[JSC] JSWebAssemblyGlobal creation should have exception check
authorysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 Dec 2019 21:50:59 +0000 (21:50 +0000)
committerysuzuki@apple.com <ysuzuki@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 4 Dec 2019 21:50:59 +0000 (21:50 +0000)
commit8e625a4f3a32ee9a302a8062915a036e55e33603
tree87f01333fca7847e1106a46ca68c956341d5c50c
parent194dab16e910ee782829afe8c3503cd6dee085a7
[JSC] JSWebAssemblyGlobal creation should have exception check
https://bugs.webkit.org/show_bug.cgi?id=204857
<rdar://problem/57618579>

Reviewed by Mark Lam.

JSTests:

* wasm/regress/wasm-global-creation-can-throw-an-exception.js: Added.

Source/JavaScriptCore:

Each WebAssembly cells have a path throwing an exception if WebAssembly is disabled. We lack exception checking after calling JSWebAssemblyGlobal::create
in WebAssemblyModuleRecord linking phase. While exception is never thrown in this place since this happens only when WebAssembly is enabled, we should put
`scope.assertNoException()` to satisfy exception verifier requirement. We also rename factory function of Wasm cells from "create" to "tryCreate" since it
can fail potentially.

* wasm/js/JSWebAssembly.cpp:
(JSC::instantiate):
* wasm/js/JSWebAssemblyGlobal.cpp:
(JSC::JSWebAssemblyGlobal::tryCreate):
(JSC::JSWebAssemblyGlobal::create): Deleted.
* wasm/js/JSWebAssemblyGlobal.h:
* wasm/js/JSWebAssemblyInstance.cpp:
(JSC::JSWebAssemblyInstance::tryCreate):
(JSC::JSWebAssemblyInstance::create): Deleted.
* wasm/js/JSWebAssemblyInstance.h:
* wasm/js/JSWebAssemblyMemory.cpp:
(JSC::JSWebAssemblyMemory::tryCreate):
(JSC::JSWebAssemblyMemory::create): Deleted.
* wasm/js/JSWebAssemblyMemory.h:
* wasm/js/JSWebAssemblyTable.cpp:
(JSC::JSWebAssemblyTable::tryCreate):
(JSC::JSWebAssemblyTable::create): Deleted.
* wasm/js/JSWebAssemblyTable.h:
* wasm/js/WebAssemblyGlobalConstructor.cpp:
(JSC::constructJSWebAssemblyGlobal):
* wasm/js/WebAssemblyInstanceConstructor.cpp:
(JSC::constructJSWebAssemblyInstance):
* wasm/js/WebAssemblyMemoryConstructor.cpp:
(JSC::constructJSWebAssemblyMemory):
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::link):
* wasm/js/WebAssemblyTableConstructor.cpp:
(JSC::constructJSWebAssemblyTable):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@253121 268f45cc-cd09-0410-ab3c-d52691b4dbfc
17 files changed:
JSTests/ChangeLog
JSTests/wasm/regress/wasm-global-creation-can-throw-an-exception.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/wasm/js/JSWebAssembly.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyGlobal.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyGlobal.h
Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyInstance.h
Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyMemory.h
Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp
Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.h
Source/JavaScriptCore/wasm/js/WebAssemblyGlobalConstructor.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyInstanceConstructor.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyMemoryConstructor.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyTableConstructor.cpp