Diff
Modified: trunk/JSTests/ChangeLog (271097 => 271098)
--- trunk/JSTests/ChangeLog 2020-12-27 23:35:30 UTC (rev 271097)
+++ trunk/JSTests/ChangeLog 2020-12-27 23:50:03 UTC (rev 271098)
@@ -1,5 +1,19 @@
2020-12-27 Dmitry Bezhetskov <[email protected]>
+ [WASM-References] Adjust table.fill to satisfy the spec
+ https://bugs.webkit.org/show_bug.cgi?id=220161
+
+ Reviewed by Yusuke Suzuki.
+
+ Added table.fill spec tests and adjusted existing tests.
+
+ * wasm.yaml:
+ * wasm/references-spec-tests/table_fill.wast.js: Added.
+ * wasm/references/table_misc.js:
+ (GetLocal.0.GetLocal.1.TableGrow.0.End.End.WebAssembly):
+
+2020-12-27 Dmitry Bezhetskov <[email protected]>
+
[WASM-References] Add declared function indexes set to check from what functions we can create refs
https://bugs.webkit.org/show_bug.cgi?id=220009
Modified: trunk/JSTests/wasm/references/table_misc.js (271097 => 271098)
--- trunk/JSTests/wasm/references/table_misc.js 2020-12-27 23:35:30 UTC (rev 271097)
+++ trunk/JSTests/wasm/references/table_misc.js 2020-12-27 23:50:03 UTC (rev 271098)
@@ -165,7 +165,6 @@
assert.eq($1.exports.tbl.get(19), "test")
assert.eq($1.exports.tbl.get(18), null)
- assert.throws(() => $1.exports.tbl_fill(20,null,0), Error, "Out of bounds table access (evaluating 'func(...args)')")
assert.throws(() => $1.exports.tbl_fill(20,null,1), Error, "Out of bounds table access (evaluating 'func(...args)')")
assert.throws(() => $1.exports.tbl_fill(19,null,2), Error, "Out of bounds table access (evaluating 'func(...args)')")
assert.throws(() => $1.exports.tbl_fill(4294967295,null,1), Error, "Out of bounds table access (evaluating 'func(...args)')")
Added: trunk/JSTests/wasm/references-spec-tests/table_fill.wast.js (0 => 271098)
--- trunk/JSTests/wasm/references-spec-tests/table_fill.wast.js (rev 0)
+++ trunk/JSTests/wasm/references-spec-tests/table_fill.wast.js 2020-12-27 23:50:03 UTC (rev 271098)
@@ -0,0 +1,135 @@
+
+// table_fill.wast:1
+let $1 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x8c\x80\x80\x80\x00\x02\x60\x03\x7f\x6f\x7f\x00\x60\x01\x7f\x01\x6f\x03\x83\x80\x80\x80\x00\x02\x00\x01\x04\x84\x80\x80\x80\x00\x01\x6f\x00\x0a\x07\x8e\x80\x80\x80\x00\x02\x04\x66\x69\x6c\x6c\x00\x00\x03\x67\x65\x74\x00\x01\x0a\x9c\x80\x80\x80\x00\x02\x8b\x80\x80\x80\x00\x00\x20\x00\x20\x01\x20\x02\xfc\x11\x00\x0b\x86\x80\x80\x80\x00\x00\x20\x00\x25\x00\x0b");
+
+// table_fill.wast:13
+assert_return(() => call($1, "get", [1]), null);
+
+// table_fill.wast:14
+assert_return(() => call($1, "get", [2]), null);
+
+// table_fill.wast:15
+assert_return(() => call($1, "get", [3]), null);
+
+// table_fill.wast:16
+assert_return(() => call($1, "get", [4]), null);
+
+// table_fill.wast:17
+assert_return(() => call($1, "get", [5]), null);
+
+// table_fill.wast:19
+assert_return(() => call($1, "fill", [2, externref(1), 3]));
+
+// table_fill.wast:20
+assert_return(() => call($1, "get", [1]), null);
+
+// table_fill.wast:21
+assert_return(() => call($1, "get", [2]), externref(1));
