<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[210126] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/210126">210126</a></dd>
<dt>Author</dt> <dd>sbarati@apple.com</dd>
<dt>Date</dt> <dd>2016-12-22 17:32:30 -0800 (Thu, 22 Dec 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>WebAssembly: Make calling Wasm functions that returns or takes an i64 as a parameter an early exception
https://bugs.webkit.org/show_bug.cgi?id=166437
<rdar://problem/29793949>
Reviewed by Keith Miller.
JSTests:
* wasm.yaml:
* wasm/function-tests/i64-from-js-exceptions.js: Added.
(const.imp.import.sideEffects):
(assert.throws.instance.exports.foo.valueOf):
Source/JavaScriptCore:
This patch makes it so that we throw an exception before we do
anything else if we call a wasm function that either takes an
i64 as an argument or returns an i64.
* wasm/js/WebAssemblyFunction.cpp:
(JSC::callWebAssemblyFunction):
(JSC::WebAssemblyFunction::WebAssemblyFunction):
(JSC::WebAssemblyFunction::call): Deleted.
* wasm/js/WebAssemblyFunction.h:
(JSC::WebAssemblyFunction::signatureIndex):
(JSC::WebAssemblyFunction::jsEntrypoint):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkJSTestsChangeLog">trunk/JSTests/ChangeLog</a></li>
<li><a href="#trunkJSTestswasmyaml">trunk/JSTests/wasm.yaml</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsWebAssemblyFunctioncpp">trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsWebAssemblyFunctionh">trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkJSTestswasmfunctiontestsi64fromjsexceptionsjs">trunk/JSTests/wasm/function-tests/i64-from-js-exceptions.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkJSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/ChangeLog (210125 => 210126)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/ChangeLog 2016-12-23 01:23:15 UTC (rev 210125)
+++ trunk/JSTests/ChangeLog 2016-12-23 01:32:30 UTC (rev 210126)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2016-12-22 Saam Barati <sbarati@apple.com>
+
+ WebAssembly: Make calling Wasm functions that returns or takes an i64 as a parameter an early exception
+ https://bugs.webkit.org/show_bug.cgi?id=166437
+ <rdar://problem/29793949>
+
+ Reviewed by Keith Miller.
+
+ * wasm.yaml:
+ * wasm/function-tests/i64-from-js-exceptions.js: Added.
+ (const.imp.import.sideEffects):
+ (assert.throws.instance.exports.foo.valueOf):
+
</ins><span class="cx"> 2016-12-22 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> De-duplicate finally blocks.
</span></span></pre></div>
<a id="trunkJSTestswasmfunctiontestsi64fromjsexceptionsjs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/wasm/function-tests/i64-from-js-exceptions.js (0 => 210126)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/wasm/function-tests/i64-from-js-exceptions.js (rev 0)
+++ trunk/JSTests/wasm/function-tests/i64-from-js-exceptions.js 2016-12-23 01:32:30 UTC (rev 210126)
</span><span class="lines">@@ -0,0 +1,40 @@
</span><ins>+import Builder from '../Builder.js'
+import * as assert from '../assert.js'
+
+const builder = (new Builder())
+ .Type().End()
+ .Import()
+ .Function("import", "sideEffects", {params: [], ret: "void"})
+ .End()
+ .Function().End()
+ .Export()
+ .Function("foo")
+ .Function("bar")
+ .End()
+ .Code()
+ .Function("foo", {params: ["i64"], ret: "void"})
+ .Call(0)
+ .Return()
+ .End()
+ .Function("bar", {params: [], ret: "i64"})
+ .Call(0)
+ .I32Const(25)
+ .I64ExtendUI32()
+ .Return()
+ .End()
+ .End();
+
+const bin = builder.WebAssembly().get();
+const module = new WebAssembly.Module(bin);
+let called = false;
+const imp = {
+ import: {
+ sideEffects() { called = true; }
+ }
+};
+
+const instance = new WebAssembly.Instance(module, imp);
+assert.throws(() => instance.exports.foo(20), WebAssembly.RuntimeError, "WebAssembly function with an i64 argument can't be called from JavaScript");
+assert.throws(() => instance.exports.foo({valueOf() { throw new Error("Should not be called!"); }}), WebAssembly.RuntimeError, "WebAssembly function with an i64 argument can't be called from JavaScript");
+assert.throws(() => instance.exports.bar(), WebAssembly.RuntimeError, "WebAssembly function that returns i64 can't be called from JavaScript");
+assert.eq(called, false);
</ins></span></pre></div>
<a id="trunkJSTestswasmyaml"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/wasm.yaml (210125 => 210126)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/wasm.yaml 2016-12-23 01:23:15 UTC (rev 210125)
+++ trunk/JSTests/wasm.yaml 2016-12-23 01:32:30 UTC (rev 210126)
</span><span class="lines">@@ -188,7 +188,7 @@
</span><span class="cx"> cmd: runWebAssemblySpecTest :normal
</span><span class="cx">
</span><span class="cx"> - path: wasm/spec-tests/unreachable.wast.js
</span><del>- cmd: runWebAssemblySpecTest :skip
</del><ins>+ cmd: runWebAssemblySpecTest :normal
</ins><span class="cx">
</span><span class="cx"> - path: wasm/spec-tests/unwind.wast.js
</span><span class="cx"> cmd: runWebAssemblySpecTest :skip
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (210125 => 210126)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-12-23 01:23:15 UTC (rev 210125)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-12-23 01:32:30 UTC (rev 210126)
</span><span class="lines">@@ -1,3 +1,23 @@
</span><ins>+2016-12-22 Saam Barati <sbarati@apple.com>
+
+ WebAssembly: Make calling Wasm functions that returns or takes an i64 as a parameter an early exception
+ https://bugs.webkit.org/show_bug.cgi?id=166437
+ <rdar://problem/29793949>
+
+ Reviewed by Keith Miller.
