nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/JSTests/wasm/function-tests/trap-store-shared.js

30 lines
975 B
JavaScript
Raw Permalink Normal View History

Unreviewed, relanding r269940 https://bugs.webkit.org/show_bug.cgi?id=219076 JSTests: * wasm/function-tests/trap-load-shared.js: Added. (wasmFrameCountFromError): * wasm/function-tests/trap-store-shared.js: Added. * wasm/js-api/test_memory.js: (binaryShouldNotParse): * wasm/stress/shared-memory-errors.js: Added. (assert.throws): * wasm/stress/shared-wasm-memory-buffer.js: Added. LayoutTests/imported/w3c: * web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-javascript-agent-formalism/requires-success.any.worker-expected.txt: * web-platform-tests/wasm/jsapi/memory/constructor-shared.tentative.any-expected.txt: * web-platform-tests/wasm/jsapi/memory/constructor-shared.tentative.any.worker-expected.txt: * web-platform-tests/wasm/jsapi/memory/constructor.any-expected.txt: * web-platform-tests/wasm/jsapi/memory/constructor.any.worker-expected.txt: * web-platform-tests/wasm/jsapi/memory/grow.any-expected.txt: * web-platform-tests/wasm/jsapi/memory/grow.any.worker-expected.txt: * web-platform-tests/webaudio/the-audio-api/the-audiobuffer-interface/audiobuffer-copy-channel-expected.txt: Source/JavaScriptCore: ARM64E clang optimizer is broken and optimizing forever if Wasm::MemoryHandle::memory() is inlined. Putting NEVER_INLINE onto this function for now (unfortunate). * CMakeLists.txt: * JavaScriptCore.xcodeproj/project.pbxproj: * llint/LLIntPCRanges.h: (JSC::LLInt::isWasmLLIntPC): * llint/LowLevelInterpreter.asm: * llint/WebAssembly.asm: * runtime/JSArrayBuffer.h: (JSC::JSArrayBuffer::toWrappedAllowShared): * runtime/JSArrayBufferView.h: * runtime/JSArrayBufferViewInlines.h: (JSC::JSArrayBufferView::toWrappedAllowShared): * runtime/JSGenericTypedArrayView.h: (JSC::JSGenericTypedArrayView<Adaptor>::toWrappedAllowShared): * runtime/Options.cpp: (JSC::overrideDefaults): (JSC::Options::initialize): * wasm/WasmAirIRGenerator.cpp: (JSC::Wasm::AirIRGenerator::AirIRGenerator): (JSC::Wasm::AirIRGenerator::restoreWebAssemblyGlobalState): (JSC::Wasm::AirIRGenerator::addCurrentMemory): (JSC::Wasm::AirIRGenerator::emitCheckAndPreparePointer): (JSC::Wasm::AirIRGenerator::addCall): (JSC::Wasm::AirIRGenerator::addCallIndirect): * wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::B3IRGenerator): (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState): (JSC::Wasm::B3IRGenerator::addCurrentMemory): (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer): (JSC::Wasm::B3IRGenerator::addCall): (JSC::Wasm::B3IRGenerator::addCallIndirect): * wasm/WasmBinding.cpp: (JSC::Wasm::wasmToWasm): * wasm/WasmFaultSignalHandler.cpp: (JSC::Wasm::trapHandler): (JSC::Wasm::enableFastMemory): (JSC::Wasm::prepareFastMemory): * wasm/WasmInstance.h: (JSC::Wasm::Instance::cachedMemory const): (JSC::Wasm::Instance::cachedBoundsCheckingSize const): (JSC::Wasm::Instance::updateCachedMemory): (JSC::Wasm::Instance::offsetOfCachedBoundsCheckingSize): (JSC::Wasm::Instance::cachedMemorySize const): Deleted. (JSC::Wasm::Instance::offsetOfCachedMemorySize): Deleted. * wasm/WasmMemory.cpp: (JSC::Wasm::MemoryHandle::MemoryHandle): (JSC::Wasm::MemoryHandle::~MemoryHandle): (JSC::Wasm::MemoryHandle::memory const): (JSC::Wasm::Memory::Memory): (JSC::Wasm::Memory::create): (JSC::Wasm::Memory::tryCreate): (JSC::Wasm::Memory::addressIsInGrowableOrFastMemory): (JSC::Wasm::Memory::growShared): (JSC::Wasm::Memory::grow): (JSC::Wasm::Memory::dump const): (JSC::Wasm::Memory::~Memory): Deleted. (JSC::Wasm::Memory::addressIsInActiveFastMemory): Deleted. * wasm/WasmMemory.h: (JSC::Wasm::Memory::addressIsInGrowableOrFastMemory): (JSC::Wasm::Memory::operator bool const): Deleted. (JSC::Wasm::Memory::memory const): Deleted. (JSC::Wasm::Memory::size const): Deleted. (JSC::Wasm::Memory::sizeInPages const): Deleted. (JSC::Wasm::Memory::initial const): Deleted. (JSC::Wasm::Memory::maximum const): Deleted. (JSC::Wasm::Memory::mode const): Deleted. (JSC::Wasm::Memory::check): Deleted. (JSC::Wasm::Memory::offsetOfMemory): Deleted. (JSC::Wasm::Memory::offsetOfSize): Deleted. (JSC::Wasm::Memory::addressIsInActiveFastMemory): Deleted. * wasm/WasmMemoryInformation.cpp: (JSC::Wasm::PinnedRegisterInfo::get): (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo): * wasm/WasmMemoryInformation.h: (JSC::Wasm::PinnedRegisterInfo::toSave const): * wasm/WasmMemoryMode.cpp: (JSC::Wasm::makeString): * wasm/WasmMemoryMode.h: * wasm/js/JSToWasm.cpp: (JSC::Wasm::createJSToWasmWrapper): * wasm/js/JSWebAssemblyInstance.cpp: (JSC::JSWebAssemblyInstance::tryCreate): * wasm/js/JSWebAssemblyMemory.cpp: (JSC::JSWebAssemblyMemory::buffer): (JSC::JSWebAssemblyMemory::growSuccessCallback): * wasm/js/JSWebAssemblyMemory.h: * wasm/js/WebAssemblyFunction.cpp: (JSC::WebAssemblyFunction::jsCallEntrypointSlow): * wasm/js/WebAssemblyMemoryConstructor.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * wasm/js/WebAssemblyMemoryPrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::evaluate): Source/WebCore: Tests: js/dom/webassembly-memory-normal-fail.html js/dom/webassembly-memory-shared-basic.html js/dom/webassembly-memory-shared-fail.html storage/indexeddb/shared-memory-structured-clone.html * Headers.cmake: * Modules/indexeddb/server/IDBSerializationContext.cpp: (WebCore::IDBServer::IDBSerializationContext::initializeVM): * WebCore.xcodeproj/project.pbxproj: * bindings/IDLTypes.h: * bindings/js/CommonVM.cpp: (WebCore::commonVMSlow): * bindings/js/JSDOMConvertBufferSource.h: (WebCore::Detail::BufferSourceConverter::convert): (WebCore::Converter<IDLArrayBuffer>::convert): (WebCore::Converter<IDLDataView>::convert): (WebCore::Converter<IDLInt8Array>::convert): (WebCore::Converter<IDLInt16Array>::convert): (WebCore::Converter<IDLInt32Array>::convert): (WebCore::Converter<IDLUint8Array>::convert): (WebCore::Converter<IDLUint16Array>::convert): (WebCore::Converter<IDLUint32Array>::convert): (WebCore::Converter<IDLUint8ClampedArray>::convert): (WebCore::Converter<IDLFloat32Array>::convert): (WebCore::Converter<IDLFloat64Array>::convert): (WebCore::Converter<IDLArrayBufferView>::convert): (WebCore::Converter<IDLAllowSharedAdaptor<T>>::convert): * bindings/js/JSDOMConvertUnion.h: * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneSerializer::serialize): (WebCore::CloneSerializer::CloneSerializer): (WebCore::CloneSerializer::dumpIfTerminal): (WebCore::CloneDeserializer::deserialize): (WebCore::CloneDeserializer::CloneDeserializer): (WebCore::CloneDeserializer::readTerminal): (WebCore::SerializedScriptValue::SerializedScriptValue): (WebCore::SerializedScriptValue::computeMemoryCost const): (WebCore::SerializedScriptValue::create): (WebCore::SerializedScriptValue::deserialize): * bindings/js/SerializedScriptValue.h: * bindings/js/WebCoreJSClientData.cpp: (WebCore::JSVMClientData::initNormalWorld): * bindings/js/WebCoreJSClientData.h: * bindings/js/WebCoreTypedArrayController.cpp: (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::isAtomicsWaitAllowedOnCurrentThread): * bindings/js/WebCoreTypedArrayController.h: * bindings/scripts/CodeGeneratorJS.pm: (IsAnnotatedType): (GetAnnotatedIDLType): * bindings/scripts/IDLAttributes.json: * bindings/scripts/test/JS/JSTestObj.cpp: (WebCore::JSTestObjDOMConstructor::construct): (WebCore::jsTestObjPrototypeFunction_encodeIntoBody): (WebCore::JSC_DEFINE_HOST_FUNCTION): * bindings/scripts/test/TestObj.idl: * dom/TextDecoder.idl: * dom/TextDecoderStreamDecoder.idl: * dom/TextEncoder.idl: * workers/DedicatedWorkerGlobalScope.cpp: (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): * workers/WorkerGlobalScope.cpp: (WebCore::WorkerGlobalScope::WorkerGlobalScope): * workers/WorkerGlobalScope.h: * workers/WorkerOrWorkletGlobalScope.cpp: (WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope): * workers/WorkerOrWorkletGlobalScope.h: * workers/WorkerOrWorkletScriptController.cpp: (WebCore::WorkerOrWorkletScriptController::WorkerOrWorkletScriptController): * workers/WorkerOrWorkletScriptController.h: * workers/WorkerThreadType.h: Added. * workers/service/ServiceWorkerGlobalScope.cpp: (WebCore::ServiceWorkerGlobalScope::ServiceWorkerGlobalScope): * worklets/WorkletGlobalScope.cpp: (WebCore::WorkletGlobalScope::WorkletGlobalScope): Source/WTF: * wtf/PlatformEnable.h: LayoutTests: * js/dom/resources/webassembly-memory-normal-fail-worker.js: Added. * js/dom/resources/webassembly-memory-shared-worker.js: Added. (onmessage): * js/dom/webassembly-memory-normal-fail-expected.txt: Added. * js/dom/webassembly-memory-normal-fail.html: Added. * js/dom/webassembly-memory-shared-basic-expected.txt: Added. * js/dom/webassembly-memory-shared-basic.html: Added. * js/dom/webassembly-memory-shared-fail-expected.txt: Added. * js/dom/webassembly-memory-shared-fail.html: Added. * platform/win/TestExpectations: * storage/indexeddb/resources/shared-memory-structured-clone.js: Added. (prepareDatabase): (async startTests): (testSharedWebAssemblyMemory): * storage/indexeddb/shared-memory-structured-clone-expected.txt: Added. * storage/indexeddb/shared-memory-structured-clone.html: Added. Canonical link: https://commits.webkit.org/231721@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269974 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 20:22:16 +00:00
import Builder from '../Builder.js'
