koffi 2.15.2 → 2.15.3

package/src/koffi/src/abi_x64_win_asm.S

@@ -13,6 +13,8 @@
 .global ForwardCallXF
 .global ForwardCallXD
 
+.global SehHandler
+
 # Copy function pointer to RAX, in order to save it through argument forwarding.
 # Also make a copy of the SP to CallData::old_sp because the callback system might need it.
 # Save RSP in RBX (non-volatile), and use carefully assembled stack provided by caller.
@@ -25,16 +27,6 @@
     movq %rdx, %rsp
 .endm
 
-# Call native function.
-# Once done, restore normal stack pointer and return.
-# The return value is passed untouched through RAX or XMM0.
-.macro epilogue
-    call *%rax
-    movq %rbp, %rsp
-    pop %rbp
-    ret
-.endm
-
 # Prepare integer argument registers from array passed by caller.
 .macro forward_gpr
     movq 24(%rdx), %r9
@@ -51,44 +43,62 @@
     movsd 0(%rdx), %xmm0
 .endm
 
+# CallNative is a minimal wrapper around the native function call.
+# Its frame lives entirely on the custom stack, so its EstablisherFrame passes
+# the TEB stack bounds check. This ensures that SehHandler is found by
+# RtlDispatchException before it tries to cross back to the original stack
+# (through ForwardCall*), which would fail the bounds check and terminate.
+# After the native call returns, CallNative restores the original stack via
+# RBP (non-volatile, preserved by native) and returns directly to the C++ caller.
+CallNative:
+    .seh_proc CallNative
+    .seh_handler SehHandler, @except
+    .seh_endprologue
+    call *%rax
+    movq %rbp, %rsp
+    pop %rbp
+    ret
+    .seh_endproc
+
 ForwardCallG:
     prologue
     forward_gpr
-    epilogue
+    jmp CallNative
 
 ForwardCallF:
     prologue
     forward_gpr
-    epilogue
+    jmp CallNative
 
 ForwardCallD:
     prologue
     forward_gpr
-    epilogue
+    jmp CallNative
 
 ForwardCallXG:
     prologue
     forward_xmm
     forward_gpr
-    epilogue
+    jmp CallNative
 
 ForwardCallXF:
     prologue
     forward_xmm
     forward_gpr
-    epilogue
+    jmp CallNative
 
 ForwardCallXD:
     prologue
     forward_xmm
     forward_gpr
-    epilogue
+    jmp CallNative
 
 # Callbacks
 # ----------------------------
 
 .global RelayCallback
-.global CallSwitchStack
+.global SwitchAndRelay
+.global RelayDirect
 
 # First, make a copy of the GPR argument registers (rcx, rdx, r8, r9).
 # Then call the C function RelayCallback with the following arguments:
@@ -104,8 +114,6 @@ ForwardCallXD:
     movq %r9, 56(%rsp)
     movq $\id, %rcx
     leaq 32(%rsp), %rdx
-    leaq 160(%rsp), %r8
-    leaq 96(%rsp), %r9
     call RelayCallback
     movq 96(%rsp), %rax
     addq $120, %rsp
@@ -126,8 +134,6 @@ ForwardCallXD:
     movsd %xmm3, 88(%rsp)
     movq $\id, %rcx
     leaq 32(%rsp), %rdx
-    leaq 160(%rsp), %r8
-    leaq 96(%rsp), %r9
     call RelayCallback
     movq 96(%rsp), %rax
     movsd 104(%rsp), %xmm0
@@ -140,18 +146,17 @@ ForwardCallXD:
 # probably misdetect this as a "stack overflow". We have to restore the old
 # stack pointer, call Node.js/V8 and go back to ours.
 # The first three parameters (rcx, rdx, r8) are passed through untouched.
-CallSwitchStack:
+SwitchAndRelay:
     endbr64
     push %rbp
     movq %rsp, %rbp
-    movq 56(%rsp), %rax
     movq %rsp, %r10
     movq 48(%rsp), %r11
     subq 0(%r11), %r10
     andq $-16, %r10
     movq %r10, 8(%r11)
     leaq -32(%r9), %rsp
-    call *%rax
+    call RelayDirect
     movq %rbp, %rsp
     pop %rbp
     ret

package/src/koffi/src/abi_x64_win_asm.asm

@@ -15,6 +15,8 @@ public ForwardCallXG
 public ForwardCallXF
 public ForwardCallXD
 
+extern SehHandler : PROC
+
 .code
 
 ; Copy function pointer to RAX, in order to save it through argument forwarding.
@@ -32,16 +34,6 @@ prologue macro
     mov rsp, rdx
 endm
 
-; Call native function.
-; Once done, restore normal stack pointer and return.
-; The return value is passed untouched through RAX or XMM0.
-epilogue macro
-    call rax
-    mov rsp, rbp
-    pop rbp
-    ret
-endm
-
 ; Prepare integer argument registers from array passed by caller.
 forward_gpr macro
     mov r9, qword ptr [rdx+24]
@@ -58,50 +50,66 @@ forward_xmm macro
     movsd xmm0, qword ptr [rdx+0]
 endm
 
+; CallNative is a minimal wrapper around the native function call.
+; Its frame lives entirely on the custom stack, so its EstablisherFrame passes
+; the TEB stack bounds check. This ensures that SehHandler is found by
+; RtlDispatchException before it tries to cross back to the original stack
+; (through ForwardCall*), which would fail the bounds check and terminate.
+; After the native call returns, CallNative restores the original stack via
+; RBP (non-volatile, preserved by native) and returns directly to the C++ caller.
+CallNative proc frame:SehHandler
+    .endprolog
+    call rax
+    mov rsp, rbp
+    pop rbp
+    ret
+CallNative endp
+
 ForwardCallG proc frame
     prologue
     forward_gpr
-    epilogue
+    jmp CallNative
 ForwardCallG endp
 
 ForwardCallF proc frame
     prologue
     forward_gpr
-    epilogue
+    jmp CallNative
 ForwardCallF endp
 
 ForwardCallD proc frame
     prologue
     forward_gpr
-    epilogue
+    jmp CallNative
 ForwardCallD endp
 
 ForwardCallXG proc frame
     prologue
     forward_xmm
     forward_gpr
-    epilogue
+    jmp CallNative
 ForwardCallXG endp
 
 ForwardCallXF proc frame
     prologue
     forward_xmm
     forward_gpr
-    epilogue
+    jmp CallNative
 ForwardCallXF endp
 
 ForwardCallXD proc frame
     prologue
     forward_xmm
     forward_gpr
-    epilogue
+    jmp CallNative
 ForwardCallXD endp
 
 ; Callbacks
 ; ----------------------------
 
 extern RelayCallback : PROC
-public CallSwitchStack
+public SwitchAndRelay
+extern RelayDirect : PROC
 
 ; First, make a copy of the GPR argument registers (rcx, rdx, r8, r9).
 ; Then call the C function RelayCallback with the following arguments:
@@ -119,8 +127,6 @@ trampoline macro ID
     mov qword ptr [rsp+56], r9
     mov rcx, ID
     lea rdx, qword ptr [rsp+32]
-    lea r8, qword ptr [rsp+160]
-    lea r9, qword ptr [rsp+96]
     call RelayCallback
     mov rax, qword ptr [rsp+96]
     add rsp, 120
@@ -143,8 +149,6 @@ trampoline_vec macro ID
     movsd qword ptr [rsp+88], xmm3
     mov rcx, ID
     lea rdx, qword ptr [rsp+32]
-    lea r8, qword ptr [rsp+160]
-    lea r9, qword ptr [rsp+96]
     call RelayCallback
     mov rax, qword ptr [rsp+96]
     movsd xmm0, qword ptr [rsp+104]
@@ -157,25 +161,24 @@ endm
 ; probably misdetect this as a "stack overflow". We have to restore the old
 ; stack pointer, call Node.js/V8 and go back to ours.
 ; The first three parameters (rcx, rdx, r8) are passed through untouched.
-CallSwitchStack proc frame
+SwitchAndRelay proc frame
     endbr64
     push rbp
     .pushreg rbp
     mov rbp, rsp
     .setframe rbp, 0
     .endprolog
-    mov rax, qword ptr [rsp+56]
     mov r10, rsp
     mov r11, qword ptr [rsp+48]
     sub r10, qword ptr [r11+0]
     and r10, -16
     mov qword ptr [r11+8], r10
     lea rsp, [r9-32]
-    call rax
+    call RelayDirect
     mov rsp, rbp
     pop rbp
     ret
-CallSwitchStack endp
+SwitchAndRelay endp
 
 ; Trampolines
 ; ----------------------------

package/src/koffi/src/abi_x86.cc

@@ -26,6 +26,13 @@ struct BackRegisters {
     int ret_pop;
 };
 
+#if defined(_WIN32)
+struct SehFrame {
+    void *Next;
+    void *Handler;
+};
+#endif
+
 extern "C" uint64_t ForwardCallG(const void *func, uint8_t *sp, uint8_t **out_old_sp);
 extern "C" float ForwardCallF(const void *func, uint8_t *sp, uint8_t **out_old_sp);
 extern "C" double ForwardCallD(const void *func, uint8_t *sp, uint8_t **out_old_sp);
@@ -33,10 +40,6 @@ extern "C" uint64_t ForwardCallRG(const void *func, uint8_t *sp, uint8_t **out_o
 extern "C" float ForwardCallRF(const void *func, uint8_t *sp, uint8_t **out_old_sp);
 extern "C" double ForwardCallRD(const void *func, uint8_t *sp, uint8_t **out_old_sp);
 
-extern "C" napi_value CallSwitchStack(Napi::Function *func, size_t argc, napi_value *argv,
-                                      uint8_t *old_sp, Span<uint8_t> *new_stack,
-                                      napi_value (*call)(Napi::Function *func, size_t argc, napi_value *argv));
-
 #include "trampolines/prototypes.inc"
 
 bool AnalyseFunction(Napi::Env env, InstanceData *instance, FunctionInfo *func)
@@ -300,6 +303,7 @@ void CallData::Execute(const FunctionInfo *func, void *native)
 {
 #if defined(_WIN32)
     TEB *teb = GetTEB();
+    SehFrame *seh = (SehFrame *)mem->stack.ptr;
 
     // Restore previous stack limits at the end
     K_DEFER_C(exception_list = teb->ExceptionList,
@@ -319,7 +323,9 @@ void CallData::Execute(const FunctionInfo *func, void *native)
     };
 
     // Adjust stack limits so SEH works correctly
-    teb->ExceptionList = (void *)-1; // EXCEPTION_CHAIN_END
+    seh->Next = (void *)-1; \
+    seh->Handler = (void *)SehHandler; \
+    teb->ExceptionList = seh; \
     teb->StackBase = mem->stack0.end();
     teb->StackLimit = mem->stack0.ptr;
     teb->DeallocationStack = mem->stack0.ptr;
@@ -445,8 +451,11 @@ Napi::Value CallData::Complete(const FunctionInfo *func)
     K_UNREACHABLE();
 }
 
-void CallData::Relay(Size idx, uint8_t *, uint8_t *caller_sp, bool switch_stack, BackRegisters *out_reg)
+void CallData::Relay(Size idx, uint8_t *sp)
 {
+    uint8_t *caller_sp = sp + 48;
+    BackRegisters *out_reg = (BackRegisters *)(sp + 16);
+
     if (env.IsExceptionPending()) [[unlikely]]
         return;
 
@@ -685,15 +694,8 @@ void CallData::Relay(Size idx, uint8_t *, uint8_t *caller_sp, bool switch_stack,
 
     const TypeInfo *type = proto->ret.type;
 
-    // Make the call
-    napi_value ret;
-    if (switch_stack) {
-        ret = CallSwitchStack(&func, (size_t)arguments.len, arguments.data, old_sp, &mem->stack,
-                              [](Napi::Function *func, size_t argc, napi_value *argv) { return (napi_value)func->Call(argv[0], argc - 1, argv + 1); });
-    } else {
-        ret = (napi_value)func.Call(arguments[0], arguments.len - 1, arguments.data + 1);
-    }
-    Napi::Value value(env, ret);
+    // Make the call!
+    Napi::Value value = func.Call(arguments[0], arguments.len - 1, arguments.data + 1);
 
     if (env.IsExceptionPending()) [[unlikely]]
         return;

package/src/koffi/src/abi_x86_asm.S

@@ -81,7 +81,8 @@ ForwardCallRD:
 # ----------------------------
 
 .global RelayCallback
-.global CallSwitchStack
+.global SwitchAndRelay
+.global RelayDirect
 