+
+ This patch makes it so that we throw an exception before we do
+ anything else if we call a wasm function that either takes an
+ i64 as an argument or returns an i64.
+
+ * wasm/js/WebAssemblyFunction.cpp:
+ (JSC::callWebAssemblyFunction):
+ (JSC::WebAssemblyFunction::WebAssemblyFunction):
+ (JSC::WebAssemblyFunction::call): Deleted.
+ * wasm/js/WebAssemblyFunction.h:
+ (JSC::WebAssemblyFunction::signatureIndex):
+ (JSC::WebAssemblyFunction::jsEntrypoint):
+
</ins><span class="cx"> 2016-12-22 Keith Miller <keith_miller@apple.com>
</span><span class="cx">
</span><span class="cx"> Add BitOr for floating points to B3
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsWebAssemblyFunctioncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp (210125 => 210126)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp 2016-12-23 01:23:15 UTC (rev 210125)
+++ trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp 2016-12-23 01:32:30 UTC (rev 210126)
</span><span class="lines">@@ -35,6 +35,7 @@
</span><span class="cx"> #include "JSWebAssemblyCallee.h"
</span><span class="cx"> #include "JSWebAssemblyInstance.h"
</span><span class="cx"> #include "JSWebAssemblyMemory.h"
</span><ins>+#include "JSWebAssemblyRuntimeError.h"
</ins><span class="cx"> #include "LLIntThunks.h"
</span><span class="cx"> #include "ProtoCallFrame.h"
</span><span class="cx"> #include "VM.h"
</span><span class="lines">@@ -59,9 +60,27 @@
</span><span class="cx"> if (exec->argumentCount() != signature->argumentCount())
</span><span class="cx"> return JSValue::encode(throwException(exec, scope, createNotEnoughArgumentsError(exec, defaultSourceAppender)));
</span><span class="cx">
</span><ins>+ {
+ // Check if we have a disallowed I64 use.
+
+ for (unsigned argIndex = 0; argIndex < signature->argumentCount(); ++argIndex) {
+ if (signature->argument(argIndex) == Wasm::I64) {
+ JSWebAssemblyRuntimeError* error = JSWebAssemblyRuntimeError::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyRuntimeErrorStructure(),
+ "WebAssembly function with an i64 argument can't be called from JavaScript");
+ return JSValue::encode(throwException(exec, scope, error));
+ }
+ }
+
+ if (signature->returnType() == Wasm::I64) {
+ JSWebAssemblyRuntimeError* error = JSWebAssemblyRuntimeError::create(exec, vm, exec->lexicalGlobalObject()->WebAssemblyRuntimeErrorStructure(),
+ "WebAssembly function that returns i64 can't be called from JavaScript");
+ return JSValue::encode(throwException(exec, scope, error));
+ }
+ }
+
</ins><span class="cx"> // FIXME is this boxing correct? https://bugs.webkit.org/show_bug.cgi?id=164876
</span><span class="cx"> Vector<JSValue> boxedArgs;
</span><del>- for (unsigned argIndex = 0; argIndex < exec->argumentCount(); ++argIndex) {
</del><ins>+ for (unsigned argIndex = 0; argIndex < signature->argumentCount(); ++argIndex) {
</ins><span class="cx"> JSValue arg = exec->uncheckedArgument(argIndex);
</span><span class="cx"> switch (signature->argument(argIndex)) {
</span><span class="cx"> case Wasm::I32:
</span><span class="lines">@@ -100,13 +119,7 @@
</span><span class="cx"> ProtoCallFrame protoCallFrame;
</span><span class="cx"> protoCallFrame.init(nullptr, wasmFunction, firstArgument, argCount, remainingArgs);
</span><span class="cx">
</span><del>- return wasmFunction->call(vm, &protoCallFrame);
-}
-
-EncodedJSValue WebAssemblyFunction::call(VM& vm, ProtoCallFrame* protoCallFrame)
-{
- // Setup the memory that the entrance loads.
- if (JSWebAssemblyMemory* memory = instance()->memory()) {
</del><ins>+ if (JSWebAssemblyMemory* memory = wasmFunction->instance()->memory()) {
</ins><span class="cx"> Wasm::Memory* wasmMemory = memory->memory();
</span><span class="cx"> vm.topWasmMemoryPointer = wasmMemory->memory();
</span><span class="cx"> vm.topWasmMemorySize = wasmMemory->size();
</span><span class="lines">@@ -116,28 +129,28 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JSWebAssemblyInstance* prevJSWebAssemblyInstance = vm.topJSWebAssemblyInstance;
</span><del>- vm.topJSWebAssemblyInstance = instance();
- ASSERT(instance());
- EncodedJSValue rawResult = vmEntryToWasm(m_jsEntrypoint->entrypoint(), &vm, protoCallFrame);
</del><ins>+ vm.topJSWebAssemblyInstance = wasmFunction->instance();
+ ASSERT(wasmFunction->instance());
+ EncodedJSValue rawResult = vmEntryToWasm(wasmFunction->jsEntrypoint(), &vm, &protoCallFrame);
</ins><span class="cx"> vm.topJSWebAssemblyInstance = prevJSWebAssemblyInstance;
</span><ins>+ RETURN_IF_EXCEPTION(scope, { });
</ins><span class="cx">
</span><span class="cx"> // FIXME is this correct? https://bugs.webkit.org/show_bug.cgi?id=164876
</span><del>- switch (m_returnType) {
</del><ins>+ switch (signature->returnType()) {
</ins><span class="cx"> case Wasm::Void:
</span><span class="cx"> return JSValue::encode(jsUndefined());
</span><span class="cx"> case Wasm::I32:
</span><del>- return JSValue::encode(JSValue(static_cast<int32_t>(rawResult)));
</del><ins>+ return JSValue::encode(jsNumber(static_cast<int32_t>(rawResult)));
</ins><span class="cx"> case Wasm::F32:
</span><del>- return JSValue::encode(JSValue(bitwise_cast<float>(static_cast<int32_t>(rawResult))));
</del><ins>+ return JSValue::encode(jsNumber(purifyNaN(static_cast<double>(bitwise_cast<float>(static_cast<int32_t>(rawResult))))));
</ins><span class="cx"> case Wasm::F64:
</span><del>- return JSValue::encode(JSValue(bitwise_cast<double>(rawResult)));
</del><ins>+ return JSValue::encode(jsNumber(purifyNaN(bitwise_cast<double>(rawResult))));
</ins><span class="cx"> case Wasm::I64:
</span><span class="cx"> case Wasm::Func:
</span><span class="cx"> case Wasm::Anyfunc:
</span><del>- break;
</del><ins>+ RELEASE_ASSERT_NOT_REACHED();
</ins><span class="cx"> }
</span><span class="cx">
</span><del>- RELEASE_ASSERT_NOT_REACHED();
</del><span class="cx"> return EncodedJSValue();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -159,11 +172,7 @@
</span><span class="cx"> WebAssemblyFunction::WebAssemblyFunction(VM& vm, JSGlobalObject* globalObject, Structure* structure, Wasm::SignatureIndex signatureIndex)
</span><span class="cx"> : Base(vm, globalObject, structure)
</span><span class="cx"> , m_signatureIndex(signatureIndex)
</span><del>-{
- // Don't cache the signature pointer: it's a global on VM and can change as new WebAssembly.Module are created.
- const Wasm::Signature* signature = Wasm::SignatureInformation::get(&vm, m_signatureIndex);
- m_returnType = signature->returnType();
-}
</del><ins>+{ }
</ins><span class="cx">
</span><span class="cx"> void WebAssemblyFunction::visitChildren(JSCell* cell, SlotVisitor& visitor)
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsWebAssemblyFunctionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h (210125 => 210126)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h 2016-12-23 01:23:15 UTC (rev 210125)
+++ trunk/Source/JavaScriptCore/wasm/js/WebAssemblyFunction.h 2016-12-23 01:32:30 UTC (rev 210126)
</span><span class="lines">@@ -54,8 +54,8 @@
</span><span class="cx">
</span><span class="cx"> JSWebAssemblyInstance* instance() const { return m_instance.get(); }
</span><span class="cx"> Wasm::SignatureIndex signatureIndex() const { return m_signatureIndex; }
</span><del>- EncodedJSValue call(VM&, ProtoCallFrame*);
</del><span class="cx"> void* wasmEntrypoint() { return m_wasmEntrypoint->entrypoint(); }
</span><ins>+ void* jsEntrypoint() { return m_jsEntrypoint->entrypoint(); }
</ins><span class="cx">
</span><span class="cx"> protected:
</span><span class="cx"> static void visitChildren(JSCell*, SlotVisitor&);
</span><span class="lines">@@ -69,7 +69,6 @@
</span><span class="cx"> WriteBarrier<JSWebAssemblyCallee> m_jsEntrypoint;
</span><span class="cx"> WriteBarrier<JSWebAssemblyCallee> m_wasmEntrypoint;
</span><span class="cx"> Wasm::SignatureIndex m_signatureIndex;
</span><del>- Wasm::Type m_returnType;
</del><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre>
</div>
</div>
</body>
</html>