Use --untrusted-code-mitigations flag also for JS

Remove the --extra-masking and --mask-array-index flags. Instead, use
--untrusted-code-mitigations directly.
This also changes the default for these flags: There were off by
default so far, but --untrusted_code_mitigations is on by default.

Store the value of the untrusted_code_mitigations flag in the
CompilationInfo in order to ensure that it stays consistent during the
compilation of one function.

R=jarin@chromium.org, bmeurer@chromium.org, hablich@chromium.org
CC=rmcilroy@chromium.org

Bug: chromium:798964
Change-Id: I15a919e741f0628afa6a6ea1e8274ad0c4399929
Reviewed-on: https://chromium-review.googlesource.com/850412
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Michael Hablich <hablich@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50373}

src/compilation-info.cc

@@ -64,7 +64,7 @@ CompilationInfo::CompilationInfo(Vector<const char> debug_name,
                                  Code::Kind code_kind, Mode mode, Zone* zone)
     : literal_(nullptr),
       source_range_map_(nullptr),
-      flags_(0),
+      flags_(FLAG_untrusted_code_mitigations ? kUntrustedCodeMitigations : 0),
       code_kind_(code_kind),
       stub_key_(0),
       builtin_index_(Builtins::kNoBuiltinId),

src/compilation-info.h

@@ -50,6 +50,7 @@ class V8_EXPORT_PRIVATE CompilationInfo final {
     kSourcePositionsEnabled = 1 << 8,
     kBailoutOnUninitialized = 1 << 9,
     kLoopPeelingEnabled = 1 << 10,
+    kUntrustedCodeMitigations = 1 << 11,
   };
 
   // TODO(mtrofin): investigate if this might be generalized outside wasm, with
@@ -164,6 +165,10 @@ class V8_EXPORT_PRIVATE CompilationInfo final {
   void MarkAsLoopPeelingEnabled() { SetFlag(kLoopPeelingEnabled); }
   bool is_loop_peeling_enabled() const { return GetFlag(kLoopPeelingEnabled); }
 
+  bool has_untrusted_code_mitigations() const {
+    return GetFlag(kUntrustedCodeMitigations);
+  }
+
   // Code getters and setters.
 
   void SetCode(Handle<Code> code) { code_ = code; }

src/compiler/pipeline.cc

@@ -1372,8 +1372,9 @@ struct EffectControlLinearizationPhase {
       // - get rid of the region markers,
       // - introduce effect phis and rewire effects to get SSA again.
       EffectControlLinearizer::MaskArrayIndexEnable mask_array_index =
-          FLAG_mask_array_index ? EffectControlLinearizer::kMaskArrayIndex
-                                : EffectControlLinearizer::kDoNotMaskArrayIndex;
+          data->info()->has_untrusted_code_mitigations()
+              ? EffectControlLinearizer::kMaskArrayIndex
+              : EffectControlLinearizer::kDoNotMaskArrayIndex;
       EffectControlLinearizer linearizer(data->jsgraph(), schedule, temp_zone,
                                          data->source_positions(),
                                          mask_array_index);

src/flag-definitions.h

@@ -465,11 +465,8 @@ DEFINE_BOOL(turbo_store_elimination, true,
 DEFINE_BOOL(trace_store_elimination, false, "trace store elimination")
 DEFINE_BOOL(turbo_rewrite_far_jumps, true,
             "rewrite far to near jumps (ia32,x64)")
-// TODO(clemensh): Remove extra_masking, use untrusted_code_mitigations instead.
-DEFINE_BOOL(extra_masking, false, "Extra mask for memory accesses")
-DEFINE_BOOL(mask_array_index, false, "Mask array index with bound")
-DEFINE_IMPLICATION(future, extra_masking)
-DEFINE_IMPLICATION(extra_masking, mask_array_index)
+// TODO(rmcilroy): Remove extra_masking once the finch experiment is removed.
+DEFINE_BOOL(extra_masking, false, "obsolete - has no effect")
 DEFINE_BOOL(untrusted_code_mitigations, true,
             "Enable mitigations for executing untrusted code")