Skip to content

Commit

Permalink
Bug 1871606 - Disable abstractFramePtr for IndirectCallBadSig trap. r…
Browse files Browse the repository at this point in the history
…=rhunt

Differential Revision: https://phabricator.services.mozilla.com/D197785
  • Loading branch information
yurydelendik committed Feb 5, 2024
1 parent 719b4a8 commit 4cb11ab
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 1 deletion.
22 changes: 22 additions & 0 deletions js/src/jit-test/tests/wasm/tail-calls/bug1871606.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
// |jit-test| --more-compartments; skip-variant-if: --wasm-test-serialization, true; skip-variant-if: --wasm-compiler=ion, true
dbg = newGlobal();
dbg.b = this;
dbg.eval("(" + function() {
Debugger(b)
} + ")()");
var ins = wasmEvalText(`
(table 1 funcref)
(type $d (func (param f64)))
(func $e
(export "test")
f64.const 0.0
i32.const 0
return_call_indirect (type $d)
)
(elem (i32.const 0) $e)
`);

assertErrorMessage(
() => ins.exports.test(),
WebAssembly.RuntimeError, /indirect call signature mismatch/
);
2 changes: 2 additions & 0 deletions js/src/vm/JitActivation.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,8 @@ void js::jit::JitActivation::startWasmTrap(wasm::Trap trap,
wasmTrapData_->unwoundPC = pc;
wasmTrapData_->trap = trap;
wasmTrapData_->bytecodeOffset = bytecodeOffset;
wasmTrapData_->failedUnwindSignatureMismatch =
!unwound && trap == wasm::Trap::IndirectCallBadSig;

MOZ_ASSERT(isWasmTrapping());
}
Expand Down
5 changes: 5 additions & 0 deletions js/src/wasm/WasmCodegenTypes.h
Original file line number Diff line number Diff line change
Expand Up @@ -298,6 +298,11 @@ struct TrapData {

Trap trap;
uint32_t bytecodeOffset;

// A return_call_indirect from the first function in an activation into
// a signature mismatch may leave us with only one frame. This frame is
// validly constructed, but has no debug frame yet.
bool failedUnwindSignatureMismatch;
};

// The (,Callable,Func)Offsets classes are used to record the offsets of
Expand Down
11 changes: 10 additions & 1 deletion js/src/wasm/WasmFrameIter.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ WasmFrameIter::WasmFrameIter(JitActivation* activation, wasm::Frame* fp)
unwoundCallerFP_(nullptr),
unwind_(Unwind::False),
unwoundAddressOfReturnAddress_(nullptr),
resumePCinCurrentFrame_(nullptr) {
resumePCinCurrentFrame_(nullptr),
failedUnwindSignatureMismatch_(false) {
MOZ_ASSERT(fp_);
instance_ = GetNearestEffectiveInstance(fp_);

Expand All @@ -85,6 +86,7 @@ WasmFrameIter::WasmFrameIter(JitActivation* activation, wasm::Frame* fp)
MOZ_ASSERT(codeRange_);

lineOrBytecode_ = trapData.bytecodeOffset;
failedUnwindSignatureMismatch_ = trapData.failedUnwindSignatureMismatch;

MOZ_ASSERT(!done());
return;
Expand Down Expand Up @@ -241,6 +243,7 @@ void WasmFrameIter::popFrame() {

MOZ_ASSERT(code_ == &instance()->code());
lineOrBytecode_ = callsite->lineOrBytecode();
failedUnwindSignatureMismatch_ = false;

MOZ_ASSERT(!done());
}
Expand Down Expand Up @@ -320,6 +323,12 @@ bool WasmFrameIter::debugEnabled() const {
return false;
}

// Debug information is not available in prologue when the iterator is
// failing to unwind invalid signature trap.
if (failedUnwindSignatureMismatch_) {
return false;
}

// Only non-imported functions can have debug frames.
if (codeRange_->funcIndex() <
code_->metadata(Tier::Debug).funcImports.length()) {
Expand Down
2 changes: 2 additions & 0 deletions js/src/wasm/WasmFrameIter.h
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,8 @@ class WasmFrameIter {
Unwind unwind_;
void** unwoundAddressOfReturnAddress_;
uint8_t* resumePCinCurrentFrame_;
// See wasm::TrapData for more information.
bool failedUnwindSignatureMismatch_;

void popFrame();

Expand Down

0 comments on commit 4cb11ab

Please sign in to comment.