1. 17 Nov, 2020 2 commits
  2. 28 Oct, 2020 2 commits
    • Jakob Gruber's avatar
      [embedded] Split blob hash into data/code hashes · 06b59094
      Jakob Gruber authored
      .. and add a --text-is-readable flag to support non-readable .text
      sections.
      
      This splits the embedded blob hash into two dedicated hashes for data
      and code sections. The main benefit is that we can now keep at least a
      partial hash even with non-readable .text sections.
      
      The second part of this CL adds a --text-is-readable runtime flag to
      support such platforms (with non-readable .text).
      
      It currently doesn't do much; setting it enables a few additional
      DCHECKs, disables the constant pool on x64, and and disables
      verification of the embedded blob's *code* hash.
      
      Bug: v8:10707
      Change-Id: Ib91ed8b50b50f2cd81677f62920bea6fb92af453
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2504251Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70827}
      06b59094
    • Jakob Gruber's avatar
      [code] Move embedded metadata to the .rodata section · 779b0edd
      Jakob Gruber authored
      The embedded metadata section is the off-heap equivalent to an on-heap
      Code object's metadata section. It contains no executable data, thus
      .rodata is the natural home for it. Another motivation is that some
      platforms do not grant read permissions on the .text section.
      
      Embedded blob stats before:
      
        EmbeddedData:
          Total size: 1322944
          Data size:  25952
          Code size:  1296992
      
      And after:
      
        EmbeddedData:
          Total size: 1323372
          Data size:  121452
          Code size:  1201920
      
      (Slight size increase due to additional padding.)
      
      Bug: v8:11036,v8:10707
      Change-Id: Ib6b54a7e947966c7bd2fcc1e7e44c85e352f0063
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2502334Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarUlan Degenbaev <ulan@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Auto-Submit: Jakob Gruber <jgruber@chromium.org>
      Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70822}
      779b0edd
  3. 27 Oct, 2020 1 commit
    • Jakob Gruber's avatar
      [code] Extend comments, use better terms to describe metadata · 23ba0667
      Jakob Gruber authored
      This addresses comments from [0] by extending comments to also
      describe embedded builtins in code.h, and by improving language
      around various meaning of 'metadata':
      
      - The Code object's metadata section is still called 'metadata'.
      - The embedded blob's table of layout descriptions for builtins is
        now called 'layout descriptions'.
      - The embedded blob's data section (containing hashes and layout
        descriptions) is now called 'data' section.
      
      [0] chromium-review.googlesource.com/c/v8/v8/+/2491025
      
      Bug: v8:11036
      Change-Id: Ibe84fddb9784cc5d3b66482612dcdb7a2e8d14ae
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2501284
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70793}
      23ba0667
  4. 26 Oct, 2020 1 commit
    • Jakob Gruber's avatar
      Reland "[code] Separate instruction and metadata areas" · a4449f26
      Jakob Gruber authored
      This is a reland of b66993bc
      
      Nothing changed in the reland, the original CL was not the
      culprit for win32 failures. They started earlier, at
      https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/29444
      
      Original change's description:
      > [code] Separate instruction and metadata areas
      >
      > In this CL, Code object layout changes s.t. the instruction
      > area is distinct / non-overlapping from the metadata area.
      >
      > On-heap Code objects now have a variable-size `body` area,
      > containing distinct-but-adjacent `instruction` and `metadata`
      > areas.
      >
      > Off-heap code (= embedded builtins) currently have the same,
      > but in the future the metadata area will move elsewhere and
      > no longer be adjacent to instructions.
      >
      > To implement this, the main changes are:
      >
      >  - The Code object header now contains instruction and metadata
      >    sizes, and no longer contains the safepoint table offset
      >    (it's implicitly the first table of the metadata section).
      >  - The embedded metadata table contains information about both
      >    instruction and metadata areas.
      >
      > I've also added assertions in spots that currently rely on a
      > contiguous body area.
      >
      > Bug: v8:11036
      > Change-Id: I940f0c70c07ad511dafd2d2c3e337de8c92cd4b9
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491025
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
      > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70743}
      
