[ext-code-space] Enable stricter heap verification for CodeT

When v8_enable_external_code_space is enabled the Code objects are allowed only - in CodeDataContainer::code field - as uncompressed values embedded in Code instruction streams Bug: v8:11880 Change-Id: I080a678fd77a7e42c6a397e7145a640fd07d6e83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2969828Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#75275}

[ext-code-space] Enable stricter heap verification for CodeT
When v8_enable_external_code_space is enabled the Code objects are allowed only - in CodeDataContainer::code field - as uncompressed values embedded in Code instruction streams Bug: v8:11880 Change-Id: I080a678fd77a7e42c6a397e7145a640fd07d6e83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2969828Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#75275}
d31824f4 · Igor Sheludko · V8 LUCI CQ · c46e8205 · d31824f4 · d31824f4
Commit d31824f4 authored Jun 17, 2021 by Igor Sheludko Committed by V8 LUCI CQ Jun 21, 2021
6 changed files
--- a/src/codegen/reloc-info.cc
+++ b/src/codegen/reloc-info.cc
@@ -485,9 +485,11 @@ void RelocInfo::Print(Isolate* isolate, std::ostream& os) {
 void RelocInfo::Verify(Isolate* isolate) {
  switch (rmode_) {
    case COMPRESSED_EMBEDDED_OBJECT:
+      Object::VerifyPointer(isolate, target_object());
+      break;
    case FULL_EMBEDDED_OBJECT:
    case DATA_EMBEDDED_OBJECT:
-      Object::VerifyPointer(isolate, target_object());
+      Object::VerifyAnyTagged(isolate, target_object());
      break;
    case CODE_TARGET:
    case RELATIVE_CODE_TARGET: {

--- a/src/diagnostics/objects-debug.cc
+++ b/src/diagnostics/objects-debug.cc
@@ -133,6 +133,18 @@ void Object::VerifyPointer(Isolate* isolate, Object p) {
  }
 }

+void Object::VerifyAnyTagged(Isolate* isolate, Object p) {
+  if (p.IsHeapObject()) {
+    if (V8_EXTERNAL_CODE_SPACE_BOOL) {
+      CHECK(IsValidHeapObject(isolate->heap(), HeapObject::cast(p)));
+    } else {
+      HeapObject::VerifyHeapPointer(isolate, p);
+    }
+  } else {
+    CHECK(p.IsSmi());
+  }
+}
+
 void MaybeObject::VerifyMaybeObjectPointer(Isolate* isolate, MaybeObject p) {
  HeapObject heap_object;
  if (p->GetHeapObject(&heap_object)) {
@@ -292,6 +304,14 @@ void HeapObject::HeapObjectVerify(Isolate* isolate) {
 void HeapObject::VerifyHeapPointer(Isolate* isolate, Object p) {
  CHECK(p.IsHeapObject());
  CHECK(IsValidHeapObject(isolate->heap(), HeapObject::cast(p)));
+  CHECK_IMPLIES(V8_EXTERNAL_CODE_SPACE_BOOL, !p.IsCode());
+}
+
+// static
+void HeapObject::VerifyCodePointer(Isolate* isolate, Object p) {
+  CHECK(p.IsHeapObject());
+  CHECK(isolate->heap()->InCodeSpace(HeapObject::cast(p)));
+  CHECK(HeapObject::cast(p).IsCode());
 }

 void Symbol::SymbolVerify(Isolate* isolate) {

--- a/src/heap/heap-inl.h
+++ b/src/heap/heap-inl.h
@@ -484,12 +484,20 @@ bool Heap::InToPage(HeapObject heap_object) {
 }

 bool Heap::InOldSpace(Object object) {
-  if (V8_ENABLE_THIRD_PARTY_HEAP_BOOL)
+  if (V8_ENABLE_THIRD_PARTY_HEAP_BOOL) {
    return object.IsHeapObject() &&
           third_party_heap::Heap::InOldSpace(object.ptr());
+  }
  return old_space_->Contains(object);
 }

+bool Heap::InCodeSpace(HeapObject object) {
+  if (V8_ENABLE_THIRD_PARTY_HEAP_BOOL) {
+    return third_party_heap::Heap::InCodeSpace(object.ptr());
+  }
+  return code_space_->Contains(object) || code_lo_space_->Contains(object);
+}
+
 // static
 Heap* Heap::FromWritableHeapObject(HeapObject obj) {
  if (V8_ENABLE_THIRD_PARTY_HEAP_BOOL) {

--- a/src/heap/heap.h
+++ b/src/heap/heap.h
@@ -1250,6 +1250,9 @@ class Heap {
  // Returns whether the object resides in old space.
  inline bool InOldSpace(Object object);

+  // Returns whether the object resides in any of the code spaces.
+  inline bool InCodeSpace(HeapObject object);
+
  // Checks whether an address/object is in the non-read-only heap (including
  // auxiliary area and unused area). Use IsValidHeapObject if checking both
  // heaps is required.

--- a/src/objects/heap-object.h
+++ b/src/objects/heap-object.h
@@ -178,6 +178,7 @@ class HeapObject : public Object {
  // Verify a pointer is a valid HeapObject pointer that points to object
  // areas in the heap.
  static void VerifyHeapPointer(Isolate* isolate, Object p);
+  static void VerifyCodePointer(Isolate* isolate, Object p);
 #endif

  static inline AllocationAlignment RequiredAlignment(Map map);

--- a/src/objects/objects.h
+++ b/src/objects/objects.h
@@ -596,8 +596,12 @@ class Object : public TaggedImpl<HeapObjectReferenceType::STRONG, Address> {
  EXPORT_DECL_VERIFIER(Object)

 #ifdef VERIFY_HEAP
-  // Verify a pointer is a valid object pointer.
+  // Verify a pointer is a valid (non-Code) object pointer.
+  // When V8_EXTERNAL_CODE_SPACE is enabled Code objects are not allowed.
  static void VerifyPointer(Isolate* isolate, Object p);
+  // Verify a pointer is a valid object pointer.
+  // Code objects are allowed regardless of the V8_EXTERNAL_CODE_SPACE mode.
+  static void VerifyAnyTagged(Isolate* isolate, Object p);
 #endif

  inline void VerifyApiCallResultType();