OLD | NEW |
1 // Copyright 2015 the V8 project authors. All rights reserved. | 1 // Copyright 2015 the V8 project authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "src/compiler/wasm-compiler.h" | 5 #include "src/compiler/wasm-compiler.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 | 8 |
9 #include "src/isolate-inl.h" | 9 #include "src/isolate-inl.h" |
10 | 10 |
(...skipping 2841 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2852 return node; | 2852 return node; |
2853 } | 2853 } |
2854 | 2854 |
2855 void WasmGraphBuilder::BoundsCheckMem(MachineType memtype, Node* index, | 2855 void WasmGraphBuilder::BoundsCheckMem(MachineType memtype, Node* index, |
2856 uint32_t offset, | 2856 uint32_t offset, |
2857 wasm::WasmCodePosition position) { | 2857 wasm::WasmCodePosition position) { |
2858 DCHECK(module_ && module_->instance); | 2858 DCHECK(module_ && module_->instance); |
2859 uint32_t size = module_->instance->mem_size; | 2859 uint32_t size = module_->instance->mem_size; |
2860 byte memsize = wasm::WasmOpcodes::MemSize(memtype); | 2860 byte memsize = wasm::WasmOpcodes::MemSize(memtype); |
2861 | 2861 |
2862 // Check against the effective size. | |
2863 size_t effective_size; | 2862 size_t effective_size; |
2864 if (size == 0) { | 2863 if (size <= offset || size < (static_cast<uint64_t>(offset) + memsize)) { |
2865 effective_size = 0; | |
2866 } else if (offset >= size || | |
2867 (static_cast<uint64_t>(offset) + memsize) > size) { | |
2868 // Two checks are needed in the case where the offset is statically | 2864 // Two checks are needed in the case where the offset is statically |
2869 // out of bounds; one check for the offset being in bounds, and the next for | 2865 // out of bounds; one check for the offset being in bounds, and the next for |
2870 // the offset + index being out of bounds for code to be patched correctly | 2866 // the offset + index being out of bounds for code to be patched correctly |
2871 // on relocation. | 2867 // on relocation. |
2872 effective_size = size - memsize + 1; | 2868 size_t effective_offset = offset + memsize - 1; |
2873 Node* cond = graph()->NewNode(jsgraph()->machine()->Uint32LessThan(), | 2869 Node* cond = graph()->NewNode(jsgraph()->machine()->Uint32LessThan(), |
2874 jsgraph()->IntPtrConstant(offset), | 2870 jsgraph()->IntPtrConstant(effective_offset), |
2875 jsgraph()->RelocatableInt32Constant( | 2871 jsgraph()->RelocatableInt32Constant( |
2876 static_cast<uint32_t>(effective_size), | 2872 static_cast<uint32_t>(size), |
2877 RelocInfo::WASM_MEMORY_SIZE_REFERENCE)); | 2873 RelocInfo::WASM_MEMORY_SIZE_REFERENCE)); |
2878 trap_->AddTrapIfFalse(wasm::kTrapMemOutOfBounds, cond, position); | 2874 trap_->AddTrapIfFalse(wasm::kTrapMemOutOfBounds, cond, position); |
2879 DCHECK(offset >= effective_size); | 2875 // For offset > effective size, this relies on check above to fail and |
2880 effective_size = offset - effective_size; | 2876 // effective size can be negative, relies on wrap around. |
| 2877 effective_size = size - offset - memsize + 1; |
2881 } else { | 2878 } else { |
2882 effective_size = size - offset - memsize + 1; | 2879 effective_size = size - offset - memsize + 1; |
2883 CHECK(effective_size <= kMaxUInt32); | 2880 CHECK(effective_size <= kMaxUInt32); |
2884 | 2881 |
2885 Uint32Matcher m(index); | 2882 Uint32Matcher m(index); |
2886 if (m.HasValue()) { | 2883 if (m.HasValue()) { |
2887 uint32_t value = m.Value(); | 2884 uint32_t value = m.Value(); |
2888 if (value < effective_size) { | 2885 if (value < effective_size) { |
2889 // The bounds check will always succeed. | 2886 // The bounds check will always succeed. |
2890 return; | 2887 return; |
(...skipping 525 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3416 function_->code_start_offset), | 3413 function_->code_start_offset), |
3417 compile_ms); | 3414 compile_ms); |
3418 } | 3415 } |
3419 | 3416 |
3420 return code; | 3417 return code; |
3421 } | 3418 } |
3422 | 3419 |
3423 } // namespace compiler | 3420 } // namespace compiler |
3424 } // namespace internal | 3421 } // namespace internal |
3425 } // namespace v8 | 3422 } // namespace v8 |
OLD | NEW |