https://github.com/WebAssembly/design/issues/1138 discusses the arbitrary function size limit, which it turns out Chrome and Firefox didn't enforce. We didn't use it because it was ridiculously low and actual programs ran into that limit (bummer for Edge which just shipped it...). Now that we agree on a high arbitrary program limit, let's update it! While I'm doing this there are a few other spots that I'd polish.
<rdar://problem/34257412>
<rdar://problem/34501154>
Created attachment 325177 [details] patch
Comment on attachment 325177 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=325177&action=review > Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:514 > + size_t totalBytes = m_locals.size() + count; Don't you want this to be Checked? > Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:515 > + WASM_COMPILE_FAIL_IF((static_cast<uint32_t>(totalBytes) < count) || !m_locals.tryReserveCapacity(totalBytes), "can't allocate memory for ", totalBytes, " locals"); Why not use Checked? > Source/JavaScriptCore/wasm/WasmFormat.cpp:41 > + size_t totalBytes = sizeof(Segment) + sizeInBytes; > + if (static_cast<uint32_t>(totalBytes) < sizeInBytes) > + return nullptr; Why not use checked<uint32_t>? > Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp:65 > + m_jsFunctions = MallocPtr<WriteBarrier<JSObject>>::malloc((sizeof(WriteBarrier<JSObject>) * Checked<size_t>(size())).unsafeGet()); why?
Created attachment 325180 [details] patch Address comments.
Comment on attachment 325180 [details] patch Clearing flags on attachment: 325180 Committed r224122: <https://trac.webkit.org/changeset/224122>
All reviewed patches have been landed. Closing bug.