[webkit-reviews] review denied: [Bug 219297] [WASM-References] Add table.init : [Attachment 415747] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 9 21:59:32 PST 2020 

Yusuke Suzuki <ysuzuki at apple.com> has denied Dmitry <dbezhetskov at igalia.com>'s
request for review:
Bug 219297: [WASM-References] Add table.init
https://bugs.webkit.org/show_bug.cgi?id=219297

Attachment 415747: Patch

https://bugs.webkit.org/attachment.cgi?id=415747&action=review




--- Comment #13 from Yusuke Suzuki <ysuzuki at apple.com> ---
Comment on attachment 415747
  --> https://bugs.webkit.org/attachment.cgi?id=415747
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=415747&action=review

Nice. I'm putting r- since I found several bugs.

> Source/JavaScriptCore/wasm/WasmFunctionParser.h:621
> +	       WASM_PARSER_FAIL_IF(!parseVarUInt32(elementIndex), "can't parse
element index");
> +	       WASM_VALIDATOR_FAIL_IF(elementIndex >= m_info.elementCount(),
"element index ", elementIndex, " is invalid, limit is ",
m_info.elementCount());
> +
> +	       unsigned tableIndex;
> +	       WASM_PARSER_FAIL_IF(!parseVarUInt32(tableIndex), "can't parse
element index");
> +	       WASM_VALIDATOR_FAIL_IF(tableIndex >= m_info.tableCount(), "table
index ", tableIndex, " is invalid, limit is ", m_info.tableCount());

This parsing behavior is different from the other table ext operations. This
means that we need to have special handling in
`FunctionParser<Context>::parseUnreachableExpression()` side too.
The purpose of `FunctionParser<Context>::parseUnreachableExpression()` is skip
all wasm stack pushing/poping, but validates imm etc. for unreachable wasm
opcodes.
Can you add them?
I think we need TableCopy one too.
And, can you add tests for these cases? I think we can just emit these opcodes
after return, and ensure we are stressing table opcodes in
parseUnreachableExpression.

> Source/JavaScriptCore/wasm/WasmInstance.cpp:73
> +    for (unsigned elementIdx = 0; elementIdx < m_passiveElements.size();
++elementIdx) {

Rename idx to index.

> Source/JavaScriptCore/wasm/WasmInstance.cpp:183
> +    for (uint32_t idx = 0; idx < length; ++idx) {

Rename it to index.

> Source/JavaScriptCore/wasm/WasmInstance.cpp:187
> +	   JSWebAssemblyInstance* jsInstance = owner<JSWebAssemblyInstance>();
> +	   JSWebAssemblyTable* jsTable = jsInstance->table(tableIndex);

We should put them out of the loop.

> Source/JavaScriptCore/wasm/WasmInstance.cpp:199
> +	   JSGlobalObject* globalObject = jsInstance->globalObject();
> +	   VM& vm = globalObject->vm();

Ditto. Let's put them out of the loop.

> Source/JavaScriptCore/wasm/WasmInstance.cpp:246
> +void Instance::tableInit(uint32_t dstOffset, uint32_t srcOffset, uint32_t
len, uint32_t elementIndex, uint32_t tableIndex)

len => length.

More information about the webkit-reviews mailing list