Skip to content

Commit 5315d3e

Browse files
kripkenkripken
authored
[StackSwitching] Continuations trap on the JS boundary (#8452)
1 parent ee4f82d commit 5315d3e

4 files changed

Lines changed: 59 additions & 74 deletions

File tree

src/tools/execution-results.h

Lines changed: 19 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ struct LoggingExternalInterface : public ShellExternalInterface {
150150
auto f = [import, this](const Literals& arguments) -> Flow {
151151
if (import->module == "fuzzing-support") {
152152
if (import->base.startsWith("log")) {
153-
// This is a logging function like log-i32 or log-f64
153+
// This is a logging function like log-i32 or log-f64.
154154
std::cout << "[LoggingExternalInterface ";
155155
if (import->base == "log-branch") {
156156
// Report this as a special logging, so we can differentiate it
@@ -319,13 +319,8 @@ struct LoggingExternalInterface : public ShellExternalInterface {
319319
Literals arguments;
320320
for (const auto& param : sig.params) {
321321
// An i64 param can work from JS, but fuzz_shell provides 0, which errors
322-
// on attempts to convert it to BigInt. v128 is disallowed.
323-
if (param == Type::i64 || param == Type::v128) {
324-
throwJSException();
325-
}
326-
// Exnref and nullexnref are also disallowed.
327-
if (param.isRef() &&
328-
HeapType(param.getHeapType().getTop()).isMaybeShared(HeapType::exn)) {
322+
// on attempts to convert it to BigInt. Also trap on v128 etc.
323+
if (param == Type::i64 || trapsOnJSBoundary(param)) {
329324
throwJSException();
330325
}
331326
if (!param.isDefaultable()) {
@@ -339,9 +334,7 @@ struct LoggingExternalInterface : public ShellExternalInterface {
339334
for (const auto& result : sig.results) {
340335
// An i64 result is fine: a BigInt will be provided. But v128 and
341336
// [null]exnref still error.
342-
if (result == Type::v128 ||
343-
(result.isRef() && HeapType(result.getHeapType().getTop())
344-
.isMaybeShared(HeapType::exn))) {
337+
if (trapsOnJSBoundary(result)) {
345338
throwJSException();
346339
}
347340
}
@@ -356,6 +349,21 @@ struct LoggingExternalInterface : public ShellExternalInterface {
356349
return flow.values;
357350
}
358351

352+
bool trapsOnJSBoundary(Type type) {
353+
if (type == Type::v128) {
354+
return true;
355+
}
356+
if (type.isRef()) {
357+
// Exnref and [null][exn|cont]ref trap.
358+
HeapType top = type.getHeapType().getTop();
359+
if (top.isMaybeShared(HeapType::exn) ||
360+
top.isMaybeShared(HeapType::cont)) {
361+
return true;
362+
}
363+
}
364+
return false;
365+
}
366+
359367
void setModuleRunner(ModuleRunner* instance_) { instance = instance_; }
360368
};
361369

src/tools/fuzzing/fuzzing.cpp

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -45,9 +45,6 @@ std::vector<Type> getLoggableTypes(const FeatureSet& features) {
4545
loggableTypes.push_back(Type(HeapType::func, Nullable));
4646
loggableTypes.push_back(Type(HeapType::ext, Nullable));
4747
}
48-
if (features.hasStackSwitching()) {
49-
loggableTypes.push_back(Type(HeapType::cont, Nullable));
50-
}
5148
// Note: exnref traps on the JS boundary, so we cannot try to log it.
5249
}
5350

test/lit/exec/fuzzing-api.wast

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@
99
(import "fuzzing-support" "log-f64" (func $log-f64 (param f64)))
1010
(import "fuzzing-support" "log-anyref" (func $log-anyref (param anyref)))
1111
(import "fuzzing-support" "log-funcref" (func $log-funcref (param funcref)))
12-
(import "fuzzing-support" "log-contref" (func $log-contref (param contref)))
1312
(import "fuzzing-support" "log-externref" (func $log-externref (param externref)))
1413

