cppgc: Conservative stack scanning

mlippautz · Commit Bot · commit c10863153ae4 · 2020-03-30T19:43:06.000Z
Adds support for conservative stack scanning on x64. The trampolines saving callee-saved registers are compiled using clang (non-Windows) and MASM (Windows). This is using the default toolchain for assembly in Chromium/V8. This differs from Oilpan in Chromium where x86 and x64 are compiled using NASM [1]. V8 does not yet require this dependency and building the trampolines natively avoids it. (NASM also requires separate blocks for x64 Windows and non-Windows.) On non-x86/x64 platforms Chromium also uses clang, so there's little benefit in keeping the dependency. The trampolines are tested when building with clang. Other platforms follow in separate CLs. [1] https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/platform/heap/asm/SaveRegisters_x86.asm Change-Id: Ice2e23e44391aa94147abe75ee0b5afac458b8f8 Bug: chromium:1056170 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2124319 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Omer Katz <omerkatz@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Ulan Degenbaev <ulan@chromium.org> Cr-Commit-Position: refs/heads/master@{#66913}
diff --git a/BUILD.gn b/BUILD.gn
@@ -3946,8 +3946,19 @@ v8_source_set("cppgc_base") {
     "src/heap/cppgc/heap.cc",
     "src/heap/cppgc/heap.h",
     "src/heap/cppgc/platform.cc",
+    "src/heap/cppgc/sanitizers.h",
+    "src/heap/cppgc/stack.cc",
+    "src/heap/cppgc/stack.h",
   ]
 
+  if (target_cpu == "x64") {
+    if (is_win) {
+      sources += [ "src/heap/cppgc/asm/x64/push_registers_win.S" ]
+    } else {
+      sources += [ "src/heap/cppgc/asm/x64/push_registers.S" ]
+    }
+  }
+
   configs = [ ":internal_config" ]
 
   public_deps = [ ":v8_libbase" ]
diff --git a/src/heap/cppgc/asm/x64/push_registers.S b/src/heap/cppgc/asm/x64/push_registers.S
@@ -0,0 +1,48 @@
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+.att_syntax
+
+.text
+
+#ifdef V8_TARGET_OS_MACOSX
+
+.globl _PushAllRegistersAndIterateStack
+_PushAllRegistersAndIterateStack:
+
+#else  // !V8_TARGET_OS_MACOSX
+
+.type PushAllRegistersAndIterateStack, %function
+.global PushAllRegistersAndIterateStack
+.hidden PushAllRegistersAndIterateStack
+PushAllRegistersAndIterateStack:
+
+#endif  // !V8_TARGET_OS_MACOSX
+
+    // Push all callee-saved registers to get them on the stack for conservative
+    // stack scanning.
+    //
+    // We maintain 16-byte alignment at calls. There is an 8-byte return address
+    // on the stack and we push 56 bytes which maintains 16-byte stack alignment
+    // at the call.
+    // Source: https://github.com/hjl-tools/x86-psABI/wiki/x86-64-psABI-1.0.pdf
+    push $0xCDCDCD  // Dummy for alignment.
+    push %rbx
+    push %rbp
+    push %r12
+    push %r13
+    push %r14
+    push %r15
+    // Pass 1st parameter (rdi) unchanged (this).
+    // Pass 2nd parameter (rsi) unchanged (StackVisitor*).
+    // Save 3rd parameter (rdx; callback)
+    mov %rdx, %r8
+    // Pass 3rd parameter as rsp (stack pointer).
+    mov %rsp, %rdx
+    // Call the callback.
+    call *%r8
+    // Pop the callee-saved registers. None of them were modified so no
+    // restoring is needed.
+    add $56, %rsp
+    ret
diff --git a/src/heap/cppgc/asm/x64/push_registers_win.S b/src/heap/cppgc/asm/x64/push_registers_win.S
@@ -0,0 +1,41 @@
+;; Copyright 2020 the V8 project authors. All rights reserved.
