Commit 0cab8685 authored by Andreas Haas's avatar Andreas Haas Committed by Commit Bot

[wasm][bulk-memory] Adjust memory.init to recent spec changes

CC=binji@chromium.org
R=mstarzinger@chromium.org

Change-Id: Ie1c085f818111eadee9187db6883f8b1060c02f0
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706477
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarBen Smith <binji@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62784}
parent f00304f3
......@@ -4715,8 +4715,19 @@ Node* WasmGraphBuilder::MemoryInit(uint32_t data_segment_index, Node* dst,
Node* src, Node* size,
wasm::WasmCodePosition position) {
CheckDataSegmentIsPassiveAndNotDropped(data_segment_index, position);
Node* dst_fail = BoundsCheckMemRange(&dst, &size, position);
auto m = mcgraph()->machine();
auto common = mcgraph()->common();
Node* size_null_check =
graph()->NewNode(m->Word32Equal(), size, mcgraph()->Int32Constant(0));
Node* size_null_branch = graph()->NewNode(common->Branch(BranchHint::kFalse),
size_null_check, Control());
Node* size_null_etrue = Effect();
Node* size_null_if_false =
graph()->NewNode(common->IfFalse(), size_null_branch);
SetControl(size_null_if_false);
Node* dst_fail = BoundsCheckMemRange(&dst, &size, position);
Node* seg_index = Uint32Constant(data_segment_index);
Node* src_fail;
......@@ -4758,9 +4769,16 @@ Node* WasmGraphBuilder::MemoryInit(uint32_t data_segment_index, Node* dst,
MachineType::Uint32()};
MachineSignature sig(0, 3, sig_types);
BuildCCall(&sig, function, dst, src, size);
return TrapIfTrue(wasm::kTrapMemOutOfBounds,
graph()->NewNode(m->Word32Or(), dst_fail, src_fail),
position);
TrapIfTrue(wasm::kTrapMemOutOfBounds,
graph()->NewNode(m->Word32Or(), dst_fail, src_fail), position);
Node* size_null_if_true =
graph()->NewNode(common->IfTrue(), size_null_branch);
Node* merge = SetControl(
graph()->NewNode(common->Merge(2), size_null_if_true, Control()));
SetEffect(
graph()->NewNode(common->EffectPhi(2), size_null_etrue, Effect(), merge));
return merge;
}
Node* WasmGraphBuilder::DataDrop(uint32_t data_segment_index,
......
......@@ -1788,6 +1788,9 @@ class ThreadImpl {
auto size = Pop().to<uint32_t>();
auto src = Pop().to<uint32_t>();
auto dst = Pop().to<uint32_t>();
if (size == 0) {
return true;
}
Address dst_addr;
bool ok = BoundsCheckMemRange(dst, &size, &dst_addr);
auto src_max =
......
......@@ -132,9 +132,9 @@ WASM_EXEC_TEST(MemoryInitOutOfBounds) {
CHECK_EQ(0xDEADBEEF, r.Call(1000, 0, kWasmPageSize));
CHECK_EQ(0xDEADBEEF, r.Call(kWasmPageSize, 0, 1));
// Copy 0 out-of-bounds fails.
CHECK_EQ(0xDEADBEEF, r.Call(kWasmPageSize + 1, 0, 0));
CHECK_EQ(0xDEADBEEF, r.Call(0, kWasmPageSize + 1, 0));
// Copy 0 out-of-bounds succeeds.
CHECK_EQ(0, r.Call(kWasmPageSize + 1, 0, 0));
CHECK_EQ(0, r.Call(0, kWasmPageSize + 1, 0));
// Make sure bounds aren't checked with 32-bit wrapping.
CHECK_EQ(0xDEADBEEF, r.Call(1, 1, 0xFFFFFFFF));
......
......@@ -18,7 +18,6 @@
# proposal.
'tests/proposals/bulk-memory-operations/elem': [FAIL],
'tests/proposals/bulk-memory-operations/table_copy': [FAIL],
'tests/proposals/bulk-memory-operations/memory_init': [FAIL],
'tests/proposals/bulk-memory-operations/memory_fill': [FAIL],
'tests/proposals/bulk-memory-operations/bulk': [FAIL],
'tests/proposals/bulk-memory-operations/data': [FAIL],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment