Title: [284346] branches/safari-612-branch/Source/_javascript_Core
- Revision
- 284346
- Author
- kocsen_ch...@apple.com
- Date
- 2021-10-17 17:22:02 -0700 (Sun, 17 Oct 2021)
Log Message
Cherry-pick r284212. rdar://problem/84351869
Wasm LLInt should zero bytecodeIndex before throwing
https://bugs.webkit.org/show_bug.cgi?id=231688
<rdar://84207898>
Reviewed by Yusuke Suzuki.
After r283852, the unwinder can now ask WebAssembly frames for their bytecodeIndex.
We do write to the bytecodeIndex when throwing from the wasm `throw` opcode, but we
failed to write when trapping (e.g. throwing an OOB or Unreachable). The value of
the bytecodeIndex in this is case is not interesting, since these exceptions can't be
caught from Wasm, all we need to know is ensure there isn't an invalid left-over
value in that stack slot, so we zero it.
* llint/WebAssembly.asm:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@284212 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-612-branch/Source/_javascript_Core/ChangeLog (284345 => 284346)
--- branches/safari-612-branch/Source/_javascript_Core/ChangeLog 2021-10-18 00:21:59 UTC (rev 284345)
+++ branches/safari-612-branch/Source/_javascript_Core/ChangeLog 2021-10-18 00:22:02 UTC (rev 284346)
@@ -1,3 +1,42 @@
+2021-10-17 Kocsen Chung <kocsen_ch...@apple.com>
+
+ Cherry-pick r284212. rdar://problem/84351869
+
+ Wasm LLInt should zero bytecodeIndex before throwing
+ https://bugs.webkit.org/show_bug.cgi?id=231688
+ <rdar://84207898>
+
+ Reviewed by Yusuke Suzuki.
+
+ After r283852, the unwinder can now ask WebAssembly frames for their bytecodeIndex.
+ We do write to the bytecodeIndex when throwing from the wasm `throw` opcode, but we
+ failed to write when trapping (e.g. throwing an OOB or Unreachable). The value of
+ the bytecodeIndex in this is case is not interesting, since these exceptions can't be
+ caught from Wasm, all we need to know is ensure there isn't an invalid left-over
+ value in that stack slot, so we zero it.
+
+ * llint/WebAssembly.asm:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@284212 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-10-14 Tadeu Zagallo <tzaga...@apple.com>
+
+ Wasm LLInt should zero bytecodeIndex before throwing
+ https://bugs.webkit.org/show_bug.cgi?id=231688
+ <rdar://84207898>
+
+ Reviewed by Yusuke Suzuki.
+
+ After r283852, the unwinder can now ask WebAssembly frames for their bytecodeIndex.
+ We do write to the bytecodeIndex when throwing from the wasm `throw` opcode, but we
+ failed to write when trapping (e.g. throwing an OOB or Unreachable). The value of
+ the bytecodeIndex in this is case is not interesting, since these exceptions can't be
+ caught from Wasm, all we need to know is ensure there isn't an invalid left-over
+ value in that stack slot, so we zero it.
+
+ * llint/WebAssembly.asm:
+
2021-08-26 Yusuke Suzuki <ysuz...@apple.com>
Intl.DateTimeFormat incorrectly parses patterns with 'h' literal
Modified: branches/safari-612-branch/Source/_javascript_Core/llint/WebAssembly.asm (284345 => 284346)
--- branches/safari-612-branch/Source/_javascript_Core/llint/WebAssembly.asm 2021-10-18 00:21:59 UTC (rev 284345)
+++ branches/safari-612-branch/Source/_javascript_Core/llint/WebAssembly.asm 2021-10-18 00:22:02 UTC (rev 284346)
@@ -522,6 +522,7 @@
move wasmInstance, a2
# Slow paths and the throwException macro store the exception code in the ArgumentCountIncludingThis slot
loadi ArgumentCountIncludingThis + PayloadOffset[cfr], a3
+ storei 0, ArgumentCountIncludingThis + TagOffset[cfr]
cCall4(_slow_path_wasm_throw_exception)
if ARM64E
@@ -542,6 +543,7 @@
move constexpr Wasm::ExceptionType::OutOfBoundsMemoryAccess, a3
move 0, a1
move cfr, a0
+ storei 0, ArgumentCountIncludingThis + TagOffset[cfr]
cCall4(_slow_path_wasm_throw_exception)
if ARM64E
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
