[webkit-changes] [WebKit/WebKit] be01db: Exceptions in OMG frames don't get caught with was...

Fri, 19 Sep 2025 12:16:54 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: be01dbda2568b44142d4b3fc8f05a22b30ec1866
      
https://github.com/WebKit/WebKit/commit/be01dbda2568b44142d4b3fc8f05a22b30ec1866
  Author: Ioanna M. Dimitriou H <idimitr...@igalia.com>
  Date:   2025-09-19 (Fri, 19 Sep 2025)

  Changed paths:
    A JSTests/wasm/stress/exception-thrown-from-call.js
    A JSTests/wasm/stress/exception-thrown-from-call.wasm
    A JSTests/wasm/stress/exception-thrown-from-call.wat
    M 
Source/JavaScriptCore/b3/air/AirAllocateRegistersAndStackAndGenerateCode.cpp
    M Source/JavaScriptCore/wasm/WasmCallee.cpp

  Log Message:
  -----------
  Exceptions in OMG frames don't get caught with wasmOMGOptimizationLevel=0
https://bugs.webkit.org/show_bug.cgi?id=298651

Reviewed by Yusuke Suzuki and Justin Michaud.

When `--wasmOMGOptimizationLevel=0` the `PCToOriginMap`s do not get items 
appended,
as seen in `JSC::B3::Air::generate(...)`.
This results in `PCToCodeOriginMap`s without code ranges, therefore by 
construction they
have `m_pcRangeStart == m_pcRangeEnd == -1`.

When the PCToCodeOriginMap has no code ranges, and an exception is thrown from 
a call
surrounded by a try-catch_all, findPC can't find the code origin and the 
excepion
doesn't get caught.

This patch populates the PCToOriginMap when code.optLevel() = 0.
Since OMG frames are always expected to have their PCToOriginMap populated, 
this adds an assertion at
materializePCToOriginMap that maps are always populated with code ranges. The 
new test runs with the
flags that produced the bug, and includes an empty function, to make sure that 
even in this case,
there are origins in the PCToOriginMap.

Also add some optional logging to ensure the pc maps don't explode in size.

* JSTests/wasm/stress/exception-thrown-from-call.js: Added.
* JSTests/wasm/stress/exception-thrown-from-call.wasm: Added.
* JSTests/wasm/stress/exception-thrown-from-call.wat: Added.
* Source/JavaScriptCore/b3/air/AirAllocateRegistersAndStackAndGenerateCode.cpp:
(JSC::B3::Air::GenerateAndAllocateRegisters::generate):
* Source/JavaScriptCore/wasm/WasmCallee.cpp:
(JSC::Wasm::OptimizingJITCallee::materializePCToOriginMap):

Canonical link: https://commits.webkit.org/300252@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to