[wasm] Atomics wait operators should trap on the main thread

Bug: chromium:1190951 Change-Id: I2c314a143c77a9fee288f7822fea84f900c3059b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2921033Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#74930}

[wasm] Atomics wait operators should trap on the main thread
Bug: chromium:1190951 Change-Id: I2c314a143c77a9fee288f7822fea84f900c3059b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2921033Reviewed-by: Andreas Haas <ahaas@chromium.org> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/master@{#74930}
87afe62b · Deepti Gandluri · V8 LUCI CQ · 022b312d · 87afe62b · 87afe62b
Commit 87afe62b authored Jun 02, 2021 by Deepti Gandluri Committed by V8 LUCI CQ Jun 02, 2021
Showing with 27 additions and 4 deletions

runtime-test.cc src/runtime/runtime-test.cc +6 -0

runtime-wasm.cc src/runtime/runtime-wasm.cc +4 -4

runtime.h src/runtime/runtime.h +1 -0

futex.js test/mjsunit/wasm/futex.js +16 -0

No files found.
--- a/src/runtime/runtime-test.cc
+++ b/src/runtime/runtime-test.cc
@@ -202,6 +202,12 @@ RUNTIME_FUNCTION(Runtime_IsMidTierTurboprop) {
                                    !FLAG_turboprop_as_toptier);
 }

+RUNTIME_FUNCTION(Runtime_IsAtomicsWaitAllowed) {
+  SealHandleScope shs(isolate);
+  DCHECK_EQ(0, args.length());
+  return isolate->heap()->ToBoolean(isolate->allow_atomics_wait());
+}
+
 namespace {

 enum class TierupKind { kTierupBytecode, kTierupBytecodeOrMidTier };

--- a/src/runtime/runtime-wasm.cc
+++ b/src/runtime/runtime-wasm.cc
@@ -341,8 +341,8 @@ RUNTIME_FUNCTION(Runtime_WasmI32AtomicWait) {
  // Should have trapped if address was OOB.
  DCHECK_LT(offset, array_buffer->byte_length());

-  // Trap if memory is not shared.
-  if (!array_buffer->is_shared()) {
+  // Trap if memory is not shared, or wait is not allowed on the isolate
+  if (!array_buffer->is_shared() || !isolate->allow_atomics_wait()) {
    return ThrowWasmError(isolate, MessageTemplate::kAtomicsWaitNotAllowed);
  }
  return FutexEmulation::WaitWasm32(isolate, array_buffer, offset,
@@ -364,8 +364,8 @@ RUNTIME_FUNCTION(Runtime_WasmI64AtomicWait) {
  // Should have trapped if address was OOB.
  DCHECK_LT(offset, array_buffer->byte_length());

-  // Trap if memory is not shared.
-  if (!array_buffer->is_shared()) {
+  // Trap if memory is not shared, or if wait is not allowed on the isolate
+  if (!array_buffer->is_shared() || !isolate->allow_atomics_wait()) {
    return ThrowWasmError(isolate, MessageTemplate::kAtomicsWaitNotAllowed);
  }
  return FutexEmulation::WaitWasm64(isolate, array_buffer, offset,

--- a/src/runtime/runtime.h
+++ b/src/runtime/runtime.h
@@ -483,6 +483,7 @@ namespace internal {
  F(DynamicCheckMapsEnabled, 0, 1)            \
  F(IsTopTierTurboprop, 0, 1)                 \
  F(IsMidTierTurboprop, 0, 1)                 \
+  F(IsAtomicsWaitAllowed, 0, 1)               \
  F(EnableCodeLoggingForTesting, 0, 1)        \
  F(EnsureFeedbackVectorForFunction, 1, 1)    \
  F(GetCallable, 0, 1)                        \

--- a/test/mjsunit/wasm/futex.js
+++ b/test/mjsunit/wasm/futex.js
@@ -79,6 +79,7 @@ function WasmI64AtomicWait(memory, offset, index, val_low,
 }

 (function TestInvalidIndex() {
+  if (!%IsAtomicsWaitAllowed()) return;
  let memory = new WebAssembly.Memory({initial: 1, maximum: 1, shared: true});

  // Valid indexes are 0-65535 (1 page).
@@ -114,6 +115,7 @@ function WasmI64AtomicWait(memory, offset, index, val_low,
 })();

 (function TestInvalidAlignment() {
+  if (!%IsAtomicsWaitAllowed()) return;
  let memory = new WebAssembly.Memory({initial: 1, maximum: 1, shared: true});

  // Wait and wake must be 4 byte aligned.
@@ -150,6 +152,7 @@ function WasmI64AtomicWait(memory, offset, index, val_low,
 })();

 (function TestI32WaitTimeout() {
+  if (!%IsAtomicsWaitAllowed()) return;
  let memory = new WebAssembly.Memory({initial: 1, maximum: 1, shared: true});
  var waitMs = 100;
  var startTime = new Date();
@@ -159,6 +162,7 @@ function WasmI64AtomicWait(memory, offset, index, val_low,
 })();

 (function TestI64WaitTimeout() {
+  if (!%IsAtomicsWaitAllowed()) return;
  let memory = new WebAssembly.Memory({initial: 1, maximum: 1, shared: true});
  var waitMs = 100;
  var startTime = new Date();
@@ -168,6 +172,7 @@ function WasmI64AtomicWait(memory, offset, index, val_low,
 })();

 (function TestI32WaitNotEqual() {
+  if (!%IsAtomicsWaitAllowed()) return;
  let memory = new WebAssembly.Memory({initial: 1, maximum: 1, shared: true});
  assertEquals(1, WasmI32AtomicWait(memory, 0, 0, 42, -1));

@@ -180,6 +185,7 @@ function WasmI64AtomicWait(memory, offset, index, val_low,
 })();

 (function TestI64WaitNotEqual() {
+  if (!%IsAtomicsWaitAllowed()) return;
  let memory = new WebAssembly.Memory({initial: 1, maximum: 1, shared: true});
  assertEquals(1, WasmI64AtomicWait(memory, 0, 0, 42, 0, -1));

@@ -342,3 +348,13 @@ if (this.Worker) {
    workers[id].terminate();
  }
 }
+
+(function TestWaitTrapsOnDisallowedIsolate() {
+  let memory = new WebAssembly.Memory({initial: 1, maximum: 1, shared: true});
+  var waitMs = 100;
+  %SetAllowAtomicsWait(false)
+  assertThrows(function() {
+    WasmI32AtomicWait(memory, 0, 0, 0, waitMs*1000000)}, WebAssembly.RuntimeError);
+  assertThrows(function() {
+    WasmI64AtomicWait(memory, 0, 0, 0, waitMs*1000000)}, WebAssembly.RuntimeError);
+})();