SafeStack: Fix blink v8 initialization

Currently, the blink v8 initialization code uses a stack address-taken
variable to read the stack position. This fails with SafeStack because
it reads an address on the unsafe stack. Make it match the code in v8 to
read the stack position safely with either ASAN or SafeStack [1] by
using a compiler intrinsic.

[1] https://crrev.com/c/1162669

Bug: 864705
Change-Id: Ib972540eb0264d9f737eb8bc40c601b8b2cf1ab0
Reviewed-on: https://chromium-review.googlesource.com/1179265Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#585239}

third_party/blink/renderer/bindings/core/v8/v8_initializer.cc

@@ -74,6 +74,7 @@
 #include "third_party/blink/renderer/platform/weborigin/security_violation_reporting_policy.h"
 #include "third_party/blink/renderer/platform/wtf/address_sanitizer.h"
 #include "third_party/blink/renderer/platform/wtf/assertions.h"
+#include "third_party/blink/renderer/platform/wtf/stack_util.h"
 #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
 #include "third_party/blink/renderer/platform/wtf/typed_arrays/array_buffer_contents.h"
 #include "v8/include/v8-profiler.h"
@@ -792,11 +793,6 @@ static void ReportFatalErrorInWorker(const char* location,
 // base/threading/platform_thread_mac.mm for details.
 static const int kWorkerMaxStackSize = 500 * 1024;
 
-// This function uses a local stack variable to determine the isolate's stack
-// limit. AddressSanitizer may relocate that local variable to a fake stack,
-// which may lead to problems during JavaScript execution.  Therefore we disable
-// AddressSanitizer for V8Initializer::initializeWorker().
-NO_SANITIZE_ADDRESS
 void V8Initializer::InitializeWorker(v8::Isolate* isolate) {
   InitializeV8Common(isolate);
 
@@ -807,9 +803,7 @@ void V8Initializer::InitializeWorker(v8::Isolate* isolate) {
           v8::Isolate::kMessageLog);
   isolate->SetFatalErrorHandler(ReportFatalErrorInWorker);
 
-  uint32_t here;
-  isolate->SetStackLimit(reinterpret_cast<uintptr_t>(&here) -
-                         kWorkerMaxStackSize);
+  isolate->SetStackLimit(WTF::GetCurrentStackPosition() - kWorkerMaxStackSize);
   isolate->SetPromiseRejectCallback(PromiseRejectHandlerInWorker);
   if (RuntimeEnabledFeatures::BloatedRendererDetectionEnabled()) {
     isolate->AddNearHeapLimitCallback(NearHeapLimitCallbackOnWorkerThread,

third_party/blink/renderer/platform/wtf/compiler.h

@@ -63,4 +63,10 @@
 #define NO_SANITIZE_CFI_ICALL
 #endif
 
+#if defined(COMPILER_MSVC)
+#define WTF_NOINLINE __declspec(noinline)
+#else
+#define WTF_NOINLINE __attribute__((noinline))
+#endif
+
 #endif /* WTF_Compiler_h */

third_party/blink/renderer/platform/wtf/stack_util.cc

@@ -143,6 +143,14 @@ void* GetStackStart() {
 #endif
 }
 
+uintptr_t GetCurrentStackPosition() {
+#if defined(COMPILER_MSVC)
+  return reinterpret_cast<uintptr_t>(_AddressOfReturnAddress());
+#else
+  return reinterpret_cast<uintptr_t>(__builtin_frame_address(0));
+#endif
+}
+
 namespace internal {
 
 uintptr_t g_main_thread_stack_start = 0;

third_party/blink/renderer/platform/wtf/stack_util.h

@@ -8,6 +8,7 @@
 #include <stddef.h>
 #include <stdint.h>
 #include "build/build_config.h"
+#include "third_party/blink/renderer/platform/wtf/compiler.h"
 #include "third_party/blink/renderer/platform/wtf/wtf_export.h"
 
 namespace WTF {
@@ -15,6 +16,12 @@ namespace WTF {
 WTF_EXPORT size_t GetUnderestimatedStackSize();
 WTF_EXPORT void* GetStackStart();
 
+// Returns the current stack position such that it works correctly with ASAN and
+// SafeStack. Must be marked noinline because it relies on compiler intrinsics
+// that report the current stack frame and if inlined it could report a position
+// above the current stack position.
+WTF_EXPORT WTF_NOINLINE uintptr_t GetCurrentStackPosition();
+
 namespace internal {
 
 WTF_EXPORT extern uintptr_t g_main_thread_stack_start;