+;; Use of this source code is governed by a BSD-style license that can be
+;; found in the LICENSE file.
+
+;; MASM syntax
+;; https://docs.microsoft.com/en-us/cpp/assembler/masm/microsoft-macro-assembler-reference?view=vs-2019
+
+public PushAllRegistersAndIterateStack
+
+.code
+PushAllRegistersAndIterateStack:
+    ;; Push all callee-saved registers to get them on the stack for conservative
+    ;; stack scanning.
+    ;;
+    ;; We maintain 16-byte alignment at calls. There is an 8-byte return address
+    ;; on the stack and we push 72 bytes which maintains 16-byte stack alignment
+    ;; at the call.
+    ;; Source: https://docs.microsoft.com/en-us/cpp/build/x64-calling-convention
+    push 0CDCDCDh  ;; Dummy for alignment.
+    push rsi
+    push rdi
+    push rbx
+    push rbp
+    push r12
+    push r13
+    push r14
+    push r15
+    ;; Pass 1st parameter (rcx) unchanged (this).
+    ;; Pass 2nd parameter (rdx) unchanged (StackVisitor*).
+    ;; Save 3rd parameter (r8; callback)
+    mov r9, r8
+    ;; Pass 3rd parameter as rsp (stack pointer).
+    mov r8, rsp
+    ;; Call the callback.
+    call r9
+    ;; Pop the callee-saved registers. None of them were modified so no
+    ;; restoring is needed.
+    add rsp, 72
+    ret
+
+end
diff --git a/src/heap/cppgc/sanitizers.h b/src/heap/cppgc/sanitizers.h
@@ -0,0 +1,38 @@
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef V8_HEAP_CPPGC_SANITIZERS_H_
+#define V8_HEAP_CPPGC_SANITIZERS_H_
+
+#include "src/base/macros.h"
+
+//
+// TODO(chromium:1056170): Find a place in base for sanitizer support.
+//
+
+#ifdef V8_USE_ADDRESS_SANITIZER
+
+#include <sanitizer/asan_interface.h>
+
+#define NO_SANITIZE_ADDRESS __attribute__((no_sanitize_address))
+
+#else  // !V8_USE_ADDRESS_SANITIZER
+
+#define NO_SANITIZE_ADDRESS
+
+#endif  // V8_USE_ADDRESS_SANITIZER
+
+#ifdef V8_USE_MEMORY_SANITIZER
+
+#include <sanitizer/msan_interface.h>
+
+#define MSAN_UNPOISON(addr, size) __msan_unpoison(addr, size)
+
+#else  // !V8_USE_MEMORY_SANITIZER
+
+#define MSAN_UNPOISON(addr, size) ((void)(addr), (void)(size))
+
+#endif  // V8_USE_MEMORY_SANITIZER
+
+#endif  // V8_HEAP_CPPGC_SANITIZERS_H_
diff --git a/src/heap/cppgc/stack.cc b/src/heap/cppgc/stack.cc
@@ -0,0 +1,136 @@
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/heap/cppgc/stack.h"
+
+#include <limits>
+
+#include "src/base/platform/platform.h"
+#include "src/heap/cppgc/globals.h"
+#include "src/heap/cppgc/sanitizers.h"
+
+namespace cppgc {
+namespace internal {
+
+using IterateStackCallback = void (Stack::*)(StackVisitor*, intptr_t*) const;
+extern "C" void PushAllRegistersAndIterateStack(const Stack*, StackVisitor*,
+                                                IterateStackCallback);
+
+Stack::Stack(const void* stack_start) : stack_start_(stack_start) {}
+
+bool Stack::IsOnStack(void* slot) const {
+  void* raw_slot = v8::base::Stack::GetStackSlot(slot);
+  return v8::base::Stack::GetCurrentStackPosition() <= raw_slot &&
+         raw_slot <= stack_start_;
+}
+
+namespace {
+
+#ifdef V8_USE_ADDRESS_SANITIZER
+
+// No ASAN support as accessing fake frames otherwise results in
+// "stack-use-after-scope" warnings.
