Commit 39932a04 authored by Manos Koukoutos's avatar Manos Koukoutos Committed by Commit Bot

[wasm-gc][bug] Fix Fuzzer crashes on unimplemented experimental code.

Changes:
- Don't use UNIMPLEMENTED where it can be run.
- Implement OpcodeLength for gc types.
- Remove unreachable code.
- Request the correct feature 'gc' for the respective opcodes and types.

Bug: 1079337, 1079450, 1081529, 1081011, 1080444

Change-Id: Ib081139ca805c6f5471a372f862638a3606254b1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2196302
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Reviewed-by: 's avatarJakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67755}
parent e62a7f76
...@@ -291,7 +291,8 @@ uint32_t read_value_type(Decoder* decoder, const byte* pc, ValueType* result, ...@@ -291,7 +291,8 @@ uint32_t read_value_type(Decoder* decoder, const byte* pc, ValueType* result,
return 0; return 0;
case kLocalEqRef: case kLocalEqRef:
if (enabled.has_gc()) { if (enabled.has_gc()) {
UNIMPLEMENTED(); // TODO(7748): Implement *result = kWasmEqRef;
return 1;
} }
decoder->error(pc, decoder->error(pc,
"invalid value type 'eqref', enable with " "invalid value type 'eqref', enable with "
...@@ -299,7 +300,8 @@ uint32_t read_value_type(Decoder* decoder, const byte* pc, ValueType* result, ...@@ -299,7 +300,8 @@ uint32_t read_value_type(Decoder* decoder, const byte* pc, ValueType* result,
return 0; return 0;
case kLocalI31Ref: case kLocalI31Ref:
if (enabled.has_gc()) { if (enabled.has_gc()) {
UNIMPLEMENTED(); // TODO(7748): Implement // TODO(7748): Implement
decoder->error(pc, "'i31ref' is unimplemented");
} }
decoder->error(pc, decoder->error(pc,
"invalid value type 'i31ref', enable with " "invalid value type 'i31ref', enable with "
...@@ -307,7 +309,8 @@ uint32_t read_value_type(Decoder* decoder, const byte* pc, ValueType* result, ...@@ -307,7 +309,8 @@ uint32_t read_value_type(Decoder* decoder, const byte* pc, ValueType* result,
return 0; return 0;
case kLocalRttRef: case kLocalRttRef:
if (enabled.has_gc()) { if (enabled.has_gc()) {
UNIMPLEMENTED(); // TODO(7748): Implement // TODO(7748): Implement
decoder->error(pc, "'rttref' is unimplemented");
} }
decoder->error(pc, decoder->error(pc,
"invalid value type 'rttref', enable with " "invalid value type 'rttref', enable with "
...@@ -1410,6 +1413,11 @@ class WasmDecoder : public Decoder { ...@@ -1410,6 +1413,11 @@ class WasmDecoder : public Decoder {
return 1 + imm.length; return 1 + imm.length;
} }
case kExprBrOnNull: {
BranchDepthImmediate<validate> imm(decoder, pc);
return 1 + imm.length;
}
case kExprLocalGet: case kExprLocalGet:
case kExprLocalSet: case kExprLocalSet:
case kExprLocalTee: { case kExprLocalTee: {
...@@ -1554,6 +1562,48 @@ class WasmDecoder : public Decoder { ...@@ -1554,6 +1562,48 @@ class WasmDecoder : public Decoder {
return 2; return 2;
} }
} }
case kGCPrefix: {
byte gc_index = decoder->read_u8<validate>(pc + 1, "gc_index");
WasmOpcode opcode = static_cast<WasmOpcode>(kGCPrefix << 8 | gc_index);
switch (opcode) {
case kExprStructNew:
case kExprStructNewSub:
case kExprStructNewDefault: {
StructIndexImmediate<validate> imm(decoder, pc + 2);
return 2 + imm.length;
}
case kExprStructGet:
case kExprStructGetS:
case kExprStructGetU:
case kExprStructSet: {
FieldIndexImmediate<validate> imm(decoder, pc + 2);
return 2 + imm.length;
}
case kExprArrayNew:
case kExprArrayNewSub:
case kExprArrayNewDefault:
case kExprArrayGet:
case kExprArrayGetS:
case kExprArrayGetU:
case kExprArraySet:
case kExprArrayLen: {
ArrayIndexImmediate<validate> imm(decoder, pc + 2);
return 2 + imm.length;
}
case kExprBrOnCast: {
BranchDepthImmediate<validate> imm(decoder, pc + 2);
return 2 + imm.length;
}
case kExprRttGet:
case kExprRttSub: {
// TODO(7748): Impelement.
UNIMPLEMENTED();
}
default:
return 2;
}
}
default: default:
return 1; return 1;
} }
...@@ -2289,7 +2339,7 @@ class WasmFullDecoder : public WasmDecoder<validate> { ...@@ -2289,7 +2339,7 @@ class WasmFullDecoder : public WasmDecoder<validate> {
break; break;
} }
case kExprRefAsNonNull: { case kExprRefAsNonNull: {
CHECK_PROTOTYPE_OPCODE(anyref); CHECK_PROTOTYPE_OPCODE(gc);
auto value = Pop(); auto value = Pop();
switch (value.type.kind()) { switch (value.type.kind()) {
case ValueType::kRef: { case ValueType::kRef: {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment