AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity
864372000e
v8/test/mjsunit/wasm/bounds-check-64bit.js
Andreas Haas 50ecc42cc7 [wasm] Change the memory access offset to pointer size 
TurboFan expects the offset input of a Load or Store node to be a
pointer-size input, i.e. an int32 input on 32-bit platforms, and int64
on 64-bit platforms. In WebAssembly we always provided 32-bit offset
though, which caused problems when the high word of the register which
contained the offset was not empty.

With this CL we change the offset input to int64 on 64-bit platforms.
In addition we also change the type of the memory_size_ node to int64,
so that that we do not have to adjust the type of the memory size at
every memory load.

This CL will cause performance regressions but is necessary for
correctness and to avoid crashes.

R=titzer@chromium.org

Bug: chromium:766666
Change-Id: I5301e108d05e125258d2a06d500c1b75e91697b8
Reviewed-on: https://chromium-review.googlesource.com/723379
Reviewed-by: Ben Titzer <titzer@chromium.org>
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48689}
2017-10-18 13:41:04 +00:00

34 lines
1.1 KiB
JavaScript
Raw Blame History

// Copyright 2017 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
load("test/mjsunit/wasm/wasm-constants.js");
load("test/mjsunit/wasm/wasm-module-builder.js");
const builder = new WasmModuleBuilder();
builder.addMemory(1, kV8MaxPages, false);
builder.addFunction('load', kSig_i_ii)
.addBody([
kExprGetLocal, 0,
kExprI64SConvertI32,
kExprGetLocal, 1,
kExprI64SConvertI32,
kExprI64Shl,
kExprI32ConvertI64,
kExprI32LoadMem, 0, 0])
.exportFunc();
const module = builder.instantiate();
let start = 12;
let address = start;
for (i = 1; i < 64; i++) {
// This is the address which will be accessed in the code. We cannot use
// shifts to calculate the address because JS shifts work on 32-bit integers.
address = (address * 2) % 4294967296;
if (address < kPageSize) {
assertEquals(0, module.exports.load(start, i));
} else {
assertTraps(kTrapMemOutOfBounds, _ => { module.exports.load(start, i);});
}
}
Reference in New Issue View Git Blame Copy Permalink