This reverts commit 26a78061af.
Reason for revert: Not all fuzzers support custom segfault handlers yet, see https://crbug.com/918949
Original change's description:
> Remove trap handler fallback for sanitizers
>
> Since https://crrev.com/c/1335572, our sanitizers allow to set custom
> segfault handlers. Thus remove special code that was added to handle
> sanitizers that prevent installation of segfault handlers. Instead,
> CHECK that the signal handler was installed correctly.
>
> R=ahaas@chromium.org, mseaborn@chromium.org, mark@chromium.org
>
> Bug: chromium:830894
> Change-Id: I3bd66e33efdceb3e8469f3f4a09fbde90cb3d7ec
> Reviewed-on: https://chromium-review.googlesource.com/c/1392199
> Reviewed-by: Andreas Haas <ahaas@chromium.org>
> Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#58513}
TBR=mseaborn@chromium.org,ahaas@chromium.org,mark@chromium.org,clemensh@chromium.org
# Not skipping CQ checks because original CL landed > 1 day ago.
Bug: chromium:830894, chromium:918949
Change-Id: Ide545860cf7729139ac50c0dd2e85facca49b0b1
Reviewed-on: https://chromium-review.googlesource.com/c/1396277
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58556}
Since https://crrev.com/c/1335572, our sanitizers allow to set custom
segfault handlers. Thus remove special code that was added to handle
sanitizers that prevent installation of segfault handlers. Instead,
CHECK that the signal handler was installed correctly.
R=ahaas@chromium.org, mseaborn@chromium.org, mark@chromium.org
Bug: chromium:830894
Change-Id: I3bd66e33efdceb3e8469f3f4a09fbde90cb3d7ec
Reviewed-on: https://chromium-review.googlesource.com/c/1392199
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58513}
Building on linux x64 with "is_component_build = true" currently fails
with linker errors (undefined references). This CL fixes that.
R=ahaas@chromium.orgTBR=mseaborn@chromium.org,mark@chromium.org
Bug: v8:8532
Change-Id: I6b32c00bd974a22268ad1f161ce06a9ebe47c805
Reviewed-on: https://chromium-review.googlesource.com/c/1356505
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57960}
The problem were missing V8_EXPORT_PRIVATE and V8_EXPORT.
The unittests test if the trap handler only handles those traps it
is supposed to handle:
* Only handle traps when the thread-in-wasm flag is set.
* Only handle traps of the right type, i.e. memory access violations.
* Only handle traps at recorded instructions.
The tests also test the consistency of the thread-in-wasm flag. I made
one change in the trap handler where that consistency could be
violated.
All tests are executed with the default trap handler provided by V8,
and with the trap handler callback installed in a test signal/exception
handler.
Patchset 1 is the original CL.
R=mstarzinger@chromium.org
Change-Id: I172d94f24cdba4c3a1f7f344825b059dbb59da79
Reviewed-on: https://chromium-review.googlesource.com/c/1351024
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57947}
This reverts commit 4644b32e02.
Reason for revert: Link errors on win64: https://ci.chromium.org/p/v8/builders/luci.v8.ci/V8%20Win64%20-%20debug/25950
Original change's description:
> [wasm] Add more unit tests for trap handler
>
> The unittests test if the trap handler only handles those traps it
> is supposed to handle:
> * Only handle traps when the thread-in-wasm flag is set.
> * Only handle traps of the right type, i.e. memory access violations.
> * Only handle traps at recorded instructions.
>
> The tests also test the consistency of the thread-in-wasm flag. I made
> one change in the trap handler where that consistency could be
> violated.
>
> All tests are executed with the default trap handler provided by V8,
> and with the trap handler callback installed in a test signal/exception
> handler.