+
+// table_fill.wast:22
+assert_return(() => call($1, "get", [3]), externref(1));
+
+// table_fill.wast:23
+assert_return(() => call($1, "get", [4]), externref(1));
+
+// table_fill.wast:24
+assert_return(() => call($1, "get", [5]), null);
+
+// table_fill.wast:26
+assert_return(() => call($1, "fill", [4, externref(2), 2]));
+
+// table_fill.wast:27
+assert_return(() => call($1, "get", [3]), externref(1));
+
+// table_fill.wast:28
+assert_return(() => call($1, "get", [4]), externref(2));
+
+// table_fill.wast:29
+assert_return(() => call($1, "get", [5]), externref(2));
+
+// table_fill.wast:30
+assert_return(() => call($1, "get", [6]), null);
+
+// table_fill.wast:32
+assert_return(() => call($1, "fill", [4, externref(3), 0]));
+
+// table_fill.wast:33
+assert_return(() => call($1, "get", [3]), externref(1));
+
+// table_fill.wast:34
+assert_return(() => call($1, "get", [4]), externref(2));
+
+// table_fill.wast:35
+assert_return(() => call($1, "get", [5]), externref(2));
+
+// table_fill.wast:37
+assert_return(() => call($1, "fill", [8, externref(4), 2]));
+
+// table_fill.wast:38
+assert_return(() => call($1, "get", [7]), null);
+
+// table_fill.wast:39
+assert_return(() => call($1, "get", [8]), externref(4));
+
+// table_fill.wast:40
+assert_return(() => call($1, "get", [9]), externref(4));
+
+// table_fill.wast:42
+assert_return(() => call($1, "fill", [9, null, 1]));
+
+// table_fill.wast:43
+assert_return(() => call($1, "get", [8]), externref(4));
+
+// table_fill.wast:44
+assert_return(() => call($1, "get", [9]), null);
+
+// table_fill.wast:46
+assert_return(() => call($1, "fill", [10, externref(5), 0]));
+
+// table_fill.wast:47
+assert_return(() => call($1, "get", [9]), null);
+
+// table_fill.wast:49
+assert_trap(() => call($1, "fill", [8, externref(6), 3]));
+
+// table_fill.wast:53
+assert_return(() => call($1, "get", [7]), null);
+
+// table_fill.wast:54
+assert_return(() => call($1, "get", [8]), externref(4));
+
+// table_fill.wast:55
+assert_return(() => call($1, "get", [9]), null);
+
+// table_fill.wast:57
+assert_trap(() => call($1, "fill", [11, null, 0]));
+
+// table_fill.wast:62
+assert_trap(() => call($1, "fill", [11, null, 10]));
+
+// table_fill.wast:70
+assert_invalid("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x84\x80\x80\x80\x00\x01\x60\x00\x00\x03\x82\x80\x80\x80\x00\x01\x00\x04\x84\x80\x80\x80\x00\x01\x6f\x00\x0a\x0a\x8b\x80\x80\x80\x00\x01\x85\x80\x80\x80\x00\x00\xfc\x11\x00\x0b");
+
+// table_fill.wast:79
+assert_invalid("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x84\x80\x80\x80\x00\x01\x60\x00\x00\x03\x82\x80\x80\x80\x00\x01\x00\x04\x84\x80\x80\x80\x00\x01\x6f\x00\x0a\x0a\x8f\x80\x80\x80\x00\x01\x89\x80\x80\x80\x00\x00\xd0\x6f\x41\x01\xfc\x11\x00\x0b");
+
+// table_fill.wast:88
+assert_invalid("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x84\x80\x80\x80\x00\x01\x60\x00\x00\x03\x82\x80\x80\x80\x00\x01\x00\x04\x84\x80\x80\x80\x00\x01\x6f\x00\x0a\x0a\x8f\x80\x80\x80\x00\x01\x89\x80\x80\x80\x00\x00\x41\x01\x41\x01\xfc\x11\x00\x0b");
