Changeset 209651 in webkit for trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp

Timestamp:

Dec 9, 2016, 11:08:31 PM (9 years ago)

Author:

[email protected]

Message:

WebAssembly: implement data section
​https://bugs.webkit.org/show_bug.cgi?id=165696

Reviewed by Keith Miller.

As specified in ​https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#data-section
Note that some of the interesting corner cases are ill-defined by the spec: ​https://github.com/WebAssembly/design/issues/897

JSTests:

• wasm/Builder.js: create a data section from JavaScript
• wasm/Builder_WebAssemblyBinary.js: assemble the data section into the proper binary encoding

(const.emitters.Data):

• wasm/js-api/test_Data.js: Added.

(DataSection):
(DataSectionOffTheEnd):
(DataSectionPartlyOffTheEnd):
(DataSectionEmptyOffTheEnd):
(DataSectionSeenByStart):

• wasm/self-test/test_BuilderJSON.js: make sure the JSON structure is fine (this sanity checks before going to binary)

Source/JavaScriptCore:

• wasm/WasmFormat.h: segments are what represent sections of memory to initialize (similar to ELF's non-zero intializer data / rodata)

(JSC::Wasm::Segment::make):
(JSC::Wasm::Segment::destroy):
(JSC::Wasm::Segment::byte):
(JSC::Wasm::Segment::makePtr):

• wasm/WasmModuleParser.cpp: parse the data section, and prevent a few overflows if a user passes in UINT_MAX (the loops would overflow)

(JSC::Wasm::ModuleParser::parseType):
(JSC::Wasm::ModuleParser::parseImport):
(JSC::Wasm::ModuleParser::parseFunction):
(JSC::Wasm::ModuleParser::parseExport):
(JSC::Wasm::ModuleParser::parseCode):
(JSC::Wasm::ModuleParser::parseData):

• wasm/js/WebAssemblyModuleRecord.cpp:

(JSC::WebAssemblyModuleRecord::evaluate): the only sensible time to initialize the data section is after linking, but before calling start, I test for this but the spec isn't clear it's correct yet

File:

• trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp (modified) (9 diffs)

trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp

@@ -158 +158 @@
 {
     uint32_t count;
-    if (!parseVarUInt32(count))
+    if (!parseVarUInt32(count)
+        || count == std::numeric_limits<uint32_t>::max()
+        || !m_module->signatures.tryReserveCapacity(count))
         return false;
     if (verbose)
-        dataLogLn("count: ", count);
-    if (!m_module->signatures.tryReserveCapacity(count))
-        return false;
+        dataLogLn("  count: ", count);
 
     for (uint32_t i = 0; i < count; ++i) {
@@ -176 +176 @@
 
         uint32_t argumentCount;
-        if (!parseVarUInt32(argumentCount))
-            return false;
-
-        if (verbose)
-            dataLogLn("argumentCount: ", argumentCount);
-
         Vector<Type> argumentTypes;
-        if (!argumentTypes.tryReserveCapacity(argumentCount))
-            return false;
-
-        for (unsigned i = 0; i != argumentCount; ++i) {
+        if (!parseVarUInt32(argumentCount)
+            || argumentCount == std::numeric_limits<uint32_t>::max()
+            || !argumentTypes.tryReserveCapacity(argumentCount))
+            return false;
+        if (verbose)
+            dataLogLn("  argument count: ", argumentCount);
+
+        for (unsigned i = 0; i < argumentCount; ++i) {
             Type argumentType;
             if (!parseResultType(argumentType))
@@ -217 +215 @@
 {
     uint32_t importCount;
-    if (!parseVarUInt32(importCount))
-        return false;
-    if (!m_module->imports.tryReserveCapacity(importCount) // FIXME this over-allocates when we fix the FIXMEs below.
+    if (!parseVarUInt32(importCount)
+        || importCount == std::numeric_limits<uint32_t>::max()
+        || !m_module->imports.tryReserveCapacity(importCount) // FIXME this over-allocates when we fix the FIXMEs below.
         || !m_module->importFunctions.tryReserveCapacity(importCount) // FIXME this over-allocates when we fix the FIXMEs below.
         || !m_functionIndexSpace.tryReserveCapacity(importCount)) // FIXME this over-allocates when we fix the FIXMEs below. We'll allocate some more here when we know how many functions to expect.
         return false;
 