 # Call the C function RelayCallback with the following arguments:
 # static trampoline ID, the current stack pointer, a pointer to the stack arguments of this call,
@@ -98,10 +99,6 @@ ForwardCallRD:
     .cfi_def_cfa esp, 48
     movl $\id, 0(%esp)
     movl %esp, 4(%esp)
-    leal 48(%esp), %eax
-    movl %eax, 8(%esp)
-    leal 16(%esp), %eax
-    movl %eax, 12(%esp)
     call GetEIP
     addl $_GLOBAL_OFFSET_TABLE_, %ecx
     call *RelayCallback@GOT(%ecx)
@@ -126,10 +123,6 @@ ForwardCallRD:
     .cfi_def_cfa esp, 48
     movl $\id, 0(%esp)
     movl %esp, 4(%esp)
-    leal 48(%esp), %eax
-    movl %eax, 8(%esp)
-    leal 16(%esp), %eax
-    movl %eax, 12(%esp)
     call GetEIP
     addl $_GLOBAL_OFFSET_TABLE_, %ecx
     call *RelayCallback@GOT(%ecx)
@@ -151,15 +144,11 @@ ForwardCallRD:
     .cfi_endproc
 .endm
 
-GetEIP:
-    movl (%esp), %ecx
-    ret
-
 # When a callback is relayed, Koffi will call into Node.js and V8 to execute Javascript.
 # The problem is that we're still running on the separate Koffi stack, and V8 will
 # probably misdetect this as a "stack overflow". We have to restore the old
 # stack pointer, call Node.js/V8 and go back to ours.
-CallSwitchStack:
+SwitchAndRelay:
     .cfi_startproc
     .cfi_def_cfa esp, 4
     ENDBR32
@@ -167,21 +156,22 @@ CallSwitchStack:
     .cfi_def_cfa esp, 8
     movl %esp, %ebp
     .cfi_def_cfa ebp, 8
-    movl 28(%esp), %edx
     movl 24(%esp), %ecx
     movl %esp, %eax
     subl 0(%ecx), %eax
     andl $-16, %eax
     movl %eax, 4(%ecx)
     movl 20(%esp), %esp
-    subl $28, %esp
+    subl $24, %esp
     movl 8(%ebp), %eax
     movl %eax, 0(%esp)
     movl 12(%ebp), %eax
     movl %eax, 4(%esp)
     movl 16(%ebp), %eax
     movl %eax, 8(%esp)
-    call *%edx
+    call GetEIP
+    addl $_GLOBAL_OFFSET_TABLE_, %ecx
+    call *RelayDirect@GOT(%ecx)
     mov %ebp, %esp
     .cfi_def_cfa esp, 8
     pop %ebp
@@ -189,6 +179,10 @@ CallSwitchStack:
     ret
     .cfi_endproc
 
+GetEIP:
+    movl (%esp), %ecx
+    ret
+
 # Trampolines
 # ----------------------------
 

package/src/koffi/src/abi_x86_asm.asm

@@ -80,7 +80,8 @@ ForwardCallRD endp
 ; ----------------------------
 
 extern RelayCallback : PROC
-public CallSwitchStack
+public SwitchAndRelay
+extern RelayDirect : PROC
 
