cppgc: Add CHECK that caged heap is allocated below stack

On OSes other than Windows and Fuchsia the write barrier assumes that the caged heap is allocated below the stack. Add CHECK that the assumption holds. Bug: chromium:1056170 Change-Id: I64c790e61b4cfa2adb8274ed74111f0433e9aefb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080570 Auto-Submit: Omer Katz <omerkatz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#76173}

cppgc: Add CHECK that caged heap is allocated below stack
On OSes other than Windows and Fuchsia the write barrier assumes that the caged heap is allocated below the stack. Add CHECK that the assumption holds. Bug: chromium:1056170 Change-Id: I64c790e61b4cfa2adb8274ed74111f0433e9aefb Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3080570 Auto-Submit: Omer Katz <omerkatz@chromium.org> Commit-Queue: Omer Katz <omerkatz@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Cr-Commit-Position: refs/heads/master@{#76173}
e82a3b1e · Omer Katz · V8 LUCI CQ · 7698e9be · e82a3b1e · e82a3b1e
Commit e82a3b1e authored Aug 09, 2021 by Omer Katz Committed by V8 LUCI CQ Aug 09, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 11 deletions

write-barrier.h include/cppgc/internal/write-barrier.h +12 -11

platform.h include/cppgc/platform.h +12 -0

caged-heap.cc src/heap/cppgc/caged-heap.cc +7 -0

No files found.
--- a/include/cppgc/internal/write-barrier.h
+++ b/include/cppgc/internal/write-barrier.h
@@ -11,6 +11,7 @@
 #include "cppgc/heap-state.h"
 #include "cppgc/internal/api-constants.h"
 #include "cppgc/internal/atomic-entry-flag.h"
+#include "cppgc/platform.h"
 #include "cppgc/sentinel-pointer.h"
 #include "cppgc/trace-trait.h"
 #include "v8config.h"  // NOLINT(build/include_directory)
@@ -167,17 +168,17 @@ class V8_EXPORT WriteBarrierTypeForCagedHeapPolicy final {

  static V8_INLINE bool TryGetCagedHeap(const void* slot, const void* value,
                                        WriteBarrier::Params& params) {
-#if V8_OS_WIN || V8_OS_FUCHSIA
-    // This method assumes that the stack is allocated in high
-    // addresses. That is not guaranteed on Windows and Fuchsia. Having a
-    // low-address (below api_constants::kCagedHeapReservationSize) on-stack
-    // slot with a nullptr value would cause this method to erroneously return
-    // that the slot resides in a caged heap that starts at a null address. This
-    // check is applied only on Windows because it is not an issue on other OSes
-    // where the stack resides in higher adderesses, and to keep the write
-    // barrier as cheap as possible.
-    if (!value) return false;
-#endif  // V8_OS_WIN || V8_OS_FUCHSIA
+    if (!Platform::StackAddressesSmallerThanHeapAddresses()) {
+      // This method assumes that the stack is allocated in high
+      // addresses. That is not guaranteed on Windows and Fuchsia. Having a
+      // low-address (below api_constants::kCagedHeapReservationSize) on-stack
+      // slot with a nullptr value would cause this method to erroneously return
+      // that the slot resides in a caged heap that starts at a null address.
+      // This check is applied only on Windows because it is not an issue on
+      // other OSes where the stack resides in higher adderesses, and to keep
+      // the write barrier as cheap as possible.
+      if (!value) return false;
+    }
    params.start = reinterpret_cast<uintptr_t>(value) &
                   ~(api_constants::kCagedHeapReservationAlignment - 1);
    const uintptr_t slot_offset =

--- a/include/cppgc/platform.h
+++ b/include/cppgc/platform.h
@@ -29,6 +29,8 @@ using TracingController = v8::TracingController;
 */
 class V8_EXPORT Platform {
 public:
+  static constexpr bool StackAddressesSmallerThanHeapAddresses();
+
  virtual ~Platform() = default;

  /**
@@ -148,6 +150,16 @@ namespace internal {
 V8_EXPORT void Abort();

 }  // namespace internal
+
+// static
+constexpr bool Platform::StackAddressesSmallerThanHeapAddresses() {
+#if V8_OS_WIN || V8_OS_FUCHSIA
+  return false;
+#else
+  return true;
+#endif  // V8_OS_WIN || V8_OS_FUCHSIA
+}
+
 }  // namespace cppgc

 #endif  // INCLUDE_CPPGC_PLATFORM_H_
--- a/src/heap/cppgc/caged-heap.cc
+++ b/src/heap/cppgc/caged-heap.cc
@@ -11,8 +11,10 @@
 #include "src/heap/cppgc/caged-heap.h"

 #include "include/cppgc/internal/caged-heap-local-data.h"
+#include "include/cppgc/platform.h"
 #include "src/base/bounded-page-allocator.h"
 #include "src/base/logging.h"
+#include "src/base/platform/platform.h"
 #include "src/heap/cppgc/globals.h"

 namespace cppgc {
@@ -72,6 +74,11 @@ CagedHeap::CagedHeap(HeapBase* heap_base, PageAllocator* platform_allocator)
    : reserved_area_(ReserveCagedHeap(platform_allocator)) {
  using CagedAddress = CagedHeap::AllocatorType::Address;

+  if (Platform::StackAddressesSmallerThanHeapAddresses()) {
+    // Write barrier assumes that caged heap is allocated below the stack.
+    CHECK_LT(reserved_area_.address(), v8::base::Stack::GetStackStart());
+  }
+
  DCHECK_NOT_NULL(heap_base);

  CHECK(platform_allocator->SetPermissions(