[wasm] Add ProtectedStore instruction

src/compiler/wasm-compiler.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/compiler/wasm-compiler.h"
 
 #include <memory>
 
 #include "src/isolate-inl.h"
 
@@ skipping 2991 matching lines @@
   return load;
 }
 
 
 Node* WasmGraphBuilder::StoreMem(MachineType memtype, Node* index,
                                  uint32_t offset, uint32_t alignment, Node* val,
                                  wasm::WasmCodePosition position) {
   Node* store;
 
   // WASM semantics throw on OOB. Introduce explicit bounds check.
-  BoundsCheckMem(memtype, index, offset, position);
+  if (!FLAG_wasm_trap_handler) {

[bradnelson, 2016/11/22 02:02:36]

The fuzzers are going to throw up a lot of issues if this doesn't fail
gracefully with this flag on.

Don't we need to gate all of this off in the case the arch doesn't support the
handler?

[titzer, 2016/11/22 10:33:20]

I think we should (eventually) implement ProtectedLoad and ProtectedStore on all
architectures, because it might be useful even on 32-bit for another purpose
(e.g. stack checks).

So we need to add a configuration mechanism for whether protected memories are
supported on the platform.

[Eric Holk, 2016/11/22 23:16:25]

I actually added something similar in the guard pages CL. I changed it to do the
same here.

Done.

+    BoundsCheckMem(memtype, index, offset, position);
+  }
   StoreRepresentation rep(memtype.representation(), kNoWriteBarrier);
 
   bool aligned = static_cast<int>(alignment) >=
                  ElementSizeLog2Of(memtype.representation());
 
 #if defined(V8_TARGET_BIG_ENDIAN)
   val = BuildChangeEndianness(val, memtype);
 #endif
 
   if (aligned ||
       jsgraph()->machine()->UnalignedStoreSupported(memtype, alignment)) {
-    StoreRepresentation rep(memtype.representation(), kNoWriteBarrier);
-    store =
-        graph()->NewNode(jsgraph()->machine()->Store(rep), MemBuffer(offset),
-                         index, val, *effect_, *control_);
+    if (FLAG_wasm_trap_handler) {
+      Node* context = HeapConstant(module_->instance->context);
+      Node* position_node = jsgraph()->Int32Constant(position);
+      store = graph()->NewNode(
+          jsgraph()->machine()->ProtectedStore(memtype.representation()),
+          MemBuffer(offset), index, val, context, position_node, *effect_,
+          *control_);
+    } else {
+      StoreRepresentation rep(memtype.representation(), kNoWriteBarrier);
+      store =
+          graph()->NewNode(jsgraph()->machine()->Store(rep), MemBuffer(offset),
+                           index, val, *effect_, *control_);
+    }
   } else {
+    DCHECK(!FLAG_wasm_trap_handler);

[bradnelson, 2016/11/22 02:02:36]

A TODO to support this?

[Eric Holk, 2016/11/22 23:16:25]

Done, and for ProtectedLoad.

     UnalignedStoreRepresentation rep(memtype.representation());
     store =
         graph()->NewNode(jsgraph()->machine()->UnalignedStore(rep),
                          MemBuffer(offset), index, val, *effect_, *control_);
   }
 
   *effect_ = store;
 
   return store;
 }
@@ skipping 452 matching lines @@
                             function_->code_start_offset),
            compile_ms);
   }
 
   return code;
 }
 
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8