 ; Call the C function RelayCallback with the following arguments:
 ; static trampoline ID, the current stack pointer, a pointer to the stack arguments of this call,
@@ -94,10 +95,6 @@ trampoline macro ID
     sub esp, 44
     mov dword ptr [esp+0], ID
     mov dword ptr [esp+4], esp
-    lea eax, dword ptr [esp+48]
-    mov dword ptr [esp+8], eax
-    lea eax, dword ptr [esp+16]
-    mov dword ptr [esp+12], eax
     call RelayCallback
     mov edx, dword ptr [esp+44]
     mov ecx, dword ptr [esp+36]
@@ -117,10 +114,6 @@ trampoline_vec macro ID
     sub esp, 44
     mov dword ptr [esp+0], ID
     mov dword ptr [esp+4], esp
-    lea eax, dword ptr [esp+48]
-    mov dword ptr [esp+8], eax
-    lea eax, dword ptr [esp+16]
-    mov dword ptr [esp+12], eax
     call RelayCallback
     mov edx, dword ptr [esp+44]
     mov ecx, dword ptr [esp+36]
@@ -141,29 +134,28 @@ endm
 ; The problem is that we're still running on the separate Koffi stack, and V8 will
 ; probably misdetect this as a "stack overflow". We have to restore the old
 ; stack pointer, call Node.js/V8 and go back to ours.
-CallSwitchStack proc
+SwitchAndRelay proc
     endbr32
     push ebp
     mov ebp, esp
-    mov edx, dword ptr [esp+28]
     mov ecx, dword ptr [esp+24]
     mov eax, esp
     sub eax, dword ptr [ecx+0]
     and eax, -16
     mov dword ptr [ecx+4], eax
     mov esp, dword ptr [esp+20]
-    sub esp, 28
+    sub esp, 24
     mov eax, dword ptr [ebp+8]
     mov dword ptr [esp+0], eax
     mov eax, dword ptr [ebp+12]
     mov dword ptr [esp+4], eax
     mov eax, dword ptr [ebp+16]
     mov dword ptr [esp+8], eax
-    call edx
+    call RelayDirect
     mov esp, ebp
     pop ebp
     ret
-CallSwitchStack endp
+SwitchAndRelay endp
 
 ; Trampolines
 ; ----------------------------

package/src/koffi/src/call.cc

@@ -12,15 +12,12 @@ namespace K {
 
 struct RelayContext {
     CallData *call;
-    bool dispose_call;
 
     Size idx;
-    uint8_t *own_sp;
-    uint8_t *caller_sp;
-    BackRegisters *out_reg;
+    uint8_t *sp;
 
-    std::mutex mutex;
-    std::condition_variable cv;
+    std::mutex mutex = {};
+    std::condition_variable cv = {};
     bool done = false;
 };
 
@@ -75,50 +72,26 @@ void CallData::Dispose()
     instance = nullptr;
 }
 
-void CallData::RelaySafe(Size idx, uint8_t *own_sp, uint8_t *caller_sp, bool outside_call, BackRegisters *out_reg)
+void CallData::RelayAsync(Size idx, uint8_t *sp)
 {
-    if (std::this_thread::get_id() != instance->main_thread_id) {
-        // JS/V8 is single-threaded, and runs on main_thread_id. Forward the call
-        // to the JS event loop.
+    // JS/V8 is single-threaded, and runs on main_thread_id. Forward the call
+    // to the JS event loop.
 
-        RelayContext ctx;
+    RelayContext ctx = {
+        .call = this,
+        .idx = idx,
+        .sp = sp
+    };
 
-        ctx.call = this;
-        ctx.dispose_call = outside_call;
-        ctx.idx = idx;
-        ctx.own_sp = own_sp;
-        ctx.caller_sp = caller_sp;
-        ctx.out_reg = out_reg;
+    napi_call_threadsafe_function(instance->broker, &ctx, napi_tsfn_blocking);
 
-        napi_call_threadsafe_function(instance->broker, &ctx, napi_tsfn_blocking);
-
-        // Wait until it executes
-        std::unique_lock<std::mutex> lock(ctx.mutex);
-        while (!ctx.done) {
-            ctx.cv.wait(lock);
-        }
-    } else {
-        Napi::HandleScope scope(env);
-        Relay(idx, own_sp, caller_sp, !outside_call, out_reg);
+    // Wait until it executes
+    std::unique_lock<std::mutex> lock(ctx.mutex);
+    while (!ctx.done) {
+        ctx.cv.wait(lock);
     }
 }
 
-void CallData::RelayAsync(napi_env, napi_value, void *, void *udata)
-{
-    RelayContext *ctx = (RelayContext *)udata;
-
-    ctx->call->Relay(ctx->idx, ctx->own_sp, ctx->caller_sp, false, ctx->out_reg);
-
-    if (ctx->dispose_call) {
-        ctx->call->Dispose();
-    }
-
-    // We're done!
-    std::lock_guard<std::mutex> lock(ctx->mutex);
-    ctx->done = true;
-    ctx->cv.notify_one();
-}
-
 bool CallData::PushString(Napi::Value value, int directions, const char **out_str)
 {
     // Fast path
@@ -189,7 +162,7 @@ Size CallData::PushStringValue(Napi::Value value, const char **out_str)
         K_ASSERT(status == napi_ok);
 