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Tbr: leszeks@chromium.org, clemensb@chromium.org, dinfuehr@chromium.org
      Bug: v8:11036
      Change-Id: I238562d7e25cf28cc689856ee8b17f25627aaee7
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497162
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Auto-Submit: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70747}
      a4449f26
  5. 25 Oct, 2020 2 commits
    • Zhi An Ng's avatar
      Revert "[code] Separate instruction and metadata areas" · 9a02964a
      Zhi An Ng authored
      This reverts commit b66993bc.
      
      Reason for revert: Broke v8 win32 https://ci.chromium.org/p/v8/builders/ci/V8%20Win32/29454?
      
      Original change's description:
      > [code] Separate instruction and metadata areas
      >
      > In this CL, Code object layout changes s.t. the instruction
      > area is distinct / non-overlapping from the metadata area.
      >
      > On-heap Code objects now have a variable-size `body` area,
      > containing distinct-but-adjacent `instruction` and `metadata`
      > areas.
      >
      > Off-heap code (= embedded builtins) currently have the same,
      > but in the future the metadata area will move elsewhere and
      > no longer be adjacent to instructions.
      >
      > To implement this, the main changes are:
      >
      >  - The Code object header now contains instruction and metadata
      >    sizes, and no longer contains the safepoint table offset
      >    (it's implicitly the first table of the metadata section).
      >  - The embedded metadata table contains information about both
      >    instruction and metadata areas.
      >
      > I've also added assertions in spots that currently rely on a
      > contiguous body area.
      >
      > Bug: v8:11036
      > Change-Id: I940f0c70c07ad511dafd2d2c3e337de8c92cd4b9
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491025
      > Reviewed-by: Leszek Swirski <leszeks@chromium.org>
      > Reviewed-by: Clemens Backes <clemensb@chromium.org>
      > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
      > Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#70743}
      
      TBR=jgruber@chromium.org,leszeks@chromium.org,clemensb@chromium.org,dinfuehr@chromium.org
      
      Change-Id: Ia52ac609a47b8a2038a2511f0af8526ebdfe4719
      No-Presubmit: true
      No-Tree-Checks: true
      No-Try: true
      Bug: v8:11036
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2497381Reviewed-by: 's avatarZhi An Ng <zhin@chromium.org>
      Commit-Queue: Zhi An Ng <zhin@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70744}
      9a02964a
    • Jakob Gruber's avatar
      [code] Separate instruction and metadata areas · b66993bc
      Jakob Gruber authored
      In this CL, Code object layout changes s.t. the instruction
      area is distinct / non-overlapping from the metadata area.
      
      On-heap Code objects now have a variable-size `body` area,
      containing distinct-but-adjacent `instruction` and `metadata`
      areas.
      
      Off-heap code (= embedded builtins) currently have the same,
      but in the future the metadata area will move elsewhere and
      no longer be adjacent to instructions.
      
      To implement this, the main changes are:
      
       - The Code object header now contains instruction and metadata
         sizes, and no longer contains the safepoint table offset
         (it's implicitly the first table of the metadata section).
       - The embedded metadata table contains information about both
         instruction and metadata areas.
      
      I've also added assertions in spots that currently rely on a
      contiguous body area.
      
      Bug: v8:11036
      Change-Id: I940f0c70c07ad511dafd2d2c3e337de8c92cd4b9
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491025Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70743}
      b66993bc
  6. 22 Oct, 2020 1 commit
    • Jakob Gruber's avatar
      [code] Prepare to move metadata out of the instructions area · 0d0a3416
      Jakob Gruber authored
      No major functional changes in this CL, mostly it moves code around
      to make follow-up CLs less messy.
      
       - Document Code layout.
       - New concepts: 'body' and 'metadata' areas of Code objects. The
         metadata area contains metadata tables, the body area includes
         both instructions and metadata (this is currently the 'instructions'
         area). Add accessors for these new areas.
       - An interesting detail: embedded builtins will have non-adjacent
         instruction and metadata areas, thus a concept of 'body' doesn't
         make sense there.
       - Also add raw_instruction_X_future accessors; these are used where
         we are actually interested in the instructions range, not the entire
         body. In a follow-up, current raw_instruction_X accessors will be
         replaced by raw_body_X, and raw_instruction_X_future by
         raw_instruction_X.
      
      Bug: v8:11036
      Change-Id: I1d85146b652e0c097c3602d4db1862d5d3898a7e
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2491023
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarClemens Backes <clemensb@chromium.org>
      Reviewed-by: 's avatarDominik Inführ <dinfuehr@chromium.org>
      Reviewed-by: 's avatarLeszek Swirski <leszeks@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#70701}
      0d0a3416
  7. 20 Oct, 2020 1 commit
  8. 16 Oct, 2020 2 commits
  9. 07 Oct, 2020 1 commit
  10. 06 Oct, 2020 1 commit
  11. 20 Aug, 2020 1 commit
    • Milad Farazmand's avatar
      AIX: Fix DeclareSymbolGlobal on AIX · 0589a2a2
      Milad Farazmand authored
      Port 929dd374
      
      Original Commit Message:
      
          When CFI is enabled this adds a check against this list whenever a new
          return address must be set in a deoptimized frame, as a mitigation for
          ROP attacks.
          The list is known at linking time so that its content and the pointer
          to it can be stored in a read-only memory section.
          The check is performed in the signing function, which is no longer
          generic, as well as when setting the current pc of the frame.
          Since the pc is now only signed when setting the caller's pc, there
          is no need for ReplaceContext anymore.
      
      R=salome.thirot@arm.com, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
      BUG=
      LOG=N
      
      Change-Id: I5005096811c289707e2d080477c60ae2ed4bf38b
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2365372Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Commit-Queue: Milad Farazmand <miladfar@ca.ibm.com>
      Cr-Commit-Position: refs/heads/master@{#69502}
      0589a2a2
  12. 19 Aug, 2020 1 commit
    • Salome Thirot's avatar
      [arm64] Implement list of allowed return addresses in the deoptimizer · 929dd374
      Salome Thirot authored
      When CFI is enabled this adds a check against this list whenever a new
      return address must be set in a deoptimized frame, as a mitigation for
      ROP attacks.
      The list is known at linking time so that its content and the pointer
      to it can be stored in a read-only memory section.
      The check is performed in the signing function, which is no longer
      generic, as well as when setting the current pc of the frame.
      Since the pc is now only signed when setting the caller's pc, there
      is no need for ReplaceContext anymore.
      
      Bug: v8:10026
      Change-Id: I5e85a62b94722051716fdeba476db383c702a318
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287490Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
      Commit-Queue: Rodolph Perfetta <rodolph.perfetta@arm.com>
      Cr-Commit-Position: refs/heads/master@{#69478}
      929dd374
  13. 22 Jul, 2020 1 commit
  14. 07 May, 2020 1 commit
  15. 17 Apr, 2020 1 commit
    • Jiaxun Yang's avatar
      [builtins][MIPS]: Workaround gas auto-align issue · 72a6e594
      Jiaxun Yang authored
      GAS have a auto-align function which will align all the directive
      data into it's nature boundary. And we're using .octa to present
      data in embedded.S, which will be auto-aligned into 128-bit boundary.
      It can break relatve offset in generated binary.
      So we workaround it by forcing generate .long DataDirective on MIPS.
      
      Also I rewoked WriteByteChunk so it can accept any kind of directive
      now. Further more, implementation of HexLiteral is indentical on
      generic, aix and mac so I merged them into base.
      
      Bug: v8:10420
      Change-Id: I0ff791412360769510735659f909524c5f96d3e0
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2153187Reviewed-by: 's avatarDan Elphick <delphick@chromium.org>
      Commit-Queue: Dan Elphick <delphick@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#67198}
      72a6e594
  16. 17 Mar, 2020 1 commit
  17. 10 Mar, 2020 1 commit
  18. 25 Feb, 2020 1 commit
  19. 15 Nov, 2019 1 commit
  20. 07 Nov, 2019 1 commit
    • Matheus Marchini's avatar
      snapshot: add size info for builtins on Posix · 48d964af
      Matheus Marchini authored
      Lack of size information can cause debugging and observability tools to
      misbehave or to fail. We can see the size for all builtins is zero with
      objdump:
      
        $ objdump -t d8 | grep Builtins_ArgumentsAdaptorTrampoline
        0000000001084a00 l     F .text  0000000000000000              Builtins_ArgumentsAdaptorTrampoline
                                        ^
                                        Size is zero
      
      Tools like bpftrace rely on the function size to guarantee a tracepoint
      is added within function boundaries. Without size information, those
      tools can't guarantee a tracepoint will be added safely.
      
      Add .size directive for each builtin function, as described in
      https://sourceware.org/binutils/docs-2.24/as/Size.html#Size, to fix this
      issue. We can see with objdump that the size is properly set:
      
        $ objdump -t d8 | grep Builtins_ArgumentsAdaptorTrampoline
        00000000010bf820 l     F .text  0000000000000140              Builtins_ArgumentsAdaptorTrampoline
      
      R=bmeurer@chromium.org, hpayer@chromium.org, verwaest@chromium.org, yangguo@chromium.org
      
      Change-Id: I4cd2b0a12b629498dd9d7465cc1002dda37028c7
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1898807
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarBenedikt Meurer <bmeurer@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64824}
      48d964af
  21. 06 Nov, 2019 1 commit
  22. 28 Oct, 2019 2 commits
  23. 22 Oct, 2019 1 commit
  24. 21 Oct, 2019 1 commit
    • Seth Brenith's avatar
      Fix JSEntry unwinding data on Windows ARM64 · cdf8925e
      Seth Brenith authored
      The current unwinding data for JSEntry correctly restores the frame
      pointer and program counter from the caller frame, which might or might
      not be sufficient to continue unwinding, depending on the contents of
      that caller frame. Currently, the cctest StackUnwindingWin64 is broken
      (at least with my build config) because the caller frame also needs the
      stack pointer, which is not restored correctly.
      
      In particular, I see this xdata for v8::internal::GeneratedCode<...>,
      which is the function that calls Builtins_JSEntry:
      
      10400015 : 2 code words, 1 epilog, function length=15
      01000012 : epilog starts at 12 and its unwind handler starts at 4
      e405c8d2 : save_reg x=b z=8
                 alloc_s x=5
                 end
      e405c8d2 : same thing but for the epilog
      
      The prolog that corresponds to the unwind codes above is:
      
      sub sp, sp, #50
      str lr, [sp, #0x40]
      
      Note that it does not set fp, so unwinding requires an accurate sp.
      
      This change emits slightly more complicated unwinding data for JSEntry
      so that the frame pointer, stack pointer, and program counter can all be
      restored.
      
      Change-Id: I0c7f3eba97ef64408f46631b487c4b0ceb06fa9b
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1848860
      Commit-Queue: Seth Brenith <seth.brenith@microsoft.com>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#64435}
      cdf8925e
  25. 13 Sep, 2019 1 commit
  26. 10 Sep, 2019 1 commit
  27. 04 Sep, 2019 1 commit
    • Jakob Gruber's avatar
      [snapshot] Align allocation address for the embedded blob · cabe5fa9
      Jakob Gruber authored
      AllocatePages (used to allocate the embedded blob's backing store
      during mksnapshot) has allocation address, size, and alignment
      parameters. Both address and size are expected to be aligned, but we
      were only aligning size properly. This CL also aligns the address (and
      adds a bunch of comments as well).
      
      Bug: v8:9677
      Change-Id: Ia739682236c74278bcaf1c9b7c9c4b3e0b0c5582
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1784277
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Commit-Queue: Simon Zünd <szuend@chromium.org>
      Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
      Auto-Submit: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63538}
      cabe5fa9
  28. 31 Jul, 2019 1 commit
    • Tom Tan's avatar
      Unwind V8 frames correctly on Windows ARM64 · 3f1f001a
      Tom Tan authored
      On Windows ARM64, OS stack walking does not work because the V8 ARM64 backend
      doesn't emit unwinding info and also because it doesn't emit ABI compliant
      stack frames. This was fixed for Windows X64 (https://crrev.com/c/1469329) and
      documented below:
      
      https://docs.google.com/document/d/1-wf50jFlii0c_Pr52lm2ZU-49m220nhYMrHDi3vXnh0
      
      This problem can be fixed similarly for Windows ARM64 by observing that V8
      frames usually all have the same prolog which maintains a chain via frame
      pointer (fp or x29 register).
      
      stp fp, lr, [sp, ...]
      
      One exception is JSEntry which stops fp pointer chain and needs to be handled
      specially.
      
      So it is possible to define XDATA with UNWIND_CODE which specify how Windows
      should walk through V8 dynamic frames. The same as X64, since V8 Code objects
      are all allocated in the same code-range for an Isolate, it is possible to
      register at most 2 XDATA and a group of PDATA entries to cover stack walking
      for all the code generated inside that code-range. This is more than 1
      PDATA/XDATA because according to the Windows ARM64 exeption handling document,
      1 PDATA can cover less than 1MB code range (see below doc).
      
      https://docs.microsoft.com/en-us/cpp/build/arm64-exception-handling
      
      This PR implements stackwalk for Windows ARM64 to be on par with X64, including
      embedded builtins, jitted code and wasm jitted code, but not including register
      handler for handling exception only, because there is no backward compatibility
      to maintain for Windows ARM64 which was released since 1709 windows build.
      
      Bug: chromium:893460
      Change-Id: Ic74cbdad8af5cf342185030a4c53796f12ea5429
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1701133Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Jakob Gruber <jgruber@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#63002}
      3f1f001a
  29. 08 Jul, 2019 1 commit
    • Simon Zünd's avatar
      Reland "[snapshot] Add '.note.GNU-stack' marker section for ELF snapshots" · b658d9c7
      Simon Zünd authored
      This is a reland of f24e9958
      
      Speculatively relanding the CL. LLD ignores the added section, so the
      output should not be any different. The issue was also not reproducible
      locally. Keeping an eye on the bot/roll to quickly revert, in case this
      CL really breaks the deterministic build.
      
      Original change's description:
      > [snapshot] Add '.note.GNU-stack' marker section for ELF snapshots
      >
      > This snapshot adds a marker section to the output assembly of
      > mksnapshot. Omitting this section can imply an executable stack, which
      > can result in linker warnings.
      >
      > R=jgruber@chromium.org
      >
      > Change-Id: I6f5dacb24de3a852faf6ce0caf18c32b499ba5a9
      > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1687669
      > Commit-Queue: Simon Zünd <szuend@chromium.org>
      > Reviewed-by: Jakob Gruber <jgruber@chromium.org>
      > Cr-Commit-Position: refs/heads/master@{#62504}
      
      TBR=jgruber@chromium.org
      
      Bug: chromium:981138
      Change-Id: I2ddbaa7aa33f125ea0a0854cd9a94108c3a3845f
      Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1690825Reviewed-by: 's avatarSimon Zünd <szuend@chromium.org>
      Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
      Commit-Queue: Simon Zünd <szuend@chromium.org>
      Cr-Commit-Position: refs/heads/master@{#62560}
      b658d9c7
  30. 05 Jul, 2019 1 commit
  31. 03 Jul, 2019 1 commit
  32. 27 May, 2019 4 commits