[ptr-cage] Rename IsolateRoot to PtrComprCageBase

Currently, IsolateRoot is both the address of the Isolate root and the
base address of the pointer compression reservation. This CL teases the
two uses apart by renaming IsolateRoot to PtrComprCageBase.

- In addition to V8_COMPRESS_POINTERS, add a
  V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE (vs SHARED_CAGE).

- Rename GetIsolate* helpers to GetPtrComprCageBase. When
  V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE is true, the helpers remain as
  aliases to GetPtrComprCageBase.

- Rename kPtrComprIsolateRootAlignment to kPtrComprCageBaseAlignment.

Bug: v8:11460
Change-Id: I1d715f678ce9a0b5731895612ca14f56579b1c48
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2783672
Commit-Queue: Shu-yu Guo <syg@chromium.org>
Auto-Submit: Shu-yu Guo <syg@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73790}

BUILD.gn

@@ -404,6 +404,10 @@ if (v8_enable_shared_ro_heap && v8_enable_pointer_compression) {
       "Sharing read-only heap with pointer compression is only supported on Linux or Android")
 }
 
+assert(
+    !v8_enable_pointer_compression_shared_cage || !v8_enable_shared_ro_heap,
+    "Sharing read-only heap is not yet supported when sharing a pointer compression cage")
+
 assert(!v8_use_multi_snapshots || !v8_control_flow_integrity,
        "Control-flow integrity does not support multisnapshots")
 
@@ -554,6 +558,7 @@ external_v8_defines = [
   "V8_ENABLE_CHECKS",
   "V8_COMPRESS_POINTERS",
   "V8_COMPRESS_POINTERS_IN_SHARED_CAGE",
+  "V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE",
   "V8_31BIT_SMIS_ON_64BIT_ARCH",
   "V8_COMPRESS_ZONES",
   "V8_HEAP_SANDBOX",
@@ -573,6 +578,8 @@ if (v8_enable_pointer_compression) {
 }
 if (v8_enable_pointer_compression_shared_cage) {
   enabled_external_v8_defines += [ "V8_COMPRESS_POINTERS_IN_SHARED_CAGE" ]
+} else if (v8_enable_pointer_compression) {
+  enabled_external_v8_defines += [ "V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE" ]
 }
 if (v8_enable_pointer_compression || v8_enable_31bit_smis_on_64bit_arch) {
   enabled_external_v8_defines += [ "V8_31BIT_SMIS_ON_64BIT_ARCH" ]

include/v8-internal.h

@@ -358,8 +358,9 @@ class Internals {
       internal::Address heap_object_ptr, int offset) {
 #ifdef V8_COMPRESS_POINTERS
     uint32_t value = ReadRawField<uint32_t>(heap_object_ptr, offset);
-    internal::Address root = GetRootFromOnHeapAddress(heap_object_ptr);
-    return root + static_cast<internal::Address>(static_cast<uintptr_t>(value));
+    internal::Address base =
+        GetPtrComprCageBaseFromOnHeapAddress(heap_object_ptr);
+    return base + static_cast<internal::Address>(static_cast<uintptr_t>(value));
 #else
     return ReadRawField<internal::Address>(heap_object_ptr, offset);
 #endif
@@ -411,18 +412,19 @@ class Internals {
 
 #ifdef V8_COMPRESS_POINTERS
   // See v8:7703 or src/ptr-compr.* for details about pointer compression.
-  static constexpr size_t kPtrComprHeapReservationSize = size_t{1} << 32;
-  static constexpr size_t kPtrComprIsolateRootAlignment = size_t{1} << 32;
+  static constexpr size_t kPtrComprCageReservationSize = size_t{1} << 32;
+  static constexpr size_t kPtrComprCageBaseAlignment = size_t{1} << 32;
 
-  V8_INLINE static internal::Address GetRootFromOnHeapAddress(
+  V8_INLINE static internal::Address GetPtrComprCageBaseFromOnHeapAddress(
       internal::Address addr) {
-    return addr & -static_cast<intptr_t>(kPtrComprIsolateRootAlignment);
+    return addr & -static_cast<intptr_t>(kPtrComprCageBaseAlignment);
   }
 
   V8_INLINE static internal::Address DecompressTaggedAnyField(
       internal::Address heap_object_ptr, uint32_t value) {
-    internal::Address root = GetRootFromOnHeapAddress(heap_object_ptr);
-    return root + static_cast<internal::Address>(static_cast<uintptr_t>(value));
+    internal::Address base =
+        GetPtrComprCageBaseFromOnHeapAddress(heap_object_ptr);
+    return base + static_cast<internal::Address>(static_cast<uintptr_t>(value));
   }
 
 #endif  // V8_COMPRESS_POINTERS

src/ast/ast.cc

@@ -661,7 +661,7 @@ void ArrayLiteral::BuildBoilerplateDescription(LocalIsolate* isolate) {
           boilerplate_descriptor_kind(),
           GetMoreGeneralElementsKind(boilerplate_descriptor_kind(),
                                      boilerplate_value.OptimalElementsKind(
-                                         GetIsolateForPtrCompr(*elements))));
+                                         GetPtrComprCageBase(*elements))));
 
       FixedArray::cast(*elements).set(array_index, boilerplate_value);
     }

src/builtins/builtins-typed-array-gen.cc

@@ -370,14 +370,14 @@ void TypedArrayBuiltinsAssembler::SetJSTypedArrayOnHeapDataPtr(
     TNode<IntPtrT> full_base = Signed(BitcastTaggedToWord(base));
     TNode<Int32T> compressed_base = TruncateIntPtrToInt32(full_base);
     // TODO(v8:9706): Add a way to directly use kRootRegister value.
-    TNode<IntPtrT> isolate_root =
+    TNode<IntPtrT> ptr_compr_cage_base =
         IntPtrSub(full_base, Signed(ChangeUint32ToWord(compressed_base)));
     // Add JSTypedArray::ExternalPointerCompensationForOnHeapArray() to offset.
     DCHECK_EQ(
         isolate()->isolate_root(),
         JSTypedArray::ExternalPointerCompensationForOnHeapArray(isolate()));
     // See JSTypedArray::SetOnHeapDataPtr() for details.
-    offset = Unsigned(IntPtrAdd(offset, isolate_root));
+    offset = Unsigned(IntPtrAdd(offset, ptr_compr_cage_base));
   }
 
   StoreJSTypedArrayBasePointer(holder, base);

src/common/external-pointer-inl.h

@@ -12,11 +12,17 @@
 namespace v8 {
 namespace internal {
 
-V8_INLINE Address DecodeExternalPointer(IsolateRoot isolate_root,
+V8_INLINE Address DecodeExternalPointer(PtrComprCageBase isolate_root,
                                         ExternalPointer_t encoded_pointer,
                                         ExternalPointerTag tag) {
   STATIC_ASSERT(kExternalPointerSize == kSystemPointerSize);
 #ifdef V8_HEAP_SANDBOX
+
+  // TODO(syg): V8_HEAP_SANDBOX doesn't work with pointer cage
+#ifdef V8_COMPRESS_POINTERS_IN_SHARED_CAGE
+#error "V8_HEAP_SANDBOX requires per-Isolate pointer compression cage"
+#endif
+
   uint32_t index = static_cast<uint32_t>(encoded_pointer);
   const Isolate* isolate = Isolate::FromRootAddress(isolate_root.address());
   return isolate->external_pointer_table().get(index) ^ tag;
@@ -62,7 +68,7 @@ V8_INLINE void InitExternalPointerField(Address field_address, Isolate* isolate,
 }
 
 V8_INLINE Address ReadExternalPointerField(Address field_address,
-                                           IsolateRoot isolate_root,
+                                           PtrComprCageBase cage_base,
                                            ExternalPointerTag tag) {
   // Pointer compression causes types larger than kTaggedSize to be unaligned.
   constexpr bool v8_pointer_compression_unaligned =
@@ -73,7 +79,7 @@ V8_INLINE Address ReadExternalPointerField(Address field_address,
   } else {
     encoded_value = base::Memory<ExternalPointer_t>(field_address);
   }
-  return DecodeExternalPointer(isolate_root, encoded_value, tag);
+  return DecodeExternalPointer(cage_base, encoded_value, tag);
 }
 
 V8_INLINE void WriteExternalPointerField(Address field_address,

src/common/external-pointer.h

@@ -12,7 +12,7 @@ namespace internal {
 
 // Convert external pointer from on-V8-heap representation to an actual external
 // pointer value.
-V8_INLINE Address DecodeExternalPointer(IsolateRoot isolate,
+V8_INLINE Address DecodeExternalPointer(PtrComprCageBase isolate,
                                         ExternalPointer_t encoded_pointer,
                                         ExternalPointerTag tag);
 
@@ -34,7 +34,7 @@ V8_INLINE void InitExternalPointerField(Address field_address, Isolate* isolate,
 // Reads external pointer for the field, and decodes it if the sandbox is
 // enabled.
 V8_INLINE Address ReadExternalPointerField(Address field_address,
-                                           IsolateRoot isolate,
+                                           PtrComprCageBase isolate,
                                            ExternalPointerTag tag);
 
 // Encodes value if the sandbox is enabled and writes it into the field.

src/common/globals.h

@@ -1748,27 +1748,27 @@ enum class DynamicCheckMapsStatus : uint8_t {
 };
 
 #ifdef V8_COMPRESS_POINTERS
-class IsolateRoot {
+class PtrComprCageBase {
  public:
-  explicit constexpr IsolateRoot(Address address) : address_(address) {}
+  explicit constexpr PtrComprCageBase(Address address) : address_(address) {}
   // NOLINTNEXTLINE
-  inline IsolateRoot(const Isolate* isolate);
+  inline PtrComprCageBase(const Isolate* isolate);
   // NOLINTNEXTLINE
-  inline IsolateRoot(const LocalIsolate* isolate);
+  inline PtrComprCageBase(const LocalIsolate* isolate);
 
   inline Address address() const;
 
  private:
   Address address_;
 };
 #else
-class IsolateRoot {
+class PtrComprCageBase {
  public:
-  IsolateRoot() = default;
+  PtrComprCageBase() = default;
   // NOLINTNEXTLINE
-  IsolateRoot(const Isolate* isolate) {}
+  PtrComprCageBase(const Isolate* isolate) {}
   // NOLINTNEXTLINE
-  IsolateRoot(const LocalIsolate* isolate) {}
+  PtrComprCageBase(const LocalIsolate* isolate) {}
 };
 #endif
 

src/common/ptr-compr-inl.h

@@ -15,15 +15,35 @@ namespace internal {
 
 #ifdef V8_COMPRESS_POINTERS
 
-IsolateRoot::IsolateRoot(const Isolate* isolate)
+#if defined V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE
+
+PtrComprCageBase::PtrComprCageBase(const Isolate* isolate)
     : address_(isolate->isolate_root()) {}
-IsolateRoot::IsolateRoot(const LocalIsolate* isolate)
+PtrComprCageBase::PtrComprCageBase(const LocalIsolate* isolate)
     : address_(isolate->isolate_root()) {}
 
-Address IsolateRoot::address() const {
+#elif defined V8_COMPRESS_POINTERS_IN_SHARED_CAGE
+
+PtrComprCageBase::PtrComprCageBase(const Isolate* isolate)
+    : address_(isolate->isolate_root()) {
+  UNIMPLEMENTED();
+}
+PtrComprCageBase::PtrComprCageBase(const LocalIsolate* isolate)
+    : address_(isolate->isolate_root()) {
+  UNIMPLEMENTED();
+}
+
+#else
+
+#error "Pointer compression build configuration error"
+
+#endif  // V8_COMPRESS_POINTERS_IN_ISOLATE_CAGE,
+        // V8_COMPRESS_POINTERS_IN_SHARED_CAGE
+
+Address PtrComprCageBase::address() const {
   Address ret = address_;
   ret = reinterpret_cast<Address>(V8_ASSUME_ALIGNED(
-      reinterpret_cast<void*>(ret), kPtrComprIsolateRootAlignment));
+      reinterpret_cast<void*>(ret), kPtrComprCageBaseAlignment));
   return ret;
 }
 
@@ -33,12 +53,17 @@ V8_INLINE Tagged_t CompressTagged(Address tagged) {
   return static_cast<Tagged_t>(static_cast<uint32_t>(tagged));
 }
 
