JIT: Add IBT support

[chen-hu-97]

Indirect Branch Tracking (IBT) is part of Intel's Control-Flow
Enforcement Technology (CET). IBT is hardware based, forward edge
Control-Flow-Integrity mechanism where any indirect CALL/JMP must target
an ENDBR instruction or suffer #CP.

This commit adds IBT support for JIT:

1. Add endbr32/64 instruction in Dynasm.
2. Insert endbr32/64 in indirect branch target for jitted code.

gcc support CET since v8.1 and set it to default since gcc 11. With this
commit, endbr is inserted in jitted code if PHP is compiled with "gcc
-fcf-protection=full/branch".

Signed-off-by: Chen, Hu hu1.chen@intel.com

[chen-hu-97]

Hi @iluuu1994 @dstogov,
Tovilo found test failure in #8636 if PHP is compiled with -fsanitize=address. This reveals an issue: if we insert any instructions in zend_jit_prologue (especially before sub $0x10,%rsp), we need change the prologue_size in zend_jit_trace_link_to_root. Otherwise, it will jump to wrong address when trace_exit.

Let's see if this PR can pass such test. (it passed in my personal repo thanks for Tovilo's tips)

[dstogov]

Hi @iluuu1994 @dstogov, Tovilo found test failure in #8636 if PHP is compiled with -fsanitize=address. This reveals an issue: if we insert any instructions in zend_jit_prologue (especially before sub $0x10,%rsp), we need change the prologue_size in zend_jit_trace_link_to_root. Otherwise, it will jump to wrong address when trace_exit.

Let's see if this PR can pass such test. (it passed in my personal repo thanks for Tovilo's tips)

This looks right.

[chen-hu-97]

Saw AppVeyor failures in yesterday's push. @cmb69 said it's already fixed in another commit.
Trigger other check and it pass now.