Track bounds checking changes for bulk-memory-operations, again
Categories
(Core :: JavaScript: WebAssembly, task, P3)
Tracking
()
Tracking | Status | |
---|---|---|
firefox72 | --- | fixed |
People
(Reporter: rhunt, Assigned: rhunt)
References
Details
Attachments
(3 files)
We may specify len=0 outside of the memory bounds to trap. See [1].
[1] https://github.com/WebAssembly/bulk-memory-operations/issues/124
Assignee | ||
Comment 1•4 years ago
|
||
Assignee | ||
Comment 2•4 years ago
|
||
Bulk memory reduces active segments to sequences of *.init that are executed
before the start function is called. This implies that an error here is to be
reported as a RuntimeError, as an error in the start function would. The latest
spec tests for bulk-memory check this, so we're required to update as well.
Assignee | ||
Comment 3•4 years ago
|
||
Spec Issue: https://github.com/WebAssembly/bulk-memory-operations/issues/124
The inline path for memory.copy/fill are updated to fallback to the OOL path
when the length is 0 to have proper bounds checking behavior.
Depends on D54598
Assignee | ||
Comment 4•4 years ago
|
||
This commit updates our in-tree version of spec-tests to a recent bulk-memory
master (1e296604ae7c2aa2ce7619929a8817c9fd95941d) with one backport for our
addition of a bottom type. All the other backports and merges have been
dropped.
[1] https://github.com/eqrion/wasm-spec/commits/spidermonkey-tree-tests
Depends on D54599
Pushed by rhunt@eqrion.net: https://hg.mozilla.org/integration/autoland/rev/664f0ef11e26 Report bulk-memory failures to instantiate segments as runtime errors. r=lth
Backout by dluca@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/59161d967793 Backed out changeset 664f0ef11e26 as per dev's request
Pushed by rhunt@eqrion.net: https://hg.mozilla.org/integration/autoland/rev/bc6abdc25bcf Report bulk-memory failures to instantiate segments as runtime errors. r=lth https://hg.mozilla.org/integration/autoland/rev/81832b228e16 Treat data/elem.drop as shrink-to-zero, disallow zero length past end of bounds. r=lth https://hg.mozilla.org/integration/autoland/rev/ceedac0727f9 Import updated spec tests. r=lth
Comment 8•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/bc6abdc25bcf
https://hg.mozilla.org/mozilla-central/rev/81832b228e16
https://hg.mozilla.org/mozilla-central/rev/ceedac0727f9
Description
•