+NO_SANITIZE_ADDRESS
+void IterateAsanFakeFrameIfNecessary(StackVisitor* visitor,
+                                     void* asan_fake_stack,
+                                     const void* stack_start,
+                                     const void* stack_end, void* address) {
+  // When using ASAN fake stack a pointer to the fake frame is kept on the
+  // native frame. In case |addr| points to a fake frame of the current stack
+  // iterate the fake frame. Frame layout see
+  // https://github.com/google/sanitizers/wiki/AddressSanitizerUseAfterReturn
+  if (asan_fake_stack) {
+    void* fake_frame_begin;
+    void* fake_frame_end;
+    void* real_stack_frame = __asan_addr_is_in_fake_stack(
+        asan_fake_stack, address, &fake_frame_begin, &fake_frame_end);
+    if (real_stack_frame) {
+      // |address| points to a fake frame. Check that the fake frame is part
+      // of this stack.
+      if (stack_start >= real_stack_frame && real_stack_frame >= stack_end) {
+        // Iterate the fake frame.
+        for (void** current = reinterpret_cast<void**>(fake_frame_begin);
+             current < fake_frame_end; ++current) {
+          void* addr = *current;
+          if (addr == nullptr) continue;
+          visitor->VisitPointer(addr);
+        }
+      }
+    }
+  }
+}
+
+#endif  // V8_USE_ADDRESS_SANITIZER
+
+#ifdef V8_TARGET_ARCH_X64
+
+void IterateSafeStackIfNecessary(StackVisitor* visitor) {
+#if defined(__has_feature)
+#if __has_feature(safe_stack)
+  // Source:
+  // https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/safestack/safestack.cpp
+  constexpr size_t kSafeStackAlignmentBytes = 16;
+  void* stack_end = __builtin___get_unsafe_stack_ptr();
+  void* stack_start = __builtin___get_unsafe_stack_top();
+  CHECK_GT(stack_start, stack_end);
+  CHECK_EQ(0u, reinterpret_cast<uintptr_t>(stack_end) &
+                   (kSafeStackAlignmentBytes - 1));
+  CHECK_EQ(0u, reinterpret_cast<uintptr_t>(stack_start) &
+                   (kSafeStackAlignmentBytes - 1));
+  void** current = reinterpret_cast<void**>(stack_end);
+  for (; current < stack_start; ++current) {
+    void* address = *current;
+    if (address == nullptr) continue;
+    visitor->VisitPointer(address);
+  }
+#endif  // __has_feature(safe_stack)
+#endif  // defined(__has_feature)
+}
+
+#endif  // V8_TARGET_ARCH_X64
+
+}  // namespace
+
+#ifdef V8_TARGET_ARCH_X64
+void Stack::IteratePointers(StackVisitor* visitor) const {
+  PushAllRegistersAndIterateStack(this, visitor, &Stack::IteratePointersImpl);
+  // No need to deal with callee-saved registers as they will be kept alive by
+  // the regular conservative stack iteration.
+  IterateSafeStackIfNecessary(visitor);
+}
+#endif  // V8_TARGET_ARCH_X64
+
+// No ASAN support as method accesses redzones while walking the stack.
+NO_SANITIZE_ADDRESS
+void Stack::IteratePointersImpl(StackVisitor* visitor,
+                                intptr_t* stack_end) const {
+#ifdef V8_USE_ADDRESS_SANITIZER
+  void* asan_fake_stack = __asan_get_current_fake_stack();
+#endif  // V8_USE_ADDRESS_SANITIZER
+  // All supported platforms should have their stack aligned to at least
+  // sizeof(void*).
