AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

[wasm] Implement location from stack trace for asm.js frames

Browse Source 
This avoids the crash which ClusterFuzz found, but still does not
report the same position as without validate.asm.
For calls like "foo()|0", we report the position of the call instead of
the position of the "|" if ToNumber throws an error.

After this CL, the correctness-fuzzer for validate-asm will probably
find mismatches there.

R=titzer@chromium.org
BUG=chromium:670808

Review-Url: https://codereview.chromium.org/2548323002
Cr-Commit-Position: refs/heads/master@{#41500}
This commit is contained in:
clemensh 2016-12-05 11:29:38 -08:00 committed by Commit bot
parent 3e46a3b754
commit 6a8dccb197
3 changed files with 43 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/isolate.cc
View File

@ -47,6 +47,7 @@
#include "src/version.h" #include "src/version.h"
#include "src/vm-state-inl.h" #include "src/vm-state-inl.h"
#include "src/wasm/wasm-module.h" #include "src/wasm/wasm-module.h"
#include "src/wasm/wasm-objects.h"
#include "src/zone/accounting-allocator.h" #include "src/zone/accounting-allocator.h"
namespace v8 { namespace v8 {
@ -1546,8 +1547,23 @@ bool Isolate::ComputeLocationFromStackTrace(MessageLocation* target,
const int frame_count = elements->FrameCount(); const int frame_count = elements->FrameCount();
for (int i = 0; i < frame_count; i++) { for (int i = 0; i < frame_count; i++) {
if (elements->IsWasmFrame(i)) { if (elements->IsWasmFrame(i)) {
// TODO(clemensh): handle wasm frames // TODO(clemensh): Handle wasm frames if they ever need handling here.
return false; continue;
}
if (elements->IsAsmJsWasmFrame(i)) {
Handle<WasmCompiledModule> compiled_module(
WasmInstanceObject::cast(elements->WasmInstance(i))
->get_compiled_module());
int func_index = elements->WasmFunctionIndex(i)->value();
int code_offset = elements->Offset(i)->value();
int byte_pos = elements->Code(i)->SourcePosition(code_offset);
int source_pos = WasmCompiledModule::GetAsmJsSourcePosition(
compiled_module, func_index, byte_pos);
Handle<Script> script = compiled_module->script();
*target = MessageLocation(script, source_pos, source_pos + 1);
return true;
} }
Handle<JSFunction> fun = handle(elements->Function(i), this); Handle<JSFunction> fun = handle(elements->Function(i), this);

4
src/isolate.h
View File

@ -765,7 +765,9 @@ class Isolate {
Object* PromoteScheduledException(); Object* PromoteScheduledException();
// Attempts to compute the current source location, storing the // Attempts to compute the current source location, storing the
// result in the target out parameter. // result in the target out parameter. The source location is attached to a
// Message object as the location which should be shown to the user. It's
// typically the top-most meaningful location on the stack.
bool ComputeLocation(MessageLocation* target); bool ComputeLocation(MessageLocation* target);
bool ComputeLocationFromException(MessageLocation* target, bool ComputeLocationFromException(MessageLocation* target,
Handle<Object> exception); Handle<Object> exception);

22
test/mjsunit/regress/regress-670808.js Normal file
View File

@ -0,0 +1,22 @@
// Copyright 2016 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
var sym = Symbol();
function asm(stdlib, ffi) {
"use asm";
var get_sym = ffi.get_sym;
function crash() {
get_sym()|0;
}
return {crash: crash};
}
function get_sym() {
return sym;
}
try {
asm(null, {get_sym: get_sym}).crash();
} catch (e) {
if (!(e instanceof TypeError))
throw e;
}