[wasm] Fix inlining ReturnCall'd WKI inside catch [v8/v8 : main]

0 views
Skip to first unread message

Daniel Lehmann (Gerrit)

unread,
10:08 AM (11 hours ago) 10:08 AM
to Jakob Kummerow, Ayako Iwasaki, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, v8-re...@googlegroups.com, was...@google.com
Attention needed from Jakob Kummerow

Daniel Lehmann voted and added 1 comment

Votes added by Daniel Lehmann

Commit-Queue+1

1 comment

Patchset-level comments
File-level comment, Patchset 1:
Daniel Lehmann . resolved

I think this is a bit more comprehensive/fundamental fix than not inlining into local catch blocks (https://crrev.com/c/8028980), but naturally also more risky. @Jakob could you please take a look?

Open in Gerrit

Related details

Attention is currently required from:
  • Jakob Kummerow
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I2b7c6e4a43c68c8752724be3b615b2dfc3bd17d1
Gerrit-Change-Number: 8025515
Gerrit-PatchSet: 2
Gerrit-Owner: Daniel Lehmann <dleh...@chromium.org>
Gerrit-Reviewer: Daniel Lehmann <dleh...@chromium.org>
Gerrit-Reviewer: Jakob Kummerow <jkum...@chromium.org>
Gerrit-CC: Ayako Iwasaki <a.iwas...@gmail.com>
Gerrit-Attention: Jakob Kummerow <jkum...@chromium.org>
Gerrit-Comment-Date: Wed, 01 Jul 2026 14:07:57 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Jakob Kummerow (Gerrit)

unread,
11:16 AM (10 hours ago) 11:16 AM
to Daniel Lehmann, Jakob Kummerow, Ayako Iwasaki, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, v8-re...@googlegroups.com, was...@google.com
Attention needed from Daniel Lehmann

Jakob Kummerow voted and added 1 comment

Votes added by Jakob Kummerow

Code-Review+1

1 comment

Patchset-level comments
File-level comment, Patchset 2 (Latest):
Jakob Kummerow . resolved

LGTM. Nice tests!

Open in Gerrit

Related details

Attention is currently required from:
  • Daniel Lehmann
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement satisfiedCode-Review
  • requirement satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I2b7c6e4a43c68c8752724be3b615b2dfc3bd17d1
Gerrit-Change-Number: 8025515
Gerrit-PatchSet: 2
Gerrit-Owner: Daniel Lehmann <dleh...@chromium.org>
Gerrit-Reviewer: Daniel Lehmann <dleh...@chromium.org>
Gerrit-Reviewer: Jakob Kummerow <jkum...@chromium.org>
Gerrit-CC: Ayako Iwasaki <a.iwas...@gmail.com>
Gerrit-Attention: Daniel Lehmann <dleh...@chromium.org>
Gerrit-Comment-Date: Wed, 01 Jul 2026 15:16:17 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
satisfied_requirement
open
diffy

Daniel Lehmann (Gerrit)

unread,
12:36 PM (9 hours ago) 12:36 PM
to Jakob Kummerow, Ayako Iwasaki, v8-s...@luci-project-accounts.iam.gserviceaccount.com, android-bu...@system.gserviceaccount.com, v8-re...@googlegroups.com, was...@google.com

Daniel Lehmann voted Commit-Queue+2

Commit-Queue+2
Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
  • requirement satisfiedCode-Owners
  • requirement satisfiedCode-Review
  • requirement satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I2b7c6e4a43c68c8752724be3b615b2dfc3bd17d1
Gerrit-Change-Number: 8025515
Gerrit-PatchSet: 2
Gerrit-Owner: Daniel Lehmann <dleh...@chromium.org>
Gerrit-Reviewer: Daniel Lehmann <dleh...@chromium.org>
Gerrit-Reviewer: Jakob Kummerow <jkum...@chromium.org>
Gerrit-CC: Ayako Iwasaki <a.iwas...@gmail.com>
Gerrit-Comment-Date: Wed, 01 Jul 2026 16:36:07 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
satisfied_requirement
open
diffy

v8-scoped@luci-project-accounts.iam.gserviceaccount.com (Gerrit)

unread,
12:38 PM (9 hours ago) 12:38 PM
to Daniel Lehmann, Jakob Kummerow, Ayako Iwasaki, android-bu...@system.gserviceaccount.com, v8-re...@googlegroups.com, was...@google.com

v8-s...@luci-project-accounts.iam.gserviceaccount.com submitted the change

Change information

Commit message:
[wasm] Fix inlining ReturnCall'd WKI inside catch

During WKI inlining for a ReturnCall (tail call), the inlining helpers
generated throwing operations (e.g., null or type checks) with
CheckForException::kCatchInThisFrame hardcoded.

Since ReturnCall does not mark the surrounding try block as might_throw,
the Wasm decoder skips binding the local catch block, leaving it unbound
and without a terminator. The incorrect kCatchInThisFrame setting caused
the Turboshaft assembler to connect exception edges to this unbound
catch block, making it reachable. The compiler then crashed during
WasmLoweringPhase when the GraphVisitor visited the incomplete block.

This CL fixes the issue by propagating CheckForException explicitly
through the WKI and DataView inlining helpers, ensuring that tail-called
operations do not link to the local catch block.

TAG=agy
CONV=8c31f782-921d-42d9-b136-cecaf95da79b
Bug: 529842414
Change-Id: I2b7c6e4a43c68c8752724be3b615b2dfc3bd17d1
Reviewed-by: Jakob Kummerow <jkum...@chromium.org>
Commit-Queue: Daniel Lehmann <dleh...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#108377}
Files:
  • M src/wasm/turboshaft-graph-interface.cc
  • A test/mjsunit/wasm/regress-529842414.js
Change size: L
Delta: 2 files changed, 202 insertions(+), 82 deletions(-)
Branch: refs/heads/main
Submit Requirements:
  • requirement satisfiedCode-Review: +1 by Jakob Kummerow
Open in Gerrit
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: merged
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I2b7c6e4a43c68c8752724be3b615b2dfc3bd17d1
Gerrit-Change-Number: 8025515
Gerrit-PatchSet: 3
Gerrit-Owner: Daniel Lehmann <dleh...@chromium.org>
Gerrit-Reviewer: Daniel Lehmann <dleh...@chromium.org>
Gerrit-Reviewer: Jakob Kummerow <jkum...@chromium.org>
open
diffy
satisfied_requirement
Reply all
Reply to author
Forward
0 new messages