[wasm] Implement memory.{copy,fill} explicitly

V8's MemMove and libc's memset do not specify how the memory is filled, but wasm requires the direction to be backward only when the regions are overlapping and the source address is less than the destination address. Bug: v8:8950 Change-Id: If392967b51b33ad65fe145660f44b857559e34b1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507316 Commit-Queue: Ben Smith <binji@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#60106}

[wasm] Implement memory.{copy,fill} explicitly
V8's MemMove and libc's memset do not specify how the memory is filled, but wasm requires the direction to be backward only when the regions are overlapping and the source address is less than the destination address. Bug: v8:8950 Change-Id: If392967b51b33ad65fe145660f44b857559e34b1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1507316 Commit-Queue: Ben Smith <binji@chromium.org> Reviewed-by: Michael Starzinger <mstarzinger@chromium.org> Cr-Commit-Position: refs/heads/master@{#60106}
1f5ece9b · Ben Smith · Commit Bot · a510ceaf · 1f5ece9b
Commit 1f5ece9b authored Mar 07, 2019 by Ben Smith Committed by Commit Bot Mar 07, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 2 deletions

wasm-external-refs.cc src/wasm/wasm-external-refs.cc +27 -2

No files found.
--- a/src/wasm/wasm-external-refs.cc
+++ b/src/wasm/wasm-external-refs.cc
@@ -250,11 +250,36 @@ void float64_pow_wrapper(Address data) {
 }

 void memory_copy_wrapper(Address dst, Address src, uint32_t size) {
-  MemMove(reinterpret_cast<void*>(dst), reinterpret_cast<void*>(src), size);
+  // Use explicit forward and backward copy to match the required semantics for
+  // the memory.copy instruction. It is assumed that the caller of this
+  // function has already performed bounds checks, so {src + size} and
+  // {dst + size} should not overflow.
+  DCHECK(src + size >= src && dst + size >= dst);
+  uint8_t* dst8 = reinterpret_cast<uint8_t*>(dst);
+  uint8_t* src8 = reinterpret_cast<uint8_t*>(src);
+  if (src < dst && src + size > dst && dst + size > src) {
+    dst8 += size - 1;
+    src8 += size - 1;
+    for (; size > 0; size--) {
+      *dst8-- = *src8--;
+    }
+  } else {
+    for (; size > 0; size--) {
+      *dst8++ = *src8++;
+    }
+  }
 }

 void memory_fill_wrapper(Address dst, uint32_t value, uint32_t size) {
-  memset(reinterpret_cast<void*>(dst), value, size);
+  // Use an explicit forward copy to match the required semantics for the
+  // memory.fill instruction. It is assumed that the caller of this function
+  // has already performed bounds checks, so {dst + size} should not overflow.
+  DCHECK(dst + size >= dst);
+  uint8_t* dst8 = reinterpret_cast<uint8_t*>(dst);
+  uint8_t value8 = static_cast<uint8_t>(value);
+  for (; size > 0; size--) {
+    *dst8++ = value8;
+  }
 }

 static WasmTrapCallbackForTesting wasm_trap_callback_for_testing = nullptr;