Closed Bug 1423952 Opened 6 years ago Closed 6 years ago

Wasm: Misinterpretation of limit on local variables during verification?

Categories

(Core :: JavaScript Engine: JIT, enhancement, P3)

enhancement

Tracking

()

RESOLVED INVALID

People

(Reporter: lth, Unassigned)

References

Details

If I read the webkit source correctly, they account separately for the number of parameters and the number of locals:

https://github.com/WebKit/webkit/blob/bcea987544319783957bfaa1a05728a67edd4ce3/Source/JavaScriptCore/wasm/WasmModuleParser.cpp#L108 et seq

https://github.com/WebKit/webkit/blob/a24ff92ae29eaa04aa37cf99ad810a0b47dd336a/Source/JavaScriptCore/wasm/WasmFunctionParser.h#L109 et seq

So, they can accomodate 50000 locals *and* 1000 parameters.  We, on the other hand, account for those together, so we can accomodate 1000 parameters per function, and then up to 50000 locals *including* the parameters.

As usual I can't find the part of the wasm spec (if any) that contains the canonical numbers or their interpretation, the closest I've come is here:  https://github.com/WebAssembly/design/issues/1138.
For what it's worth, v8 uses and interprets the limits as webkit: https://github.com/v8/v8/blob/master/src/wasm/wasm-limits.h#L33-L34
Blocks: 1467071
Per analysis from Lars (lost in the depths of irc, alas) it is believed
that (1) our implemention is actually correct, (2) the spec has now 
caught up, and that (3) the testcases due to land in bug 1467071 verify
this.  So this bug can now be closed.
Closing.  It seems our implementation was correct all along.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.