import * as assert from '../assert.js'
const pageSize = 64 * 1024;
const numPages = 10;
{
const builder = (new Builder())
.Type().End()
.Import()
[JSC] Add wasm atomics instructions https://bugs.webkit.org/show_bug.cgi?id=218954 Reviewed by Filip Pizlo. JSTests: * wasm.yaml: * wasm/Builder.js: (const._importMemoryContinuation): (export.default.Builder.prototype._registerSectionBuilders.const.section.in.WASM.description.section.switch.section.case.string_appeared_here.this.section): * wasm/Builder_WebAssemblyBinary.js: (const.putResizableLimits): (const.emitters.Import): (const.emitters.Memory): * wasm/function-tests/trap-load-shared.js: * wasm/function-tests/trap-store-shared.js: * wasm/stress/atomic-decrement.js: Added. (i.agent.start.import.string_appeared_here.then): (i.async error): * wasm/stress/atomic-increment.js: Added. (i.agent.start.import.string_appeared_here.then): (i.async error): * wasm/stress/memory-fence.js: Added. (async try): (catch): * wasm/threads-spec-tests/atomic-signed.wast.js: Added. * wasm/threads-spec-tests/atomic.wast.js: Added. * wasm/threads-spec-tests/memory.wast.js: Added. * wasm/threads-spec-tests/resources/atomic-signed.wast: Added. * wasm/wasm.json: Source/JavaScriptCore: This patch implements wasm threading's atomic operations[1] in X86_64 and ARM64. Currently, all ARM64 atomic operations are implemented by using LL/SC. Later, we will use ARM64 CAS operations if possible, at least in ARM64E. To test it easily, we also extend jsc shell's worker to support transferring shared WebAssembly.Memory so that we can use wasm atomic operations in several workers in jsc shell. [1]: https://github.com/WebAssembly/threads * assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::atomicXchg8): (JSC::MacroAssemblerX86Common::atomicXchg16): (JSC::MacroAssemblerX86Common::atomicXchg32): * b3/B3Kind.h: (JSC::B3::Kind::hasTraps const): * b3/B3LowerToAir.cpp: * b3/B3Width.h: (JSC::B3::bytesForWidth): * b3/testb3_8.cpp: (testAtomicXchg): * bytecode/BytecodeList.rb: * interpreter/Register.h: (JSC::Register::unboxedInt64 const): (JSC::Register::asanUnsafeUnboxedInt64 const): * jsc.cpp: (Message::releaseContents): (Message::Message): (JSC_DEFINE_HOST_FUNCTION): * llint/WebAssembly.asm: * offlineasm/arm64.rb: * offlineasm/instructions.rb: * offlineasm/x86.rb: * runtime/OptionsList.h: * wasm/WasmAirIRGenerator.cpp: (JSC::Wasm::AirIRGenerator::appendEffectful): (JSC::Wasm::accessWidth): (JSC::Wasm::sizeOfAtomicOpMemoryAccess): (JSC::Wasm::AirIRGenerator::fixupPointerPlusOffsetForAtomicOps): (JSC::Wasm::AirIRGenerator::sanitizeAtomicResult): (JSC::Wasm::AirIRGenerator::appendGeneralAtomic): (JSC::Wasm::AirIRGenerator::appendStrongCAS): (JSC::Wasm::AirIRGenerator::emitAtomicLoadOp): (JSC::Wasm::AirIRGenerator::atomicLoad): (JSC::Wasm::AirIRGenerator::emitAtomicStoreOp): (JSC::Wasm::AirIRGenerator::atomicStore): (JSC::Wasm::AirIRGenerator::emitAtomicBinaryRMWOp): (JSC::Wasm::AirIRGenerator::atomicBinaryRMW): (JSC::Wasm::AirIRGenerator::emitAtomicCompareExchange): (JSC::Wasm::AirIRGenerator::atomicCompareExchange): (JSC::Wasm::AirIRGenerator::atomicWait): (JSC::Wasm::AirIRGenerator::atomicNotify): (JSC::Wasm::AirIRGenerator::atomicFence): (JSC::Wasm::AirIRGenerator::addCall): * wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer): (JSC::Wasm::B3IRGenerator::memoryKind): (JSC::Wasm::accessWidth): (JSC::Wasm::sizeOfAtomicOpMemoryAccess): (JSC::Wasm::B3IRGenerator::sanitizeAtomicResult): (JSC::Wasm::B3IRGenerator::fixupPointerPlusOffsetForAtomicOps): (JSC::Wasm::B3IRGenerator::emitAtomicLoadOp): (JSC::Wasm::B3IRGenerator::atomicLoad): (JSC::Wasm::B3IRGenerator::emitAtomicStoreOp): (JSC::Wasm::B3IRGenerator::atomicStore): (JSC::Wasm::B3IRGenerator::emitAtomicBinaryRMWOp): (JSC::Wasm::B3IRGenerator::atomicBinaryRMW): (JSC::Wasm::B3IRGenerator::emitAtomicCompareExchange): (JSC::Wasm::B3IRGenerator::atomicCompareExchange): (JSC::Wasm::B3IRGenerator::atomicWait): (JSC::Wasm::B3IRGenerator::atomicNotify): (JSC::Wasm::B3IRGenerator::atomicFence): (JSC::Wasm::B3IRGenerator::addCall): * wasm/WasmFunctionParser.h: (JSC::Wasm::FunctionParser<Context>::atomicLoad): (JSC::Wasm::FunctionParser<Context>::atomicStore): (JSC::Wasm::FunctionParser<Context>::atomicBinaryRMW): (JSC::Wasm::FunctionParser<Context>::atomicCompareExchange): (JSC::Wasm::FunctionParser<Context>::atomicWait): (JSC::Wasm::FunctionParser<Context>::atomicNotify): (JSC::Wasm::FunctionParser<Context>::atomicFence): (JSC::Wasm::FunctionParser<Context>::parseExpression): (JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression): * wasm/WasmLLIntGenerator.cpp: (JSC::Wasm::LLIntGenerator::atomicLoad): (JSC::Wasm::LLIntGenerator::atomicStore): (JSC::Wasm::LLIntGenerator::atomicBinaryRMW): (JSC::Wasm::LLIntGenerator::atomicCompareExchange): (JSC::Wasm::LLIntGenerator::atomicWait): (JSC::Wasm::LLIntGenerator::atomicNotify): (JSC::Wasm::LLIntGenerator::atomicFence): * wasm/WasmMemory.h: * wasm/WasmMemoryInformation.cpp: (JSC::Wasm::MemoryInformation::MemoryInformation): * wasm/WasmMemoryInformation.h: (JSC::Wasm::MemoryInformation::isShared const): * wasm/WasmOperations.cpp: (JSC::Wasm::wait): (JSC::Wasm::JSC_DEFINE_JIT_OPERATION): * wasm/WasmOperations.h: * wasm/WasmSectionParser.cpp: (JSC::Wasm::SectionParser::parseResizableLimits): (JSC::Wasm::SectionParser::parseTableHelper): (JSC::Wasm::SectionParser::parseMemoryHelper): * wasm/WasmSectionParser.h: * wasm/WasmSlowPaths.cpp: (JSC::LLInt::WASM_SLOW_PATH_DECL): * wasm/WasmSlowPaths.h: * wasm/generateWasm.py: (isAtomic): (isAtomicLoad): (isAtomicStore): (isAtomicBinaryRMW): (memoryLog2Alignment): * wasm/generateWasmOpsHeader.py: (atomicMemoryLoadMacroizer): (atomicMemoryLoadMacroizer.modifier): (atomicMemoryStoreMacroizer): (atomicMemoryStoreMacroizer.modifier): (atomicBinaryRMWMacroizer): (atomicBinaryRMWMacroizer.modifier): (memoryLog2AlignmentGenerator): (atomicMemoryLog2AlignmentGenerator): (ExtAtomicOpType): * wasm/js/JSWebAssemblyInstance.cpp: (JSC::JSWebAssemblyInstance::tryCreate): * wasm/wasm.json: Canonical link: https://commits.webkit.org/231917@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270208 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-28 00:02:55 +00:00
.Memory("a", "b", {initial: numPages, maximum: numPages * 2, shared: true})