+
+// table_fill.wast:97
+assert_invalid("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x84\x80\x80\x80\x00\x01\x60\x00\x00\x03\x82\x80\x80\x80\x00\x01\x00\x04\x84\x80\x80\x80\x00\x01\x6f\x00\x0a\x0a\x8f\x80\x80\x80\x00\x01\x89\x80\x80\x80\x00\x00\x41\x01\xd0\x6f\xfc\x11\x00\x0b");
+
+// table_fill.wast:106
+assert_invalid("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x84\x80\x80\x80\x00\x01\x60\x00\x00\x03\x82\x80\x80\x80\x00\x01\x00\x04\x84\x80\x80\x80\x00\x01\x6f\x00\x00\x0a\x94\x80\x80\x80\x00\x01\x8e\x80\x80\x80\x00\x00\x43\x00\x00\x80\x3f\xd0\x6f\x41\x01\xfc\x11\x00\x0b");
+
+// table_fill.wast:115
+assert_invalid("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x85\x80\x80\x80\x00\x01\x60\x01\x6f\x00\x03\x82\x80\x80\x80\x00\x01\x00\x04\x84\x80\x80\x80\x00\x01\x70\x00\x00\x0a\x91\x80\x80\x80\x00\x01\x8b\x80\x80\x80\x00\x00\x41\x01\x20\x00\x41\x01\xfc\x11\x00\x0b");
+
+// table_fill.wast:124
+assert_invalid("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x84\x80\x80\x80\x00\x01\x60\x00\x00\x03\x82\x80\x80\x80\x00\x01\x00\x04\x84\x80\x80\x80\x00\x01\x6f\x00\x00\x0a\x94\x80\x80\x80\x00\x01\x8e\x80\x80\x80\x00\x00\x41\x01\xd0\x6f\x43\x00\x00\x80\x3f\xfc\x11\x00\x0b");
+
+// table_fill.wast:134
+assert_invalid("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x85\x80\x80\x80\x00\x01\x60\x01\x6f\x00\x03\x82\x80\x80\x80\x00\x01\x00\x04\x87\x80\x80\x80\x00\x02\x6f\x00\x01\x70\x00\x01\x0a\x91\x80\x80\x80\x00\x01\x8b\x80\x80\x80\x00\x00\x41\x00\x20\x00\x41\x01\xfc\x11\x01\x0b");
+
+// table_fill.wast:145
+assert_invalid("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x85\x80\x80\x80\x00\x01\x60\x00\x01\x7f\x03\x82\x80\x80\x80\x00\x01\x00\x04\x84\x80\x80\x80\x00\x01\x6f\x00\x01\x0a\x91\x80\x80\x80\x00\x01\x8b\x80\x80\x80\x00\x00\x41\x00\xd0\x6f\x41\x01\xfc\x11\x00\x0b");
Modified: trunk/JSTests/wasm.yaml (271097 => 271098)
--- trunk/JSTests/wasm.yaml 2020-12-27 23:35:30 UTC (rev 271097)
+++ trunk/JSTests/wasm.yaml 2020-12-27 23:50:03 UTC (rev 271098)
@@ -72,6 +72,8 @@
cmd: runWebAssemblyReferenceSpecTest :normal
- path: wasm/references-spec-tests/table_size.wast.js
cmd: runWebAssemblyReferenceSpecTest :normal
+- path: wasm/references-spec-tests/table_fill.wast.js
+ cmd: runWebAssemblyReferenceSpecTest :normal
- path: wasm/multi-value-spec-tests/block.wast.js
cmd: runWebAssemblySpecTest :normal
Modified: trunk/Source/_javascript_Core/ChangeLog (271097 => 271098)
--- trunk/Source/_javascript_Core/ChangeLog 2020-12-27 23:35:30 UTC (rev 271097)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-12-27 23:50:03 UTC (rev 271098)
@@ -1,5 +1,22 @@
2020-12-27 Dmitry Bezhetskov <[email protected]>
+ [WASM-References] Adjust table.fill to satisfy the spec
+ https://bugs.webkit.org/show_bug.cgi?id=220161
+
+ Reviewed by Yusuke Suzuki.
+
+ Fixed table.fill for the case when count is 0 and offset is equal to
+ table size.
