Closed Bug 1592783 Opened 2 years ago Closed 2 years ago

Revert trapping semantics of bulk-memory-operations

Categories

(Core :: Javascript: WebAssembly, task, P3)

task

Tracking

()

RESOLVED FIXED
mozilla72
Tracking Status
firefox72 --- fixed

People

(Reporter: rhunt, Assigned: rhunt)

Details

Attachments

(2 files)

The CG approved a motion to revert to trapping if an accessed byte would be out-of-bounds before performing a write for the bulk-memory operations.

[1] https://github.com/WebAssembly/bulk-memory-operations/issues/111#issuecomment-548114063

The patch to do this is fairly simple. Unfortunately we need to update the spec-tests, which implies updating the spec interpreter. I've got a commit to do that though. I'll see if I can update the spec text while I'm at it.

This commit changes all bulk-memory instructions to perform up-front bounds
checks and trap if any access would be out-of-bounds before writing.

This affects:

  • memory.init,copy,fill
  • table.init,copy,fill
  • data segment instantiation (reduces to memory.init)
  • elem segment instantiation (reduces to table.init)

Spec issue: https://github.com/WebAssembly/bulk-memory-operations/issues/111

This commit relies on a patch to the spec interpreter/tests to also make the
trapping change there [1] [2].

[1] https://github.com/eqrion/wasm-spec/tree/spidermonkey-tree-tests
[2] https://github.com/eqrion/wasm-spec/commit/b467c3e4e32f17d1433628ea7f40793b57bd9663

Depends on D51755

Pushed by rhunt@eqrion.net:
https://hg.mozilla.org/integration/autoland/rev/801e6ae4efde
Change bulk-memory instructions to trap before writing. r=lth
https://hg.mozilla.org/integration/autoland/rev/70bd926c6ca9
Update in-tree and spec-tests for trapping change. r=lth
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.