src: do not enable wasm trap handler if there's not enough vmem

Author: joyeecheung

src/debug_utils.h

@@ -44,6 +44,7 @@ void NODE_EXTERN_PRIVATE FWrite(FILE* file, const std::string& str);
 // from a provider type to a debug category.
 #define DEBUG_CATEGORY_NAMES(V)                                                \
   NODE_ASYNC_PROVIDER_TYPES(V)                                                 \
+  V(BOOTSTRAP)                                                                 \
   V(CRYPTO)                                                                    \
   V(COMPILE_CACHE)                                                             \
   V(DIAGNOSTICS)                                                               \

src/node.cc

@@ -1046,6 +1046,45 @@ static ExitCode InitializeNodeWithArgsInternal(
   return ExitCode::kNoFailure;
 }
 
+#if NODE_USE_V8_WASM_TRAP_HANDLER
+bool CanEnableWebAssemblyTrapHandler() {
+// On POSIX, the machine may have a limit on the amount of virtual memory
+// available, if it's not enough to allocate at least one cage for WASM,
+// then the trap-handler-based bound checks cannot be used.
+#ifdef __POSIX__
+  struct rlimit lim;
+  if (getrlimit(RLIMIT_AS, &lim) != 0 || lim.rlim_cur == RLIM_INFINITY) {
+    // Can't get the limit or there's no limit, assume trap handler can be
+    // enabled.
+    return true;
+  }
+  uint64_t virtual_memory_available = static_cast<uint64_t>(lim.rlim_cur);
+
+  size_t byte_capacity = 64 * 1024;  // 64KB, the minimum size of a WASM memory.
+  uint64_t cage_size_needed_32 = V8::GetWasmMemoryReservationSizeInBytes(
+      V8::WasmMemoryType::kMemory32, byte_capacity);
+  uint64_t cage_size_needed_64 = V8::GetWasmMemoryReservationSizeInBytes(
+      V8::WasmMemoryType::kMemory64, byte_capacity);
+  uint64_t cage_size_needed =
+      std::max(cage_size_needed_32, cage_size_needed_64);
+  bool can_enable = virtual_memory_available >= cage_size_needed;
+  per_process::Debug(DebugCategory::BOOTSTRAP,
+                     "Virtual memory available: %" PRIu64 " bytes,\n"
+                     "cage size needed for 32-bit: %" PRIu64 " bytes,\n"
+                     "cage size needed for 64-bit: %" PRIu64 " bytes,\n"
+                     "Can%senable WASM trap handler\n",
+                     virtual_memory_available,
+                     cage_size_needed_32,
+                     cage_size_needed_64,
+                     can_enable ? " " : " not ");
+
+  return can_enable;
+#else
+  return false;
+#endif  // __POSIX__
+}
+#endif  // NODE_USE_V8_WASM_TRAP_HANDLER
+
 static std::shared_ptr<InitializationResultImpl>
 InitializeOncePerProcessInternal(const std::vector<std::string>& args,
                                  ProcessInitializationFlags::Flags flags =
@@ -1248,7 +1287,9 @@ InitializeOncePerProcessInternal(const std::vector<std::string>& args,
   bool use_wasm_trap_handler =
       !per_process::cli_options->disable_wasm_trap_handler;
   if (!(flags & ProcessInitializationFlags::kNoDefaultSignalHandling) &&
-      use_wasm_trap_handler) {
+      use_wasm_trap_handler && CanEnableWebAssemblyTrapHandler()) {
+    per_process::Debug(DebugCategory::BOOTSTRAP,
+                       "Enabling WebAssembly trap handler for bounds checks\n");
 #if defined(_WIN32)
     constexpr ULONG first = TRUE;
     per_process::old_vectored_exception_handler =

test/testpy/__init__.py

@@ -36,6 +36,7 @@
 LS_RE = re.compile(r'^test-.*\.m?js$')
 ENV_PATTERN = re.compile(r"//\s+Env:(.*)")
 NODE_TEST_PATTERN = re.compile(r"('|`|\")node:test\1")
+RLIMIT_AS_PATTERN = re.compile(r"//\s+RLIMIT_AS:\s*(\d+)")
 
 class SimpleTestCase(test.TestCase):
 
@@ -99,6 +100,10 @@ def GetRunConfiguration(self):
       else:
         result += flags
 