1514
(import "fuzzing-support" "throw" (func $throw (param i32)))
@@ -43,7 +42,6 @@
4342
;; CHECK-NEXT: [LoggingExternalInterface logging object]
4443
;; CHECK-NEXT: [LoggingExternalInterface logging function]
4544
;; CHECK-NEXT: [LoggingExternalInterface logging null]
46-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
4745
(func $logging (export "logging")
4846
(call $log-i32
4947
(i32.const 42)
@@ -64,9 +62,6 @@
6462
(call $log-funcref
6563
(ref.func $logging)
6664
)
67-
(call $log-contref
68-
(ref.null cont)
69-
)
7065
(call $log-externref
7166
(ref.null extern)
7267
)
@@ -139,7 +134,6 @@
139134
;; CHECK-NEXT: [LoggingExternalInterface logging object]
140135
;; CHECK-NEXT: [LoggingExternalInterface logging function]
141136
;; CHECK-NEXT: [LoggingExternalInterface logging null]
142-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
143137
;; CHECK-NEXT: [exception thrown: imported-js-tag externref(0)]
144138
(func $export.calling (export "export.calling")
145139
;; At index 0 in the exports we have $logging, so we will do those loggings.
@@ -162,7 +156,6 @@
162156
;; CHECK-NEXT: [LoggingExternalInterface logging object]
163157
;; CHECK-NEXT: [LoggingExternalInterface logging function]
164158
;; CHECK-NEXT: [LoggingExternalInterface logging null]
165-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
166159
;; CHECK-NEXT: [exception thrown: imported-js-tag externref(0)]
167160
(func $export.calling.rethrow (export "export.calling.rethrow")
168161
;; As above, but the second param is different.
@@ -186,7 +179,6 @@
186179
;; CHECK-NEXT: [LoggingExternalInterface logging object]
187180
;; CHECK-NEXT: [LoggingExternalInterface logging function]
188181
;; CHECK-NEXT: [LoggingExternalInterface logging null]
189-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
190182
;; CHECK-NEXT: [LoggingExternalInterface logging 0]
191183
;; CHECK-NEXT: [LoggingExternalInterface logging 1]
192184
(func $export.calling.catching (export "export.calling.catching")
@@ -212,7 +204,6 @@
212204
;; CHECK-NEXT: [LoggingExternalInterface logging object]
213205
;; CHECK-NEXT: [LoggingExternalInterface logging function]
214206
;; CHECK-NEXT: [LoggingExternalInterface logging null]
215-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
216207
;; CHECK-NEXT: [exception thrown: imported-js-tag externref(0)]
217208
(func $ref.calling (export "ref.calling")
218209
;; This will emit some logging.
@@ -235,7 +226,6 @@
235226
;; CHECK-NEXT: [LoggingExternalInterface logging object]
236227
;; CHECK-NEXT: [LoggingExternalInterface logging function]
237228
;; CHECK-NEXT: [LoggingExternalInterface logging null]
238-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
239229
;; CHECK-NEXT: [exception thrown: imported-js-tag externref(0)]
240230
(func $ref.calling.rethrow (export "ref.calling.rethrow")
241231
;; As with calling an export, when we set the flags to 1 exceptions are
@@ -258,7 +248,6 @@
258248
;; CHECK-NEXT: [LoggingExternalInterface logging object]
259249
;; CHECK-NEXT: [LoggingExternalInterface logging function]
260250
;; CHECK-NEXT: [LoggingExternalInterface logging null]
261-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
262251
;; CHECK-NEXT: [LoggingExternalInterface logging 0]
263252
;; CHECK-NEXT: [LoggingExternalInterface logging 1]
264253
(func $ref.calling.catching (export "ref.calling.catching")
@@ -516,7 +505,6 @@
516505
;; CHECK-NEXT: [LoggingExternalInterface logging object]
517506
;; CHECK-NEXT: [LoggingExternalInterface logging function]
518507
;; CHECK-NEXT: [LoggingExternalInterface logging null]
519-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
520508

521509
;; CHECK: [fuzz-exec] calling throwing
522510
;; CHECK-NEXT: [exception thrown: imported-js-tag externref(0)]
@@ -539,7 +527,6 @@
539527
;; CHECK-NEXT: [LoggingExternalInterface logging object]
540528
;; CHECK-NEXT: [LoggingExternalInterface logging function]
541529
;; CHECK-NEXT: [LoggingExternalInterface logging null]
542-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
543530
;; CHECK-NEXT: [exception thrown: imported-js-tag externref(0)]
544531

545532
;; CHECK: [fuzz-exec] calling export.calling.rethrow
@@ -549,7 +536,6 @@
549536
;; CHECK-NEXT: [LoggingExternalInterface logging object]
550537
;; CHECK-NEXT: [LoggingExternalInterface logging function]
551538
;; CHECK-NEXT: [LoggingExternalInterface logging null]
552-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
553539
;; CHECK-NEXT: [exception thrown: imported-js-tag externref(0)]
554540

555541
;; CHECK: [fuzz-exec] calling export.calling.catching
@@ -559,7 +545,6 @@
559545
;; CHECK-NEXT: [LoggingExternalInterface logging object]
560546
;; CHECK-NEXT: [LoggingExternalInterface logging function]
561547
;; CHECK-NEXT: [LoggingExternalInterface logging null]
562-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
563548
;; CHECK-NEXT: [LoggingExternalInterface logging 0]
564549
;; CHECK-NEXT: [LoggingExternalInterface logging 1]
565550

@@ -570,7 +555,6 @@
570555
;; CHECK-NEXT: [LoggingExternalInterface logging object]
571556
;; CHECK-NEXT: [LoggingExternalInterface logging function]
572557
;; CHECK-NEXT: [LoggingExternalInterface logging null]
573-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
574558
;; CHECK-NEXT: [exception thrown: imported-js-tag externref(0)]
575559

576560
;; CHECK: [fuzz-exec] calling ref.calling.rethrow
@@ -580,7 +564,6 @@
580564
;; CHECK-NEXT: [LoggingExternalInterface logging object]
581565
;; CHECK-NEXT: [LoggingExternalInterface logging function]
582566
;; CHECK-NEXT: [LoggingExternalInterface logging null]
583-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
584567
;; CHECK-NEXT: [exception thrown: imported-js-tag externref(0)]
585568

586569
;; CHECK: [fuzz-exec] calling ref.calling.catching
@@ -590,7 +573,6 @@
590573
;; CHECK-NEXT: [LoggingExternalInterface logging object]
591574
;; CHECK-NEXT: [LoggingExternalInterface logging function]
592575
;; CHECK-NEXT: [LoggingExternalInterface logging null]
593-
;; CHECK-NEXT: [LoggingExternalInterface logging null]
594576
;; CHECK-NEXT: [LoggingExternalInterface logging 0]
595577
;; CHECK-NEXT: [LoggingExternalInterface logging 1]
596578

test/passes/translate-to-fuzz_all-features_metrics_noprint.txt

Lines changed: 40 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -1,52 +1,50 @@
11
Metrics
22
total
3-
[exports] : 21
4-
[funcs] : 18
3+
[exports] : 17
4+
[funcs] : 10
55
[globals] : 26
6-
[imports] : 11
6+
[imports] : 10
77
[memories] : 1
88
[memory-data] : 16
9-
[table-data] : 6
9+
[table-data] : 9
1010
[tables] : 2
11-
[tags] : 2
12-
[total] : 680
13-
[vars] : 68
14-
ArrayNewFixed : 15
15-
Binary : 34
16-
Block : 114
17-
BrOn : 3
18-
Break : 8
19-
Call : 31
20-
CallRef : 1
21-
Const : 130
22-
Drop : 12
23-
GlobalGet : 64
24-
GlobalSet : 50
25-
I31Get : 1
26-
If : 32
27-
Load : 3
28-
LocalGet : 14
29-
LocalSet : 11
30-
Loop : 7
11+
[tags] : 1
12+
[total] : 482
13+
[vars] : 50
14+
ArrayNewFixed : 11
15+
Binary : 26
16+
Block : 76
17+
BrOn : 1
18+
Break : 9
19+
Call : 12
20+
Const : 88
21+
Drop : 7
22+
GlobalGet : 44
23+
GlobalSet : 32
24+
I31Get : 2
25+
If : 25
26+
Load : 6
27+
LocalGet : 10
28+
LocalSet : 12
29+
Loop : 6
3130
Nop : 9
32-
Pop : 1
31+
Pop : 2
3332
RefAs : 1
34-
RefEq : 5
35-
RefFunc : 8
36-
RefI31 : 8
37-
RefIsNull : 1
38-
RefNull : 3
39-
Return : 11
40-
SIMDLoad : 1
41-
Store : 4
42-
StringConst : 7
33+
RefEq : 4
34+
RefFunc : 11
35+
RefI31 : 10
36+
RefIsNull : 2
37+
RefNull : 4
38+
Return : 3
39+
Store : 2
40+
StringConst : 3
4341
StringEncode : 1
4442
StringWTF16Get : 1
45-
StructNew : 9
46-
Throw : 2
47-
Try : 3
48-
TryTable : 5
49-
TupleExtract : 1
50-
TupleMake : 8
51-
Unary : 36
52-
Unreachable : 25
43+
StructNew : 4
44+
TableSet : 2
45+
Throw : 1
46+
Try : 2
47+
TryTable : 6
48+
TupleMake : 6
49+
Unary : 25
50+
Unreachable : 16

0 commit comments

Comments
 (0)