Bug 1482932 - Baldr: replace unaligned access trap with out of bounds trap (r=lth)

2018-08-20 11:42:46 -05:00 · 2018-08-20 11:42:46 -05:00 · 97ebf6c0a7
--- a/js/src/wasm/WasmBuiltins.cpp
+++ b/js/src/wasm/WasmBuiltins.cpp
@ -288,13 +288,6 @@ WasmHandleTrap()
    MOZ_CRASH("unexpected trap");
 }

-static void
-WasmReportUnalignedAccess()
-{
-    JSContext* cx = TlsContext.get();
-    JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_UNALIGNED_ACCESS);
-}
-
 static void
 WasmReportInt64JSCall()
 {
@ -510,9 +503,6 @@ AddressOf(SymbolicAddress imm, ABIFunctionType* abiType)
      case SymbolicAddress::HandleTrap:
        *abiType = Args_General0;
        return FuncCast(WasmHandleTrap, *abiType);
-      case SymbolicAddress::ReportUnalignedAccess:
-        *abiType = Args_General0;
-        return FuncCast(WasmReportUnalignedAccess, *abiType);
      case SymbolicAddress::ReportInt64JSCall:
        *abiType = Args_General0;
        return FuncCast(WasmReportInt64JSCall, *abiType);
@ -690,7 +680,6 @@ wasm::NeedsBuiltinThunk(SymbolicAddress sym)
      case SymbolicAddress::HandleDebugTrap:          // GenerateDebugTrapStub
      case SymbolicAddress::HandleThrow:              // GenerateThrowStub
      case SymbolicAddress::HandleTrap:               // GenerateTrapExit
-      case SymbolicAddress::ReportUnalignedAccess:    // GenerateUnalignedExit
      case SymbolicAddress::CallImport_Void:          // GenerateImportInterpExit
      case SymbolicAddress::CallImport_I32:
      case SymbolicAddress::CallImport_I64:
--- a/js/src/wasm/WasmCode.cpp
+++ b/js/src/wasm/WasmCode.cpp
@ -278,7 +278,6 @@ ModuleSegment::ModuleSegment(Tier tier,
                             const LinkDataTier& linkData)
  : CodeSegment(std::move(codeBytes), codeLength, CodeSegment::Kind::Module),
    tier_(tier),
-    unalignedAccessCode_(base() + linkData.unalignedAccessOffset),
    trapCode_(base() + linkData.trapOffset)
 {
 }
--- a/js/src/wasm/WasmCode.h
+++ b/js/src/wasm/WasmCode.h
@ -139,7 +139,6 @@ typedef UniquePtr<ModuleSegment> UniqueModuleSegment;
 class ModuleSegment : public CodeSegment
 {
    const Tier      tier_;
-    uint8_t* const  unalignedAccessCode_;
    uint8_t* const  trapCode_;

  public:
@ -165,7 +164,6 @@ class ModuleSegment : public CodeSegment

    // Pointers to stubs to which PC is redirected from the signal-handler.

-    uint8_t* unalignedAccessCode() const { return unalignedAccessCode_; }
    uint8_t* trapCode() const { return trapCode_; }

    // Structured clone support:
--- a/js/src/wasm/WasmFrameIter.cpp
+++ b/js/src/wasm/WasmFrameIter.cpp
@ -800,7 +800,6 @@ ProfilingFrameIterator::initFromExitFP(const Frame* fp)
      case CodeRange::BuiltinThunk:
      case CodeRange::TrapExit:
      case CodeRange::DebugTrap:
-      case CodeRange::UnalignedExit:
      case CodeRange::Throw:
      case CodeRange::FarJumpIsland:
        MOZ_CRASH("Unexpected CodeRange kind");
@ -988,7 +987,6 @@ js::wasm::StartUnwinding(const RegisterState& registers, UnwindState* unwindStat
        }
        break;
      case CodeRange::TrapExit:
-      case CodeRange::UnalignedExit:
        // These code stubs execute after the prologue/epilogue have completed
        // so pc/fp contains the right values here.
        fixedPC = pc;
@ -1139,7 +1137,6 @@ ProfilingFrameIterator::operator++()
      case CodeRange::BuiltinThunk:
      case CodeRange::TrapExit:
      case CodeRange::DebugTrap:
-      case CodeRange::UnalignedExit:
      case CodeRange::FarJumpIsland:
        stackAddress_ = callerFP_;
        callerPC_ = callerFP_->returnAddress;
@ -1165,7 +1162,6 @@ ThunkedNativeToDescription(SymbolicAddress func)
      case SymbolicAddress::HandleDebugTrap:
      case SymbolicAddress::HandleThrow:
      case SymbolicAddress::HandleTrap:
-      case SymbolicAddress::ReportUnalignedAccess:
      case SymbolicAddress::CallImport_Void:
      case SymbolicAddress::CallImport_I32:
      case SymbolicAddress::CallImport_I64:
@ -1320,7 +1316,6 @@ ProfilingFrameIterator::label() const
      case CodeRange::ImportInterpExit:  return importInterpDescription;
      case CodeRange::TrapExit:          return trapDescription;
      case CodeRange::DebugTrap:         return debugTrapDescription;
-      case CodeRange::UnalignedExit:     return "unaligned trap stub (in wasm)";
      case CodeRange::FarJumpIsland:     return "interstitial (in wasm)";
      case CodeRange::Throw:             MOZ_CRASH("does not have a frame");
    }
--- a/js/src/wasm/WasmGenerator.cpp
+++ b/js/src/wasm/WasmGenerator.cpp
@ -513,10 +513,6 @@ ModuleGenerator::noteCodeRange(uint32_t codeRangeIndex, const CodeRange& codeRan
        MOZ_ASSERT(!debugTrapCodeOffset_);
        debugTrapCodeOffset_ = codeRange.begin();
        break;
-      case CodeRange::UnalignedExit:
-        MOZ_ASSERT(!linkDataTier_->unalignedAccessOffset);
-        linkDataTier_->unalignedAccessOffset = codeRange.begin();
-        break;
      case CodeRange::TrapExit:
        MOZ_ASSERT(!linkDataTier_->trapOffset);
        linkDataTier_->trapOffset = codeRange.begin();
--- a/js/src/wasm/WasmModule.h
+++ b/js/src/wasm/WasmModule.h
@ -43,7 +43,6 @@ struct CompileArgs;

 struct LinkDataTierCacheablePod
 {
-    uint32_t unalignedAccessOffset = 0;
    uint32_t trapOffset = 0;

    LinkDataTierCacheablePod() = default;
--- a/js/src/wasm/WasmSignalHandlers.cpp
+++ b/js/src/wasm/WasmSignalHandlers.cpp
@ -1315,18 +1315,6 @@ HandleFault(int signum, siginfo_t* info, void* ctx)
            return false;
    }

-#ifdef JS_CODEGEN_ARM
-    if (signum == SIGBUS) {
-        // TODO: We may see a bus error for something that is an unaligned access that
-        // partly overlaps the end of the heap.  In this case, it is an out-of-bounds
-        // error and we should signal that properly, but to do so we must inspect
-        // the operand of the failed access.
-        activation->startWasmTrap(wasm::Trap::UnalignedAccess, 0, ToRegisterState(context));
-        *ppc = moduleSegment->unalignedAccessCode();
-        return true;
-    }
-#endif
-
    return HandleOutOfBounds(context, pc, faultingAddress, moduleSegment, *instance, activation, ppc);
 }

--- a/js/src/wasm/WasmStubs.cpp
+++ b/js/src/wasm/WasmStubs.cpp
@ -1598,42 +1598,6 @@ GenerateTrapExit(MacroAssembler& masm, Label* throwLabel, Offsets* offsets)
    return FinishOffsets(masm, offsets);
 }

-// Generate a stub which is only used by the signal handlers to handle out of
-// bounds access by Atomics and unaligned accesses on ARM. This stub is
-// executed by direct PC transfer from the faulting memory access and thus the
-// stack depth is unknown. Since JitActivation::packedExitFP() is not set
-// before calling the error reporter, the current wasm activation will be lost.
-// This stub should be removed when Atomics are moved to wasm and given proper
-// traps and when we use a non-faulting strategy for unaligned ARM access.
-static bool
-GenerateGenericMemoryAccessTrap(MacroAssembler& masm, SymbolicAddress reporter, Label* throwLabel,
-                                Offsets* offsets)
-{
-    AssertExpectedSP(masm);
-    masm.haltingAlign(CodeAlignment);
-
-    offsets->begin = masm.currentOffset();
-
-    // sp can be anything at this point, so ensure it is aligned when calling
-    // into C++.  We unconditionally jump to throw so don't worry about
-    // restoring sp.
-    masm.andToStackPtr(Imm32(~(ABIStackAlignment - 1)));
-    if (ShadowStackSpace)
-        masm.subFromStackPtr(Imm32(ShadowStackSpace));
-
-    masm.call(reporter);
-    masm.jump(throwLabel);
-
-    return FinishOffsets(masm, offsets);
-}
-
-static bool
-GenerateUnalignedExit(MacroAssembler& masm, Label* throwLabel, Offsets* offsets)
-{
-    return GenerateGenericMemoryAccessTrap(masm, SymbolicAddress::ReportUnalignedAccess, throwLabel,
-                                           offsets);
-}
-
 // Generate a stub that restores the stack pointer to what it was on entry to
 // the wasm activation, sets the return register to 'false' and then executes a
 // return which will return from this wasm activation to the caller. This stub
@ -1805,11 +1769,6 @@ wasm::GenerateStubs(const ModuleEnvironment& env, const FuncImportVector& import

    Offsets offsets;

-    if (!GenerateUnalignedExit(masm, &throwLabel, &offsets))
-        return false;
-    if (!code->codeRanges.emplaceBack(CodeRange::UnalignedExit, offsets))
-        return false;
-
    if (!GenerateTrapExit(masm, &throwLabel, &offsets))
        return false;
    if (!code->codeRanges.emplaceBack(CodeRange::TrapExit, offsets))
--- a/js/src/wasm/WasmTypes.cpp
+++ b/js/src/wasm/WasmTypes.cpp
@ -864,7 +864,6 @@ CodeRange::CodeRange(Kind kind, Offsets offsets)
 #ifdef DEBUG
    switch (kind_) {
      case FarJumpIsland:
-      case UnalignedExit:
      case TrapExit:
      case Throw:
        break;
--- a/js/src/wasm/WasmTypes.h
+++ b/js/src/wasm/WasmTypes.h
@ -1447,8 +1447,6 @@ class CodeRange
        TrapExit,          // calls C++ to report and jumps to throw stub
        DebugTrap,         // calls C++ to handle debug event
        FarJumpIsland,     // inserted to connect otherwise out-of-range insns
-        UnalignedExit,     // stub jumped to by wasm Atomics and non-standard
-                           // ARM unaligned trap
        Throw              // special stack-unwinding stub jumped to by other stubs
    };

@ -1761,7 +1759,6 @@ enum class SymbolicAddress
    HandleDebugTrap,
    HandleThrow,
    HandleTrap,
-    ReportUnalignedAccess,
    ReportInt64JSCall,
    CallImport_Void,
    CallImport_I32,