Closed
Bug 1244571
Opened 8 years ago
Closed 8 years ago
wasm: Implement more operators
Categories
(Core :: JavaScript Engine: JIT, defect)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
mozilla47
| Tracking | Status | |
|---|---|---|
| firefox47 | --- | fixed |
People
(Reporter: sunfish, Assigned: sunfish)
References
Details
Attachments
(8 files)
|
23.37 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
|
25.27 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
|
9.20 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
|
29.15 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
|
1.22 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
|
21.03 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
|
8.05 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
|
9.84 KB,
patch
|
luke
:
review+
|
Details | Diff | Splinter Review |
Bug 1244272 implemented parsing, encoding, and decoding for several operators. There are more!
|
Assignee | |
Comment 3•8 years ago
|
||
While implementing the comparisons, I noticed that the earlier binary and unary operator patches didn't do full type checking. This patch rectifies that.
Attachment #8714138 -
Flags: review?(luke)
|
|
Assignee | |
Comment 4•8 years ago
|
||
The conversion operators.
Attachment #8714139 -
Flags: review?(luke)
|
|
Assignee | |
Comment 5•8 years ago
|
||
This patch just removes an unused opcode.
Attachment #8714141 -
Flags: review?(luke)
|
|
Assignee | |
Comment 6•8 years ago
|
||
This patch adds i64 support to parsing, encoding, decoding, and type-checking. i64 isn't supported in WasmIonCompile.cpp yet, but this patch sets up the front-end support it'll need.
Attachment #8714142 -
Flags: review?(luke)
|
|
Assignee | |
Comment 7•8 years ago
|
||
As suggested in bug 1244272 comment 4, this patch tidies up parsing to have the full names of the opcodes in the code, at the cost of some mild inefficiency (but it's the s-expression parser, so it's fine).
Attachment #8714143 -
Flags: review?(luke)
|
||
Updated•8 years ago
|
Attachment #8714136 -
Flags: review?(luke) → review+
|
|
||
Updated•8 years ago
|
Attachment #8714137 -
Flags: review?(luke) → review+
|
|
||
Updated•8 years ago
|
Attachment #8714138 -
Flags: review?(luke) → review+
|
|
||
Updated•8 years ago
|
Attachment #8714139 -
Flags: review?(luke) → review+
|
|
||
Updated•8 years ago
|
Attachment #8714141 -
Flags: review?(luke) → review+
|
|
||
Comment 8•8 years ago
|
||
Comment on attachment 8714142 [details] [diff] [review] wasm-i64.patch Review of attachment 8714142 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/asmjs/Wasm.cpp @@ +325,5 @@ > return DecodeUnaryOperator(f, expected, ExprType::I32); > + case Expr::I64Clz: > + case Expr::I64Ctz: > + case Expr::I64Popcnt: > + return DecodeUnaryOperator(f, expected, ExprType::I64); Unless I've missed it, I think this means that it will be possible for the fuzzer to generate i64 ops which will crash. While keeping the code structure the same, can you have these fail to validate (see e.g., I64 case in CheckValType).
Attachment #8714142 -
Flags: review?(luke) → review+
|
|
||
Comment 9•8 years ago
|
||
Comment on attachment 8714143 [details] [diff] [review] wasm-parser-cleanup.patch Review of attachment 8714143 [details] [diff] [review]: ----------------------------------------------------------------- Thanks!
Attachment #8714143 -
Flags: review?(luke) → review+
|
|
Assignee | |
Comment 10•8 years ago
|
||
(In reply to Luke Wagner [:luke] from comment #8) > Unless I've missed it, I think this means that it will be possible for the > fuzzer to generate i64 ops which will crash. While keeping the code > structure the same, can you have these fail to validate (see e.g., I64 case > in CheckValType). The patches here do this in several areas: I32Ctz, F32Copysign, and so on. Should I disable parsing and decoding of such operators until Ion implementations are in place?
|
|
Assignee | |
Comment 11•8 years ago
|
||
This patches fixes decoding to fail on operators that WasmIonCompile doesn't support yet, so that fuzzers don't see MOZ_CRASH on them.
Attachment #8714952 -
Flags: review?(luke)
|
|
||
Updated•8 years ago
|
Attachment #8714952 -
Flags: review?(luke) → review+
|
||
Comment 12•8 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/89f9764ae65e https://hg.mozilla.org/integration/mozilla-inbound/rev/f5095d17bd44 https://hg.mozilla.org/integration/mozilla-inbound/rev/594a1d126773 https://hg.mozilla.org/integration/mozilla-inbound/rev/f3f5fc7cb841 https://hg.mozilla.org/integration/mozilla-inbound/rev/8aed04de4330 https://hg.mozilla.org/integration/mozilla-inbound/rev/6012d29342bd https://hg.mozilla.org/integration/mozilla-inbound/rev/3ae60a91cfe4 https://hg.mozilla.org/integration/mozilla-inbound/rev/d7c161576532
|
||
Comment 13•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/89f9764ae65e https://hg.mozilla.org/mozilla-central/rev/f5095d17bd44 https://hg.mozilla.org/mozilla-central/rev/594a1d126773 https://hg.mozilla.org/mozilla-central/rev/f3f5fc7cb841 https://hg.mozilla.org/mozilla-central/rev/8aed04de4330 https://hg.mozilla.org/mozilla-central/rev/6012d29342bd https://hg.mozilla.org/mozilla-central/rev/3ae60a91cfe4 https://hg.mozilla.org/mozilla-central/rev/d7c161576532
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox47:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
You need to log in
before you can comment on or make changes to this bug.
Description
•