<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[213465] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/213465">213465</a></dd>
<dt>Author</dt> <dd>sbarati@apple.com</dd>
<dt>Date</dt> <dd>2017-03-06 13:44:20 -0800 (Mon, 06 Mar 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>WebAssembly: implement init_expr for Element
https://bugs.webkit.org/show_bug.cgi?id=165888
<rdar://problem/29760199>
Reviewed by Keith Miller.
JSTests:
* wasm/Builder_WebAssemblyBinary.js:
(const.emitters.Element):
* wasm/assert.js:
* wasm/js-api/element.js:
(assert.throws):
(badInstantiation.makeModule):
(badInstantiation.test):
(badInstantiation):
* wasm/js-api/global-error.js:
Source/JavaScriptCore:
This patch fixes a few bugs. The main change is allowing init_expr
for the Element's offset. To do this, I had to fix a couple of
other bugs:
- I removed our invalid early module-parse-time invalidation
of out of bound Element sections. This is not in the spec because
it can't be validated in the general case when the offset is a
get_global.
- Our get_global validation inside our init_expr parsing code was simply wrong.
It thought that the index operand to get_global went into the pool of imports,
but it does not. It indexes into the pool of globals. I changed the code to
refer to the global pool instead.
* wasm/WasmFormat.h:
(JSC::Wasm::Element::Element):
* wasm/WasmModuleParser.cpp:
* wasm/js/WebAssemblyModuleRecord.cpp:
(JSC::WebAssemblyModuleRecord::evaluate):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkJSTestsChangeLog">trunk/JSTests/ChangeLog</a></li>
<li><a href="#trunkJSTestswasmBuilder_WebAssemblyBinaryjs">trunk/JSTests/wasm/Builder_WebAssemblyBinary.js</a></li>
<li><a href="#trunkJSTestswasmassertjs">trunk/JSTests/wasm/assert.js</a></li>
<li><a href="#trunkJSTestswasmjsapielementjs">trunk/JSTests/wasm/js-api/element.js</a></li>
<li><a href="#trunkJSTestswasmjsapiglobalerrorjs">trunk/JSTests/wasm/js-api/global-error.js</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmWasmFormath">trunk/Source/JavaScriptCore/wasm/WasmFormat.h</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmWasmModuleParsercpp">trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorewasmjsWebAssemblyModuleRecordcpp">trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkJSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/ChangeLog (213464 => 213465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/ChangeLog 2017-03-06 21:40:31 UTC (rev 213464)
+++ trunk/JSTests/ChangeLog 2017-03-06 21:44:20 UTC (rev 213465)
</span><span class="lines">@@ -1,3 +1,21 @@
</span><ins>+2017-03-06 Saam Barati <sbarati@apple.com>
+
+ WebAssembly: implement init_expr for Element
+ https://bugs.webkit.org/show_bug.cgi?id=165888
+ <rdar://problem/29760199>
+
+ Reviewed by Keith Miller.
+
+ * wasm/Builder_WebAssemblyBinary.js:
+ (const.emitters.Element):
+ * wasm/assert.js:
+ * wasm/js-api/element.js:
+ (assert.throws):
+ (badInstantiation.makeModule):
+ (badInstantiation.test):
+ (badInstantiation):
+ * wasm/js-api/global-error.js:
+
</ins><span class="cx"> 2017-03-06 Carlos Alberto Lopez Perez <clopez@igalia.com>
</span><span class="cx">
</span><span class="cx"> [JSC] [Linux] Test stress/spread-forward-call-varargs-stack-overflow.js fails
</span></span></pre></div>
<a id="trunkJSTestswasmBuilder_WebAssemblyBinaryjs"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/wasm/Builder_WebAssemblyBinary.js (213464 => 213465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/wasm/Builder_WebAssemblyBinary.js 2017-03-06 21:40:31 UTC (rev 213464)
+++ trunk/JSTests/wasm/Builder_WebAssemblyBinary.js 2017-03-06 21:44:20 UTC (rev 213465)
</span><span class="lines">@@ -195,11 +195,12 @@
</span><span class="cx"> for (const {tableIndex, offset, functionIndices} of data) {
</span><span class="cx"> put(bin, "varuint32", tableIndex);
</span><span class="cx">
</span><del>- // FIXME allow complex init_expr here. https://bugs.webkit.org/show_bug.cgi?id=165700
- // For now we only handle i32.const as offset.
