Title: [284212] trunk/Source/_javascript_Core
- Revision
- 284212
- Author
- [email protected]
- Date
- 2021-10-14 16:15:15 -0700 (Thu, 14 Oct 2021)
Log Message
Wasm LLInt should zero bytecodeIndex before throwing
https://bugs.webkit.org/show_bug.cgi?id=231688
<rdar://84207898>
Reviewed by Yusuke Suzuki.
After r283852, the unwinder can now ask WebAssembly frames for their bytecodeIndex.
We do write to the bytecodeIndex when throwing from the wasm `throw` opcode, but we
failed to write when trapping (e.g. throwing an OOB or Unreachable). The value of
the bytecodeIndex in this is case is not interesting, since these exceptions can't be
caught from Wasm, all we need to know is ensure there isn't an invalid left-over
value in that stack slot, so we zero it.
* llint/WebAssembly.asm:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (284211 => 284212)
--- trunk/Source/_javascript_Core/ChangeLog 2021-10-14 23:07:20 UTC (rev 284211)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-10-14 23:15:15 UTC (rev 284212)
@@ -1,3 +1,20 @@
+2021-10-14 Tadeu Zagallo <[email protected]>
+
+ Wasm LLInt should zero bytecodeIndex before throwing
+ https://bugs.webkit.org/show_bug.cgi?id=231688
+ <rdar://84207898>
+
+ Reviewed by Yusuke Suzuki.
+
+ After r283852, the unwinder can now ask WebAssembly frames for their bytecodeIndex.
+ We do write to the bytecodeIndex when throwing from the wasm `throw` opcode, but we
+ failed to write when trapping (e.g. throwing an OOB or Unreachable). The value of
+ the bytecodeIndex in this is case is not interesting, since these exceptions can't be
+ caught from Wasm, all we need to know is ensure there isn't an invalid left-over
+ value in that stack slot, so we zero it.
+
+ * llint/WebAssembly.asm:
+
2021-10-14 Myles C. Maxfield <[email protected]>
All the SDKVariant.xcconfig files should match
Modified: trunk/Source/_javascript_Core/llint/WebAssembly.asm (284211 => 284212)
--- trunk/Source/_javascript_Core/llint/WebAssembly.asm 2021-10-14 23:07:20 UTC (rev 284211)
+++ trunk/Source/_javascript_Core/llint/WebAssembly.asm 2021-10-14 23:15:15 UTC (rev 284212)
@@ -548,6 +548,7 @@
move wasmInstance, a2
# Slow paths and the throwException macro store the exception code in the ArgumentCountIncludingThis slot
loadi ArgumentCountIncludingThis + PayloadOffset[cfr], a3
+ storei 0, ArgumentCountIncludingThis + TagOffset[cfr]
cCall4(_slow_path_wasm_throw_exception)
jumpToException()
end)
@@ -561,6 +562,7 @@
move constexpr Wasm::ExceptionType::OutOfBoundsMemoryAccess, a3
move 0, a1
move cfr, a0
+ storei 0, ArgumentCountIncludingThis + TagOffset[cfr]
cCall4(_slow_path_wasm_throw_exception)
jumpToException()
end
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
