Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(258)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/wasm/function-body-decoder.cc

Issue 2640453003: [wasm] Fix and tighten memory validation (Closed)
Patch Set: Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/wasm/wasm-js.cc » ('j') | src/wasm/wasm-module.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 the V8 project authors. All rights reserved. 1 // Copyright 2015 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "src/signature.h" 5 #include "src/signature.h"
6 6
7 #include "src/bit-vector.h" 7 #include "src/bit-vector.h"
8 #include "src/flags.h" 8 #include "src/flags.h"
9 #include "src/handles.h" 9 #include "src/handles.h"
10 #include "src/zone/zone-containers.h" 10 #include "src/zone/zone-containers.h"
(...skipping 1094 matching lines...) Expand 10 before | Expand all | Expand 10 after
1105 case kExprI64StoreMem: 1105 case kExprI64StoreMem:
1106 len = DecodeStoreMem(kWasmI64, MachineType::Int64()); 1106 len = DecodeStoreMem(kWasmI64, MachineType::Int64());
1107 break; 1107 break;
1108 case kExprF32StoreMem: 1108 case kExprF32StoreMem:
1109 len = DecodeStoreMem(kWasmF32, MachineType::Float32()); 1109 len = DecodeStoreMem(kWasmF32, MachineType::Float32());
1110 break; 1110 break;
1111 case kExprF64StoreMem: 1111 case kExprF64StoreMem:
1112 len = DecodeStoreMem(kWasmF64, MachineType::Float64()); 1112 len = DecodeStoreMem(kWasmF64, MachineType::Float64());
1113 break; 1113 break;
1114 case kExprGrowMemory: { 1114 case kExprGrowMemory: {
1115 if (!module_->has_memory) {
titzer 2017/01/18 10:17:30 Can you factor out a little helper to turn this in
rossberg 2017/01/18 11:28:09 Done.
1116 error(pc_ - 1, "memory instruction with no memory");
1117 break;
1118 }
1115 MemoryIndexOperand operand(this, pc_); 1119 MemoryIndexOperand operand(this, pc_);
1116 DCHECK_NOT_NULL(module_); 1120 DCHECK_NOT_NULL(module_);
1117 if (module_->origin != kAsmJsOrigin) { 1121 if (module_->origin != kAsmJsOrigin) {
1118 Value val = Pop(0, kWasmI32); 1122 Value val = Pop(0, kWasmI32);
1119 Push(kWasmI32, BUILD(GrowMemory, val.node)); 1123 Push(kWasmI32, BUILD(GrowMemory, val.node));
1120 } else { 1124 } else {
1121 error("grow_memory is not supported for asmjs modules"); 1125 error("grow_memory is not supported for asmjs modules");
1122 } 1126 }
1123 len = 1 + operand.length; 1127 len = 1 + operand.length;
1124 break; 1128 break;
1125 } 1129 }
1126 case kExprMemorySize: { 1130 case kExprMemorySize: {
1131 if (!module_->has_memory) {
1132 error(pc_ - 1, "memory instruction with no memory");
1133 break;
1134 }
1127 MemoryIndexOperand operand(this, pc_); 1135 MemoryIndexOperand operand(this, pc_);
1128 Push(kWasmI32, BUILD(CurrentMemoryPages)); 1136 Push(kWasmI32, BUILD(CurrentMemoryPages));
1129 len = 1 + operand.length; 1137 len = 1 + operand.length;
1130 break; 1138 break;
1131 } 1139 }
1132 case kExprCallFunction: { 1140 case kExprCallFunction: {
1133 CallFunctionOperand operand(this, pc_); 1141 CallFunctionOperand operand(this, pc_);
1134 if (Validate(pc_, operand)) { 1142 if (Validate(pc_, operand)) {
1135 TFNode** buffer = PopArgs(operand.sig); 1143 TFNode** buffer = PopArgs(operand.sig);
1136 TFNode** rets = nullptr; 1144 TFNode** rets = nullptr;
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after
1297 void PushTry(SsaEnv* end_env, SsaEnv* catch_env) { 1305 void PushTry(SsaEnv* end_env, SsaEnv* catch_env) {
1298 const int stack_depth = static_cast<int>(stack_.size()); 1306 const int stack_depth = static_cast<int>(stack_.size());
1299 control_.emplace_back(Control::Try(pc_, stack_depth, end_env, zone_, 1307 control_.emplace_back(Control::Try(pc_, stack_depth, end_env, zone_,
1300 catch_env, current_catch_)); 1308 catch_env, current_catch_));
1301 current_catch_ = static_cast<int32_t>(control_.size() - 1); 1309 current_catch_ = static_cast<int32_t>(control_.size() - 1);
1302 } 1310 }
1303 1311
1304 void PopControl() { control_.pop_back(); } 1312 void PopControl() { control_.pop_back(); }
1305 1313
1306 int DecodeLoadMem(ValueType type, MachineType mem_type) { 1314 int DecodeLoadMem(ValueType type, MachineType mem_type) {
1315 if (!module_->has_memory) {
1316 error(pc_ - 1, "load instruction with no memory");
1317 return 0;
1318 }
1307 MemoryAccessOperand operand(this, pc_, 1319 MemoryAccessOperand operand(this, pc_,
1308 ElementSizeLog2Of(mem_type.representation())); 1320 ElementSizeLog2Of(mem_type.representation()));
1309 1321
1310 Value index = Pop(0, kWasmI32); 1322 Value index = Pop(0, kWasmI32);
1311 TFNode* node = BUILD(LoadMem, type, mem_type, index.node, operand.offset, 1323 TFNode* node = BUILD(LoadMem, type, mem_type, index.node, operand.offset,
1312 operand.alignment, position()); 1324 operand.alignment, position());
1313 Push(type, node); 1325 Push(type, node);
1314 return 1 + operand.length; 1326 return 1 + operand.length;
1315 } 1327 }
1316 1328
1317 int DecodeStoreMem(ValueType type, MachineType mem_type) { 1329 int DecodeStoreMem(ValueType type, MachineType mem_type) {
1330 if (!module_->has_memory) {
1331 error(pc_ - 1, "store instruction with no memory");
1332 return 0;
1333 }
1318 MemoryAccessOperand operand(this, pc_, 1334 MemoryAccessOperand operand(this, pc_,
1319 ElementSizeLog2Of(mem_type.representation())); 1335 ElementSizeLog2Of(mem_type.representation()));
1320 Value val = Pop(1, type); 1336 Value val = Pop(1, type);
1321 Value index = Pop(0, kWasmI32); 1337 Value index = Pop(0, kWasmI32);
1322 BUILD(StoreMem, mem_type, index.node, operand.offset, operand.alignment, 1338 BUILD(StoreMem, mem_type, index.node, operand.offset, operand.alignment,
1323 val.node, position()); 1339 val.node, position());
1324 return 1 + operand.length; 1340 return 1 + operand.length;
1325 } 1341 }
1326 1342
1327 unsigned ExtractLane(WasmOpcode opcode, ValueType type) { 1343 unsigned ExtractLane(WasmOpcode opcode, ValueType type) {
(...skipping 698 matching lines...) Expand 10 before | Expand all | Expand 10 after
2026 BitVector* AnalyzeLoopAssignmentForTesting(Zone* zone, size_t num_locals, 2042 BitVector* AnalyzeLoopAssignmentForTesting(Zone* zone, size_t num_locals,
2027 const byte* start, const byte* end) { 2043 const byte* start, const byte* end) {
2028 Decoder decoder(start, end); 2044 Decoder decoder(start, end);
2029 return WasmDecoder::AnalyzeLoopAssignment(&decoder, start, 2045 return WasmDecoder::AnalyzeLoopAssignment(&decoder, start,
2030 static_cast<int>(num_locals), zone); 2046 static_cast<int>(num_locals), zone);
2031 } 2047 }
2032 2048
2033 } // namespace wasm 2049 } // namespace wasm
2034 } // namespace internal 2050 } // namespace internal
2035 } // namespace v8 2051 } // namespace v8
OLDNEW
« no previous file with comments | « no previous file | src/wasm/wasm-js.cc » ('j') | src/wasm/wasm-module.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698