finding 2: add WASM-compatible error recovery boundary in bbapi

In WASM builds, BB_NO_EXCEPTIONS is defined which compiles out the
try-catch in bbapi() and routes throw_or_abort to std::abort(). This
kills the WASM process on any error with no recovery.

Add a setjmp/longjmp recovery boundary: bbapi() calls setjmp before
execute(), and throw_or_abort_impl checks if recovery is active before
aborting. On error, longjmp returns control to bbapi() which returns
an ErrorResponse via the normal msgpack path.

longjmp skips C++ destructors on unwound stack frames, which can leak
memory. In WASM this is bounded by linear memory and acceptable vs
the alternative of process termination.

Enable the CBind.CatchesExceptionAndReturnsErrorResponse test for
BB_NO_EXCEPTIONS builds, since error recovery now works in both
native (try-catch) and no-exceptions (setjmp/longjmp) configurations.

Author: johnathan79717

barretenberg/cpp/src/barretenberg/bbapi/c_bind.cpp

@@ -6,6 +6,9 @@
 #ifndef NO_MULTITHREADING
 #include <mutex>
 #endif
+#ifdef BB_NO_EXCEPTIONS
+#include <csetjmp>
+#endif
 
 namespace bb::bbapi {
 
@@ -15,6 +18,35 @@ namespace {
 BBApiRequest global_request;
 } // namespace
 
+#ifdef BB_NO_EXCEPTIONS
+// Recovery state for builds where C++ exceptions are disabled (WASM).
+// When throw_or_abort is called during command execution, longjmp returns
+// control to the setjmp point in bbapi() so it can return an ErrorResponse
+// instead of aborting the process.
+// Note: longjmp skips C++ destructors on the unwound stack frames. In WASM
+// this causes bounded memory leaks (no kernel resources to leak), which is
+// strictly better than the alternative of process termination via std::abort().
+namespace {
+// NOLINTNEXTLINE(cppcoreguidelines-avoid-non-const-global-variables)
+thread_local std::jmp_buf error_jmp_buf;
+// NOLINTNEXTLINE(cppcoreguidelines-avoid-non-const-global-variables)
+thread_local std::string error_message;
+// NOLINTNEXTLINE(cppcoreguidelines-avoid-non-const-global-variables)
+thread_local bool recovery_active = false;
+} // namespace
+
+bool bbapi_recovery_active()
+{
+    return recovery_active;
+}
+
+void bbapi_recover_with_message(const char* msg)
+{
+    error_message = msg;
+    std::longjmp(error_jmp_buf, 1); // NOLINT(cert-err52-cpp)
+}
+#endif
+
 /**
  * @brief Main API function that processes commands and returns responses
  *
@@ -25,13 +57,19 @@ CommandResponse bbapi(Command&& command)
 {
 #ifndef BB_NO_EXCEPTIONS
     try {
-#endif
-        // Execute the command using the global request and return the response
         return execute(global_request, std::move(command));
-#ifndef BB_NO_EXCEPTIONS
     } catch (const std::exception& e) {
         return ErrorResponse{ .message = e.what() };
     }
+#else
+    recovery_active = true;
+    if (setjmp(error_jmp_buf) != 0) {
+        recovery_active = false;
+        return ErrorResponse{ .message = std::move(error_message) };
+    }
+    auto result = execute(global_request, std::move(command));
+    recovery_active = false;
+    return result;
 #endif
 }
 

barretenberg/cpp/src/barretenberg/bbapi/c_bind.hpp

@@ -6,6 +6,14 @@
 namespace bb::bbapi {
 // Function declaration for CLI usage
 CommandResponse bbapi(Command&& command);
+
+#ifdef BB_NO_EXCEPTIONS
+// Recovery boundary for builds without C++ exceptions (WASM).
+// throw_or_abort_impl checks bbapi_recovery_active() and calls
+// bbapi_recover_with_message() to longjmp back to bbapi() instead of aborting.
+bool bbapi_recovery_active();
+[[noreturn]] void bbapi_recover_with_message(const char* msg);
+#endif
 } // namespace bb::bbapi
 
 // Forward declaration for CBIND

barretenberg/cpp/src/barretenberg/bbapi/c_bind_exception.test.cpp

@@ -7,9 +7,8 @@
 
 using namespace bb::bbapi;
 
-#ifndef BB_NO_EXCEPTIONS
-
-// Test that exceptions thrown during command execution are caught and converted to ErrorResponse
+// Test that exceptions/errors during command execution are caught and converted to ErrorResponse.
+// Works in both native builds (via try-catch) and BB_NO_EXCEPTIONS builds (via setjmp/longjmp recovery).
 TEST(CBind, CatchesExceptionAndReturnsErrorResponse)
 {
     // Create an SrsInitSrs command with invalid data that will cause an exception
@@ -58,10 +57,3 @@ TEST(CBind, ValidOperationReturnsSuccess)
     bool is_shutdown = std::holds_alternative<Shutdown::Response>(response.get());
     EXPECT_TRUE(is_shutdown) << "Expected Shutdown::Response variant";
 }
-
-#else
-TEST(CBind, ExceptionsDisabled)
-{
-    GTEST_SKIP() << "Skipping exception handling tests when BB_NO_EXCEPTIONS is defined";
-}
-#endif

barretenberg/cpp/src/barretenberg/env/throw_or_abort_impl.cpp

@@ -4,6 +4,9 @@
 #ifdef STACKTRACES
 #include <backward.hpp>
 #endif
+#ifdef BB_NO_EXCEPTIONS
+#include "barretenberg/bbapi/c_bind.hpp"
+#endif
 
 inline void abort_with_message [[noreturn]] (std::string const& err)
 {
@@ -24,6 +27,11 @@ WASM_EXPORT void throw_or_abort_impl [[noreturn]] (const char* err)
 #ifndef BB_NO_EXCEPTIONS
     throw std::runtime_error(err);
 #else
+    // If bbapi() has set up a recovery boundary, longjmp back to it
+    // so it can return an ErrorResponse instead of aborting.
+    if (bb::bbapi::bbapi_recovery_active()) {
+        bb::bbapi::bbapi_recover_with_message(err);
+    }
     abort_with_message(err);
 #endif
 }