[wasm] Track and expose number of recovered Wasm faults

This is primarily to aid in testing the Wasm out of bounds trap handler. We keep track of how many faults have been recovered by the Wasm trap handler. This count is exposed to JavaScript through a testing-only runtime function. This allows tests to verify whether the trap handler is actually running. Bug: v8:5277 Change-Id: Ie8037a36d84eb08166c6e40c7225d912683d5786 Reviewed-on: https://chromium-review.googlesource.com/665968 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#48076}

[wasm] Track and expose number of recovered Wasm faults
This is primarily to aid in testing the Wasm out of bounds trap handler. We keep track of how many faults have been recovered by the Wasm trap handler. This count is exposed to JavaScript through a testing-only runtime function. This allows tests to verify whether the trap handler is actually running. Bug: v8:5277 Change-Id: Ie8037a36d84eb08166c6e40c7225d912683d5786 Reviewed-on: https://chromium-review.googlesource.com/665968 Commit-Queue: Eric Holk <eholk@chromium.org> Reviewed-by: Mircea Trofin <mtrofin@chromium.org> Cr-Commit-Position: refs/heads/master@{#48076}
5b127a97 · Eric Holk · Commit Bot · 52531a6b · 5b127a97 · 5b127a97
Commit 5b127a97 authored Sep 19, 2017 by Eric Holk Committed by Commit Bot Sep 19, 2017
8 changed files
--- a/src/runtime/runtime-test.cc
+++ b/src/runtime/runtime-test.cc
@@ -866,6 +866,20 @@ RUNTIME_FUNCTION(Runtime_IsWasmCode) {
  return isolate->heap()->ToBoolean(is_js_to_wasm);
 }

+RUNTIME_FUNCTION(Runtime_IsWasmTrapHandlerEnabled) {
+  DisallowHeapAllocation no_gc;
+  DCHECK_EQ(0, args.length());
+  bool is_enabled = trap_handler::UseTrapHandler();
+  return isolate->heap()->ToBoolean(is_enabled);
+}
+
+RUNTIME_FUNCTION(Runtime_GetWasmRecoveredTrapCount) {
+  HandleScope shs(isolate);
+  DCHECK_EQ(0, args.length());
+  size_t trap_count = trap_handler::GetRecoveredTrapCount();
+  return *isolate->factory()->NewNumberFromSize(trap_count);
+}
+
 #define ELEMENTS_KIND_CHECK_RUNTIME_FUNCTION(Name)       \
  RUNTIME_FUNCTION(Runtime_Has##Name) {                  \
    CONVERT_ARG_CHECKED(JSObject, obj, 0);               \

--- a/src/runtime/runtime.h
+++ b/src/runtime/runtime.h
@@ -609,6 +609,8 @@ namespace internal {
  F(DeserializeWasmModule, 2, 1)              \
  F(IsAsmWasmCode, 1, 1)                      \
  F(IsWasmCode, 1, 1)                         \
+  F(IsWasmTrapHandlerEnabled, 0, 1)           \
+  F(GetWasmRecoveredTrapCount, 0, 1)          \
  F(DisallowCodegenFromStrings, 0, 1)         \
  F(ValidateWasmInstancesChain, 2, 1)         \
  F(ValidateWasmModuleState, 1, 1)            \

--- a/src/trap-handler/handler-inside.cc
+++ b/src/trap-handler/handler-inside.cc
@@ -126,6 +126,11 @@ bool TryHandleSignal(int signum, siginfo_t* info, ucontext_t* context) {
            // return to the landing pad.
            context->uc_mcontext.gregs[REG_RIP] =
                data->instructions[i].landing_offset + base;
+
+            gRecoveredTrapCount.store(
+                gRecoveredTrapCount.load(std::memory_order_relaxed) + 1,
+                std::memory_order_relaxed);
+
            return true;
          }
        }

--- a/src/trap-handler/handler-outside.cc
+++ b/src/trap-handler/handler-outside.cc
@@ -186,6 +186,10 @@ bool RegisterDefaultSignalHandler() {
 #endif
 }

+size_t GetRecoveredTrapCount() {
+  return gRecoveredTrapCount.load(std::memory_order_relaxed);
+}
+
 }  // namespace trap_handler
 }  // namespace internal
 }  // namespace v8
--- a/src/trap-handler/handler-shared.cc
+++ b/src/trap-handler/handler-shared.cc
@@ -34,6 +34,7 @@ static_assert(sizeof(g_thread_in_wasm_code) > 1,

 size_t gNumCodeObjects = 0;
 CodeProtectionInfoListEntry* gCodeObjects = nullptr;
+std::atomic_size_t gRecoveredTrapCount = {0};

 std::atomic_flag MetadataLock::spinlock_ = ATOMIC_FLAG_INIT;


--- a/src/trap-handler/trap-handler-internal.h
+++ b/src/trap-handler/trap-handler-internal.h
@@ -60,6 +60,8 @@ struct CodeProtectionInfoListEntry {
 extern size_t gNumCodeObjects;
 extern CodeProtectionInfoListEntry* gCodeObjects;

+extern std::atomic_size_t gRecoveredTrapCount;
+
 }  // namespace trap_handler
 }  // namespace internal
 }  // namespace v8

--- a/src/trap-handler/trap-handler.h
+++ b/src/trap-handler/trap-handler.h
@@ -89,6 +89,8 @@ bool RegisterDefaultSignalHandler();
 bool TryHandleSignal(int signum, siginfo_t* info, ucontext_t* context);
 #endif  // V8_OS_LINUX

+size_t GetRecoveredTrapCount();
+
 }  // namespace trap_handler
 }  // namespace internal
 }  // namespace v8

--- a/test/mjsunit/wasm/module-memory.js
+++ b/test/mjsunit/wasm/module-memory.js
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

-// Flags: --expose-wasm --expose-gc --stress-compaction
+// Flags: --expose-wasm --expose-gc --stress-compaction --allow-natives-syntax

 load("test/mjsunit/wasm/wasm-constants.js");
 load("test/mjsunit/wasm/wasm-module-builder.js");
@@ -162,8 +162,12 @@ function testOOBThrows() {


  for (offset = 65534; offset < 66536; offset++) {
+    const trap_count = %GetWasmRecoveredTrapCount();
    assertTraps(kTrapMemOutOfBounds, read);
    assertTraps(kTrapMemOutOfBounds, write);
+    if (%IsWasmTrapHandlerEnabled()) {
+      assertEquals(trap_count + 2, %GetWasmRecoveredTrapCount());
+    }
  }
 }