Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(123)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: test/mjsunit/wasm/grow-memory.js

Issue 2640453003: [wasm] Fix and tighten memory validation (Closed)
Patch Set: Comments Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « test/mjsunit/regress/wasm/regression-667745.js ('k') | test/mjsunit/wasm/memory-size.js » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2016 the V8 project authors. All rights reserved. 1 // Copyright 2016 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Flags: --expose-wasm --stress-compaction 5 // Flags: --expose-wasm --stress-compaction
6 6
7 load("test/mjsunit/wasm/wasm-constants.js"); 7 load("test/mjsunit/wasm/wasm-constants.js");
8 load("test/mjsunit/wasm/wasm-module-builder.js"); 8 load("test/mjsunit/wasm/wasm-module-builder.js");
9 9
10 var kPageSize = 0x10000; 10 var kPageSize = 0x10000;
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after
177 for (offset = 19*kPageSize; offset < 19*kPageSize + 5; offset++) { 177 for (offset = 19*kPageSize; offset < 19*kPageSize + 5; offset++) {
178 assertTraps(kTrapMemOutOfBounds, poke); 178 assertTraps(kTrapMemOutOfBounds, poke);
179 assertTraps(kTrapMemOutOfBounds, peek); 179 assertTraps(kTrapMemOutOfBounds, peek);
180 } 180 }
181 } 181 }
182 182
183 testGrowMemoryReadWrite8(); 183 testGrowMemoryReadWrite8();
184 184
185 function testGrowMemoryZeroInitialSize() { 185 function testGrowMemoryZeroInitialSize() {
186 var builder = genGrowMemoryBuilder(); 186 var builder = genGrowMemoryBuilder();
187 builder.addMemory(0, kV8MaxPages, false);
187 var module = builder.instantiate(); 188 var module = builder.instantiate();
188 var offset; 189 var offset;
189 function peek() { return module.exports.load(offset); } 190 function peek() { return module.exports.load(offset); }
190 function poke(value) { return module.exports.store(offset, value); } 191 function poke(value) { return module.exports.store(offset, value); }
191 function growMem(pages) { return module.exports.grow_memory(pages); } 192 function growMem(pages) { return module.exports.grow_memory(pages); }
192 193
193 assertTraps(kTrapMemOutOfBounds, peek); 194 assertTraps(kTrapMemOutOfBounds, peek);
194 assertTraps(kTrapMemOutOfBounds, poke); 195 assertTraps(kTrapMemOutOfBounds, poke);
195 196
196 assertEquals(0, growMem(1)); 197 assertEquals(0, growMem(1));
(...skipping 13 matching lines...) Expand all
210 assertEquals(i, growMem(1)); 211 assertEquals(i, growMem(1));
211 } 212 }
212 poke(20); 213 poke(20);
213 assertEquals(20, peek()); 214 assertEquals(20, peek());
214 } 215 }
215 216
216 testGrowMemoryZeroInitialSize(); 217 testGrowMemoryZeroInitialSize();
217 218
218 function testGrowMemoryZeroInitialSize32() { 219 function testGrowMemoryZeroInitialSize32() {
219 var builder = genGrowMemoryBuilder(); 220 var builder = genGrowMemoryBuilder();
221 builder.addMemory(0, kV8MaxPages, false);
220 var module = builder.instantiate(); 222 var module = builder.instantiate();
221 var offset; 223 var offset;
222 function peek() { return module.exports.load(offset); } 224 function peek() { return module.exports.load(offset); }
223 function poke(value) { return module.exports.store(offset, value); } 225 function poke(value) { return module.exports.store(offset, value); }
224 function growMem(pages) { return module.exports.grow_memory(pages); } 226 function growMem(pages) { return module.exports.grow_memory(pages); }
225 227
226 assertTraps(kTrapMemOutOfBounds, peek); 228 assertTraps(kTrapMemOutOfBounds, peek);
227 assertTraps(kTrapMemOutOfBounds, poke); 229 assertTraps(kTrapMemOutOfBounds, poke);
228 230
229 assertEquals(0, growMem(1)); 231 assertEquals(0, growMem(1));
230 232
231 for(offset = 0; offset <= kPageSize - 4; offset++) { 233 for(offset = 0; offset <= kPageSize - 4; offset++) {
232 poke(20); 234 poke(20);
233 assertEquals(20, peek()); 235 assertEquals(20, peek());
234 } 236 }
235 237
236 for(offset = kPageSize - 3; offset <= kPageSize + 5; offset++) { 238 for(offset = kPageSize - 3; offset <= kPageSize + 5; offset++) {
237 assertTraps(kTrapMemOutOfBounds, peek); 239 assertTraps(kTrapMemOutOfBounds, peek);
238 } 240 }
239 } 241 }
240 242
241 testGrowMemoryZeroInitialSize32(); 243 testGrowMemoryZeroInitialSize32();
242 244
243 function testGrowMemoryZeroInitialSize16() { 245 function testGrowMemoryZeroInitialSize16() {
244 var builder = genGrowMemoryBuilder(); 246 var builder = genGrowMemoryBuilder();
247 builder.addMemory(0, kV8MaxPages, false);
245 var module = builder.instantiate(); 248 var module = builder.instantiate();
246 var offset; 249 var offset;
247 function peek() { return module.exports.load16(offset); } 250 function peek() { return module.exports.load16(offset); }
248 function poke(value) { return module.exports.store16(offset, value); } 251 function poke(value) { return module.exports.store16(offset, value); }
249 function growMem(pages) { return module.exports.grow_memory(pages); } 252 function growMem(pages) { return module.exports.grow_memory(pages); }
250 253
251 assertTraps(kTrapMemOutOfBounds, peek); 254 assertTraps(kTrapMemOutOfBounds, peek);
252 assertTraps(kTrapMemOutOfBounds, poke); 255 assertTraps(kTrapMemOutOfBounds, poke);
253 256
254 assertEquals(0, growMem(1)); 257 assertEquals(0, growMem(1));
255 258
256 for(offset = 0; offset <= kPageSize - 2; offset++) { 259 for(offset = 0; offset <= kPageSize - 2; offset++) {
257 poke(20); 260 poke(20);
258 assertEquals(20, peek()); 261 assertEquals(20, peek());
259 } 262 }
260 263
261 for(offset = kPageSize - 1; offset <= kPageSize + 5; offset++) { 264 for(offset = kPageSize - 1; offset <= kPageSize + 5; offset++) {
262 assertTraps(kTrapMemOutOfBounds, peek); 265 assertTraps(kTrapMemOutOfBounds, peek);
263 } 266 }
264 } 267 }
265 268
266 testGrowMemoryZeroInitialSize16(); 269 testGrowMemoryZeroInitialSize16();
267 270
268 function testGrowMemoryZeroInitialSize8() { 271 function testGrowMemoryZeroInitialSize8() {
269 var builder = genGrowMemoryBuilder(); 272 var builder = genGrowMemoryBuilder();
273 builder.addMemory(0, kV8MaxPages, false);
270 var module = builder.instantiate(); 274 var module = builder.instantiate();
271 var offset; 275 var offset;
272 function peek() { return module.exports.load8(offset); } 276 function peek() { return module.exports.load8(offset); }
273 function poke(value) { return module.exports.store8(offset, value); } 277 function poke(value) { return module.exports.store8(offset, value); }
274 function growMem(pages) { return module.exports.grow_memory(pages); } 278 function growMem(pages) { return module.exports.grow_memory(pages); }
275 279
276 assertTraps(kTrapMemOutOfBounds, peek); 280 assertTraps(kTrapMemOutOfBounds, peek);
277 assertTraps(kTrapMemOutOfBounds, poke); 281 assertTraps(kTrapMemOutOfBounds, poke);
278 282
279 assertEquals(0, growMem(1)); 283 assertEquals(0, growMem(1));
280 284
281 for(offset = 0; offset <= kPageSize - 1; offset++) { 285 for(offset = 0; offset <= kPageSize - 1; offset++) {
282 poke(20); 286 poke(20);
283 assertEquals(20, peek()); 287 assertEquals(20, peek());
284 } 288 }
285 289
286 for(offset = kPageSize; offset <= kPageSize + 5; offset++) { 290 for(offset = kPageSize; offset <= kPageSize + 5; offset++) {
287 assertTraps(kTrapMemOutOfBounds, peek); 291 assertTraps(kTrapMemOutOfBounds, peek);
288 } 292 }
289 } 293 }
290 294
291 testGrowMemoryZeroInitialSize8(); 295 testGrowMemoryZeroInitialSize8();
292 296
293 function testGrowMemoryTrapMaxPagesZeroInitialMemory() { 297 function testGrowMemoryTrapMaxPagesZeroInitialMemory() {
294 var builder = genGrowMemoryBuilder(); 298 var builder = genGrowMemoryBuilder();
299 builder.addMemory(0, kV8MaxPages, false);
295 var module = builder.instantiate(); 300 var module = builder.instantiate();
296 var maxPages = 16385; 301 var maxPages = 16385;
297 function growMem(pages) { return module.exports.grow_memory(pages); } 302 function growMem(pages) { return module.exports.grow_memory(pages); }
298 assertEquals(-1, growMem(maxPages)); 303 assertEquals(-1, growMem(maxPages));
299 } 304 }
300 305
301 testGrowMemoryTrapMaxPagesZeroInitialMemory(); 306 testGrowMemoryTrapMaxPagesZeroInitialMemory();
302 307
303 function testGrowMemoryTrapMaxPages() { 308 function testGrowMemoryTrapMaxPages() {
304 var builder = genGrowMemoryBuilder(); 309 var builder = genGrowMemoryBuilder();
305 builder.addMemory(1, 1, false); 310 builder.addMemory(1, 1, false);
306 var module = builder.instantiate(); 311 var module = builder.instantiate();
307 var maxPages = 16384; 312 var maxPages = 16384;
308 function growMem(pages) { return module.exports.grow_memory(pages); } 313 function growMem(pages) { return module.exports.grow_memory(pages); }
309 assertEquals(-1, growMem(maxPages)); 314 assertEquals(-1, growMem(maxPages));
310 } 315 }
311 316
312 testGrowMemoryTrapMaxPages(); 317 testGrowMemoryTrapMaxPages();
313 318
314 function testGrowMemoryTrapsWithNonSmiInput() { 319 function testGrowMemoryTrapsWithNonSmiInput() {
315 var builder = genGrowMemoryBuilder(); 320 var builder = genGrowMemoryBuilder();
321 builder.addMemory(0, kV8MaxPages, false);
316 var module = builder.instantiate(); 322 var module = builder.instantiate();
317 function growMem(pages) { return module.exports.grow_memory(pages); } 323 function growMem(pages) { return module.exports.grow_memory(pages); }
318 // The parameter of grow_memory is unsigned. Therefore -1 stands for 324 // The parameter of grow_memory is unsigned. Therefore -1 stands for
319 // UINT32_MIN, which cannot be represented as SMI. 325 // UINT32_MIN, which cannot be represented as SMI.
320 assertEquals(-1, growMem(-1)); 326 assertEquals(-1, growMem(-1));
321 }; 327 };
322 328
323 testGrowMemoryTrapsWithNonSmiInput(); 329 testGrowMemoryTrapsWithNonSmiInput();
324 330
325 function testGrowMemoryCurrentMemory() { 331 function testGrowMemoryCurrentMemory() {
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after
480 var kSpecMaxPages = 65535; 486 var kSpecMaxPages = 65535;
481 builder.addMemory(1, kSpecMaxPages, false); 487 builder.addMemory(1, kSpecMaxPages, false);
482 var module = builder.instantiate(); 488 var module = builder.instantiate();
483 function poke(value) { return module.exports.store(offset, value); } 489 function poke(value) { return module.exports.store(offset, value); }
484 function growMem(pages) { return module.exports.grow_memory(pages); } 490 function growMem(pages) { return module.exports.grow_memory(pages); }
485 assertEquals(1, growMem(20)); 491 assertEquals(1, growMem(20));
486 assertEquals(-1, growMem(kV8MaxPages - 20)); 492 assertEquals(-1, growMem(kV8MaxPages - 20));
487 } 493 }
488 494
489 testGrowMemoryDeclaredSpecMaxTraps(); 495 testGrowMemoryDeclaredSpecMaxTraps();
OLDNEW
« no previous file with comments | « test/mjsunit/regress/wasm/regression-667745.js ('k') | test/mjsunit/wasm/memory-size.js » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698