[wasm] Register trap handler data for lazily compiled functions

Bug: chromium:834693, chromium:834955
Change-Id: I243521f45c2b7e2457a37d34ab3629670d8fa39b
Reviewed-on: https://chromium-review.googlesource.com/1020361
Commit-Queue: Eric Holk <eholk@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52744}

src/runtime/runtime-wasm.cc

@@ -301,6 +301,8 @@ RUNTIME_FUNCTION_RETURN_PAIR(Runtime_WasmCompileLazy) {
   HandleScope scope(isolate);
   Handle<WasmInstanceObject> instance(*instance_on_stack, isolate);
 
+  ClearThreadInWasmScope wasm_flag(true);
+
   Address entrypoint = wasm::CompileLazy(isolate, instance);
   return MakePair(reinterpret_cast<Object*>(entrypoint), *instance);
 }

src/wasm/module-compiler.cc

@@ -518,6 +518,10 @@ const wasm::WasmCode* LazyCompileFunction(
   counters->wasm_lazy_compilation_throughput()->AddSample(
       compilation_time != 0 ? static_cast<int>(func_size / compilation_time)
                             : 0);
+
+  if (trap_handler::IsTrapHandlerEnabled()) {
+    wasm_code->RegisterTrapHandlerData();
+  }
   return wasm_code;
 }
 

src/wasm/wasm-code-manager.cc

@@ -184,6 +184,22 @@ void WasmCode::set_trap_handler_index(size_t value) {
   trap_handler_index_ = value;
 }
 
+void WasmCode::RegisterTrapHandlerData() {
+  if (kind() != wasm::WasmCode::kFunction) return;
+  if (HasTrapHandlerIndex()) return;
+
+  Address base = instruction_start();
+
+  size_t size = instructions().size();
+  const int index =
+      RegisterHandlerData(base, size, protected_instructions().size(),
+                          protected_instructions().data());
+
+  // TODO(eholk): if index is negative, fail.
+  CHECK_LE(0, index);
+  set_trap_handler_index(static_cast<size_t>(index));
+}
+
 bool WasmCode::HasTrapHandlerIndex() const { return trap_handler_index_ >= 0; }
 
 void WasmCode::ResetTrapHandlerIndex() { trap_handler_index_ = -1; }
@@ -884,21 +900,8 @@ WasmCode* NativeModule::CloneCode(const WasmCode* original_code,
 void NativeModule::UnpackAndRegisterProtectedInstructions() {
   for (uint32_t i = num_imported_functions(), e = FunctionCount(); i < e; ++i) {
     WasmCode* code = GetCode(i);
-
     if (code == nullptr) continue;
-    if (code->kind() != wasm::WasmCode::kFunction) continue;
-    if (code->HasTrapHandlerIndex()) continue;
-
-    Address base = code->instruction_start();
-
-    size_t size = code->instructions().size();
-    const int index =
-        RegisterHandlerData(base, size, code->protected_instructions().size(),
-                            code->protected_instructions().data());
-
-    // TODO(eholk): if index is negative, fail.
-    CHECK_LE(0, index);
-    code->set_trap_handler_index(static_cast<size_t>(index));
+    code->RegisterTrapHandlerData();
   }
 }
 

src/wasm/wasm-code-manager.h

@@ -127,6 +127,10 @@ class V8_EXPORT_PRIVATE WasmCode final {
     return *protected_instructions_.get();
   }
 
+  // Register protected instruction information with the trap handler. Sets
+  // trap_handler_index.
+  void RegisterTrapHandlerData();
+
   void Print(Isolate* isolate) const;
   void Disassemble(const char* name, Isolate* isolate, std::ostream& os,
                    Address current_pc = kNullAddress) const;

test/mjsunit/regress/wasm/regress-834693.js

+// Copyright 2018 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// flags: --wasm-lazy-compilation
+
+load("test/mjsunit/wasm/wasm-constants.js");
+load("test/mjsunit/wasm/wasm-module-builder.js");
+
+var module = new WasmModuleBuilder();
+module.addMemory();
+module.addFunction("main", kSig_v_v)
+  .addBody([
+    kExprI32Const, 20,
+    kExprI32Const, 29,
+    kExprGrowMemory, kMemoryZero,
+    kExprI32StoreMem, 0, 0xFF, 0xFF, 0x7A])
+  .exportAs("main");
+var instance = module.instantiate();
+assertTraps(kTrapMemOutOfBounds, instance.exports.main);