-    for (uint32_t importNumber = 0; importNumber != importCount; ++importNumber) {
+    for (uint32_t importNumber = 0; importNumber < importCount; ++importNumber) {
         Import imp;
         uint32_t moduleLen;
@@ -279 +277 @@
     uint32_t count;
     if (!parseVarUInt32(count)
+        || count == std::numeric_limits<uint32_t>::max()
         || !m_module->internalFunctionSignatures.tryReserveCapacity(count)
         || !m_functionLocationInBinary.tryReserveCapacity(count)
@@ -284 +283 @@
         return false;
 
-    for (uint32_t i = 0; i != count; ++i) {
+    for (uint32_t i = 0; i < count; ++i) {
         uint32_t typeNumber;
         if (!parseVarUInt32(typeNumber)
@@ -375 +374 @@
     uint32_t exportCount;
     if (!parseVarUInt32(exportCount)
+        || exportCount == std::numeric_limits<uint32_t>::max()
         || !m_module->exports.tryReserveCapacity(exportCount))
         return false;
 
-    for (uint32_t exportNumber = 0; exportNumber != exportCount; ++exportNumber) {
+    for (uint32_t exportNumber = 0; exportNumber < exportCount; ++exportNumber) {
         Export exp;
         uint32_t fieldLen;
@@ -386 +386 @@
             return false;
         exp.field = Identifier::fromString(m_vm, fieldString);
+
         if (!parseExternalKind(exp.kind))
             return false;
+
         switch (exp.kind) {
         case External::Function: {
@@ -441 +443 @@
     uint32_t count;
     if (!parseVarUInt32(count)
+        || count == std::numeric_limits<uint32_t>::max()
         || count != m_functionLocationInBinary.size())
         return false;
 
-    for (uint32_t i = 0; i != count; ++i) {
+    for (uint32_t i = 0; i < count; ++i) {
         uint32_t functionSize;
         if (!parseVarUInt32(functionSize)
@@ -461 +464 @@
 bool ModuleParser::parseData()
 {
-    // FIXME https://bugs.webkit.org/show_bug.cgi?id=161709
-    RELEASE_ASSERT_NOT_REACHED();
+    uint32_t segmentCount;
+    if (!parseVarUInt32(segmentCount)
+        || segmentCount == std::numeric_limits<uint32_t>::max()
+        || !m_module->data.tryReserveCapacity(segmentCount))
+        return false;
+    if (verbose)
+        dataLogLn("  segments: ", segmentCount);
+
+    for (uint32_t segmentNumber = 0; segmentNumber < segmentCount; ++segmentNumber) {
+        if (verbose)
+            dataLogLn("  segment #", segmentNumber);
+        uint32_t index;
+        uint8_t opcode;
+        uint32_t offset;
+        uint8_t endOpcode;
+        uint32_t dataByteLength;
+        if (!parseVarUInt32(index)
+            || index)
+            return false;
+
+        // FIXME allow complex init_expr here. https://bugs.webkit.org/show_bug.cgi?id=165700
+        // For now we only handle i32.const as offset.
+        if (!parseUInt8(opcode)
+            || opcode != Wasm::I32Const
+            || !parseVarUInt32(offset)
+            || !parseUInt8(endOpcode)
+            || endOpcode != Wasm::End)
+            return false;
+        if (verbose)
+            dataLogLn("    offset: ", offset);
+
+        if (!parseVarUInt32(dataByteLength)
+            || dataByteLength == std::numeric_limits<uint32_t>::max())
+            return false;
+        if (verbose)
+            dataLogLn("    data bytes: ", dataByteLength);
+
+        Segment* segment = Segment::make(offset, dataByteLength);
+        if (!segment)
+            return false;
+        m_module->data.uncheckedAppend(Segment::makePtr(segment));
+        for (uint32_t dataByte = 0; dataByte < dataByteLength; ++dataByte) {
+            uint8_t byte;
+            if (!parseUInt8(byte))
+                return false;
+            segment->byte(dataByte) = byte;
+            if (verbose)
+                dataLogLn("    [", dataByte, "] = ", segment->byte(dataByte));
+        }
+    }
     return true;
 }