Unreviewed, relanding r269940 https://bugs.webkit.org/show_bug.cgi?id=219076 JSTests: * wasm/function-tests/trap-load-shared.js: Added. (wasmFrameCountFromError): * wasm/function-tests/trap-store-shared.js: Added. * wasm/js-api/test_memory.js: (binaryShouldNotParse): * wasm/stress/shared-memory-errors.js: Added. (assert.throws): * wasm/stress/shared-wasm-memory-buffer.js: Added. LayoutTests/imported/w3c: * web-platform-tests/html/webappapis/scripting/processing-model-2/integration-with-the-javascript-agent-formalism/requires-success.any.worker-expected.txt: * web-platform-tests/wasm/jsapi/memory/constructor-shared.tentative.any-expected.txt: * web-platform-tests/wasm/jsapi/memory/constructor-shared.tentative.any.worker-expected.txt: * web-platform-tests/wasm/jsapi/memory/constructor.any-expected.txt: * web-platform-tests/wasm/jsapi/memory/constructor.any.worker-expected.txt: * web-platform-tests/wasm/jsapi/memory/grow.any-expected.txt: * web-platform-tests/wasm/jsapi/memory/grow.any.worker-expected.txt: * web-platform-tests/webaudio/the-audio-api/the-audiobuffer-interface/audiobuffer-copy-channel-expected.txt: Source/JavaScriptCore: ARM64E clang optimizer is broken and optimizing forever if Wasm::MemoryHandle::memory() is inlined. Putting NEVER_INLINE onto this function for now (unfortunate). * CMakeLists.txt: * JavaScriptCore.xcodeproj/project.pbxproj: * llint/LLIntPCRanges.h: (JSC::LLInt::isWasmLLIntPC): * llint/LowLevelInterpreter.asm: * llint/WebAssembly.asm: * runtime/JSArrayBuffer.h: (JSC::JSArrayBuffer::toWrappedAllowShared): * runtime/JSArrayBufferView.h: * runtime/JSArrayBufferViewInlines.h: (JSC::JSArrayBufferView::toWrappedAllowShared): * runtime/JSGenericTypedArrayView.h: (JSC::JSGenericTypedArrayView<Adaptor>::toWrappedAllowShared): * runtime/Options.cpp: (JSC::overrideDefaults): (JSC::Options::initialize): * wasm/WasmAirIRGenerator.cpp: (JSC::Wasm::AirIRGenerator::AirIRGenerator): (JSC::Wasm::AirIRGenerator::restoreWebAssemblyGlobalState): (JSC::Wasm::AirIRGenerator::addCurrentMemory): (JSC::Wasm::AirIRGenerator::emitCheckAndPreparePointer): (JSC::Wasm::AirIRGenerator::addCall): (JSC::Wasm::AirIRGenerator::addCallIndirect): * wasm/WasmB3IRGenerator.cpp: (JSC::Wasm::B3IRGenerator::B3IRGenerator): (JSC::Wasm::B3IRGenerator::restoreWebAssemblyGlobalState): (JSC::Wasm::B3IRGenerator::addCurrentMemory): (JSC::Wasm::B3IRGenerator::emitCheckAndPreparePointer): (JSC::Wasm::B3IRGenerator::addCall): (JSC::Wasm::B3IRGenerator::addCallIndirect): * wasm/WasmBinding.cpp: (JSC::Wasm::wasmToWasm): * wasm/WasmFaultSignalHandler.cpp: (JSC::Wasm::trapHandler): (JSC::Wasm::enableFastMemory): (JSC::Wasm::prepareFastMemory): * wasm/WasmInstance.h: (JSC::Wasm::Instance::cachedMemory const): (JSC::Wasm::Instance::cachedBoundsCheckingSize const): (JSC::Wasm::Instance::updateCachedMemory): (JSC::Wasm::Instance::offsetOfCachedBoundsCheckingSize): (JSC::Wasm::Instance::cachedMemorySize const): Deleted. (JSC::Wasm::Instance::offsetOfCachedMemorySize): Deleted. * wasm/WasmMemory.cpp: (JSC::Wasm::MemoryHandle::MemoryHandle): (JSC::Wasm::MemoryHandle::~MemoryHandle): (JSC::Wasm::MemoryHandle::memory