- put(bin, "uint8", WASM.description.opcode["i32.const"].value);
- put(bin, WASM.description.opcode["i32.const"].immediate[0].type, offset);
- put(bin, "uint8", WASM.description.opcode["end"].value);
</del><ins>+ let initExpr;
+ if (typeof offset === "number")
+ initExpr = {op: "i32.const", initValue: offset};
+ else
+ initExpr = offset;
+ putInitExpr(bin, initExpr);
</ins><span class="cx">
</span><span class="cx"> put(bin, "varuint32", functionIndices.length);
</span><span class="cx"> for (const functionIndex of functionIndices)
</span></span></pre></div>
<a id="trunkJSTestswasmassertjs"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/wasm/assert.js (213464 => 213465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/wasm/assert.js 2017-03-06 21:40:31 UTC (rev 213464)
+++ trunk/JSTests/wasm/assert.js 2017-03-06 21:44:20 UTC (rev 213465)
</span><span class="lines">@@ -112,7 +112,7 @@
</span><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> // Ignore source information at the end of the error message if the expected message didn't specify that information. Sometimes it changes, or it's tricky to get just right.
</span><del>-const _sourceRe = new RegExp(/ \(evaluating '.*'\)/);
</del><ins>+const _sourceRe = new RegExp(/( \(evaluating '.*'\))|( \(In .*\))/);
</ins><span class="cx">
</span><span class="cx"> const _throws = (func, type, message, ...args) => {
</span><span class="cx"> try {
</span></span></pre></div>
<a id="trunkJSTestswasmjsapielementjs"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/wasm/js-api/element.js (213464 => 213465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/wasm/js-api/element.js 2017-03-06 21:40:31 UTC (rev 213464)
+++ trunk/JSTests/wasm/js-api/element.js 2017-03-06 21:44:20 UTC (rev 213465)
</span><span class="lines">@@ -53,7 +53,7 @@
</span><span class="cx"> .Table({element: "anyfunc", initial: 20, maximum: 20})
</span><span class="cx"> .End()
</span><span class="cx"> .Element()
</span><del>- .Element({offset: 19, functionIndices: [0, 1]})
</del><ins>+ .Element({offset: 19, functionIndices: [0, 0]})
</ins><span class="cx"> .End()
</span><span class="cx"> .Code()
</span><span class="cx"> .Function("foo", {params: ["i32"], ret: "i32"})
</span><span class="lines">@@ -64,7 +64,8 @@
</span><span class="cx"> .End()
</span><span class="cx"> .End();
</span><span class="cx">
</span><del>- assert.throws(() => new WebAssembly.Module(builder.WebAssembly().get()), WebAssembly.CompileError, "WebAssembly.Module doesn't parse at byte 35 / 49: Element section's 0th element writes to index 20 which exceeds the maximum 20 (evaluating 'new WebAssembly.Module(builder.WebAssembly().get())')");
</del><ins>+ const module = new WebAssembly.Module(builder.WebAssembly().get());
+ assert.throws(() => new WebAssembly.Instance(module), WebAssembly.LinkError, "Element is trying to set an out of bounds table index");
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> {
</span><span class="lines">@@ -87,7 +88,8 @@
</span><span class="cx"> .End()
</span><span class="cx"> .End();
</span><span class="cx">
</span><del>- assert.throws(() => new WebAssembly.Module(builder.WebAssembly().get()), WebAssembly.CompileError, "WebAssembly.Module doesn't parse at byte 35 / 48: Element section's 0th element writes to index 20 which exceeds the maximum 20 (evaluating 'new WebAssembly.Module(builder.WebAssembly().get())')");
</del><ins>+ const module = new WebAssembly.Module(builder.WebAssembly().get());
+ assert.throws(() => new WebAssembly.Instance(module), WebAssembly.LinkError, "Element is trying to set an out of bounds table index");
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> {
</span><span class="lines">@@ -144,3 +146,74 @@
</span><span class="cx"> badInstantiation(table, WebAssembly.LinkError, "Element is trying to set an out of bounds table index (evaluating 'new WebAssembly.Instance(module, {imp: {table: actualTable}})')");
</span><span class="cx"> }
</span><span class="cx"> }
</span><ins>+
+{
+ function makeModule() {
+ const builder = new Builder()
+ .Type().End()
+ .Import()
+ .Table("imp", "table", {element: "anyfunc", initial: 19}) // unspecified maximum.
