src/compiler · 94add18bc61a24cd09ef2d50557ea4549234e453 · Linshizhi / V8

Reland "[rwx][mac] Support fast W^X permission switching on Apple Silicon (M1)" · 449ece38

Igor Sheludko authored Apr 28, 2022

This is a reland of commit 9d31f866
There were issues with --future flag implications on M1.

Original change's description:
> [rwx][mac] Support fast W^X permission switching on Apple Silicon (M1)
>
> ... for V8 code space. The feature is currently disabled.
>
> In order to use fast W^X permission switching we must allocate
> executable pages with readable writable executable permissions (RWX).
> However, MacOS on ARM64 ("Apple M1"/Apple Silicon) prohibits further
> permission changing of RWX memory pages. This means that the code page
> headers must be allocated with RWX permissions too because otherwise
> it wouldn't be possible to allocate a large code page over the freed
> regular code page and vice versa.
>
> When enabled, the new machinery works as follows:
>
> 1) when memory region is reserved for allocating executable pages, the
>    whole region is committed with RWX permissions and then decommitted,
> 2) since reconfiguration of RWX page permissions is not allowed on
>    MacOS on ARM64 ("Apple M1"/Apple Silicon), there must be no attempts
>    to change them,
> 3) the request to set RWX permissions in the executable page region
>    just recommits the pages without changing permissions (see (1), they
>    were already allocated as RWX and then discarded),
> 4) in order to make executable pages inaccessible one must use
>    OS::DiscardSystemPages() instead of OS::DecommitPages() or
>    setting permissions to kNoAccess because the latter two are not
>    allowed by the MacOS (see (2)).
> 5) since code space page headers are allocated as RWX pages it's also
>    necessary to switch between W^X modes when updating the data in the
>    page headers (i.e. when marking, updating stats, wiring pages in
>    lists, etc.). The new CodePageHeaderModificationScope class is used
>    in the respective places. On unrelated configurations it's a no-op.
>
> The fast permission switching can't be used for V8 configuration with
> enabled pointer compression and disabled external code space because
> a) the pointer compression cage has to be reserved with MAP_JIT flag
>    which is too expensive,
> b) in case of shared pointer compression cage if the code range will
>    be deleted while the cage is still alive then attempt to configure
>    permissions of pages that were previously set to RWX will fail.
>
> This also CL extends the unmapper unit tests with permissions tracking
> for discarded pages.
>
> Bug: v8:12797
> Change-Id: Idb28cbc481306477589eee9962d2e75167d87c61
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3579303
> Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
> Reviewed-by: Clemens Backes <clemensb@chromium.org>
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#80238}

Bug: v8:12797
Change-Id: I0fe86666f31bad37d7074e217555c95900d2afba
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3610433Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/main@{#80259}

449ece38

Name	Last commit	Last update
..
backend		Loading commit data...
turboshaft		Loading commit data...
DEPS		Loading commit data...
DIR_METADATA		Loading commit data...
OWNERS		Loading commit data...
access-builder.cc		Loading commit data...
access-builder.h		Loading commit data...
access-info.cc		Loading commit data...
access-info.h		Loading commit data...
add-type-assertions-reducer.cc		Loading commit data...
add-type-assertions-reducer.h		Loading commit data...
all-nodes.cc		Loading commit data...
all-nodes.h		Loading commit data...
allocation-builder-inl.h		Loading commit data...
allocation-builder.h		Loading commit data...
basic-block-instrumentor.cc		Loading commit data...
basic-block-instrumentor.h		Loading commit data...
branch-condition-duplicator.cc		Loading commit data...
branch-condition-duplicator.h		Loading commit data...
branch-elimination.cc		Loading commit data...
branch-elimination.h		Loading commit data...
bytecode-analysis.cc		Loading commit data...
bytecode-analysis.h		Loading commit data...
bytecode-graph-builder.cc		Loading commit data...
bytecode-graph-builder.h		Loading commit data...
bytecode-liveness-map.cc		Loading commit data...
bytecode-liveness-map.h		Loading commit data...
c-linkage.cc		Loading commit data...
checkpoint-elimination.cc		Loading commit data...
checkpoint-elimination.h		Loading commit data...
code-assembler.cc		Loading commit data...
code-assembler.h		Loading commit data...
common-node-cache.cc		Loading commit data...
common-node-cache.h		Loading commit data...
common-operator-reducer.cc		Loading commit data...
common-operator-reducer.h		Loading commit data...
common-operator.cc		Loading commit data...
common-operator.h		Loading commit data...
compilation-dependencies.cc		Loading commit data...
compilation-dependencies.h		Loading commit data...
compiler-source-position-table.cc		Loading commit data...
compiler-source-position-table.h		Loading commit data...
constant-folding-reducer.cc		Loading commit data...
constant-folding-reducer.h		Loading commit data...
control-equivalence.cc		Loading commit data...
control-equivalence.h		Loading commit data...
control-flow-optimizer.cc		Loading commit data...
control-flow-optimizer.h		Loading commit data...
csa-load-elimination.cc		Loading commit data...
csa-load-elimination.h		Loading commit data...
dead-code-elimination.cc		Loading commit data...
dead-code-elimination.h		Loading commit data...
decompression-optimizer.cc		Loading commit data...
decompression-optimizer.h		Loading commit data...
diamond.h		Loading commit data...
effect-control-linearizer.cc		Loading commit data...
effect-control-linearizer.h		Loading commit data...
escape-analysis-reducer.cc		Loading commit data...
escape-analysis-reducer.h		Loading commit data...
escape-analysis.cc		Loading commit data...
escape-analysis.h		Loading commit data...
fast-api-calls.cc		Loading commit data...
fast-api-calls.h		Loading commit data...
feedback-source.cc		Loading commit data...
feedback-source.h		Loading commit data...
frame-states.cc		Loading commit data...
frame-states.h		Loading commit data...
frame.cc		Loading commit data...
frame.h		Loading commit data...
functional-list.h		Loading commit data...
globals.h		Loading commit data...
graph-assembler.cc		Loading commit data...
graph-assembler.h		Loading commit data...
graph-reducer.cc		Loading commit data...
graph-reducer.h		Loading commit data...
graph-trimmer.cc		Loading commit data...
graph-trimmer.h		Loading commit data...
graph-visualizer.cc		Loading commit data...
graph-visualizer.h		Loading commit data...
graph-zone-traits.h		Loading commit data...
graph.cc		Loading commit data...
graph.h		Loading commit data...
heap-refs.cc		Loading commit data...
heap-refs.h		Loading commit data...
int64-lowering.cc		Loading commit data...
int64-lowering.h		Loading commit data...
js-call-reducer.cc		Loading commit data...
js-call-reducer.h		Loading commit data...
js-context-specialization.cc		Loading commit data...
js-context-specialization.h		Loading commit data...
js-create-lowering.cc		Loading commit data...
js-create-lowering.h		Loading commit data...
js-generic-lowering.cc		Loading commit data...
js-generic-lowering.h		Loading commit data...
js-graph.cc		Loading commit data...
js-graph.h		Loading commit data...
js-heap-broker.cc		Loading commit data...
js-heap-broker.h		Loading commit data...
js-inlining-heuristic.cc		Loading commit data...
js-inlining-heuristic.h		Loading commit data...
js-inlining.cc		Loading commit data...
js-inlining.h		Loading commit data...
js-intrinsic-lowering.cc		Loading commit data...
js-intrinsic-lowering.h		Loading commit data...
js-native-context-specialization.cc		Loading commit data...
js-native-context-specialization.h		Loading commit data...
js-operator.cc		Loading commit data...
js-operator.h		Loading commit data...
