| OLD | NEW |
|---|
| 1 // Copyright 2015 the V8 project authors. All rights reserved. | 1 // Copyright 2015 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/signature.h" | 5 #include "src/signature.h" |
| 6 | 6 |
| 7 #include "src/bit-vector.h" | 7 #include "src/bit-vector.h" |
| 8 #include "src/flags.h" | 8 #include "src/flags.h" |
| 9 #include "src/handles.h" | 9 #include "src/handles.h" |
| 10 #include "src/zone/zone-containers.h" | 10 #include "src/zone/zone-containers.h" |
| (...skipping 604 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 615 static const int kMaxIndent = 64; | 615 static const int kMaxIndent = 64; |
| 616 static char bytes[kMaxIndent + 1]; | 616 static char bytes[kMaxIndent + 1]; |
| 617 for (int i = 0; i < kMaxIndent; ++i) bytes[i] = ' '; | 617 for (int i = 0; i < kMaxIndent; ++i) bytes[i] = ' '; |
| 618 bytes[kMaxIndent] = 0; | 618 bytes[kMaxIndent] = 0; |
| 619 if (stack_.size() < kMaxIndent / 2) { | 619 if (stack_.size() < kMaxIndent / 2) { |
| 620 bytes[stack_.size() * 2] = 0; | 620 bytes[stack_.size() * 2] = 0; |
| 621 } | 621 } |
| 622 return bytes; | 622 return bytes; |
| 623 } | 623 } |
| 624 | 624 |
| 625 bool CheckHasMemory() { |
| 626 if (!module_->has_memory) { |
| 627 error(pc_ - 1, "memory instruction with no memory"); |
| 628 } |
| 629 return module_->has_memory; |
| 630 } |
| 631 |
| 625 // Decodes the body of a function. | 632 // Decodes the body of a function. |
| 626 void DecodeFunctionBody() { | 633 void DecodeFunctionBody() { |
| 627 TRACE("wasm-decode %p...%p (module+%d, %d bytes) %s\n", | 634 TRACE("wasm-decode %p...%p (module+%d, %d bytes) %s\n", |
| 628 reinterpret_cast<const void*>(start_), | 635 reinterpret_cast<const void*>(start_), |
| 629 reinterpret_cast<const void*>(end_), baserel(pc_), | 636 reinterpret_cast<const void*>(end_), baserel(pc_), |
| 630 static_cast<int>(end_ - start_), builder_ ? "graph building" : ""); | 637 static_cast<int>(end_ - start_), builder_ ? "graph building" : ""); |
| 631 | 638 |
| 632 { | 639 { |
| 633 // Set up initial function block. | 640 // Set up initial function block. |
| 634 SsaEnv* break_env = ssa_env_; | 641 SsaEnv* break_env = ssa_env_; |
| (...skipping 470 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1105 case kExprI64StoreMem: | 1112 case kExprI64StoreMem: |
| 1106 len = DecodeStoreMem(kWasmI64, MachineType::Int64()); | 1113 len = DecodeStoreMem(kWasmI64, MachineType::Int64()); |
| 1107 break; | 1114 break; |
| 1108 case kExprF32StoreMem: | 1115 case kExprF32StoreMem: |
| 1109 len = DecodeStoreMem(kWasmF32, MachineType::Float32()); | 1116 len = DecodeStoreMem(kWasmF32, MachineType::Float32()); |
| 1110 break; | 1117 break; |
| 1111 case kExprF64StoreMem: | 1118 case kExprF64StoreMem: |
| 1112 len = DecodeStoreMem(kWasmF64, MachineType::Float64()); | 1119 len = DecodeStoreMem(kWasmF64, MachineType::Float64()); |
| 1113 break; | 1120 break; |
| 1114 case kExprGrowMemory: { | 1121 case kExprGrowMemory: { |
| 1122 if (!CheckHasMemory()) break; |
| 1115 MemoryIndexOperand operand(this, pc_); | 1123 MemoryIndexOperand operand(this, pc_); |
| 1116 DCHECK_NOT_NULL(module_); | 1124 DCHECK_NOT_NULL(module_); |
| 1117 if (module_->origin != kAsmJsOrigin) { | 1125 if (module_->origin != kAsmJsOrigin) { |
| 1118 Value val = Pop(0, kWasmI32); | 1126 Value val = Pop(0, kWasmI32); |
| 1119 Push(kWasmI32, BUILD(GrowMemory, val.node)); | 1127 Push(kWasmI32, BUILD(GrowMemory, val.node)); |
| 1120 } else { | 1128 } else { |
| 1121 error("grow_memory is not supported for asmjs modules"); | 1129 error("grow_memory is not supported for asmjs modules"); |
| 1122 } | 1130 } |
| 1123 len = 1 + operand.length; | 1131 len = 1 + operand.length; |
| 1124 break; | 1132 break; |
| 1125 } | 1133 } |
| 1126 case kExprMemorySize: { | 1134 case kExprMemorySize: { |
| 1135 if (!CheckHasMemory()) break; |
| 1127 MemoryIndexOperand operand(this, pc_); | 1136 MemoryIndexOperand operand(this, pc_); |
| 1128 Push(kWasmI32, BUILD(CurrentMemoryPages)); | 1137 Push(kWasmI32, BUILD(CurrentMemoryPages)); |
| 1129 len = 1 + operand.length; | 1138 len = 1 + operand.length; |
