[webkit-changes] [WebKit/WebKit] 1132d9: [JSC] exnref should not be interactible with JS
Yusuke Suzuki
noreply at github.com
Thu Jan 30 02:13:43 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 1132d9f73d39261d4569d3f7234a5c8fd83a4ef2
https://github.com/WebKit/WebKit/commit/1132d9f73d39261d4569d3f7234a5c8fd83a4ef2
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2025-01-30 (Thu, 30 Jan 2025)
Changed paths:
A JSTests/wasm/stress/exnref-js-wasm-bridge.js
M JSTests/wasm/v8/regress/regress-9447.js
M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
M Source/JavaScriptCore/llint/WebAssembly.asm
M Source/JavaScriptCore/wasm/WasmCallingConvention.h
M Source/JavaScriptCore/wasm/WasmExceptionType.h
M Source/JavaScriptCore/wasm/WasmGlobal.cpp
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp
M Source/JavaScriptCore/wasm/WasmTypeDefinition.h
M Source/JavaScriptCore/wasm/js/JSToWasm.cpp
M Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h
M Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp
M Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.h
M Source/JavaScriptCore/wasm/js/WasmToJS.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyExceptionConstructor.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp
M Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp
Log Message:
-----------
[JSC] exnref should not be interactible with JS
https://bugs.webkit.org/show_bug.cgi?id=286732
rdar://143801668
Reviewed by Mark Lam.
We should not have a way to pass JS value as exnref to wasm according to
the spec. This patch adds these type checks based on the spec text[1].
[1]: https://webassembly.github.io/exception-handling/js-api/
* JSTests/wasm/stress/exnref-js-wasm-bridge.js: Added.
(assert.throws):
* JSTests/wasm/v8/regress/regress-9447.js:
* Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* Source/JavaScriptCore/llint/WebAssembly.asm:
* Source/JavaScriptCore/wasm/WasmCallingConvention.h:
(JSC::Wasm::WasmCallingConvention::callInformationFor const):
* Source/JavaScriptCore/wasm/WasmExceptionType.h:
(JSC::Wasm::isTypeErrorExceptionType):
* Source/JavaScriptCore/wasm/WasmGlobal.cpp:
(JSC::Wasm::Global::get const):
(JSC::Wasm::Global::set):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmTypeDefinition.cpp:
(JSC::Wasm::FunctionParameterTypes::translate):
(JSC::Wasm::TypeInformation::TypeInformation):
* Source/JavaScriptCore/wasm/WasmTypeDefinition.h:
(JSC::Wasm::FunctionSignature::argumentsOrResultsIncludeExnref const):
(JSC::Wasm::FunctionSignature::setArgumentsOrResultsIncludeExnref):
* Source/JavaScriptCore/wasm/js/JSToWasm.cpp:
(JSC::Wasm::FunctionSignature::jsToWasmICEntrypoint const):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyHelpers.h:
(JSC::toWebAssemblyValue):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::grow):
(JSC::JSWebAssemblyTable::get):
(JSC::JSWebAssemblyTable::set):
* Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.h:
* Source/JavaScriptCore/wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):
* Source/JavaScriptCore/wasm/js/WebAssemblyExceptionConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::initializeImports):
* Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/wasm/js/WebAssemblyWrapperFunction.cpp:
(JSC::WebAssemblyWrapperFunction::create):
(JSC::JSC_DEFINE_HOST_FUNCTION):
Canonical link: https://commits.webkit.org/289553@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list