<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[209785] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/209785">209785</a></dd>
<dt>Author</dt> <dd>sbarati@apple.com</dd>
<dt>Date</dt> <dd>2016-12-13 17:31:43 -0800 (Tue, 13 Dec 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>WebAssembly: implement the elements section
https://bugs.webkit.org/show_bug.cgi?id=165715
Reviewed by Keith Miller.
JSTests:
* wasm/Builder.js:
(export.default.Builder.prototype._registerSectionBuilders.switch.case.string_appeared_here.this.section):
(export.default.Builder.prototype._registerSectionBuilders.switch):
* wasm/Builder_WebAssemblyBinary.js:
(const.emitters.Element):
* wasm/function-tests/basic-element.js: Added.
* wasm/js-api/element.js: Added.
(assertBadBinary):
(assertBadBinary.badInstantiation):
Source/JavaScriptCore:
This is a straight forward implementation of the Element
section in the Wasm spec:
https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#element-section
There are a few ambiguities I encountered when implementing this, so I've
filed bugs against the Wasm design repo, and corresponding bugzilla bugs
for us to address after they've been discussed by the various Wasm folks:
- https://bugs.webkit.org/show_bug.cgi?id=165827
- https://bugs.webkit.org/show_bug.cgi?id=165826
- https://bugs.webkit.org/show_bug.cgi?id=165825
* wasm/WasmFormat.h:
* wasm/WasmModuleParser.cpp:
(JSC::Wasm::ModuleParser::parseElement):
(JSC::Wasm::ModuleParser::parseInitExpr):
(JSC::Wasm::ModuleParser::parseData):
* wasm/WasmModuleParser.h:
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::evaluate):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkJSTestsChangeLog">trunk/JSTests/ChangeLog</a></li>
<li><a href="#trunkJSTestswasmBuilderjs">trunk/JSTests/wasm/Builder.js</a></li>
<li><a href="#trunkJSTestswasmBuilder_WebAssemblyBinaryjs">trunk/JSTests/wasm/Builder_WebAssemblyBinary.js</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmWasmFormath">trunk/Source/JavaScriptCore/wasm/WasmFormat.h</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmWasmModuleParsercpp">trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmWasmModuleParserh">trunk/Source/JavaScriptCore/wasm/WasmModuleParser.h</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsWebAssemblyModuleRecordcpp">trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkJSTestswasmfunctiontestsbasicelementjs">trunk/JSTests/wasm/function-tests/basic-element.js</a></li>
<li><a href="#trunkJSTestswasmjsapielementjs">trunk/JSTests/wasm/js-api/element.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkJSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/ChangeLog (209784 => 209785)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/ChangeLog 2016-12-14 00:20:11 UTC (rev 209784)
+++ trunk/JSTests/ChangeLog 2016-12-14 01:31:43 UTC (rev 209785)
</span><span class="lines">@@ -1,5 +1,22 @@
</span><span class="cx"> 2016-12-13 Saam Barati <sbarati@apple.com>
</span><span class="cx">
</span><ins>+ WebAssembly: implement the elements section
+ https://bugs.webkit.org/show_bug.cgi?id=165715
+
+ Reviewed by Keith Miller.
+
+ * wasm/Builder.js:
+ (export.default.Builder.prototype._registerSectionBuilders.switch.case.string_appeared_here.this.section):
+ (export.default.Builder.prototype._registerSectionBuilders.switch):
+ * wasm/Builder_WebAssemblyBinary.js:
+ (const.emitters.Element):
+ * wasm/function-tests/basic-element.js: Added.
+ * wasm/js-api/element.js: Added.
+ (assertBadBinary):
+ (assertBadBinary.badInstantiation):
+
+2016-12-13 Saam Barati <sbarati@apple.com>
+
</ins><span class="cx"> WebAssembly: implement the table section and table import
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=165716
</span><span class="cx">
</span></span></pre></div>
<a id="trunkJSTestswasmBuilderjs"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/wasm/Builder.js (209784 => 209785)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/wasm/Builder.js 2016-12-14 00:20:11 UTC (rev 209784)
+++ trunk/JSTests/wasm/Builder.js 2016-12-14 01:31:43 UTC (rev 209785)
</span><span class="lines">@@ -419,11 +419,11 @@
</span><span class="cx"> case "Function":
</span><span class="cx"> this[section] = function() {
</span><span class="cx"> const s = this._addSection(section);
</span><del>- const exportBuilder = {
</del><ins>+ const functionBuilder = {
</ins><span class="cx"> End: () => this
</span><span class="cx"> // FIXME: add ability to add this with whatever.
</span><span class="cx"> };
</span><del>- return exportBuilder;
</del><ins>+ return functionBuilder;
</ins><span class="cx"> };
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="lines">@@ -430,14 +430,14 @@
</span><span class="cx"> case "Table":
</span><span class="cx"> this[section] = function() {
</span><span class="cx"> const s = this._addSection(section);
</span><del>- const exportBuilder = {
</del><ins>+ const tableBuilder = {
</ins><span class="cx"> End: () => this,
</span><span class="cx"> Table: ({initial, maximum, element}) => {
</span><span class="cx"> s.data.push({tableDescription: {initial, maximum, element}});
</span><del>- return exportBuilder;
</del><ins>+ return tableBuilder;
</ins><span class="cx"> }
</span><span class="cx"> };
</span><del>- return exportBuilder;
</del><ins>+ return tableBuilder;
</ins><span class="cx"> };
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="lines">@@ -444,14 +444,14 @@
</span><span class="cx"> case "Memory":
</span><span class="cx"> this[section] = function() {
</span><span class="cx"> const s = this._addSection(section);
</span><del>- const exportBuilder = {
</del><ins>+ const memoryBuilder = {
</ins><span class="cx"> End: () => this,
</span><span class="cx"> InitialMaxPages: (initial, max) => {
</span><span class="cx"> s.data.push({ initial, max });
</span><del>- return exportBuilder;
</del><ins>+ return memoryBuilder;
</ins><span class="cx"> }
</span><span class="cx"> };
</span><del>- return exportBuilder;
</del><ins>+ return memoryBuilder;
</ins><span class="cx"> };
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="lines">@@ -488,8 +488,18 @@
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> case "Element":
</span><del>- // FIXME implement element https://bugs.webkit.org/show_bug.cgi?id=161709
- this[section] = () => { throw new Error(`Unimplemented: section type "${section}"`); };
</del><ins>+ this[section] = function() {
+ const s = this._addSection(section);
+ const elementBuilder = {
+ End: () => this,
+ Element: ({tableIndex = 0, offset, functionIndices}) => {
+ s.data.push({tableIndex, offset, functionIndices});
+ return elementBuilder;
+ }
+ };
+
+ return elementBuilder;
+ };
</ins><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> case "Code":
</span></span></pre></div>
<a id="trunkJSTestswasmBuilder_WebAssemblyBinaryjs"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/wasm/Builder_WebAssemblyBinary.js (209784 => 209785)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/wasm/Builder_WebAssemblyBinary.js 2016-12-14 00:20:11 UTC (rev 209784)
+++ trunk/JSTests/wasm/Builder_WebAssemblyBinary.js 2016-12-14 01:31:43 UTC (rev 209785)
</span><span class="lines">@@ -135,8 +135,24 @@
</span><span class="cx"> Start: (section, bin) => {
</span><span class="cx"> put(bin, "varuint32", section.data[0]);
</span><span class="cx"> },
</span><del>- Element: (section, bin) => { throw new Error(`Not yet implemented`); },
</del><ins>+ Element: (section, bin) => {
+ const data = section.data;
+ put(bin, "varuint32", data.length);
+ for (const {tableIndex, offset, functionIndices} of data) {
+ put(bin, "varuint32", tableIndex);
</ins><span class="cx">
</span><ins>+ // FIXME allow complex init_expr here. https://bugs.webkit.org/show_bug.cgi?id=165700
+ // For now we only handle i32.const as offset.
+ put(bin, "uint8", WASM.description.opcode["i32.const"].value);
+ put(bin, WASM.description.opcode["i32.const"].immediate[0].type, offset);
+ put(bin, "uint8", WASM.description.opcode["end"].value);
+
+ put(bin, "varuint32", functionIndices.length);
+ for (const functionIndex of functionIndices)
+ put(bin, "varuint32", functionIndex);
+ }
+ },
+
</ins><span class="cx"> Code: (section, bin) => {
</span><span class="cx"> put(bin, "varuint32", section.data.length);
</span><span class="cx"> for (const func of section.data) {
</span></span></pre></div>
<a id="trunkJSTestswasmfunctiontestsbasicelementjs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/wasm/function-tests/basic-element.js (0 => 209785)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/wasm/function-tests/basic-element.js (rev 0)
+++ trunk/JSTests/wasm/function-tests/basic-element.js 2016-12-14 01:31:43 UTC (rev 209785)
</span><span class="lines">@@ -0,0 +1,34 @@
</span><ins>+import Builder from '../Builder.js';
+import * as assert from '../assert.js';
+
+
+const tableDescription = {initial: 1, element: "anyfunc"};
+const builder = new Builder()
+ .Type().End()
+ .Import()
+ .Table("imp", "table", tableDescription)
+ .End()
+ .Function().End()
+ .Element()
+ .Element({tableIndex: 0, offset: 0, functionIndices: [0]})
+ .End()
+ .Code()
+ .Function("foo", {params: ["i32"], ret: "i32"})
+ .GetLocal(0)
+ .I32Const(42)
+ .I32Add()
+ .Return()
+ .End()
+ .End();
+
+const bin = builder.WebAssembly().get();
+const module = new WebAssembly.Module(bin);
+const table = new WebAssembly.Table(tableDescription);
+new WebAssembly.Instance(module, {imp: {table}});
+const foo = table.get(0);
+const objs = [];
+for (let i = 0; i < 10000; i++) {
+ objs.push(new String("foo"));
+ if (foo(20) !== 20 + 42)
+ throw new Error("bad!!!");
+}
</ins></span></pre></div>
<a id="trunkJSTestswasmjsapielementjs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/wasm/js-api/element.js (0 => 209785)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/wasm/js-api/element.js (rev 0)
+++ trunk/JSTests/wasm/js-api/element.js 2016-12-14 01:31:43 UTC (rev 209785)
</span><span class="lines">@@ -0,0 +1,161 @@
</span><ins>+import Builder from '../Builder.js';
+import * as assert from '../assert.js';
+
+function assertBadBinary(builder, str) {
+ const bin = builder.WebAssembly().get();
+ let threw = false;
+ try {
+ new WebAssembly.Module(bin);
+ } catch(e) {
+ threw = true;
+ assert.truthy(e.toString().indexOf(str) !== -1);
+ assert.truthy(e instanceof WebAssembly.CompileError);
+ }
+ assert.truthy(threw);
+}
+
+const badElementSectionString = "couldn't parse section Element";
+
+{
+ // Bad element section b/c no Table section/import.
+ const builder = new Builder()
+ .Type().End()
+ .Function().End()
+ .Element()
+ .Element({tableIndex: 0, offset: 0, functionIndices: [0]})
+ .End()
+ .Code()
+ .Function("foo", {params: ["i32"], ret: "i32"})
+ .GetLocal(0)
+ .I32Const(42)
+ .I32Add()
+ .Return()
+ .End()
+ .End();
+
+ assertBadBinary(builder, badElementSectionString);
+}
+
+{
+ // Bad table index.
+ const builder = new Builder()
+ .Type().End()
+ .Function().End()
+ .Table()
+ .Table({element: "anyfunc", initial: 20})
+ .End()
+ .Element()
+ .Element({tableIndex: 1, offset: 0, functionIndices: [0]})
+ .End()
+ .Code()
+ .Function("foo", {params: ["i32"], ret: "i32"})
+ .GetLocal(0)
+ .I32Const(42)
+ .I32Add()
+ .Return()
+ .End()
+ .End();
+
+ assertBadBinary(builder, badElementSectionString);
+}
+
+{
+ // Overflow table maximum size.
+ const builder = new Builder()
+ .Type().End()
+ .Function().End()
+ .Table()
+ .Table({element: "anyfunc", initial: 20, maximum: 20})
+ .End()
+ .Element()
+ .Element({offset: 19, functionIndices: [0, 1]})
+ .End()
+ .Code()
+ .Function("foo", {params: ["i32"], ret: "i32"})
+ .GetLocal(0)
+ .I32Const(42)
+ .I32Add()
+ .Return()
+ .End()
+ .End();
+
+ assertBadBinary(builder, badElementSectionString);
+}
+
+{
+ // Overflow table maximum size.
+ const builder = new Builder()
+ .Type().End()
+ .Function().End()
+ .Table()
+ .Table({element: "anyfunc", initial: 20, maximum: 20})
+ .End()
+ .Element()
+ .Element({offset: 20, functionIndices: [0]})
+ .End()
+ .Code()
+ .Function("foo", {params: ["i32"], ret: "i32"})
+ .GetLocal(0)
+ .I32Const(42)
+ .I32Add()
+ .Return()
+ .End()
+ .End();
+
+ assertBadBinary(builder, badElementSectionString);
+}
+
+{
+ // Overflow function index space.
+ const builder = new Builder()
+ .Type().End()
+ .Function().End()
+ .Table()
+ .Table({element: "anyfunc", initial: 20, maximum: 20})
+ .End()
+ .Element()
+ .Element({offset: 0, functionIndices: [0, 0, 1]})
+ .End()
+ .Code()
+ .Function("foo", {params: ["i32"], ret: "i32"})
+ .GetLocal(0)
+ .I32Const(42)
+ .I32Add()
+ .Return()
+ .End()
+ .End();
+
+ assertBadBinary(builder, badElementSectionString);
+}
+
+{
+ function badInstantiation(actualTable, errorType, msg) {
+ // Overflow function index space.
+ const builder = new Builder()
+ .Type().End()
+ .Import()
+ .Table("imp", "table", {element: "anyfunc", initial: 19}) // unspecified maximum.
+ .End()
+ .Function().End()
+ .Element()
+ .Element({offset: 19, functionIndices: [0, 0, 0, 0, 0]})
+ .End()
+ .Code()
+ .Function("foo", {params: ["i32"], ret: "i32"})
+ .GetLocal(0)
+ .I32Const(42)
+ .I32Add()
+ .Return()
+ .End()
+ .End();
+
+ const bin = builder.WebAssembly().get();
+ const module = new WebAssembly.Module(bin);
+ assert.throws(() => new WebAssembly.Instance(module, {imp: {table: actualTable}}), errorType, msg);
+ }
+
+ for (let i = 19; i < 19 + 5; i++) {
+ const table = new WebAssembly.Table({element: "anyfunc", initial: i});
+ badInstantiation(table, RangeError, "Element is trying to set an out of bounds table index");
+ }
+}
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (209784 => 209785)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-12-14 00:20:11 UTC (rev 209784)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-12-14 01:31:43 UTC (rev 209785)
</span><span class="lines">@@ -1,3 +1,30 @@
</span><ins>+2016-12-13 Saam Barati <sbarati@apple.com>
+
+ WebAssembly: implement the elements section
+ https://bugs.webkit.org/show_bug.cgi?id=165715
+
+ Reviewed by Keith Miller.
+
+ This is a straight forward implementation of the Element
+ section in the Wasm spec:
+ https://github.com/WebAssembly/design/blob/master/BinaryEncoding.md#element-section
+
+ There are a few ambiguities I encountered when implementing this, so I've
+ filed bugs against the Wasm design repo, and corresponding bugzilla bugs
+ for us to address after they've been discussed by the various Wasm folks:
+ - https://bugs.webkit.org/show_bug.cgi?id=165827
+ - https://bugs.webkit.org/show_bug.cgi?id=165826
+ - https://bugs.webkit.org/show_bug.cgi?id=165825
+
+ * wasm/WasmFormat.h:
+ * wasm/WasmModuleParser.cpp:
+ (JSC::Wasm::ModuleParser::parseElement):
+ (JSC::Wasm::ModuleParser::parseInitExpr):
+ (JSC::Wasm::ModuleParser::parseData):
+ * wasm/WasmModuleParser.h:
+ * wasm/js/WebAssemblyModuleRecord.cpp:
+ (JSC::WebAssemblyModuleRecord::evaluate):
+
</ins><span class="cx"> 2016-12-13 Chris Dumez <cdumez@apple.com>
</span><span class="cx">
</span><span class="cx"> Unreviewed, rolling out r209544.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmWasmFormath"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/WasmFormat.h (209784 => 209785)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/WasmFormat.h 2016-12-14 00:20:11 UTC (rev 209784)
+++ trunk/Source/JavaScriptCore/wasm/WasmFormat.h 2016-12-14 01:31:43 UTC (rev 209785)
</span><span class="lines">@@ -147,6 +147,11 @@
</span><span class="cx"> }
</span><span class="cx"> };
</span><span class="cx">
</span><ins>+struct Element {
+ uint32_t offset;
+ Vector<uint32_t> functionIndices;
+};
+
</ins><span class="cx"> class TableInformation {
</span><span class="cx"> public:
</span><span class="cx"> TableInformation()
</span><span class="lines">@@ -185,6 +190,7 @@
</span><span class="cx"> Vector<Export> exports;
</span><span class="cx"> std::optional<uint32_t> startFunctionIndexSpace;
</span><span class="cx"> Vector<Segment::Ptr> data;
</span><ins>+ Vector<Element> elements;
</ins><span class="cx"> TableInformation tableInformation;
</span><span class="cx">
</span><span class="cx"> ~ModuleInformation();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmWasmModuleParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp (209784 => 209785)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp 2016-12-14 00:20:11 UTC (rev 209784)
+++ trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp 2016-12-14 01:31:43 UTC (rev 209785)
</span><span class="lines">@@ -492,8 +492,65 @@
</span><span class="cx">
</span><span class="cx"> bool ModuleParser::parseElement()
</span><span class="cx"> {
</span><del>- // FIXME https://bugs.webkit.org/show_bug.cgi?id=161709
- RELEASE_ASSERT_NOT_REACHED();
</del><ins>+ if (!m_hasTable)
+ return false;
+
+ uint32_t elementCount;
+ if (!parseVarUInt32(elementCount))
+ return false;
+ if (!m_module->elements.tryReserveCapacity(elementCount))
+ return false;
+
+ for (unsigned i = 0; i < elementCount; ++i) {
+ uint32_t tableIndex;
+ if (!parseVarUInt32(tableIndex))
+ return false;
+ // We only support one table for now.
+ if (tableIndex != 0)
+ return false;
+
+ uint32_t offset;
+ if (!parseInitExpr(offset))
+ return false;
+
+ uint32_t indexCount;
+ if (!parseVarUInt32(indexCount))
+ return false;
+
+ ASSERT(!!m_module->tableInformation);
+ if (std::optional<uint32_t> maximum = m_module->tableInformation.maximum()) {
+ // FIXME: should indexCount being zero be a validation error?
+ // https://bugs.webkit.org/show_bug.cgi?id=165826
+ if (indexCount) {
+ // FIXME: right now, provably out of bounds writes are validation errors.
+ // Should they be though?
+ // https://bugs.webkit.org/show_bug.cgi?id=165827
+ uint64_t lastWrittenIndex = static_cast<uint64_t>(indexCount) + static_cast<uint64_t>(offset) - 1;
+ if (lastWrittenIndex >= static_cast<uint64_t>(*maximum))
+ return false;
+ }
+ }
+
+ Element element;
+ if (!element.functionIndices.tryReserveCapacity(indexCount))
+ return false;
+
+ element.offset = offset;
+
+ for (unsigned i = 0; i < indexCount; ++i) {
+ uint32_t functionIndex;
+ if (!parseVarUInt32(functionIndex))
+ return false;
+
+ if (functionIndex >= m_functionIndexSpace.size())
+ return false;
+
+ element.functionIndices.uncheckedAppend(functionIndex);
+ }
+
+ m_module->elements.uncheckedAppend(WTFMove(element));
+ }
+
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -520,6 +577,22 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool ModuleParser::parseInitExpr(uint32_t& value)
+{
+ // FIXME allow complex init_expr here. https://bugs.webkit.org/show_bug.cgi?id=165700
+ // For now we only handle i32.const as offset.
+
+ uint8_t opcode;
+ uint8_t endOpcode;
+ if (!parseUInt8(opcode)
+ || opcode != Wasm::I32Const
+ || !parseVarUInt32(value)
+ || !parseUInt8(endOpcode)
+ || endOpcode != Wasm::End)
+ return false;
+ return true;
+}
+
</ins><span class="cx"> bool ModuleParser::parseData()
</span><span class="cx"> {
</span><span class="cx"> uint32_t segmentCount;
</span><span class="lines">@@ -534,21 +607,13 @@
</span><span class="cx"> if (verbose)
</span><span class="cx"> dataLogLn(" segment #", segmentNumber);
</span><span class="cx"> uint32_t index;
</span><del>- uint8_t opcode;
</del><span class="cx"> uint32_t offset;
</span><del>- uint8_t endOpcode;
</del><span class="cx"> uint32_t dataByteLength;
</span><span class="cx"> if (!parseVarUInt32(index)
</span><span class="cx"> || index)
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- // FIXME allow complex init_expr here. https://bugs.webkit.org/show_bug.cgi?id=165700
- // For now we only handle i32.const as offset.
- if (!parseUInt8(opcode)
- || opcode != Wasm::I32Const
- || !parseVarUInt32(offset)
- || !parseUInt8(endOpcode)
- || endOpcode != Wasm::End)
</del><ins>+ if (!parseInitExpr(offset))
</ins><span class="cx"> return false;
</span><span class="cx"> if (verbose)
</span><span class="cx"> dataLogLn(" offset: ", offset);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmWasmModuleParserh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/WasmModuleParser.h (209784 => 209785)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/WasmModuleParser.h 2016-12-14 00:20:11 UTC (rev 209784)
+++ trunk/Source/JavaScriptCore/wasm/WasmModuleParser.h 2016-12-14 01:31:43 UTC (rev 209785)
</span><span class="lines">@@ -81,6 +81,7 @@
</span><span class="cx"> bool WARN_UNUSED_RETURN parseMemoryHelper(bool isImport);
</span><span class="cx"> bool WARN_UNUSED_RETURN parseTableHelper(bool isImport);
</span><span class="cx"> bool WARN_UNUSED_RETURN parseResizableLimits(uint32_t& initial, std::optional<uint32_t>& maximum);
</span><ins>+ bool WARN_UNUSED_RETURN parseInitExpr(uint32_t&);
</ins><span class="cx">
</span><span class="cx"> VM* m_vm;
</span><span class="cx"> std::unique_ptr<ModuleInformation> m_module;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsWebAssemblyModuleRecordcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp (209784 => 209785)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp 2016-12-14 00:20:11 UTC (rev 209784)
+++ trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp 2016-12-14 01:31:43 UTC (rev 209785)
</span><span class="lines">@@ -209,6 +209,51 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ {
+ JSWebAssemblyModule* module = m_instance->module();
+ const Wasm::ModuleInformation& moduleInformation = module->moduleInformation();
+ JSWebAssemblyTable* table = m_instance->table();
+ for (const Wasm::Element& element : moduleInformation.elements) {
+ // It should be a validation error to have any elements without a table.
+ // Also, it could be that a table wasn't imported, or that the table
+ // imported wasn't compatible. However, those should error out before
+ // getting here.
+ ASSERT(!!table);
+ if (!element.functionIndices.size())
+ continue;
+
+ uint32_t tableIndex = element.offset;
+ uint64_t lastWrittenIndex = static_cast<uint64_t>(tableIndex) + static_cast<uint64_t>(element.functionIndices.size()) - 1;
+ if (lastWrittenIndex >= table->size())
+ return JSValue::decode(throwVMRangeError(state, scope, ASCIILiteral("Element is trying to set an out of bounds table index")));
+
+ for (uint32_t i = 0; i < element.functionIndices.size(); ++i) {
+ // FIXME: This essentially means we're exporting an import.
+ // We need a story here. We need to create a WebAssemblyFunction
+ // for the import.
+ // https://bugs.webkit.org/show_bug.cgi?id=165510
+ uint32_t functionIndex = element.functionIndices[i];
+ if (functionIndex < module->importCount()) {
+ return JSValue::decode(
+ throwVMRangeError(state, scope, ASCIILiteral("Element is setting the table value with an import. This is not yet implemented. FIXME.")));
+ }
+
+ JSWebAssemblyCallee* jsEntrypointCallee = module->jsEntrypointCalleeFromFunctionIndexSpace(functionIndex);
+ JSWebAssemblyCallee* wasmEntrypointCallee = module->wasmEntrypointCalleeFromFunctionIndexSpace(functionIndex);
+ Wasm::Signature* signature = module->signatureForFunctionIndexSpace(functionIndex);
+ // FIXME: Say we export local function "foo" at funciton index 0.
+ // What if we also set it to the table an Element w/ index 0.
+ // Does (new Instance(...)).exports.foo === table.get(0)?
+ // https://bugs.webkit.org/show_bug.cgi?id=165825
+ WebAssemblyFunction* function = WebAssemblyFunction::create(
+ vm, m_instance->globalObject(), signature->arguments.size(), String(), m_instance.get(), jsEntrypointCallee, wasmEntrypointCallee, signature);
+
+ table->setFunction(vm, tableIndex, function);
+ ++tableIndex;
+ }
+ }
+ }
+
</ins><span class="cx"> if (WebAssemblyFunction* startFunction = m_startFunction.get()) {
</span><span class="cx"> ProtoCallFrame protoCallFrame;
</span><span class="cx"> protoCallFrame.init(nullptr, startFunction, JSValue(), 1, nullptr);
</span></span></pre>
</div>
</div>
</body>
</html>