+
+ * wasm/WasmOperations.cpp:
+ (JSC::Wasm::setWasmTableElement):
+ (JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
+ * wasm/WasmOperations.h:
+ * wasm/WasmSlowPaths.cpp:
+ (JSC::LLInt::WASM_SLOW_PATH_DECL):
+
+2020-12-27 Dmitry Bezhetskov <[email protected]>
+
[WASM-References] Add declared function indexes set to check from what functions we can create refs
https://bugs.webkit.org/show_bug.cgi?id=220009
Modified: trunk/Source/_javascript_Core/wasm/WasmOperations.cpp (271097 => 271098)
--- trunk/Source/_javascript_Core/wasm/WasmOperations.cpp 2020-12-27 23:35:30 UTC (rev 271097)
+++ trunk/Source/_javascript_Core/wasm/WasmOperations.cpp 2020-12-27 23:50:03 UTC (rev 271098)
@@ -661,13 +661,10 @@
return JSValue::encode(instance->table(tableIndex)->get(index));
}
-static bool setWasmTableElement(Instance* instance, unsigned tableIndex, int32_t signedIndex, EncodedJSValue encValue)
+static bool setWasmTableElement(Instance* instance, unsigned tableIndex, uint32_t index, EncodedJSValue encValue)
{
ASSERT(tableIndex < instance->module().moduleInformation().tableCount());
- if (signedIndex < 0)
- return false;
- uint32_t index = signedIndex;
if (index >= instance->table(tableIndex)->length())
return false;
@@ -694,7 +691,7 @@
return true;
}
-JSC_DEFINE_JIT_OPERATION(operationSetWasmTableElement, bool, (Instance* instance, unsigned tableIndex, int32_t signedIndex, EncodedJSValue encValue))
+JSC_DEFINE_JIT_OPERATION(operationSetWasmTableElement, bool, (Instance* instance, unsigned tableIndex, uint32_t signedIndex, EncodedJSValue encValue))
{
return setWasmTableElement(instance, tableIndex, signedIndex, encValue);
}
@@ -737,12 +734,10 @@
instance->elemDrop(elementIndex);
}
-JSC_DEFINE_JIT_OPERATION(operationWasmTableGrow, int32_t, (Instance* instance, unsigned tableIndex, EncodedJSValue fill, int32_t delta))
+JSC_DEFINE_JIT_OPERATION(operationWasmTableGrow, int32_t, (Instance* instance, unsigned tableIndex, EncodedJSValue fill, uint32_t delta))
{
ASSERT(tableIndex < instance->module().moduleInformation().tableCount());
auto oldSize = instance->table(tableIndex)->length();
- if (delta < 0)
- return oldSize;
auto newSize = instance->table(tableIndex)->grow(delta);
if (!newSize || *newSize == oldSize)
return -1;
@@ -753,20 +748,18 @@
return oldSize;
}
-JSC_DEFINE_JIT_OPERATION(operationWasmTableFill, bool, (Instance* instance, unsigned tableIndex, int32_t unsafeOffset, EncodedJSValue fill, int32_t unsafeCount))
+JSC_DEFINE_JIT_OPERATION(operationWasmTableFill, bool, (Instance* instance, unsigned tableIndex, uint32_t offset, EncodedJSValue fill, uint32_t count))
{
ASSERT(tableIndex < instance->module().moduleInformation().tableCount());
- if (unsafeOffset < 0 || unsafeCount < 0)
+
+ if (WTF::sumOverflows<uint32_t>(offset, count))
return false;
- unsigned offset = unsafeOffset;
- unsigned count = unsafeCount;
-
- if (offset >= instance->table(tableIndex)->length() || offset + count > instance->table(tableIndex)->length())
+ if (offset + count > instance->table(tableIndex)->length())
return false;
- for (unsigned j = 0; j < count; ++j)
- setWasmTableElement(instance, tableIndex, offset + j, fill);
+ for (uint32_t index = 0; index < count; ++index)
+ setWasmTableElement(instance, tableIndex, offset + index, fill);
return true;
}
Modified: trunk/Source/_javascript_Core/wasm/WasmOperations.h (271097 => 271098)
--- trunk/Source/_javascript_Core/wasm/WasmOperations.h 2020-12-27 23:35:30 UTC (rev 271097)
