CALL:
       case RelocInfo::JS_TO_WASM_CALL:
       case RelocInfo::EXTERNAL_REFERENCE:
+      case RelocInfo::INTERNAL_REFERENCE:
       case RelocInfo::INTERNAL_REFERENCE_ENCODED:
       case RelocInfo::OFF_HEAP_TARGET:
       case RelocInfo::COMMENT: