Bug 178946 - WebAssembly: update arbitrary limits to what browsers use
Summary: WebAssembly: update arbitrary limits to what browsers use
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebAssembly (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: JF Bastien
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-10-27 10:43 PDT by JF Bastien
Modified: 2017-10-27 11:42 PDT (History)
9 users (show)

See Also:


Attachments
patch (13.59 KB, patch)
2017-10-27 10:49 PDT, JF Bastien
sbarati: review+
sbarati: commit-queue-
Details | Formatted Diff | Diff
patch (13.91 KB, patch)
2017-10-27 11:23 PDT, JF Bastien
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description JF Bastien 2017-10-27 10:43:15 PDT
https://github.com/WebAssembly/design/issues/1138 discusses the arbitrary function size limit, which it turns out Chrome and Firefox didn't enforce. We didn't use it because it was ridiculously low and actual programs ran into that limit (bummer for Edge which just shipped it...). Now that we agree on a high arbitrary program limit, let's update it! While I'm doing this there are a few other spots that I'd polish.
Comment 1 JF Bastien 2017-10-27 10:46:16 PDT
<rdar://problem/34257412>
Comment 2 JF Bastien 2017-10-27 10:46:27 PDT
<rdar://problem/34501154>
Comment 3 JF Bastien 2017-10-27 10:49:31 PDT
Created attachment 325177 [details]
patch
Comment 4 Saam Barati 2017-10-27 10:58:12 PDT
Comment on attachment 325177 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=325177&action=review

> Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:514
> +    size_t totalBytes = m_locals.size() + count;

Don't you want this to be Checked?

> Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:515
> +    WASM_COMPILE_FAIL_IF((static_cast<uint32_t>(totalBytes) < count) || !m_locals.tryReserveCapacity(totalBytes), "can't allocate memory for ", totalBytes, " locals");

Why not use Checked?

> Source/JavaScriptCore/wasm/WasmFormat.cpp:41
> +    size_t totalBytes = sizeof(Segment) + sizeInBytes;
> +    if (static_cast<uint32_t>(totalBytes) < sizeInBytes)
> +        return nullptr;

Why not use checked<uint32_t>?

> Source/JavaScriptCore/wasm/js/JSWebAssemblyTable.cpp:65
> +    m_jsFunctions = MallocPtr<WriteBarrier<JSObject>>::malloc((sizeof(WriteBarrier<JSObject>) * Checked<size_t>(size())).unsafeGet());

why?
Comment 5 JF Bastien 2017-10-27 11:23:05 PDT
Created attachment 325180 [details]
patch

Address comments.
Comment 6 WebKit Commit Bot 2017-10-27 11:42:31 PDT
Comment on attachment 325180 [details]
patch

Clearing flags on attachment: 325180

Committed r224122: <https://trac.webkit.org/changeset/224122>
Comment 7 WebKit Commit Bot 2017-10-27 11:42:32 PDT
All reviewed patches have been landed.  Closing bug.