>
> Change-Id: I03904bb6effd2e8694d3f4d1fbf62bc38002646e
> Reviewed-on: https://chromium-review.googlesource.com/c/1340246
> Commit-Queue: Andreas Haas <ahaas@chromium.org>
> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#57858}
TBR=mstarzinger@chromium.org,ahaas@chromium.org,mark@chromium.org
Change-Id: Iac2f20c73744226885ea1810813863a21c5faf8c
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/1351021
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57861}
The unittests test if the trap handler only handles those traps it
is supposed to handle:
* Only handle traps when the thread-in-wasm flag is set.
* Only handle traps of the right type, i.e. memory access violations.
* Only handle traps at recorded instructions.
The tests also test the consistency of the thread-in-wasm flag. I made
one change in the trap handler where that consistency could be
violated.
All tests are executed with the default trap handler provided by V8,
and with the trap handler callback installed in a test signal/exception
handler.
Change-Id: I03904bb6effd2e8694d3f4d1fbf62bc38002646e
Reviewed-on: https://chromium-review.googlesource.com/c/1340246
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57858}
In the chrome-side implementation I currently use the default
trap handlers of V8, see https://crrev.com/c/1290955
Bug: chromium:906565
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I74c5a18c479ad1c69303d104ad4f040de436c4e7
Reviewed-on: https://chromium-review.googlesource.com/c/1282960
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57636}
This is the V8 side of the implementation. You can take a look at a
prototype of the Chrome side changes in https://crrev.com/c/1273043.
Chrome could also use V8's default implementation of the trap handler,
see https://crrev.com/c/1290952.
Bug: v8:6743
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I9bb3e717db17a4f30bbb8acfd80a1f6510d463ff
Reviewed-on: https://chromium-review.googlesource.com/c/1283111
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57117}
This CL refactors the existing trap handler code for Linux to allow a
cleaner extension to Windows.
1) The CL extracts platform-specific code into separate files, see
https://docs.google.com/document/d/1HCgKIpdjy_CEodTLvZ5VuykDI6gGTHrTtau2j0zwm28.
Specifically this means:
* Move posix-specific API functions from v8.h to v8-wasm-trap-handler-posix.h.
Deprecate the existing TryHandleSignal API function.
* Move posix-specific function declarations from trap-handler-internal.h to
handler-inside-posix.h
* Move posix-specific function definitions from handler-shared.cc to
handler-outside-posix.cc
2) The CL changes filenames from *-linux.* to *-posix.*. I expect that
most of the implementation for MacOS will be the same as for Linux.
Bug: v8:6743
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I4bb7f199564a2f01042084d15a82311d11a93c7b
Reviewed-on: https://chromium-review.googlesource.com/c/1280324
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57028}
{ThreadInWasmScope} in only used in a single location, which is in a
test. It does not look like many more such places will show up.
R=titzer@chromium.org,
Bug: v8:8015
Change-Id: I89f6f7e2bd13e2882e65f7657d73ba59a6c71757
Reviewed-on: https://chromium-review.googlesource.com/1193446
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55486}
As far as I understand the TODO, it has been resolved already some lines
below:
if (kEnableDebug) {
VerifyCodeRangeIsDisjoint(data);
}
bug: v8:8015
R=titzer@chromium.org
Change-Id: I3686ad609b7c04e56b14ad2d1ccb265ac260bac7
Reviewed-on: https://chromium-review.googlesource.com/1185012
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55311}
Avoid the C-call to switch the flag, just store to the address
directly. Since js-to-wasm wrappers are still isolate dependent,
we just store the address of the thread-local flag in the isolate
(in ThreadLocalTop) and update it if threads are switched.
R=ahaas@chromium.org, mstarzinger@chromium.org
Bug: chromium:862123, v8:5277
Change-Id: I9e8a40094f11a8b3ba6701dfa7fa026a2d052cb1
Reviewed-on: https://chromium-review.googlesource.com/1136299
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54531}
We had four files in git which used CRLF. After adding a .gitattributes
file with "* text=auto", we should not get any new ones. This CL
converts the four existing files to LF.
R=mathias@chromium.org
Bug: v8:7570
Change-Id: Ia9c92f4bed14c6669de7d60390627a11de6450b8
Reviewed-on: https://chromium-review.googlesource.com/1047611
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Mathias Bynens <mathias@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53046}
If trap handlers cannot be installed, we printed two lines to stdout
and stderr, both not terminated by a newline. This CL adds a newline to
one output and uses the FATAL macro for the other, highlighting the
error better and showing the location where it happens.
R=eholk@chromium.org
Bug: v8:7570
Change-Id: Ic24f48f92b87528e0fd5889badf2c90d765e451a
Reviewed-on: https://chromium-review.googlesource.com/1047606
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53043}
In preparing for adding trap-based bounds checking to Windows, this
change refactors the code to separate the platform-specific portions
from that which can be shared between platforms.
Internally, we've renamed `RegisterDefaultSignalHandler` to
`RegisterDefaultTrapHandler` to more accurately represent the
difference in terminology between Linux (signals) and Windows
(exceptions). The external API is left the same so as not to break
downstream clients.
This CL is primarily to make room for Windows support. Future CLs
will begin adding support for Windows.
This is a reincarnation of https://crrev.com/c/626558.
Bug: v8:6743
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Iaa8bfd68c14cd1d17933b12c24cb8dd5ee8a21d6
Reviewed-on: https://chromium-review.googlesource.com/998829
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#53006}
The "Address" type is V8's general-purpose type for manipulating memory
addresses. Per the C++ spec, pointer arithmetic and pointer comparisons
are undefined behavior except within the same array; since we generally
don't operate within a C++ array, our general-purpose type shouldn't be
a pointer type.
Bug: v8:3770
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib96016c24a0f18bcdba916dabd83e3f24a1b5779
Reviewed-on: https://chromium-review.googlesource.com/988657
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52601}
The first part of this change updates StoreMem_offset_oob_i64 to use one page of
Wasm memory, rather than just a few bytes. Using less than a page was out of
spec for Wasm anyway, so this is better.
This required a small change in the test runner to set and clear the
thread_in_wasm flag around Wasm calls. This was accomplished by a
ThreadInWasmScope convenience class.
The majority of the changes are because the cctest environment does not support
runtime exceptions. In the code generator, where we used to throw a
WasmMemOutOfBounds exception, we now need to call out to the test hook instead
if runtime exceptions are not supported. This involved plumbing the
runtime_exception_support flag down to the code generator. Rather than adding
and shuffling around extra parameters everywhere, this CL packages the previous
protected instruction list in a new WasmCompilationData object that now includes
the runtime_exception_support flag as well.
Bug: v8:5277
Change-Id: Ic9c9e5a53a07a7773b58c0aee7c26bbd2ddf82f3
Reviewed-on: https://chromium-review.googlesource.com/989017
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52368}
Now that WebAssembly code has moved off the garbage collected heap, it
is no longer subject to relocation and support for updating the base
address for the purposes of trap handling can be removed.
R=eholk@chromium.org
BUG=v8:7549
Change-Id: I7a98f192e0c91274fa2ccdb59cdd106da6217948
Reviewed-on: https://chromium-review.googlesource.com/978248
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52207}
This CL also deprecates V8::RegisterDefaultSignalHandler. Now instead of
using the old API, clients should call V8::EnableWebAssemblyTrapHandler.
Just setting the --wasm-trap-handler flag will no longer have any
effect.
Bug: v8:5277
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: Idd862185af9abcd4a3c845c02f9e916e8b56f114
Reviewed-on: https://chromium-review.googlesource.com/965005
Reviewed-by: Karl Schimpf <kschimpf@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52126}
The new API supersedes the old `RegisterDefaultSignalHandler` and flag
combination. Now the embedder must explicitly call
`EnableWebAssemblyTrapHandler` to activate the trap handler and optionally
install the default signal handler. The old flag is now used only by D8 to
decide whether to call this function.