+    rlimit_as_match = RLIMIT_AS_PATTERN.search(source)
+    if rlimit_as_match:
+      self.max_virtual_memory = int(rlimit_as_match.group(1))
+
     if self.context.use_error_reporter and NODE_TEST_PATTERN.search(source):
       result += ['--test-reporter=./test/common/test-error-reporter.js',
                  '--test-reporter-destination=stdout']
@@ -189,15 +194,3 @@ def ListTests(self, current_path, path, arch, mode):
     for tst in result:
       tst.disable_core_files = True
     return result
-
-class WasmAllocationTestConfiguration(SimpleTestConfiguration):
-  def __init__(self, context, root, section, additional=None):
-    super(WasmAllocationTestConfiguration, self).__init__(context, root, section,
-                                                          additional)
-
-  def ListTests(self, current_path, path, arch, mode):
-    result = super(WasmAllocationTestConfiguration, self).ListTests(
-         current_path, path, arch, mode)
-    for tst in result:
-      tst.max_virtual_memory = 5 * 1024 * 1024 * 1024 # 5GB
-    return result

test/wasm-allocation/test-wasm-allocation-auto-adapt.js

@@ -0,0 +1,12 @@
+// RLIMIT_AS: 3221225472
+// When the virtual memory limit is 3GB, there is not enough virtual memory for
+// even one wasm cage. In this case Node.js should automatically adapt and
+// skip enabling trap-based bounds checks, so that WASM can at least run with
+// inline bound checks.
+'use strict';
+
+require('../common');
+new WebAssembly.Memory({ initial: 10, maximum: 100 });
+
+// Test memory64 works too.
+new WebAssembly.Memory({ address: 'i64', initial: 10n, maximum: 100n });

test/wasm-allocation/test-wasm-allocation-disable-trap-handler.js

@@ -0,0 +1,20 @@
+// Flags: --disable-wasm-trap-handler
+// RLIMIT_AS: 34359738368
+
+// 32GB should be enough for at least 2 cages, but not enough for 30.
+
+// Test that with limited virtual memory space, --disable-wasm-trap-handler
+// fully disables trap-based bounds checks, and thus allows WASM to run with
+// inline bound checks.
+'use strict';
+
+require('../common');
+const instances = [];
+for (let i = 0; i < 30; i++) {
+  instances.push(new WebAssembly.Memory({ initial: 10, maximum: 100 }));
+}
+
+// Test memory64 works too.
+for (let i = 0; i < 30; i++) {
+  instances.push(new WebAssembly.Memory({ initial: 10n, maximum: 100n, address: 'i64' }));
+}

test/wasm-allocation/test-wasm-allocation-memory64.js

@@ -0,0 +1,22 @@
+// RLIMIT_AS: 21474836480
+// With 20GB virtual memory, there's enough space for the first few wasm memory64
+// allocation to succeed, but not enough for many subsequent ones since each
+// wasm memory32 with guard regions reserves 8GB of virtual address space.
+'use strict';
+
+require('../common');
+const assert = require('assert');
+
+// The first allocation should succeed.
+const first = new WebAssembly.Memory({ address: 'i64', initial: 10n, maximum: 100n });
+assert.ok(first);
+
+// Subsequent allocations should eventually fail due to running out of
+// virtual address space. memory64 reserves 16GB per allocation (vs 8GB for
+// memory32), so the limit is reached even faster.
+assert.throws(() => {
+  const instances = [first];
+  for (let i = 1; i < 30; i++) {
+    instances.push(new WebAssembly.Memory({ address: 'i64', initial: 10n, maximum: 100n }));
+  }
+}, /WebAssembly\.Memory/);

test/wasm-allocation/test-wasm-allocation.js

@@ -1,7 +1,21 @@
-// Flags: --disable-wasm-trap-handler
-// Test that with limited virtual memory space, --disable-wasm-trap-handler
-// allows WASM to at least run with inline bound checks.
+// RLIMIT_AS: 21474836480
+// With 20GB virtual memory, there's enough space for the first few wasm memory
+// allocation to succeed, but not enough for many subsequent ones since each
+// wasm memory32 with guard regions reserves 8GB of virtual address space.
 'use strict';
 
 require('../common');
-new WebAssembly.Memory({ initial: 10, maximum: 100 });
+const assert = require('assert');
+
+// The first allocation should succeed.
+const first = new WebAssembly.Memory({ initial: 10, maximum: 100 });
+assert.ok(first);
+
+// Subsequent allocations should eventually fail due to running out of
+// virtual address space.
+assert.throws(() => {
+  const instances = [first];
+  for (let i = 1; i < 30; i++) {
+    instances.push(new WebAssembly.Memory({ initial: 10, maximum: 100 }));
+  }
+}, /WebAssembly\.Memory/);

test/wasm-allocation/testcfg.py

@@ -3,4 +3,4 @@
 import testpy
 
 def GetConfiguration(context, root):
-  return testpy.WasmAllocationTestConfiguration(context, root, 'wasm-allocation')
+  return testpy.SimpleTestConfiguration(context, root, 'wasm-allocation')

test/wasm-allocation/wasm-allocation.status

@@ -8,3 +8,6 @@ prefix wasm-allocation
 
 [$system!=linux || $asan==on || $pointer_compression==on]
 test-wasm-allocation: SKIP
+test-wasm-allocation-auto-adapt: SKIP
+test-wasm-allocation-memory64: SKIP
+test-wasm-allocation-memory64-auto-adapt: SKIP