+ .Global().I32("imp", "global", "immutable").End()
+ .End()
+ .Function().End()
+ .Element()
+ .Element({offset: {op: "get_global", initValue: 0}, functionIndices: [0]})
+ .End()
+ .Code()
+ .Function("foo", {params: ["i32"], ret: "i32"})
+ .GetLocal(0)
+ .I32Const(42)
+ .I32Add()
+ .Return()
+ .End()
+ .End();
+
+ const bin = builder.WebAssembly().get();
+ return new WebAssembly.Module(bin);
+ }
+
+ function test(i) {
+ const table = new WebAssembly.Table({element: "anyfunc", initial: 19});
+ const global = i;
+ const module = makeModule();
+ const instance = new WebAssembly.Instance(module, {imp: {table, global}});
+ for (let j = 0; j < 19; j++) {
+ if (j === i)
+ assert.eq(table.get(j)(i*2), i*2 + 42);
+ else
+ assert.throws(() => table.get(j)(i*2), TypeError, "table.get(j) is not a function.");
+ }
+ }
+ for (let i = 0; i < 19; i++)
+ test(i);
+
+ assert.throws(() => test(19), Error, "Element is trying to set an out of bounds table index");
+}
+
+{
+ function badModule() {
+ const builder = new Builder()
+ .Type().End()
+ .Import()
+ .Table("imp", "table", {element: "anyfunc", initial: 19}) // unspecified maximum.
+ .Global().F32("imp", "global", "immutable").End()
+ .End()
+ .Function().End()
+ .Element()
+ .Element({offset: {op: "get_global", initValue: 0}, functionIndices: [0]})
+ .End()
+ .Code()
+ .Function("foo", {params: ["i32"], ret: "i32"})
+ .GetLocal(0)
+ .I32Const(42)
+ .I32Add()
+ .Return()
+ .End()
+ .End();
+
+ const bin = builder.WebAssembly().get();
+ return new WebAssembly.Module(bin);
+ }
+
+ assert.throws(() => badModule(), WebAssembly.CompileError, "WebAssembly.Module doesn't parse at byte 58 / 72: 0th Element init_expr must produce an i32");
+}
</ins></span></pre></div>
<a id="trunkJSTestswasmjsapiglobalerrorjs"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/wasm/js-api/global-error.js (213464 => 213465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/wasm/js-api/global-error.js 2017-03-06 21:40:31 UTC (rev 213464)
+++ trunk/JSTests/wasm/js-api/global-error.js 2017-03-06 21:44:20 UTC (rev 213465)
</span><span class="lines">@@ -23,7 +23,7 @@
</span><span class="cx"> const bin = builder.WebAssembly();
</span><span class="cx"> bin.trim();
</span><span class="cx">
</span><del>- assert.throws(() => new WebAssembly.Module(bin.get()), WebAssembly.CompileError, "WebAssembly.Module doesn't parse at byte 26 / 59: get_global's index 0 exceeds the number of imports 0 (evaluating 'new WebAssembly.Module(bin.get())')");
</del><ins>+ assert.throws(() => new WebAssembly.Module(bin.get()), WebAssembly.CompileError, "WebAssembly.Module doesn't parse at byte 26 / 59: get_global's index 0 exceeds the number of globals 0 (evaluating 'new WebAssembly.Module(bin.get())')");
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (213464 => 213465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2017-03-06 21:40:31 UTC (rev 213464)
+++ trunk/Source/JavaScriptCore/ChangeLog 2017-03-06 21:44:20 UTC (rev 213465)
</span><span class="lines">@@ -1,3 +1,31 @@
</span><ins>+2017-03-06 Saam Barati <sbarati@apple.com>
+
+ WebAssembly: implement init_expr for Element
+ https://bugs.webkit.org/show_bug.cgi?id=165888
+ <rdar://problem/29760199>
+
+ Reviewed by Keith Miller.
