[wasm][bulk-memory] Adjust memory.init to recent spec changes

CC=binji@chromium.org R=mstarzinger@chromium.org Change-Id: Ie1c085f818111eadee9187db6883f8b1060c02f0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1706477 Commit-Queue: Andreas Haas <ahaas@chromium.org> Reviewed-by: Ben Smith <binji@chromium.org> Cr-Commit-Position: refs/heads/master@{#62784}
2019-07-17 19:10:40 +02:00 · 2019-07-17 19:10:40 +02:00 · 0cab868537
commit 0cab868537
parent f00304f3db
4 changed files with 28 additions and 8 deletions
--- a/src/compiler/wasm-compiler.cc
+++ b/src/compiler/wasm-compiler.cc
@ -4715,8 +4715,19 @@ Node* WasmGraphBuilder::MemoryInit(uint32_t data_segment_index, Node* dst,
                                   Node* src, Node* size,
                                   wasm::WasmCodePosition position) {
  CheckDataSegmentIsPassiveAndNotDropped(data_segment_index, position);
-  Node* dst_fail = BoundsCheckMemRange(&dst, &size, position);
  auto m = mcgraph()->machine();
+  auto common = mcgraph()->common();
+  Node* size_null_check =
+      graph()->NewNode(m->Word32Equal(), size, mcgraph()->Int32Constant(0));
+  Node* size_null_branch = graph()->NewNode(common->Branch(BranchHint::kFalse),
+                                            size_null_check, Control());
+
+  Node* size_null_etrue = Effect();
+  Node* size_null_if_false =
+      graph()->NewNode(common->IfFalse(), size_null_branch);
+  SetControl(size_null_if_false);
+
+  Node* dst_fail = BoundsCheckMemRange(&dst, &size, position);

  Node* seg_index = Uint32Constant(data_segment_index);
  Node* src_fail;
@ -4758,9 +4769,16 @@ Node* WasmGraphBuilder::MemoryInit(uint32_t data_segment_index, Node* dst,
                             MachineType::Uint32()};
  MachineSignature sig(0, 3, sig_types);
  BuildCCall(&sig, function, dst, src, size);
-  return TrapIfTrue(wasm::kTrapMemOutOfBounds,
-                    graph()->NewNode(m->Word32Or(), dst_fail, src_fail),
-                    position);
+  TrapIfTrue(wasm::kTrapMemOutOfBounds,
+             graph()->NewNode(m->Word32Or(), dst_fail, src_fail), position);
+  Node* size_null_if_true =
+      graph()->NewNode(common->IfTrue(), size_null_branch);
+
+  Node* merge = SetControl(
+      graph()->NewNode(common->Merge(2), size_null_if_true, Control()));
+  SetEffect(
+      graph()->NewNode(common->EffectPhi(2), size_null_etrue, Effect(), merge));
+  return merge;
 }

 Node* WasmGraphBuilder::DataDrop(uint32_t data_segment_index,
--- a/src/wasm/wasm-interpreter.cc
+++ b/src/wasm/wasm-interpreter.cc
@ -1788,6 +1788,9 @@ class ThreadImpl {
        auto size = Pop().to<uint32_t>();
        auto src = Pop().to<uint32_t>();
        auto dst = Pop().to<uint32_t>();
+        if (size == 0) {
+          return true;
+        }
        Address dst_addr;
        bool ok = BoundsCheckMemRange(dst, &size, &dst_addr);
        auto src_max =
--- a/test/cctest/wasm/test-run-wasm-bulk-memory.cc
+++ b/test/cctest/wasm/test-run-wasm-bulk-memory.cc
@ -132,9 +132,9 @@ WASM_EXEC_TEST(MemoryInitOutOfBounds) {
  CHECK_EQ(0xDEADBEEF, r.Call(1000, 0, kWasmPageSize));
  CHECK_EQ(0xDEADBEEF, r.Call(kWasmPageSize, 0, 1));

-  // Copy 0 out-of-bounds fails.
-  CHECK_EQ(0xDEADBEEF, r.Call(kWasmPageSize + 1, 0, 0));
-  CHECK_EQ(0xDEADBEEF, r.Call(0, kWasmPageSize + 1, 0));
+  // Copy 0 out-of-bounds succeeds.
+  CHECK_EQ(0, r.Call(kWasmPageSize + 1, 0, 0));
+  CHECK_EQ(0, r.Call(0, kWasmPageSize + 1, 0));

  // Make sure bounds aren't checked with 32-bit wrapping.
  CHECK_EQ(0xDEADBEEF, r.Call(1, 1, 0xFFFFFFFF));
--- a/test/wasm-spec-tests/wasm-spec-tests.status
+++ b/test/wasm-spec-tests/wasm-spec-tests.status
@ -18,7 +18,6 @@
  # proposal.
  'tests/proposals/bulk-memory-operations/elem': [FAIL],
  'tests/proposals/bulk-memory-operations/table_copy': [FAIL],
-  'tests/proposals/bulk-memory-operations/memory_init': [FAIL],
  'tests/proposals/bulk-memory-operations/memory_fill': [FAIL],
  'tests/proposals/bulk-memory-operations/bulk': [FAIL],
  'tests/proposals/bulk-memory-operations/data': [FAIL],