         len++;
-        buf = AllocateSpan<char>(&call_alloc, (Size)len);
+        buf = AllocateSpan<char>(&alloc, (Size)len);
 
         status = napi_get_value_string_utf8(env, value, buf.ptr, (size_t)buf.len, &len);
         K_ASSERT(status == napi_ok);
@@ -224,7 +197,7 @@ Size CallData::PushString16Value(Napi::Value value, const char16_t **out_str16)
         K_ASSERT(status == napi_ok);
 
         len++;
-        buf = AllocateSpan<char16_t>(&call_alloc, (Size)len);
+        buf = AllocateSpan<char16_t>(&alloc, (Size)len);
 
         status = napi_get_value_string_utf16(env, value, buf.ptr, (size_t)buf.len, &len);
         K_ASSERT(status == napi_ok);
@@ -255,7 +228,7 @@ Size CallData::PushString32Value(Napi::Value value, const char32_t **out_str32)
         mem->heap.ptr += buf16.len * 4;
         mem->heap.len -= buf16.len * 4;
     } else {
-        buf = AllocateSpan<char32_t>(&call_alloc, buf16.len);
+        buf = AllocateSpan<char32_t>(&alloc, buf16.len);
     }
 
     Size j = 0;
@@ -1315,4 +1288,22 @@ void CallData::PopOutArguments()
     }
 }
 
+void PerformAsyncRelay(napi_env, napi_value, void *, void *udata)
+{
+    RelayContext *ctx = (RelayContext *)udata;
+    CallData *call = ctx->call;
+
+    call->Relay(ctx->idx, ctx->sp);
+
+    // This CallData was created artificially just to perform the callback. Which means the
+    // creator may not run on the main thread, and cannot properly destroy it, because some
+    // members are managed by Node.
+    call->Dispose();
+
+    // We're done!
+    std::lock_guard<std::mutex> lock(ctx->mutex);
+    ctx->done = true;
+    ctx->cv.notify_one();
+}
+
 }

package/src/koffi/src/call.hh

@@ -17,7 +17,7 @@ struct BackRegisters;
 
 // I'm not sure why the alignas(8), because alignof(CallData) is 8 without it.
 // But on Windows i386, without it, the alignment may not be correct (compiler bug?).
-class alignas(8) CallData {
+struct alignas(8) CallData {
     struct OutArgument {
         enum class Kind {
             Array,
@@ -66,7 +66,7 @@ class alignas(8) CallData {
     LocalArray<int16_t, 16> used_trampolines;
     HeapArray<OutArgument> out_arguments;
 
-    BlockAllocator call_alloc;
+    BlockAllocator alloc;
 
 public:
     CallData(Napi::Env env, InstanceData *instance, InstanceMemory *mem);
@@ -90,9 +90,8 @@ public:
 
 #undef INLINE_IF_UNITY
 
-    void Relay(Size idx, uint8_t *own_sp, uint8_t *caller_sp, bool switch_stack, BackRegisters *out_reg);
-    void RelaySafe(Size idx, uint8_t *own_sp, uint8_t *caller_sp, bool outside_call, BackRegisters *out_reg);
-    static void RelayAsync(napi_env, napi_value, void *, void *udata);
+    void Relay(Size idx, uint8_t *sp);
+    void RelayAsync(Size idx, uint8_t *sp);
 
     void DumpForward(const FunctionInfo *func) const;
 
@@ -112,9 +111,6 @@ public:
 
     void *ReserveTrampoline(const FunctionInfo *proto, Napi::Function func);
 
-    BlockAllocator *GetAllocator() { return &call_alloc; }
-
-private:
     template <typename T>
     bool AllocStack(Size size, Size align, T **out_ptr);
     template <typename T = uint8_t>
@@ -169,13 +165,15 @@ inline T *CallData::AllocHeap(Size size, Size align)
         int flags = 0;
 #endif
 
-        ptr = (uint8_t *)AllocateRaw(&call_alloc, size + align, flags);
+        ptr = (uint8_t *)AllocateRaw(&alloc, size + align, flags);
         ptr = AlignUp(ptr, align);
 
         return ptr;
     }
 }
 
+void PerformAsyncRelay(napi_env env, napi_value callback, void *ctx, void *udata);
+
 void *GetTrampoline(int16_t idx, const FunctionInfo *proto);
 
 }