Bug 168836

Summary: WebAssembly: validate load / store alignment
Product: WebKit Reporter: JF Bastien <jfbastien>
Component: JavaScriptCoreAssignee: JF Bastien <jfbastien>
Status: RESOLVED FIXED    
Severity: Normal CC: buildbot, commit-queue, fpizlo, jfbastien, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 159775    
Attachments:
Description Flags
patch none

JF Bastien
Reported 2017-02-24 11:53:34 PST
From https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#memory-related-operators-described-here As implied by the log2(alignment) encoding, the alignment must be a power of 2. As an additional validation criteria, the alignment must be less or equal to natural alignment. The bits after the log(memory-access-size) least-significant bits must be set to 0. These bits are reserved for future 🦄 use (e.g., for shared memory ordering requirements). We currently don't check this. I'll add FIXME in the code, and comment out related spec tests with FIXME as well. We should get this information from the JSON file, and auto-generate it in generateWasmOpsHeader.py.
Attachments
patch (68.96 KB, patch)
2017-05-12 00:29 PDT, JF Bastien 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2017-05-03 09:56:09 PDT
<rdar://problem/31965349>
JF Bastien
Comment 2 2017-05-12 00:29:12 PDT
Created attachment 309878 [details] patch
Build Bot
Comment 3 2017-05-12 00:30:31 PDT
This patch modifies one of the wasm.json files. Please ensure that any changes in one have been mirrored to the other. You can find the wasm.json files at "Source/JavaScriptCore/wasm/wasm.json" and "JSTests/wasm/wasm.json".
Keith Miller
Comment 4 2017-05-15 23:34:34 PDT
Comment on attachment 309878 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=309878&action=review r=me. with nit... maybe? > Source/JavaScriptCore/wasm/generateWasm.py:105 > + return str(int(math.log(memoryBits, 2))) nit: math.log doesn't return an int? O.o
JF Bastien
Comment 5 2017-05-15 23:38:57 PDT
(In reply to Keith Miller from comment #4) > Comment on attachment 309878 [details] > patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=309878&action=review > > r=me. with nit... maybe? > > > Source/JavaScriptCore/wasm/generateWasm.py:105 > > + return str(int(math.log(memoryBits, 2))) > > nit: math.log doesn't return an int? O.o No.
WebKit Commit Bot
Comment 6 2017-05-16 00:07:38 PDT
Comment on attachment 309878 [details] patch Clearing flags on attachment: 309878 Committed r216908: <http://trac.webkit.org/changeset/216908>
WebKit Commit Bot
Comment 7 2017-05-16 00:07:41 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.