Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 6fa604090d4e14d47b354c9572006eeed49bcb7b
https://github.com/WebKit/WebKit/commit/6fa604090d4e14d47b354c9572006eeed49bcb7b
Author: Yijia Huang <[email protected]>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
M JSTests/wasm/debugger/lib/core/base.py
A JSTests/wasm/debugger/resources/wasm/trap-div-by-zero.js
A JSTests/wasm/debugger/resources/wasm/trap-oob-memory.js
A JSTests/wasm/debugger/resources/wasm/trap-out-of-bounds-call-indirect.js
A JSTests/wasm/debugger/resources/wasm/trap-stack-overflow.js
M JSTests/wasm/debugger/tests/tests.py
M Source/JavaScriptCore/llint/InPlaceInterpreter.asm
M Source/JavaScriptCore/llint/InPlaceInterpreter64.asm
M Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.cpp
M Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.h
M Source/JavaScriptCore/wasm/debugger/WasmDebugServer.cpp
M Source/JavaScriptCore/wasm/debugger/WasmDebugServer.h
M Source/JavaScriptCore/wasm/debugger/WasmDebugServerUtilities.cpp
M Source/JavaScriptCore/wasm/debugger/WasmDebugServerUtilities.h
M Source/JavaScriptCore/wasm/debugger/WasmExecutionHandler.cpp
M Source/JavaScriptCore/wasm/debugger/WasmExecutionHandler.h
M Source/JavaScriptCore/wasm/debugger/WasmQueryHandler.cpp
M Source/JavaScriptCore/wasm/debugger/WasmQueryHandler.h
M Source/JavaScriptCore/wasm/debugger/tests/ExecutionHandlerTest.cpp
M Source/JavaScriptCore/wasm/debugger/tests/ExecutionHandlerTestSupport.cpp
Log Message:
-----------
[JSC][WASM][Debugger] Extend WASM debugger trap interception to all IPInt
exception sites
https://bugs.webkit.org/show_bug.cgi?id=311138
rdar://173723442
Reviewed by Mark Lam.
Previously the WASM debugger only intercepted the unreachable opcode.
This patch extends interception to all IPInt-dispatched traps (division
by zero, integer overflow, out-of-bounds memory, null reference, bad
signature, stack overflow, etc.) by routing all exception paths through
a single C++ handler, ipint_extern_handle_debugger_trap_if_needed.
Inline trap sites use the handleDebuggerTrapIfNeededAndThrowWasmTrap macro,
which remains 2 instructions (store + jmp) to avoid overflowing fixed-size
IPInt dispatch slots. On ARM64/ARM64E it jumps to the shared
_wasm_ipint_check_debugger_hook_and_throw_trap trampoline which saves IPInt
registers and calls the handler; on other platforms it jumps directly to
_wasm_throw_from_slow_path_trampoline since the WASM debugger is not supported
there.
The operationCallMayThrowImpl exception path calls
ipint_extern_handle_debugger_trap_if_needed directly, using the IPInt
registers already on the stack from operationCallMayThrowImpl's own save
sequence.
Stack-overflow and Termination traps go through
operationCallMayThrowPreservingVolatileRegisters, which takes the same
operationCallMayThrowImpl exception path with volatile registers preserved.
The fault-handler path (wasm_throw_from_fault_handler_trampoline_reg_instance)
copies instance->m_exception into the CFR ArgumentCountIncludingThis slot
before calling handleDebuggerTrapIfNeeded(), since IPInt registers remain
live when the Mach exception handler redirects the machine PC to the trampoline.
Four new tests cover one representative trap per execution path:
WasmDivByZeroTrapTestCase (inline asm trap)
WasmOutOfBoundsCallIndirectTrapTestCase (C++ slow-path trap)
WasmStackOverflowTrapTestCase (prologue/volatile-preserved trap)
WasmOobMemoryTrapTestCase (fault-handler path)
Canonical link: https://commits.webkit.org/310417@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