Bug: v8:5277
Cq-Include-Trybots: luci.chromium.try:linux_chromium_rel_ng
Change-Id: I05fbb2138138bfc95b14361aabd712db84789b4a
Reviewed-on: https://chromium-review.googlesource.com/963179
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52081}
The type std::enable_if<cond> does always exist, it only makes sense to
check for std::enable_if<cond>::type. But the way this is used here we
also cannot do that, so just replace this by a good old "#ifdef DEBUG".
Drive-by: Minor unrelated cleanup (constexpr and ifdef).
R=eholk@chromium.org
Change-Id: I6bc27ee3adfd3ec3d38d61df67dd9cdff0faf2f7
Reviewed-on: https://chromium-review.googlesource.com/939387
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51612}
There were two failure paths where the CodeProtectionInfo object would not be
freed. This adds a free() on those paths to prevent a memory leak.
Bug: v8:7434
Change-Id: I48d60aee3255d829bf39b51cc30fabaf76b1fb07
Reviewed-on: https://chromium-review.googlesource.com/927746
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51408}
This check verifies that all .h files in the src/ directory have an
include guard of the form
#ifndef V8_PATH_TO_FILE_H_
#define V8_PATH_TO_FILE_H_
// ...
#endif // V8_PATH_TO_FILE_H_
The check can be skipped with a magic comment:
// PRESUBMIT_INTENTIONALLY_MISSING_INCLUDE_GUARD
Cq-Include-Trybots: luci.v8.try:v8_linux_noi18n_rel_ng;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: I0a7b96abec289ad60f64ba8418f1892a6969596d
Reviewed-on: https://chromium-review.googlesource.com/897487
Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Reviewed-by: Andreas Haas <ahaas@chromium.org>
Commit-Queue: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#51079}
The previous code assumed that trap handling was a global concept, defined
by function trap_handler::UseTrapHandler(). This CL does the first step
in changing the decision to be specifiable at a module level.
Therefore trap_handler::UseTrapHandler() is replaced by
trap_handler::IsTrapHandlerEnabled(), and communicates if compilation
supports the use of trap handlers (but still allowing the use of
bounds checking on memory accesses).
It then refactors the classes ModuleEnv and WasmCompiledModule to have
a field "use_trap_handler" that specifies if traps should be used for
the memory accesses in the module being compiled.
Bug: v8:7143
Change-Id: I9844842d5721c86c2dd55e911b42bf8b9922cf63
Reviewed-on: https://chromium-review.googlesource.com/802322
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49915}
This is the first step towards wasm code sharing. This CL moves wasm
code generation outside the JavaScript GC heap using the previously -
introduced WasmCodeManager (all this, behind the --wasm-jit-to-native
flag).
See design document: go/wasm-on-native-heap-stage-1
This CL doesn't change other wasm architectural invariants. We still
have per-Isolate wasm code generation, and per-wasm module instance
code specialization.
Bug:v8:6876
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_chromium_rel_ng
Change-Id: I1e08cecad75f93fb081545c31228a4568be276d3
Reviewed-on: https://chromium-review.googlesource.com/674086
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49689}
Instead of modifying this flag in compiled wasm code, we can just
change it in the caller / called code. This saves code space and
compilation time and fixes the referenced bug.
R=titzer@chromium.org, eholk@chromium.org
Bug: chromium:773631, v8:5277
Change-Id: I095158ac01eecd21a92649a3990e8d7c593db912
Reviewed-on: https://chromium-review.googlesource.com/712597
Reviewed-by: Ben Titzer <titzer@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48602}
This is a reland of cc237d872b
Original change's description:
> Reland "[wasm] trap handlers: fall back on old signal handler"
>
> This is a reland of ee4fe8963c
> Original change's description:
> > [wasm] trap handlers: fall back on old signal handler
> >
> > This is primarily needed to test D8 under ASan. ASan installs a signal handler
> > early in the process startup to show stack traces from crashes. We need to make
> > sure that if V8 does not handle a signal then the existing handler gets a
> > chance.
> >
> > This change only applies when using V8's default signal handler. When
> > integrating with the embedder's signal handler the behavior is unchanged.
> >
> > Bug: chromium:771948
> > Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe
> > Reviewed-on: https://chromium-review.googlesource.com/705823
> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> > Commit-Queue: Eric Holk <eholk@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48429}
>
> Bug: chromium:771948
> Change-Id: Ide307091c432fd933c48f89c51851b8dce44dd30
> Reviewed-on: https://chromium-review.googlesource.com/710114
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48435}
Bug: chromium:771948
Change-Id: I781dfe356a728760090b6ccfa58212096e8f20c8
Reviewed-on: https://chromium-review.googlesource.com/713956
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48474}
This reverts commit cc237d872b.
Reason for revert: breaks win clang:
https://build.chromium.org/p/client.v8/builders/V8%20Win64%20-%20clang/builds/8538
Original change's description:
> Reland "[wasm] trap handlers: fall back on old signal handler"
>
> This is a reland of ee4fe8963c
> Original change's description:
> > [wasm] trap handlers: fall back on old signal handler
> >
> > This is primarily needed to test D8 under ASan. ASan installs a signal handler
> > early in the process startup to show stack traces from crashes. We need to make
> > sure that if V8 does not handle a signal then the existing handler gets a
> > chance.
> >
> > This change only applies when using V8's default signal handler. When
> > integrating with the embedder's signal handler the behavior is unchanged.
> >
> > Bug: chromium:771948
> > Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe
> > Reviewed-on: https://chromium-review.googlesource.com/705823
> > Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> > Commit-Queue: Eric Holk <eholk@chromium.org>
> > Cr-Commit-Position: refs/heads/master@{#48429}
>
> Bug: chromium:771948
> Change-Id: Ide307091c432fd933c48f89c51851b8dce44dd30
> Reviewed-on: https://chromium-review.googlesource.com/710114
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48435}
TBR=mseaborn@chromium.org,bradnelson@chromium.org,gdeepti@chromium.org,eholk@chromium.org,mark@chromium.org
Change-Id: If71f61ae186fc6be2006edeb2dffd7e2b6827d91
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:771948
Reviewed-on: https://chromium-review.googlesource.com/711854
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Commit-Queue: Michael Achenbach <machenbach@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48436}
This is a reland of ee4fe8963c
Original change's description:
> [wasm] trap handlers: fall back on old signal handler
>
> This is primarily needed to test D8 under ASan. ASan installs a signal handler
> early in the process startup to show stack traces from crashes. We need to make
> sure that if V8 does not handle a signal then the existing handler gets a
> chance.
>
> This change only applies when using V8's default signal handler. When
> integrating with the embedder's signal handler the behavior is unchanged.
>
> Bug: chromium:771948
> Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe
> Reviewed-on: https://chromium-review.googlesource.com/705823
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48429}
Bug: chromium:771948
Change-Id: Ide307091c432fd933c48f89c51851b8dce44dd30
Reviewed-on: https://chromium-review.googlesource.com/710114
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48435}
This reverts commit ee4fe8963c.
Reason for revert: <INSERT REASONING HERE>
Original change's description:
> [wasm] trap handlers: fall back on old signal handler
>
> This is primarily needed to test D8 under ASan. ASan installs a signal handler
> early in the process startup to show stack traces from crashes. We need to make
> sure that if V8 does not handle a signal then the existing handler gets a
> chance.
>
> This change only applies when using V8's default signal handler. When
> integrating with the embedder's signal handler the behavior is unchanged.
