Disable CFI on a few methods.

While they have not been observed to slow down real-world use cases,
some blink_layout microbenchmarks feel better with these methods
disabled. In order to be concervative at the launch time, lift
the CFI defense for these methods.

8/10 of these methods will become much faster when an optimization
proposed in https://crbug.com/638056 -- we only need to load vptr
once (before the loop) and have a single CFI check instead of
a check per iteration.

BUG=638056,634139

Review-Url: https://codereview.chromium.org/2258003002
Cr-Commit-Position: refs/heads/master@{#38759}

src/api.cc

@@ -8016,6 +8016,7 @@ class VisitorAdapter : public i::ObjectVisitor {
   void VisitPointers(i::Object** start, i::Object** end) override {
     UNREACHABLE();
   }
+  DISABLE_CFI_PERF
   void VisitEmbedderReference(i::Object** p, uint16_t class_id) override {
     Value* value = ToApi<Value>(i::Handle<i::Object>(p));
     visitor_->VisitPersistentHandle(

src/base/macros.h

@@ -154,6 +154,17 @@ V8_INLINE Dest bit_cast(Source const& source) {
 #define DISABLE_ASAN
 #endif
 
+// DISABLE_CFI_PERF -- Disable Control Flow Integrity checks for Perf reasons.
+#if !defined(DISABLE_CFI_PERF)
+#if defined(__clang__) && defined(__has_attribute)
+#if __has_attribute(no_sanitize)
+#define DISABLE_CFI_PERF __attribute__((no_sanitize("cfi")))
+#endif
+#endif
+#endif
+#if !defined(DISABLE_CFI_PERF)
+#define DISABLE_CFI_PERF
+#endif
 
 #if V8_CC_GNU
 #define V8_IMMEDIATE_CRASH() __builtin_trap()

src/global-handles.cc

@@ -662,6 +662,7 @@ bool GlobalHandles::IsWeak(Object** location) {
   return Node::FromLocation(location)->IsWeak();
 }
 
+DISABLE_CFI_PERF
 void GlobalHandles::IterateWeakRoots(ObjectVisitor* v) {
   for (NodeIterator it(this); !it.done(); it.Advance()) {
     Node* node = it.node();
@@ -789,6 +790,7 @@ void GlobalHandles::IterateNewSpaceWeakUnmodifiedRoots(ObjectVisitor* v) {
 }
 
 
+DISABLE_CFI_PERF
 bool GlobalHandles::IterateObjectGroups(ObjectVisitor* v,
                                         WeakSlotCallbackWithHeap can_skip) {
   ComputeObjectGroupsAndImplicitReferences();
@@ -1146,6 +1148,7 @@ void GlobalHandles::IterateStrongRoots(ObjectVisitor* v) {
 }
 
 
+DISABLE_CFI_PERF
 void GlobalHandles::IterateAllRoots(ObjectVisitor* v) {
   for (NodeIterator it(this); !it.done(); it.Advance()) {
     if (it.node()->IsRetainer()) {
@@ -1155,6 +1158,7 @@ void GlobalHandles::IterateAllRoots(ObjectVisitor* v) {
 }
 
 
+DISABLE_CFI_PERF
 void GlobalHandles::IterateAllRootsWithClassIds(ObjectVisitor* v) {
   for (NodeIterator it(this); !it.done(); it.Advance()) {
     if (it.node()->IsRetainer() && it.node()->has_wrapper_class_id()) {
@@ -1165,6 +1169,7 @@ void GlobalHandles::IterateAllRootsWithClassIds(ObjectVisitor* v) {
 }
 
 
+DISABLE_CFI_PERF
 void GlobalHandles::IterateAllRootsInNewSpaceWithClassIds(ObjectVisitor* v) {
   for (int i = 0; i < new_space_nodes_.length(); ++i) {
     Node* node = new_space_nodes_[i];
@@ -1176,6 +1181,7 @@ void GlobalHandles::IterateAllRootsInNewSpaceWithClassIds(ObjectVisitor* v) {
 }
 
 
+DISABLE_CFI_PERF
 void GlobalHandles::IterateWeakRootsInNewSpaceWithClassIds(ObjectVisitor* v) {
   for (int i = 0; i < new_space_nodes_.length(); ++i) {
     Node* node = new_space_nodes_[i];

src/objects-body-descriptors-inl.h

@@ -76,6 +76,7 @@ void BodyDescriptorBase::IterateBodyImpl(Heap* heap, HeapObject* obj,
 
 
 template <typename ObjectVisitor>
+DISABLE_CFI_PERF
 void BodyDescriptorBase::IteratePointers(HeapObject* obj, int start_offset,
                                          int end_offset, ObjectVisitor* v) {
   v->VisitPointers(HeapObject::RawField(obj, start_offset),
@@ -84,6 +85,7 @@ void BodyDescriptorBase::IteratePointers(HeapObject* obj, int start_offset,
 
 
 template <typename StaticVisitor>
+DISABLE_CFI_PERF
 void BodyDescriptorBase::IteratePointers(Heap* heap, HeapObject* obj,
                                          int start_offset, int end_offset) {
   StaticVisitor::VisitPointers(heap, obj,

src/snapshot/serializer-common.cc

@@ -59,6 +59,7 @@ void SerializedData::AllocateData(int size) {
 //  - during deserialization to populate it.
 //  - during normal GC to keep its content alive.
 //  - not during serialization. The partial serializer adds to it explicitly.
+DISABLE_CFI_PERF
 void SerializerDeserializer::Iterate(Isolate* isolate, ObjectVisitor* visitor) {
   List<Object*>* cache = isolate->partial_snapshot_cache();
   for (int i = 0;; ++i) {