+
+ This patch fixes a few bugs. The main change is allowing init_expr
+ for the Element's offset. To do this, I had to fix a couple of
+ other bugs:
+
+ - I removed our invalid early module-parse-time invalidation
+ of out of bound Element sections. This is not in the spec because
+ it can't be validated in the general case when the offset is a
+ get_global.
+
+ - Our get_global validation inside our init_expr parsing code was simply wrong.
+ It thought that the index operand to get_global went into the pool of imports,
+ but it does not. It indexes into the pool of globals. I changed the code to
+ refer to the global pool instead.
+
+ * wasm/WasmFormat.h:
+ (JSC::Wasm::Element::Element):
+ * wasm/WasmModuleParser.cpp:
+ * wasm/js/WebAssemblyModuleRecord.cpp:
+ (JSC::WebAssemblyModuleRecord::evaluate):
+
</ins><span class="cx"> 2017-03-06 Yusuke Suzuki <utatane.tea@gmail.com>
</span><span class="cx">
</span><span class="cx"> [JSC] Allow indexed module namespace object fields
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmWasmFormath"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/WasmFormat.h (213464 => 213465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/WasmFormat.h 2017-03-06 21:40:31 UTC (rev 213464)
+++ trunk/Source/JavaScriptCore/wasm/WasmFormat.h 2017-03-06 21:44:20 UTC (rev 213465)
</span><span class="lines">@@ -189,7 +189,11 @@
</span><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> struct Element {
</span><del>- uint32_t offset;
</del><ins>+ Element(I32InitExpr offset)
+ : offset(offset)
+ { }
+
+ I32InitExpr offset;
</ins><span class="cx"> Vector<uint32_t> functionIndices;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmWasmModuleParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp (213464 => 213465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp 2017-03-06 21:40:31 UTC (rev 213464)
+++ trunk/Source/JavaScriptCore/wasm/WasmModuleParser.cpp 2017-03-06 21:44:20 UTC (rev 213465)
</span><span class="lines">@@ -431,7 +431,7 @@
</span><span class="cx"> WASM_PARSER_FAIL_IF(!m_result.module->elements.tryReserveCapacity(elementCount), "can't allocate memory for ", elementCount, " Elements");
</span><span class="cx"> for (unsigned elementNum = 0; elementNum < elementCount; ++elementNum) {
</span><span class="cx"> uint32_t tableIndex;
</span><del>- uint64_t offset;
</del><ins>+ uint64_t initExprBits;
</ins><span class="cx"> uint8_t initOpcode;
</span><span class="cx"> uint32_t indexCount;
</span><span class="cx">
</span><span class="lines">@@ -438,29 +438,16 @@
</span><span class="cx"> WASM_PARSER_FAIL_IF(!parseVarUInt32(tableIndex), "can't get ", elementNum, "th Element table index");
</span><span class="cx"> WASM_PARSER_FAIL_IF(tableIndex, "Element section can only have one Table for now");
</span><span class="cx"> Type initExprType;
</span><del>- WASM_FAIL_IF_HELPER_FAILS(parseInitExpr(initOpcode, offset, initExprType));
- WASM_PARSER_FAIL_IF(initOpcode != OpType::I32Const, "Element section doesn't support non-i32 init_expr opcode for now, got ", initOpcode);
</del><ins>+ WASM_FAIL_IF_HELPER_FAILS(parseInitExpr(initOpcode, initExprBits, initExprType));
+ WASM_PARSER_FAIL_IF(initExprType != I32, "Element init_expr must produce an i32");
</ins><span class="cx"> WASM_PARSER_FAIL_IF(!parseVarUInt32(indexCount), "can't get ", elementNum, "th index count for Element section");
</span><span class="cx"> WASM_PARSER_FAIL_IF(indexCount == std::numeric_limits<uint32_t>::max(), "Element section's ", elementNum, "th index count is too big ", indexCount);
</span><span class="cx">
</span><span class="cx"> ASSERT(!!m_result.module->tableInformation);
</span><del>- if (std::optional<uint32_t> maximum = m_result.module->tableInformation.maximum()) {
- // FIXME: should indexCount being zero be a validation error?
- // https://bugs.webkit.org/show_bug.cgi?id=165826
- if (indexCount) {
- // FIXME: right now, provably out of bounds writes are validation errors.
- // Should they be though?
- // https://bugs.webkit.org/show_bug.cgi?id=165827
- uint64_t lastWrittenIndex = static_cast<uint64_t>(indexCount) + static_cast<uint64_t>(offset) - 1;
- WASM_PARSER_FAIL_IF(lastWrittenIndex >= static_cast<uint64_t>(*maximum), "Element section's ", elementNum, "th element writes to index ", lastWrittenIndex, " which exceeds the maximum ", *maximum);
- }
- }
</del><span class="cx">
</span><del>- Element element;
</del><ins>+ Element element(makeI32InitExpr(initOpcode, initExprBits));
</ins><span class="cx"> WASM_PARSER_FAIL_IF(!element.functionIndices.tryReserveCapacity(indexCount), "can't allocate memory for ", indexCount, " Element indices");
</span><span class="cx">
</span><del>- element.offset = offset;
-
</del><span class="cx"> for (unsigned index = 0; index < indexCount; ++index) {
</span><span class="cx"> uint32_t functionIndex;
</span><span class="cx"> WASM_PARSER_FAIL_IF(!parseVarUInt32(functionIndex), "can't get Element section's ", elementNum, "th element's ", index, "th index");
</span><span class="lines">@@ -536,12 +523,11 @@
</span><span class="cx"> case GetGlobal: {
</span><span class="cx"> uint32_t index;
</span><span class="cx"> WASM_PARSER_FAIL_IF(!parseVarUInt32(index), "can't get get_global's index");
</span><del>- WASM_PARSER_FAIL_IF(index >= m_result.module->imports.size(), "get_global's index ", index, " exceeds the number of imports ", m_result.module->imports.size());
- const Import& import = m_result.module->imports[index];
- WASM_PARSER_FAIL_IF(m_result.module->imports[index].kind != ExternalKind::Global, "get_global's import kind is ", m_result.module->imports[index].kind, " should be global");
- WASM_PARSER_FAIL_IF(import.kindIndex >= m_result.module->firstInternalGlobal, "get_global import kind index ", import.kindIndex, " exceeds the first internal global ", m_result.module->firstInternalGlobal);
</del><span class="cx">
</span><del>- ASSERT(m_result.module->globals[import.kindIndex].mutability == Global::Immutable);
</del><ins>+ WASM_PARSER_FAIL_IF(index >= m_result.module->globals.size(), "get_global's index ", index, " exceeds the number of globals ", m_result.module->globals.size());
+ WASM_PARSER_FAIL_IF(index >= m_result.module->firstInternalGlobal, "get_global import kind index ", index, " exceeds the first internal global ", m_result.module->firstInternalGlobal);
+
+ ASSERT(m_result.module->globals[index].mutability == Global::Immutable);
</ins><span class="cx"> resultType = m_result.module->globals[index].type;
</span><span class="cx"> bitsOrImportNumber = index;
</span><span class="cx"> break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorewasmjsWebAssemblyModuleRecordcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp (213464 => 213465)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp 2017-03-06 21:40:31 UTC (rev 213464)
+++ trunk/Source/JavaScriptCore/wasm/js/WebAssemblyModuleRecord.cpp 2017-03-06 21:44:20 UTC (rev 213465)
</span><span class="lines">@@ -224,7 +224,13 @@
</span><span class="cx"> if (!element.functionIndices.size())
</span><span class="cx"> continue;
</span><span class="cx">
</span><del>- uint32_t tableIndex = element.offset;
</del><ins>+ uint32_t tableIndex;
+
+ if (element.offset.isGlobalImport())
+ tableIndex = static_cast<uint32_t>(m_instance->loadI32Global(element.offset.globalImportIndex()));
+ else
+ tableIndex = element.offset.constValue();
+
</ins><span class="cx"> uint64_t lastWrittenIndex = static_cast<uint64_t>(tableIndex) + static_cast<uint64_t>(element.functionIndices.size()) - 1;
</span><span class="cx"> if (lastWrittenIndex >= table->size())
</span><span class="cx"> return throwException(state, scope, createJSWebAssemblyLinkError(state, vm, ASCIILiteral("Element is trying to set an out of bounds table index")));
</span></span></pre>
</div>
</div>
</body>
</html>