src/compiler/wasm-compiler.cc - Issue 2416543002: [wasm] Fix bounds check for zero initial memory.

Side by Side Diff: src/compiler/wasm-compiler.cc

Issue 2416543002: [wasm] Fix bounds check for zero initial memory. (Closed)

Patch Set: Add aTODO Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright 2015 the V8 project authors. All rights reserved.	1 // Copyright 2015 the V8 project authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "src/compiler/wasm-compiler.h"	5 #include "src/compiler/wasm-compiler.h"

6	6

7 #include <memory>	7 #include <memory>

8	8

9 #include "src/isolate-inl.h"	9 #include "src/isolate-inl.h"

10	10

(...skipping 2831 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2842 Node* node = graph()->NewNode(op, addr, jsgraph()->Int32Constant(0), val,	2842 Node* node = graph()->NewNode(op, addr, jsgraph()->Int32Constant(0), val,

2843 effect_, control_);	2843 effect_, control_);

2844 *effect_ = node;	2844 *effect_ = node;

2845 return node;	2845 return node;

2846 }	2846 }

2847	2847

2848 void WasmGraphBuilder::BoundsCheckMem(MachineType memtype, Node* index,	2848 void WasmGraphBuilder::BoundsCheckMem(MachineType memtype, Node* index,

2849 uint32_t offset,	2849 uint32_t offset,

2850 wasm::WasmCodePosition position) {	2850 wasm::WasmCodePosition position) {

2851 DCHECK(module_ && module_->instance);	2851 DCHECK(module_ && module_->instance);

2852 uint32_t size = module_->instance->mem_size;	2852 uint32_t size = module_->instance->mem_size;
	bradn 2016/10/13 22:43:41 Shouldn't this be from min_mem_pages in the module Shouldn't this be from min_mem_pages in the module, not the instance (since set of instructions has to be fixed from compile time on). It probably works now because there's a dummy instance created, but it's better to base this on the values in the module structure. gdeepti 2016/10/14 01:28:44 Tried this, but it looks like the test harness sti Show quoted text On 2016/10/13 22:43:41, bradn wrote: > Shouldn't this be from min_mem_pages in the module, not the instance (since set > of instructions has to be fixed from compile time on). > It probably works now because there's a dummy instance created, but it's better > to base this on the values in the module structure. Tried this, but it looks like the test harness still relies on the older structure. Deferring this till I can look into this more.
2853 byte memsize = wasm::WasmOpcodes::MemSize(memtype);	2853 byte memsize = wasm::WasmOpcodes::MemSize(memtype);

2854	2854

2855 // Check against the effective size.	2855 // Check against the effective size.

2856 size_t effective_size;	2856 size_t effective_size;

2857 if (size == 0) {	2857 if (size == 0) {

	2858 // TODO(gdeepti): Remove filler check used here to stash the size of

	2859 // memtype for when code is relocated.
	bradn 2016/10/13 22:43:41 Maybe a single reloc type will work after all? If Maybe a single reloc type will work after all? If we make the first check always: offset + memtype - 1 < size And the second: index < size - offset - memtype + 1 We can then drop each check based on if the minimum allowed size means the condition is always true? gdeepti 2016/10/14 01:28:44 Done. Show quoted text On 2016/10/13 22:43:41, bradn wrote: > Maybe a single reloc type will work after all? > > If we make the first check always: > offset + memtype - 1 < size > > And the second: > index < size - offset - memtype + 1 > > We can then drop each check based on if the minimum allowed size means the > condition is always true? Done.
	2860 Node* cond = graph()->NewNode(jsgraph()->machine()->Uint32LessThan(),

	2861 jsgraph()->Int32Constant(0),

	2862 jsgraph()->RelocatableInt32Constant(

	2863 static_cast<uint32_t>(memsize),

	2864 RelocInfo::WASM_MEMTYPE_SIZE_REFERENCE));

	2865 trap_->AddTrapIfFalse(wasm::kTrapMemOutOfBounds, cond, position);

2858 effective_size = 0;	2866 effective_size = 0;

2859 } else if (offset >= size \|\|	2867 } else if (offset >= size \|\|

2860 (static_cast<uint64_t>(offset) + memsize) > size) {	2868 (static_cast<uint64_t>(offset) + memsize) > size) {

2861 // Two checks are needed in the case where the offset is statically	2869 // Two checks are needed in the case where the offset is statically

2862 // out of bounds; one check for the offset being in bounds, and the next for	2870 // out of bounds; one check for the offset being in bounds, and the next for

2863 // the offset + index being out of bounds for code to be patched correctly	2871 // the offset + index being out of bounds for code to be patched correctly

2864 // on relocation.	2872 // on relocation.

2865 effective_size = size - memsize + 1;	2873 effective_size = size - memsize + 1;

2866 Node* cond = graph()->NewNode(jsgraph()->machine()->Uint32LessThan(),	2874 Node* cond = graph()->NewNode(jsgraph()->machine()->Uint32LessThan(),

2867 jsgraph()->IntPtrConstant(offset),	2875 jsgraph()->IntPtrConstant(offset),

(...skipping 541 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3409 function_->code_start_offset),	3417 function_->code_start_offset),

3410 compile_ms);	3418 compile_ms);

3411 }	3419 }

3412	3420

3413 return code;	3421 return code;

3414 }	3422 }

3415	3423

3416 } // namespace compiler	3424 } // namespace compiler

3417 } // namespace internal	3425 } // namespace internal

3418 } // namespace v8	3426 } // namespace v8

OLD	NEW

« no previous file with comments | « src/compiler/s390/code-generator-s390.cc ('k') | src/compiler/x64/code-generator-x64.cc » ('j') | no next file with comments »