+++ trunk/Source/_javascript_Core/wasm/WasmOperations.h 2020-12-27 23:50:03 UTC (rev 271098)
@@ -65,12 +65,12 @@
JSC_DECLARE_JIT_OPERATION(operationWasmMemoryCopy, bool, (Instance*, uint32_t dstAddress, uint32_t srcAddress, uint32_t count));
JSC_DECLARE_JIT_OPERATION(operationGetWasmTableElement, EncodedJSValue, (Instance*, unsigned, int32_t));
-JSC_DECLARE_JIT_OPERATION(operationSetWasmTableElement, bool, (Instance*, unsigned, int32_t, EncodedJSValue encValue));
+JSC_DECLARE_JIT_OPERATION(operationSetWasmTableElement, bool, (Instance*, unsigned, uint32_t, EncodedJSValue encValue));
JSC_DECLARE_JIT_OPERATION(operationWasmRefFunc, EncodedJSValue, (Instance*, uint32_t));
JSC_DECLARE_JIT_OPERATION(operationWasmTableInit, bool, (Instance*, unsigned elementIndex, unsigned tableIndex, int32_t dstOffset, int32_t srcOffset, int32_t length));
JSC_DECLARE_JIT_OPERATION(operationWasmElemDrop, void, (Instance*, unsigned elementIndex));
-JSC_DECLARE_JIT_OPERATION(operationWasmTableGrow, int32_t, (Instance*, unsigned, EncodedJSValue fill, int32_t delta));
-JSC_DECLARE_JIT_OPERATION(operationWasmTableFill, bool, (Instance*, unsigned, int32_t offset, EncodedJSValue fill, int32_t count));
+JSC_DECLARE_JIT_OPERATION(operationWasmTableGrow, int32_t, (Instance*, unsigned, EncodedJSValue fill, uint32_t delta));
+JSC_DECLARE_JIT_OPERATION(operationWasmTableFill, bool, (Instance*, unsigned, uint32_t offset, EncodedJSValue fill, uint32_t count));
JSC_DECLARE_JIT_OPERATION(operationWasmTableCopy, bool, (Instance*, unsigned dstTableIndex, unsigned srcTableIndex, int32_t dstOffset, int32_t srcOffset, int32_t length));
JSC_DECLARE_JIT_OPERATION(operationGetWasmTableSize, int32_t, (Instance*, unsigned));
Modified: trunk/Source/_javascript_Core/wasm/WasmSlowPaths.cpp (271097 => 271098)
--- trunk/Source/_javascript_Core/wasm/WasmSlowPaths.cpp 2020-12-27 23:35:30 UTC (rev 271097)
+++ trunk/Source/_javascript_Core/wasm/WasmSlowPaths.cpp 2020-12-27 23:50:03 UTC (rev 271098)
@@ -309,7 +309,7 @@
WASM_SLOW_PATH_DECL(table_set)
{
auto instruction = pc->as<WasmTableSet, WasmOpcodeTraits>();
- int32_t index = READ(instruction.m_index).unboxedInt32();
+ uint32_t index = READ(instruction.m_index).unboxedUInt32();
EncodedJSValue value = READ(instruction.m_value).encodedJSValue();
if (!Wasm::operationSetWasmTableElement(instance, instruction.m_tableIndex, index, value))
WASM_THROW(Wasm::ExceptionType::OutOfBoundsTableAccess);
@@ -345,9 +345,9 @@
WASM_SLOW_PATH_DECL(table_fill)
{
auto instruction = pc->as<WasmTableFill, WasmOpcodeTraits>();
- int32_t offset = READ(instruction.m_offset).unboxedInt32();
+ uint32_t offset = READ(instruction.m_offset).unboxedUInt32();
EncodedJSValue fill = READ(instruction.m_fill).encodedJSValue();
- int32_t size = READ(instruction.m_size).unboxedInt32();
+ uint32_t size = READ(instruction.m_size).unboxedUInt32();
if (!Wasm::operationWasmTableFill(instance, instruction.m_tableIndex, offset, fill, size))
WASM_THROW(Wasm::ExceptionType::OutOfBoundsTableAccess);
WASM_END();
@@ -368,7 +368,7 @@
{
auto instruction = pc->as<WasmTableGrow, WasmOpcodeTraits>();
EncodedJSValue fill = READ(instruction.m_fill).encodedJSValue();
- int32_t size = READ(instruction.m_size).unboxedInt32();
+ uint32_t size = READ(instruction.m_size).unboxedUInt32();
WASM_RETURN(Wasm::operationWasmTableGrow(instance, instruction.m_tableIndex, fill, size));
}
