[wasm] Fix inconsistent stack state

During a stack switch, the stack state is temporarily inconsistent when the old stack is marked as "inactive" and the new stack is not yet marked as "active". Ensure that the WasmAllocateSuspender runtime function is not called in an inconsistent state. It can trigger a GC, and we need a consistent state to iterate the roots. Wait until the end of the function to mark the current stack as "inactive", so that it is still marked as "active" when it is potentially visited. R=clemensb@chromium.org Bug: v8:13272 Change-Id: I65fe76c3d222d9fa47d17b66069443ceabba47ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890919Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#83184}

[wasm] Fix inconsistent stack state
During a stack switch, the stack state is temporarily inconsistent when the old stack is marked as "inactive" and the new stack is not yet marked as "active". Ensure that the WasmAllocateSuspender runtime function is not called in an inconsistent state. It can trigger a GC, and we need a consistent state to iterate the roots. Wait until the end of the function to mark the current stack as "inactive", so that it is still marked as "active" when it is potentially visited. R=clemensb@chromium.org Bug: v8:13272 Change-Id: I65fe76c3d222d9fa47d17b66069443ceabba47ad Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3890919Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Cr-Commit-Position: refs/heads/main@{#83184}
6b13d258 · Thibaud Michaud · V8 LUCI CQ · f2b98fa8 · 6b13d258 · 6b13d258
Commit 6b13d258 authored Sep 13, 2022 by Thibaud Michaud Committed by V8 LUCI CQ Sep 14, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 4 deletions

builtins-arm64.cc src/builtins/arm64/builtins-arm64.cc +4 -2

builtins-x64.cc src/builtins/x64/builtins-x64.cc +4 -2

runtime-wasm.cc src/runtime/runtime-wasm.cc +5 -0

No files found.
--- a/src/builtins/arm64/builtins-arm64.cc
+++ b/src/builtins/arm64/builtins-arm64.cc
@@ -3106,8 +3106,6 @@ void FillJumpBuffer(MacroAssembler* masm, Register jmpbuf, Label* pc,
  __ Str(tmp, MemOperand(jmpbuf, wasm::kJmpBufStackLimitOffset));
  __ Adr(tmp, pc);
  __ Str(tmp, MemOperand(jmpbuf, wasm::kJmpBufPcOffset));
-  SwitchStackState(masm, jmpbuf, tmp, wasm::JumpBuffer::Active,
-                   wasm::JumpBuffer::Inactive);
 }

 void LoadJumpBuffer(MacroAssembler* masm, Register jmpbuf, bool load_pc,
@@ -4423,6 +4421,8 @@ void Builtins::Generate_WasmSuspend(MacroAssembler* masm) {
      FieldMemOperand(continuation, WasmContinuationObject::kJmpbufOffset),
      kWasmContinuationJmpbufTag);
  FillJumpBuffer(masm, jmpbuf, &resume, scratch);
+  SwitchStackState(masm, jmpbuf, scratch, wasm::JumpBuffer::Active,
+                   wasm::JumpBuffer::Inactive);
  __ Move(scratch, Smi::FromInt(WasmSuspenderObject::kSuspended));
  __ StoreTaggedField(
      scratch,
@@ -4573,6 +4573,8 @@ void Generate_WasmResumeHelper(MacroAssembler* masm, wasm::OnResume on_resume) {
                      WasmContinuationObject::kJmpbufOffset),
      kWasmContinuationJmpbufTag);
  FillJumpBuffer(masm, current_jmpbuf, &suspend, scratch);
+  SwitchStackState(masm, current_jmpbuf, scratch, wasm::JumpBuffer::Active,
+                   wasm::JumpBuffer::Inactive);
  FREE_REG(current_jmpbuf);

  // -------------------------------------------

--- a/src/builtins/x64/builtins-x64.cc
+++ b/src/builtins/x64/builtins-x64.cc
@@ -2889,8 +2889,6 @@ void FillJumpBuffer(MacroAssembler* masm, Register jmpbuf, Label* pc) {
  __ movq(MemOperand(jmpbuf, wasm::kJmpBufStackLimitOffset), kScratchRegister);
  __ leaq(kScratchRegister, MemOperand(pc, 0));
  __ movq(MemOperand(jmpbuf, wasm::kJmpBufPcOffset), kScratchRegister);
-  SwitchStackState(masm, jmpbuf, wasm::JumpBuffer::Active,
-                   wasm::JumpBuffer::Inactive);
 }

 void LoadJumpBuffer(MacroAssembler* masm, Register jmpbuf, bool load_pc) {
@@ -3982,6 +3980,8 @@ void Builtins::Generate_WasmSuspend(MacroAssembler* masm) {
      jmpbuf, FieldOperand(continuation, WasmContinuationObject::kJmpbufOffset),
      kWasmContinuationJmpbufTag, r8);
  FillJumpBuffer(masm, jmpbuf, &resume);
+  SwitchStackState(masm, jmpbuf, wasm::JumpBuffer::Active,
+                   wasm::JumpBuffer::Inactive);
  __ StoreTaggedSignedField(
      FieldOperand(suspender, WasmSuspenderObject::kStateOffset),
      Smi::FromInt(WasmSuspenderObject::kSuspended));
@@ -4118,6 +4118,8 @@ void Generate_WasmResumeHelper(MacroAssembler* masm, wasm::OnResume on_resume) {
      FieldOperand(active_continuation, WasmContinuationObject::kJmpbufOffset),
      kWasmContinuationJmpbufTag, rdx);
  FillJumpBuffer(masm, current_jmpbuf, &suspend);
+  SwitchStackState(masm, current_jmpbuf, wasm::JumpBuffer::Active,
+                   wasm::JumpBuffer::Inactive);
  current_jmpbuf = no_reg;

  // -------------------------------------------

--- a/src/runtime/runtime-wasm.cc
+++ b/src/runtime/runtime-wasm.cc
@@ -835,6 +835,11 @@ RUNTIME_FUNCTION(Runtime_WasmAllocateSuspender) {
  active_suspender_slot.store(*suspender);

  SyncStackLimit(isolate);
+  wasm::JumpBuffer* jmpbuf = reinterpret_cast<wasm::JumpBuffer*>(
+      parent->ReadExternalPointerField<kWasmContinuationJmpbufTag>(
+          WasmContinuationObject::kJmpbufOffset, isolate));
+  DCHECK_EQ(jmpbuf->state, wasm::JumpBuffer::Active);
+  jmpbuf->state = wasm::JumpBuffer::Inactive;
  return *suspender;
 }