-V8_INLINE constexpr Address GetIsolateRootAddress(Address on_heap_addr) {
-  return RoundDown<kPtrComprIsolateRootAlignment>(on_heap_addr);
+V8_INLINE constexpr Address GetPtrComprCageBaseAddress(Address on_heap_addr) {
+  return RoundDown<kPtrComprCageBaseAlignment>(on_heap_addr);
+}
+
+V8_INLINE Address GetPtrComprCageBaseAddress(PtrComprCageBase cage_base) {
+  return cage_base.address();
 }
 
-V8_INLINE Address GetIsolateRootAddress(IsolateRoot isolate) {
-  return isolate.address();
+V8_INLINE constexpr PtrComprCageBase GetPtrComprCageBaseFromOnHeapAddress(
+    Address address) {
+  return PtrComprCageBase(GetPtrComprCageBaseAddress(address));
 }
 
 // Decompresses smi value.
@@ -52,7 +77,8 @@ V8_INLINE Address DecompressTaggedSigned(Tagged_t raw_value) {
 template <typename TOnHeapAddress>
 V8_INLINE Address DecompressTaggedPointer(TOnHeapAddress on_heap_addr,
                                           Tagged_t raw_value) {
-  return GetIsolateRootAddress(on_heap_addr) + static_cast<Address>(raw_value);
+  return GetPtrComprCageBaseAddress(on_heap_addr) +
+         static_cast<Address>(raw_value);
 }
 
 // Decompresses any tagged value, preserving both weak- and smi- tags.
@@ -62,18 +88,19 @@ V8_INLINE Address DecompressTaggedAny(TOnHeapAddress on_heap_addr,
   return DecompressTaggedPointer(on_heap_addr, raw_value);
 }
 
-STATIC_ASSERT(kPtrComprHeapReservationSize ==
-              Internals::kPtrComprHeapReservationSize);
-STATIC_ASSERT(kPtrComprIsolateRootAlignment ==
-              Internals::kPtrComprIsolateRootAlignment);
+STATIC_ASSERT(kPtrComprCageReservationSize ==
+              Internals::kPtrComprCageReservationSize);
+STATIC_ASSERT(kPtrComprCageBaseAlignment ==
+              Internals::kPtrComprCageBaseAlignment);
 
 #else
 
 V8_INLINE Tagged_t CompressTagged(Address tagged) { UNREACHABLE(); }
 
-V8_INLINE Address GetIsolateRootAddress(Address on_heap_addr) { UNREACHABLE(); }
-
-V8_INLINE Address GetIsolateRootAddress(IsolateRoot isolate) { UNREACHABLE(); }
+V8_INLINE constexpr PtrComprCageBase GetPtrComprCageBaseFromOnHeapAddress(
+    Address address) {
+  return PtrComprCageBase();
+}
 
 V8_INLINE Address DecompressTaggedSigned(Tagged_t raw_value) { UNREACHABLE(); }
 
@@ -90,6 +117,11 @@ V8_INLINE Address DecompressTaggedAny(TOnHeapAddress on_heap_addr,
 }
 
 #endif  // V8_COMPRESS_POINTERS
+
+inline PtrComprCageBase GetPtrComprCageBase(HeapObject object) {
+  return GetPtrComprCageBaseFromOnHeapAddress(object.ptr());
+}
+
 }  // namespace internal
 }  // namespace v8
 

src/common/ptr-compr.h

@@ -13,8 +13,8 @@ namespace v8 {
 namespace internal {
 
 // See v8:7703 for details about how pointer compression works.
-constexpr size_t kPtrComprHeapReservationSize = size_t{4} * GB;
-constexpr size_t kPtrComprIsolateRootAlignment = size_t{4} * GB;
+constexpr size_t kPtrComprCageReservationSize = size_t{4} * GB;
+constexpr size_t kPtrComprCageBaseAlignment = size_t{4} * GB;
 
 }  // namespace internal
 }  // namespace v8

src/deoptimizer/translated-state.cc

@@ -1275,8 +1275,7 @@ int TranslatedState::CreateNextTranslatedValue(
 
 Address TranslatedState::DecompressIfNeeded(intptr_t value) {
   if (COMPRESS_POINTERS_BOOL) {
-    return DecompressTaggedAny(isolate()->isolate_root(),
-                               static_cast<uint32_t>(value));
+    return DecompressTaggedAny(isolate(), static_cast<uint32_t>(value));
   } else {
     return value;
   }

src/diagnostics/objects-debug.cc

@@ -325,11 +325,11 @@ void BytecodeArray::BytecodeArrayVerify(Isolate* isolate) {
 
 USE_TORQUE_VERIFIER(JSReceiver)
 
-bool JSObject::ElementsAreSafeToExamine(IsolateRoot isolate) const {
+bool JSObject::ElementsAreSafeToExamine(PtrComprCageBase cage_base) const {
   // If a GC was caused while constructing this object, the elements
   // pointer may point to a one pointer filler map.
-  return elements(isolate) !=
-         GetReadOnlyRoots(isolate).one_pointer_filler_map();
+  return elements(cage_base) !=
+         GetReadOnlyRoots(cage_base).one_pointer_filler_map();
 }
 
 namespace {

src/diagnostics/objects-printer.cc

@@ -468,13 +468,13 @@ void PrintSloppyArgumentElements(std::ostream& os, ElementsKind kind,
   }
 }
 
-void PrintEmbedderData(IsolateRoot isolate, std::ostream& os,
+void PrintEmbedderData(PtrComprCageBase cage_base, std::ostream& os,
                        EmbedderDataSlot slot) {
   DisallowGarbageCollection no_gc;
   Object value = slot.load_tagged();
   os << Brief(value);
   void* raw_pointer;
-  if (slot.ToAlignedPointer(isolate, &raw_pointer)) {
+  if (slot.ToAlignedPointer(cage_base, &raw_pointer)) {
     os << ", aligned pointer: " << raw_pointer;
   }
 }
@@ -579,11 +579,11 @@ static void JSObjectPrintBody(std::ostream& os,
   }
   int embedder_fields = obj.GetEmbedderFieldCount();
   if (embedder_fields > 0) {
-    IsolateRoot isolate = GetIsolateForPtrCompr(obj);
+    PtrComprCageBase cage_base = GetPtrComprCageBase(obj);
     os << " - embedder fields = {";
     for (int i = 0; i < embedder_fields; i++) {
       os << "\n    ";
-      PrintEmbedderData(isolate, os, EmbedderDataSlot(obj, i));
+      PrintEmbedderData(cage_base, os, EmbedderDataSlot(obj, i));
     }
     os << "\n }\n";
   }
@@ -762,14 +762,14 @@ void ObjectBoilerplateDescription::ObjectBoilerplateDescriptionPrint(
 }
 
 void EmbedderDataArray::EmbedderDataArrayPrint(std::ostream& os) {
-  IsolateRoot isolate = GetIsolateForPtrCompr(*this);
+  PtrComprCageBase cage_base = GetPtrComprCageBase(*this);
   PrintHeader(os, "EmbedderDataArray");
   os << "\n - length: " << length();
   EmbedderDataSlot start(*this, 0);
   EmbedderDataSlot end(*this, length());
   for (EmbedderDataSlot slot = start; slot < end; ++slot) {
     os << "\n    ";
-    PrintEmbedderData(isolate, os, slot);
+    PrintEmbedderData(cage_base, os, slot);
   }
   os << "\n";
 }
@@ -2747,12 +2747,11 @@ namespace {
 inline i::Object GetObjectFromRaw(void* object) {
   i::Address object_ptr = reinterpret_cast<i::Address>(object);
 #ifdef V8_COMPRESS_POINTERS
-  if (RoundDown<i::kPtrComprIsolateRootAlignment>(object_ptr) ==
-      i::kNullAddress) {
+  if (RoundDown<i::kPtrComprCageBaseAlignment>(object_ptr) == i::kNullAddress) {
     // Try to decompress pointer.
     i::Isolate* isolate = i::Isolate::Current();
-    object_ptr = i::DecompressTaggedAny(isolate->isolate_root(),
-                                        static_cast<i::Tagged_t>(object_ptr));
+    object_ptr =
+        i::DecompressTaggedAny(isolate, static_cast<i::Tagged_t>(object_ptr));
   }
 #endif
   return i::Object(object_ptr);