| 1130 break; | 1139 break; |
| 1131 } | 1140 } |
| 1132 case kExprCallFunction: { | 1141 case kExprCallFunction: { |
| 1133 CallFunctionOperand operand(this, pc_); | 1142 CallFunctionOperand operand(this, pc_); |
| 1134 if (Validate(pc_, operand)) { | 1143 if (Validate(pc_, operand)) { |
| 1135 TFNode** buffer = PopArgs(operand.sig); | 1144 TFNode** buffer = PopArgs(operand.sig); |
| 1136 TFNode** rets = nullptr; | 1145 TFNode** rets = nullptr; |
| (...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1297 void PushTry(SsaEnv* end_env, SsaEnv* catch_env) { | 1306 void PushTry(SsaEnv* end_env, SsaEnv* catch_env) { |
| 1298 const int stack_depth = static_cast<int>(stack_.size()); | 1307 const int stack_depth = static_cast<int>(stack_.size()); |
| 1299 control_.emplace_back(Control::Try(pc_, stack_depth, end_env, zone_, | 1308 control_.emplace_back(Control::Try(pc_, stack_depth, end_env, zone_, |
| 1300 catch_env, current_catch_)); | 1309 catch_env, current_catch_)); |
| 1301 current_catch_ = static_cast<int32_t>(control_.size() - 1); | 1310 current_catch_ = static_cast<int32_t>(control_.size() - 1); |
| 1302 } | 1311 } |
| 1303 | 1312 |
| 1304 void PopControl() { control_.pop_back(); } | 1313 void PopControl() { control_.pop_back(); } |
| 1305 | 1314 |
| 1306 int DecodeLoadMem(ValueType type, MachineType mem_type) { | 1315 int DecodeLoadMem(ValueType type, MachineType mem_type) { |
| 1316 if (!CheckHasMemory()) return 0; |
| 1307 MemoryAccessOperand operand(this, pc_, | 1317 MemoryAccessOperand operand(this, pc_, |
| 1308 ElementSizeLog2Of(mem_type.representation())); | 1318 ElementSizeLog2Of(mem_type.representation())); |
| 1309 | 1319 |
| 1310 Value index = Pop(0, kWasmI32); | 1320 Value index = Pop(0, kWasmI32); |
| 1311 TFNode* node = BUILD(LoadMem, type, mem_type, index.node, operand.offset, | 1321 TFNode* node = BUILD(LoadMem, type, mem_type, index.node, operand.offset, |
| 1312 operand.alignment, position()); | 1322 operand.alignment, position()); |
| 1313 Push(type, node); | 1323 Push(type, node); |
| 1314 return 1 + operand.length; | 1324 return 1 + operand.length; |
| 1315 } | 1325 } |
| 1316 | 1326 |
| 1317 int DecodeStoreMem(ValueType type, MachineType mem_type) { | 1327 int DecodeStoreMem(ValueType type, MachineType mem_type) { |
| 1328 if (!CheckHasMemory()) return 0; |
| 1318 MemoryAccessOperand operand(this, pc_, | 1329 MemoryAccessOperand operand(this, pc_, |
| 1319 ElementSizeLog2Of(mem_type.representation())); | 1330 ElementSizeLog2Of(mem_type.representation())); |
| 1320 Value val = Pop(1, type); | 1331 Value val = Pop(1, type); |
| 1321 Value index = Pop(0, kWasmI32); | 1332 Value index = Pop(0, kWasmI32); |
| 1322 BUILD(StoreMem, mem_type, index.node, operand.offset, operand.alignment, | 1333 BUILD(StoreMem, mem_type, index.node, operand.offset, operand.alignment, |
| 1323 val.node, position()); | 1334 val.node, position()); |
| 1324 return 1 + operand.length; | 1335 return 1 + operand.length; |
| 1325 } | 1336 } |
| 1326 | 1337 |
| 1327 unsigned ExtractLane(WasmOpcode opcode, ValueType type) { | 1338 unsigned ExtractLane(WasmOpcode opcode, ValueType type) { |
| (...skipping 698 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2026 BitVector* AnalyzeLoopAssignmentForTesting(Zone* zone, size_t num_locals, | 2037 BitVector* AnalyzeLoopAssignmentForTesting(Zone* zone, size_t num_locals, |
| 2027 const byte* start, const byte* end) { | 2038 const byte* start, const byte* end) { |
| 2028 Decoder decoder(start, end); | 2039 Decoder decoder(start, end); |
| 2029 return WasmDecoder::AnalyzeLoopAssignment(&decoder, start, | 2040 return WasmDecoder::AnalyzeLoopAssignment(&decoder, start, |
| 2030 static_cast<int>(num_locals), zone); | 2041 static_cast<int>(num_locals), zone); |
| 2031 } | 2042 } |
| 2032 | 2043 |
| 2033 } // namespace wasm | 2044 } // namespace wasm |
| 2034 } // namespace internal | 2045 } // namespace internal |
| 2035 } // namespace v8 | 2046 } // namespace v8 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2640453003:
[wasm] Fix and tighten memory validation (Closed)