js-type-hint-lowering.cc		Loading commit data...
js-type-hint-lowering.h		Loading commit data...
js-typed-lowering.cc		Loading commit data...
js-typed-lowering.h		Loading commit data...
linkage.cc		Loading commit data...
linkage.h		Loading commit data...
load-elimination.cc		Loading commit data...
load-elimination.h		Loading commit data...
loop-analysis.cc		Loading commit data...
loop-analysis.h		Loading commit data...
loop-peeling.cc		Loading commit data...
loop-peeling.h		Loading commit data...
loop-unrolling.cc		Loading commit data...
loop-unrolling.h		Loading commit data...
loop-variable-optimizer.cc		Loading commit data...
loop-variable-optimizer.h		Loading commit data...
machine-graph-verifier.cc		Loading commit data...
machine-graph-verifier.h		Loading commit data...
machine-graph.cc		Loading commit data...
machine-graph.h		Loading commit data...
machine-operator-reducer.cc		Loading commit data...
machine-operator-reducer.h		Loading commit data...
machine-operator.cc		Loading commit data...
machine-operator.h		Loading commit data...
map-inference.cc		Loading commit data...
map-inference.h		Loading commit data...
memory-lowering.cc		Loading commit data...
memory-lowering.h		Loading commit data...
memory-optimizer.cc		Loading commit data...
memory-optimizer.h		Loading commit data...
node-aux-data.h		Loading commit data...
node-cache.h		Loading commit data...
node-marker.cc		Loading commit data...
node-marker.h		Loading commit data...
node-matchers.cc		Loading commit data...
node-matchers.h		Loading commit data...
node-observer.cc		Loading commit data...
node-observer.h		Loading commit data...
node-origin-table.cc		Loading commit data...
node-origin-table.h		Loading commit data...
node-properties.cc		Loading commit data...
node-properties.h		Loading commit data...
node.cc		Loading commit data...
node.h		Loading commit data...
opcodes.cc		Loading commit data...
opcodes.h		Loading commit data...
operation-typer.cc		Loading commit data...
operation-typer.h		Loading commit data...
operator-properties.cc		Loading commit data...
operator-properties.h		Loading commit data...
operator.cc		Loading commit data...
operator.h		Loading commit data...
osr.cc		Loading commit data...
osr.h		Loading commit data...
per-isolate-compiler-cache.h		Loading commit data...
persistent-map.h		Loading commit data...
pipeline-statistics.cc		Loading commit data...
pipeline-statistics.h		Loading commit data...
pipeline.cc		Loading commit data...
pipeline.h		Loading commit data...
processed-feedback.h		Loading commit data...
property-access-builder.cc		Loading commit data...
property-access-builder.h		Loading commit data...
raw-machine-assembler.cc		Loading commit data...
raw-machine-assembler.h		Loading commit data...
redundancy-elimination.cc		Loading commit data...
redundancy-elimination.h		Loading commit data...
refs-map.cc		Loading commit data...
refs-map.h		Loading commit data...
representation-change.cc		Loading commit data...
representation-change.h		Loading commit data...
schedule.cc		Loading commit data...
schedule.h		Loading commit data...
scheduler.cc		Loading commit data...
scheduler.h		Loading commit data...
select-lowering.cc		Loading commit data...
select-lowering.h		Loading commit data...
simplified-lowering-verifier.cc		Loading commit data...
simplified-lowering-verifier.h		Loading commit data...
simplified-lowering.cc		Loading commit data...
simplified-lowering.h		Loading commit data...
simplified-operator-reducer.cc		Loading commit data...
simplified-operator-reducer.h		Loading commit data...
simplified-operator.cc		Loading commit data...
simplified-operator.h		Loading commit data...
state-values-utils.cc		Loading commit data...
state-values-utils.h		Loading commit data...
store-store-elimination.cc		Loading commit data...
store-store-elimination.h		Loading commit data...
type-cache.cc		Loading commit data...
type-cache.h		Loading commit data...
type-narrowing-reducer.cc		Loading commit data...
type-narrowing-reducer.h		Loading commit data...
typed-optimization.cc		Loading commit data...
typed-optimization.h		Loading commit data...
typer.cc		Loading commit data...
typer.h		Loading commit data...
types.cc		Loading commit data...
types.h		Loading commit data...
value-numbering-reducer.cc		Loading commit data...
value-numbering-reducer.h		Loading commit data...
verifier.cc		Loading commit data...
verifier.h		Loading commit data...
wasm-compiler.cc		Loading commit data...
wasm-compiler.h		Loading commit data...
wasm-escape-analysis.cc		Loading commit data...
wasm-escape-analysis.h		Loading commit data...
wasm-inlining.cc		Loading commit data...
wasm-inlining.h		Loading commit data...
wasm-loop-peeling.cc		Loading commit data...
wasm-loop-peeling.h		Loading commit data...
write-barrier-kind.h		Loading commit data...
zone-stats.cc		Loading commit data...
zone-stats.h		Loading commit data...