RESOLVED FIXED178946
WebAssembly: update arbitrary limits to what browsers use 
https://bugs.webkit.org/show_bug.cgi?id=178946
Summary WebAssembly: update arbitrary limits to what browsers use
JF Bastien
Reported 2017-10-27 10:43:15 PDT
https://github.com/WebAssembly/design/issues/1138 discusses the arbitrary function size limit, which it turns out Chrome and Firefox didn't enforce. We didn't use it because it was ridiculously low and actual programs ran into that limit (bummer for Edge which just shipped it...). Now that we agree on a high arbitrary program limit, let's update it! While I'm doing this there are a few other spots that I'd polish.
Attachments
patch (13.59 KB, patch)
2017-10-27 10:49 PDT, JF Bastien 		saam: review+
saam: commit-queue-
DetailsFormatted DiffDiff
patch (13.91 KB, patch)
2017-10-27 11:23 PDT, JF Bastien 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
JF Bastien
Comment 1 2017-10-27 10:46:16 PDT
<rdar://problem/34257412>
JF Bastien
Comment 2 2017-10-27 10:46:27 PDT
<rdar://problem/34501154>
JF Bastien
Comment 3 2017-10-27 10:49:31 PDT
Created attachment 325177 [details] patch
Saam Barati
Comment 4 2017-10-27 10:58:12 PDT
Comment on attachment 325177 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=325177&action=review > Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:514 > + size_t totalBytes = m_locals.size() + count; Don't you want this to be Checked? > Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:515 > + WASM_COMPILE_FAIL_IF((static_cast<uint32_t>(totalBytes) < count) || !m_locals.tryReserveCapacity(totalBytes), "can't allocate memory for ", totalBytes, " locals"); Why not use Checked? > Source/JavaScriptCore/wasm/WasmFormat.cpp:41 > + size_t totalBytes = sizeof(Segment) + sizeInBytes; > + if (static_cast<uint32_t>(totalBytes) < sizeInBytes) > + return nullptr; Why not use checked<uint32_t>? > Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp:65 > + m_jsFunctions = MallocPtr<WriteBarrier<JSObject>>::malloc((sizeof(WriteBarrier<JSObject>) * Checked<size_t>(size())).unsafeGet()); why?
JF Bastien
Comment 5 2017-10-27 11:23:05 PDT
Created attachment 325180 [details] patch Address comments.
WebKit Commit Bot
Comment 6 2017-10-27 11:42:31 PDT
Comment on attachment 325180 [details] patch Clearing flags on attachment: 325180 Committed r224122: <https://trac.webkit.org/changeset/224122>
WebKit Commit Bot
Comment 7 2017-10-27 11:42:32 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.