Commit 1048a6b4 authored by Mircea Trofin's avatar Mircea Trofin Committed by Commit Bot

[wasm] Fix wasm-jit-to-native + W^X GC heap interaction issues

- in certain cases, we need both modification scopes because we may
mutate JS functions, even in the jit-to-native case - e.g. JS-to-wasm
wrappers
- added handling for wasm-to-wasm wrappers in the context of lazy
compilation.

Bug: v8:7105
Change-Id: I085c14e03ef0b08d040998f2207abf7bc3fff01c
Reviewed-on: https://chromium-review.googlesource.com/811285
Commit-Queue: Mircea Trofin <mtrofin@chromium.org>
Reviewed-by: 's avatarMichael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#49947}
parent 4aa0d017
......@@ -729,15 +729,11 @@ void WasmDebugInfo::RedirectToInterpreter(Handle<WasmDebugInfo> debug_info,
Handle<FixedArray> code_table = instance->compiled_module()->code_table();
CodeRelocationMapGC code_to_relocate_gc(isolate->heap());
// TODO(6792): No longer needed once WebAssembly code is off heap.
base::Optional<CodeSpaceMemoryModificationScope> modification_scope;
base::Optional<wasm::NativeModuleModificationScope>
native_module_modification_scope;
if (!FLAG_wasm_jit_to_native) {
modification_scope.emplace(isolate->heap());
} else {
native_module_modification_scope.emplace(native_module);
}
// We may modify js wrappers, as well as wasm functions. Hence the 2
// modification scopes.
CodeSpaceMemoryModificationScope modification_scope(isolate->heap());
wasm::NativeModuleModificationScope native_module_modification_scope(
native_module);
for (int func_index : func_indexes) {
DCHECK_LE(0, func_index);
......
......@@ -97,19 +97,15 @@ uint32_t TestingModuleBuilder::AddJsFunction(
*v8::Local<v8::Function>::Cast(CompileRun(source))));
uint32_t index = AddFunction(sig, nullptr);
js_imports_table->set(0, *isolate_->native_context());
// TODO(6792): No longer needed once WebAssembly code is off heap.
CodeSpaceMemoryModificationScope modification_scope(isolate_->heap());
Handle<Code> code = compiler::CompileWasmToJSWrapper(
isolate_, jsfunc, sig, index, test_module_.origin(),
trap_handler::IsTrapHandlerEnabled(), js_imports_table);
if (FLAG_wasm_jit_to_native) {
native_module_->ResizeCodeTableForTest(index);
Handle<Code> wrapper = compiler::CompileWasmToJSWrapper(
isolate_, jsfunc, sig, index, test_module_.origin(),
trap_handler::IsTrapHandlerEnabled(), js_imports_table);
native_module_->AddCodeCopy(wrapper, wasm::WasmCode::kWasmToJsWrapper,
index);
native_module_->AddCodeCopy(code, wasm::WasmCode::kWasmToJsWrapper, index);
} else {
// TODO(6792): No longer needed once WebAssembly code is off heap.
CodeSpaceMemoryModificationScope modification_scope(isolate_->heap());
Handle<Code> code = compiler::CompileWasmToJSWrapper(
isolate_, jsfunc, sig, index, test_module_.origin(),
trap_handler::IsTrapHandlerEnabled(), js_imports_table);
function_code_[index] = code;
}
return index;
......
......@@ -17,9 +17,7 @@ ALL_VARIANT_FLAGS = {
# https://chromium-review.googlesource.com/c/452620/ for more discussion.
"nooptimization": [["--noopt"]],
"stress_background_compile": [["--background-compile", "--stress-background-compile"]],
# TODO(7105): The --wasm-jit-to-native feature is not compatible with the
# --write-protect-code-memory feature (which has been enabled) yet.
"wasm_traps": [["--wasm_trap_handler", "--invoke-weak-callbacks", "--wasm-jit-to-native", "--no-write-protect-code-memory"]],
"wasm_traps": [["--wasm_trap_handler", "--invoke-weak-callbacks", "--wasm-jit-to-native"]],
}
# FAST_VARIANTS implies no --always-opt.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment