[ia32] Fix off-heap trampoline handling

This fixes several issues related to off-heap trampoline handling on
ia32.

Unlike other architectures, ia32 uses a pc-relative call/jump for the
off-heap trampoline. That means we cannot skip reloc info emission,
and we need to relocate when the buffer grows during code generation.

Finally, inlined trampolines must not clobber and thus also need to
use a pc-relative call/jump.

Drive-by: Use PreserveRootIA32 config only for whitelisted builtins to
build successfully by default.

Bug: v8:6666
Change-Id: I2b72147c6c70036cd13d8b22e2c80ade786c47b8
Reviewed-on: https://chromium-review.googlesource.com/1188316
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Sigurd Schneider <sigurds@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55397}

src/compiler/pipeline.cc

@@ -2397,7 +2397,7 @@ bool PipelineImpl::SelectInstructions(Linkage* linkage) {
     AllocateRegisters(RegisterConfiguration::Poisoning(), call_descriptor,
                       run_verifier);
 #if defined(V8_TARGET_ARCH_IA32) && defined(V8_EMBEDDED_BUILTINS)
-  } else if (Builtins::IsBuiltinId(data_->info()->builtin_index())) {
+  } else if (data_->assembler_options().isolate_independent_code) {
     // TODO(v8:6666): Extend support to user code. Ensure that
     // it is mutually exclusive with the Poisoning configuration above; and that
     // it cooperates with restricted allocatable registers above.

src/ia32/assembler-ia32.cc

@@ -3231,9 +3231,11 @@ void Assembler::GrowBuffer() {
     *p += pc_delta;
   }
 
-  // Relocate js-to-wasm calls (which are encoded pc-relative).
-  for (RelocIterator it(desc, RelocInfo::ModeMask(RelocInfo::JS_TO_WASM_CALL));
-       !it.done(); it.next()) {
+  // Relocate pc-relative references.
+  int mode_mask = RelocInfo::ModeMask(RelocInfo::JS_TO_WASM_CALL) |
+                  RelocInfo::ModeMask(RelocInfo::OFF_HEAP_TARGET);
+  DCHECK_EQ(mode_mask, RelocInfo::kApplyMask & mode_mask);
+  for (RelocIterator it(desc, mode_mask); !it.done(); it.next()) {
     it.rinfo()->apply(pc_delta);
   }
 

src/ia32/macro-assembler-ia32.cc

@@ -1736,8 +1736,7 @@ void TurboAssembler::Call(Handle<Code> code_object, RelocInfo::Mode rmode) {
         CHECK_NE(builtin_index, Builtins::kNoBuiltinId);
         EmbeddedData d = EmbeddedData::FromBlob();
         Address entry = d.InstructionStartOfBuiltin(builtin_index);
-        mov(scratch, Immediate(entry, RelocInfo::OFF_HEAP_TARGET));
-        call(scratch);
+        call(entry, RelocInfo::OFF_HEAP_TARGET);
         return;
       }
     }
@@ -1765,8 +1764,7 @@ void TurboAssembler::Jump(Handle<Code> code_object, RelocInfo::Mode rmode) {
         CHECK_NE(builtin_index, Builtins::kNoBuiltinId);
         EmbeddedData d = EmbeddedData::FromBlob();
         Address entry = d.InstructionStartOfBuiltin(builtin_index);
-        mov(scratch, Immediate(entry, RelocInfo::OFF_HEAP_TARGET));
-        jmp(scratch);
+        jmp(entry, RelocInfo::OFF_HEAP_TARGET);
         return;
       }
     }

src/reloc-info.h

@@ -173,8 +173,17 @@ class RelocInfo {
     return mode == WASM_CALL || mode == JS_TO_WASM_CALL;
   }
 
-  static constexpr bool IsOnlyForSerializer(Mode mode) {
+  static bool IsOnlyForSerializer(Mode mode) {
+#ifdef V8_TARGET_ARCH_IA32
+    // On ia32, inlined off-heap trampolines must be relocated.
+    DCHECK_NE((kApplyMask & ModeMask(OFF_HEAP_TARGET)), 0);
+    DCHECK_EQ((kApplyMask & ModeMask(EXTERNAL_REFERENCE)), 0);
+    return mode == EXTERNAL_REFERENCE;
+#else
+    DCHECK_EQ((kApplyMask & ModeMask(OFF_HEAP_TARGET)), 0);
+    DCHECK_EQ((kApplyMask & ModeMask(EXTERNAL_REFERENCE)), 0);
     return mode == EXTERNAL_REFERENCE || mode == OFF_HEAP_TARGET;
+#endif
   }
 
   static constexpr int ModeMask(Mode mode) { return 1 << mode; }