>
> Bug: chromium:771948
> Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe
> Reviewed-on: https://chromium-review.googlesource.com/705823
> Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#48429}
TBR=mseaborn@chromium.org,bradnelson@chromium.org,gdeepti@chromium.org,eholk@chromium.org,mark@chromium.org
Change-Id: Ib43b096831b15c312b3b460e59f268d5ea903f21
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Bug: chromium:771948
Reviewed-on: https://chromium-review.googlesource.com/710034
Reviewed-by: Eric Holk <eholk@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48430}
This is primarily needed to test D8 under ASan. ASan installs a signal handler
early in the process startup to show stack traces from crashes. We need to make
sure that if V8 does not handle a signal then the existing handler gets a
chance.
This change only applies when using V8's default signal handler. When
integrating with the embedder's signal handler the behavior is unchanged.
Bug: chromium:771948
Change-Id: Ifd560acf9700ec5f714f009530258fa92c83cabe
Reviewed-on: https://chromium-review.googlesource.com/705823
Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48429}
Since code objects cannot grow larger than 2GB anyway, it's enough to
store the instruction offset and landing pad offset as 32-bit values.
This reduces the size of the ProtectedInstructionData struct by 50%.
R=eholk@chromium.org
Bug: v8:5277
Change-Id: I4d2e0dc76b8a853fb50d51d70d5ec4038ee594ac
Reviewed-on: https://chromium-review.googlesource.com/686757
Commit-Queue: Clemens Hammacher <clemensh@chromium.org>
Reviewed-by: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48192}
This is the first of a series of refactoring CLs to make way for
Windows trap handling support.
See https://chromium-review.googlesource.com/c/v8/v8/+/626558 as well.
Bug:
Change-Id: I5fe9ef9c1cec58a81e51fcffbbe4419e0e298ab7
Reviewed-on: https://chromium-review.googlesource.com/644104
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48191}
This CL includes validation code for the trap handler data structures in debug
mode to help catch issues like v8:6841 sooner in the future.
We also now eagerly initialize the free list pointers to make the logic of
finding the next free entry more obvious.
Bug: v8:5277
Change-Id: I13c3180c59b6152508c480e2042072a91e6ca977
Reviewed-on: https://chromium-review.googlesource.com/674128
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48186}
Previously, we would blindly register new handler data, leading to us leaking
the old handler data. This meant we could then end up with overlapping handler
data where the instruction offset and landing pads didn't line up right.
Bug: v8:6841
Change-Id: Iedcd75925b8d9d59c8f9accf288cae954fdc568f
Reviewed-on: https://chromium-review.googlesource.com/677632
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48144}
This is primarily to aid in testing the Wasm out of bounds trap handler. We
keep track of how many faults have been recovered by the Wasm trap handler. This
count is exposed to JavaScript through a testing-only runtime function. This
allows tests to verify whether the trap handler is actually running.
Bug: v8:5277
Change-Id: Ie8037a36d84eb08166c6e40c7225d912683d5786
Reviewed-on: https://chromium-review.googlesource.com/665968
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48076}
Specifically for base and libplatform I was the only owner. Adding mlippautz@
there.
R=danno@chromium.org
Change-Id: I246b72141abc932d9caf7dcb7485e458283d4a9f
Reviewed-on: https://chromium-review.googlesource.com/551899
Reviewed-by: Daniel Clifford <danno@chromium.org>
Commit-Queue: Jochen Eisinger <jochen@chromium.org>
Cr-Commit-Position: refs/heads/master@{#46275}
This was causing GC stress failures. Garbage collections can happen during
runtime calls, such was WasmStackGuard. If the collection cleans up Wasm
objects, then they will have to modify the trap handler data structures, which
requires taking a lock. This lock can only be taken if the thread-in-wasm flag
is clear. We were getting crashes because this flag was not clear.
This change fixes the issue by making sure any runtime calls from Wasm clear the
thread-in-wasm flag and then restore it upon return. In addition, it cleans up
the code by adding a helper function that generates the code to modify the flag.
