Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(755)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/compiler/wasm-compiler.cc

Issue 2416543002: [wasm] Fix bounds check for zero initial memory. (Closed)
Patch Set: Rebase Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | src/wasm/wasm-module.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/compiler/wasm-compiler.cc
diff --git a/src/compiler/wasm-compiler.cc b/src/compiler/wasm-compiler.cc
index 4392896c644b8796b013903a81c22a5804f71e5b..3667c3c5e7b2d9cbe280dfb746b243472a8a1aab 100644
--- a/src/compiler/wasm-compiler.cc
+++ b/src/compiler/wasm-compiler.cc
@@ -2856,39 +2856,34 @@ void WasmGraphBuilder::BoundsCheckMem(MachineType memtype, Node* index,
uint32_t offset,
wasm::WasmCodePosition position) {
DCHECK(module_ && module_->instance);
- uint32_t size = module_->instance->mem_size;
+ uint32_t size = module_->module->min_mem_pages * module_->module->kPageSize;
byte memsize = wasm::WasmOpcodes::MemSize(memtype);
// Check against the effective size.
size_t effective_size;
- if (size == 0) {
- effective_size = 0;
- } else if (offset >= size ||
- (static_cast<uint64_t>(offset) + memsize) > size) {
+ if (size == 0 || offset >= size ||
bradn 2016/10/14 01:17:07 Drop size==0, always true if the next clause is. M
gdeepti 2016/10/14 01:28:44 Done.
+ (static_cast<uint64_t>(offset) + memsize) > size) {
// Two checks are needed in the case where the offset is statically
// out of bounds; one check for the offset being in bounds, and the next for
// the offset + index being out of bounds for code to be patched correctly
// on relocation.
- effective_size = size - memsize + 1;
+ size_t effective_offset = offset + memsize - 1;
Node* cond = graph()->NewNode(jsgraph()->machine()->Uint32LessThan(),
- jsgraph()->IntPtrConstant(offset),
+ jsgraph()->IntPtrConstant(effective_offset),
jsgraph()->RelocatableInt32Constant(
- static_cast<uint32_t>(effective_size),
+ static_cast<uint32_t>(size),
RelocInfo::WASM_MEMORY_SIZE_REFERENCE));
trap_->AddTrapIfFalse(wasm::kTrapMemOutOfBounds, cond, position);
- DCHECK(offset >= effective_size);
- effective_size = offset - effective_size;
- } else {
- effective_size = size - offset - memsize + 1;
- CHECK(effective_size <= kMaxUInt32);
-
- Uint32Matcher m(index);
- if (m.HasValue()) {
- uint32_t value = m.Value();
- if (value < effective_size) {
- // The bounds check will always succeed.
- return;
- }
+ }
+ effective_size = size - offset - memsize + 1;
bradn 2016/10/14 01:17:07 Maybe comment that this relies on the above check
gdeepti 2016/10/14 01:28:44 Done.
+ CHECK(effective_size <= kMaxUInt32);
+
+ Uint32Matcher m(index);
+ if (m.HasValue()) {
+ uint32_t value = m.Value();
+ if (value < effective_size) {
+ // The bounds check will always succeed.
+ return;
}
}
« no previous file with comments | « no previous file | src/wasm/wasm-module.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698