+  constexpr size_t kMinStackAlignment = sizeof(void*);
+  // Redzone should not contain any pointers as the iteration is always called
+  // from the assembly trampoline. If inline assembly is ever inlined through
+  // LTO this may become necessary.
+  constexpr size_t kRedZoneBytes = 128;
+  void** current = reinterpret_cast<void**>(
+      reinterpret_cast<uintptr_t>(stack_end - kRedZoneBytes));
+  CHECK_EQ(0u, reinterpret_cast<uintptr_t>(current) & (kMinStackAlignment - 1));
+  for (; current < stack_start_; ++current) {
+    // MSAN: Instead of unpoisoning the whole stack, the slot's value is copied
+    // into a local which is unpoisoned.
+    void* address = *current;
+    MSAN_UNPOISON(address, sizeof(address));
+    if (address == nullptr) continue;
+    visitor->VisitPointer(address);
+#ifdef V8_USE_ADDRESS_SANITIZER
+    IterateAsanFakeFrameIfNecessary(visitor, asan_fake_stack, stack_start_,
+                                    stack_end, address);
+#endif  // V8_USE_ADDRESS_SANITIZER
+  }
+}
+
+}  // namespace internal
+}  // namespace cppgc
diff --git a/src/heap/cppgc/stack.h b/src/heap/cppgc/stack.h
@@ -0,0 +1,46 @@
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef V8_HEAP_CPPGC_STACK_H_
+#define V8_HEAP_CPPGC_STACK_H_
+
+#include "src/base/macros.h"
+
+namespace cppgc {
+namespace internal {
+
+class StackVisitor {
+ public:
+  virtual void VisitPointer(const void* address) = 0;
+};
+
+// Abstraction over the stack. Supports handling of:
+// - native stack;
+// - ASAN/MSAN;
+// - SafeStack: https://releases.llvm.org/10.0.0/tools/clang/docs/SafeStack.html
+class V8_EXPORT_PRIVATE Stack final {
+ public:
+  explicit Stack(const void* stack_start);
+
+  // Returns true if |slot| is part of the stack and false otherwise.
+  bool IsOnStack(void* slot) const;
+
+  // Word-aligned iteration of the stack. Slot values are passed on to
+  // |visitor|.
+  //
+  // TODO(chromium:1056170): Implement all platforms.
+#ifdef V8_TARGET_ARCH_X64
+  void IteratePointers(StackVisitor* visitor) const;
+#endif  // V8_TARGET_ARCH_X64
+
+ private:
+  void IteratePointersImpl(StackVisitor* visitor, intptr_t* stack_end) const;
+
+  const void* stack_start_;
+};
+
+}  // namespace internal
+}  // namespace cppgc
+
+#endif  // V8_HEAP_CPPGC_STACK_H_
diff --git a/test/unittests/BUILD.gn b/test/unittests/BUILD.gn
@@ -49,6 +49,7 @@ v8_source_set("cppgc_unittests_sources") {
     "heap/cppgc/garbage-collected_unittest.cc",
     "heap/cppgc/gc-info_unittest.cc",
     "heap/cppgc/heap-object-header_unittest.cc",
+    "heap/cppgc/stack_unittest.cc",
     "heap/cppgc/tests.cc",
     "heap/cppgc/tests.h",
   ]
diff --git a/test/unittests/heap/cppgc/stack_unittest.cc b/test/unittests/heap/cppgc/stack_unittest.cc

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ v8_source_set("cppgc_unittests_sources") {`
`49`	`49`	`"heap/cppgc/garbage-collected_unittest.cc",`
`50`	`50`	`"heap/cppgc/gc-info_unittest.cc",`
`51`	`51`	`"heap/cppgc/heap-object-header_unittest.cc",`
	`52`	`+ "heap/cppgc/stack_unittest.cc",`
`52`	`53`	`"heap/cppgc/tests.cc",`
`53`	`54`	`"heap/cppgc/tests.h",`
`54`	`55`	`]`