BUG= v8:6132
Change-Id: I95d43388dff60ba792c57fe13448a40a02ed4802
Reviewed-on: https://chromium-review.googlesource.com/458698
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#44165}
Android sets both V8_OS_ANDROID and V8_OS_LINUX. For the Wasm trap
handler, the difference between these OSes matters.
BUG= chromium:701590
Change-Id: I5ae703a1d932c8a63e499ad39a057ad1871a2ab1
Reviewed-on: https://chromium-review.googlesource.com/455556
Commit-Queue: Eric Holk <eholk@chromium.org>
Commit-Queue: Brad Nelson <bradnelson@chromium.org>
Reviewed-by: Brad Nelson <bradnelson@chromium.org>
Cr-Commit-Position: refs/heads/master@{#43807}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43755}
Committed: 338622d7ca
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43759}
Reason for revert:
ASAN breakage, such as https://build.chromium.org/p/client.v8/builders/V8%20Linux64%20ASAN/builds/19111/steps/Check/logs/grow-memory
Original issue's description:
> [wasm] Initial signal handler
>
> This is basically the minimum viable signal handler for Wasm bounds checks.
> It includes the TLS check and the fine grained instructions checks. These
> two checks provide most of the safety for the signal handler. Future CLs will
> add code range and data range checks for more robustness.
>
> The trap handling code and data structures are all in src/trap-handler, with
> the code that actually runs in the signal handler confined to
> src/trap-handler/signal-handler.cc.
>
> This changes adds a new V8 API that the embedder should call from a signal
> handler that will give V8 the chance to handle the fault first. For hosts that
> do not want to implement their own signal handler, we include the option to
> install a simple one. This simple handler is also used for the tests.
>
> When a Wasm module is instantiated, information about each function is passed
> to the trap handler, which is used to classify faults. These are removed during
> the instance finalizer.
>
> Several future enhancements are planned before turning this on by default.
> Obviously, the additional checks will be added to MaybeHandleFault. We are
> also planning to add a two-level CodeObjectData table that is grouped by
> isolates to make cleanup easier and also reduce potential for contending on
> a single data structure.
>
> BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
>
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Original-Commit-Position: refs/heads/master@{#43523}
> Committed: a5af7fe9ee
> Review-Url: https://codereview.chromium.org/2371833007
> Cr-Commit-Position: refs/heads/master@{#43755}
> Committed: 338622d7caTBR=ahaas@chromium.org,bradnelson@google.com,hpayer@chromium.org,jochen@chromium.org,mark@chromium.org,mseaborn@chromium.org,titzer@chromium.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2744383002
Cr-Commit-Position: refs/heads/master@{#43757}
This is basically the minimum viable signal handler for Wasm bounds checks.
It includes the TLS check and the fine grained instructions checks. These
two checks provide most of the safety for the signal handler. Future CLs will
add code range and data range checks for more robustness.
The trap handling code and data structures are all in src/trap-handler, with
the code that actually runs in the signal handler confined to
src/trap-handler/signal-handler.cc.
This changes adds a new V8 API that the embedder should call from a signal
handler that will give V8 the chance to handle the fault first. For hosts that
do not want to implement their own signal handler, we include the option to
install a simple one. This simple handler is also used for the tests.
When a Wasm module is instantiated, information about each function is passed
to the trap handler, which is used to classify faults. These are removed during
the instance finalizer.
Several future enhancements are planned before turning this on by default.
Obviously, the additional checks will be added to MaybeHandleFault. We are
also planning to add a two-level CodeObjectData table that is grouped by
isolates to make cleanup easier and also reduce potential for contending on
a single data structure.
BUG= https://bugs.chromium.org/p/v8/issues/detail?id=5277
Review-Url: https://codereview.chromium.org/2371833007
Cr-Original-Commit-Position: refs/heads/master@{#43523}
Committed: a5af7fe9ee
Review-Url: https://codereview.chromium.org/2371833007
Cr-Commit-Position: refs/heads/master@{#43755}