const): (JSC::Wasm::Memory::Memory): (JSC::Wasm::Memory::create): (JSC::Wasm::Memory::tryCreate): (JSC::Wasm::Memory::addressIsInGrowableOrFastMemory): (JSC::Wasm::Memory::growShared): (JSC::Wasm::Memory::grow): (JSC::Wasm::Memory::dump const): (JSC::Wasm::Memory::~Memory): Deleted. (JSC::Wasm::Memory::addressIsInActiveFastMemory): Deleted. * wasm/WasmMemory.h: (JSC::Wasm::Memory::addressIsInGrowableOrFastMemory): (JSC::Wasm::Memory::operator bool const): Deleted. (JSC::Wasm::Memory::memory const): Deleted. (JSC::Wasm::Memory::size const): Deleted. (JSC::Wasm::Memory::sizeInPages const): Deleted. (JSC::Wasm::Memory::initial const): Deleted. (JSC::Wasm::Memory::maximum const): Deleted. (JSC::Wasm::Memory::mode const): Deleted. (JSC::Wasm::Memory::check): Deleted. (JSC::Wasm::Memory::offsetOfMemory): Deleted. (JSC::Wasm::Memory::offsetOfSize): Deleted. (JSC::Wasm::Memory::addressIsInActiveFastMemory): Deleted. * wasm/WasmMemoryInformation.cpp: (JSC::Wasm::PinnedRegisterInfo::get): (JSC::Wasm::PinnedRegisterInfo::PinnedRegisterInfo): * wasm/WasmMemoryInformation.h: (JSC::Wasm::PinnedRegisterInfo::toSave const): * wasm/WasmMemoryMode.cpp: (JSC::Wasm::makeString): * wasm/WasmMemoryMode.h: * wasm/js/JSToWasm.cpp: (JSC::Wasm::createJSToWasmWrapper): * wasm/js/JSWebAssemblyInstance.cpp: (JSC::JSWebAssemblyInstance::tryCreate): * wasm/js/JSWebAssemblyMemory.cpp: (JSC::JSWebAssemblyMemory::buffer): (JSC::JSWebAssemblyMemory::growSuccessCallback): * wasm/js/JSWebAssemblyMemory.h: * wasm/js/WebAssemblyFunction.cpp: (JSC::WebAssemblyFunction::jsCallEntrypointSlow): * wasm/js/WebAssemblyMemoryConstructor.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * wasm/js/WebAssemblyMemoryPrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * wasm/js/WebAssemblyModuleRecord.cpp: (JSC::WebAssemblyModuleRecord::evaluate): Source/WebCore: Tests: js/dom/webassembly-memory-normal-fail.html js/dom/webassembly-memory-shared-basic.html js/dom/webassembly-memory-shared-fail.html storage/indexeddb/shared-memory-structured-clone.html * Headers.cmake: * Modules/indexeddb/server/IDBSerializationContext.cpp: (WebCore::IDBServer::IDBSerializationContext::initializeVM): * WebCore.xcodeproj/project.pbxproj: * bindings/IDLTypes.h: * bindings/js/CommonVM.cpp: (WebCore::commonVMSlow): * bindings/js/JSDOMConvertBufferSource.h: (WebCore::Detail::BufferSourceConverter::convert): (WebCore::Converter<IDLArrayBuffer>::convert): (WebCore::Converter<IDLDataView>::convert): (WebCore::Converter<IDLInt8Array>::convert): (WebCore::Converter<IDLInt16Array>::convert): (WebCore::Converter<IDLInt32Array>::convert): (WebCore::Converter<IDLUint8Array>::convert): (WebCore::Converter<IDLUint16Array>::convert): (WebCore::Converter<IDLUint32Array>::convert): (WebCore::Converter<IDLUint8ClampedArray>::convert): (WebCore::Converter<IDLFloat32Array>::convert): (WebCore::Converter<IDLFloat64Array>::convert): (WebCore::Converter<IDLArrayBufferView>::convert): (WebCore::Converter<IDLAllowSharedAdaptor<T>>::convert): * bindings/js/JSDOMConvertUnion.h: * bindings/js/SerializedScriptValue.cpp: (WebCore::CloneSerializer::serialize): (WebCore::CloneSerializer::CloneSerializer): (WebCore::CloneSerializer::dumpIfTerminal): (WebCore::CloneDeserializer::deserialize): (WebCore::CloneDeserializer::CloneDeserializer): (WebCore::CloneDeserializer::readTerminal): (WebCore::SerializedScriptValue::SerializedScriptValue): (WebCore::SerializedScriptValue::computeMemoryCost const): (WebCore::SerializedScriptValue::create): (WebCore::SerializedScriptValue::deserialize): * bindings/js/SerializedScriptValue.h: * bindings/js/WebCoreJSClientData.cpp: (WebCore::JSVMClientData::initNormalWorld): * bindings/js/WebCoreJSClientData.h: * bindings/js/WebCoreTypedArrayController.cpp: (WebCore::WebCoreTypedArrayController::WebCoreTypedArrayController): (WebCore::WebCoreTypedArrayController::isAtomicsWaitAllowedOnCurrentThread): * bindings/js/WebCoreTypedArrayController.h: * bindings/scripts/CodeGeneratorJS.pm: (IsAnnotatedType): (GetAnnotatedIDLType): * bindings/scripts/IDLAttributes.json: * bindings/scripts/test/JS/JSTestObj.cpp: (WebCore::JSTestObjDOMConstructor::construct): (WebCore::jsTestObjPrototypeFunction_encodeIntoBody): (WebCore::JSC_DEFINE_HOST_FUNCTION): * bindings/scripts/test/TestObj.idl: * dom/TextDecoder.idl: * dom/TextDecoderStreamDecoder.idl: * dom/TextEncoder.idl: * workers/DedicatedWorkerGlobalScope.cpp: (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): * workers/WorkerGlobalScope.cpp: (WebCore::WorkerGlobalScope::WorkerGlobalScope): * workers/WorkerGlobalScope.h: * workers/WorkerOrWorkletGlobalScope.cpp: (WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope): * workers/WorkerOrWorkletGlobalScope.h: * workers/WorkerOrWorkletScriptController.cpp: (WebCore::WorkerOrWorkletScriptController::WorkerOrWorkletScriptController): * workers/WorkerOrWorkletScriptController.h: * workers/WorkerThreadType.h: Added. * workers/service/ServiceWorkerGlobalScope.cpp: (WebCore::ServiceWorkerGlobalScope::ServiceWorkerGlobalScope): * worklets/WorkletGlobalScope.cpp: (WebCore::WorkletGlobalScope::WorkletGlobalScope): Source/WTF: * wtf/PlatformEnable.h: LayoutTests: * js/dom/resources/webassembly-memory-normal-fail-worker.js: Added. * js/dom/resources/webassembly-memory-shared-worker.js: Added. (onmessage): * js/dom/webassembly-memory-normal-fail-expected.txt: Added. * js/dom/webassembly-memory-normal-fail.html: Added. * js/dom/webassembly-memory-shared-basic-expected.txt: Added. * js/dom/webassembly-memory-shared-basic.html: Added. * js/dom/webassembly-memory-shared-fail-expected.txt: Added. * js/dom/webassembly-memory-shared-fail.html: Added. * platform/win/TestExpectations: * storage/indexeddb/resources/shared-memory-structured-clone.js: Added. (prepareDatabase): (async startTests): (testSharedWebAssemblyMemory): * storage/indexeddb/shared-memory-structured-clone-expected.txt: Added. * storage/indexeddb/shared-memory-structured-clone.html: Added. Canonical link: https://commits.webkit.org/231721@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269974 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 20:22:16 +00:00
.End()
.Function().End()
.Export().Function("foo").End()
.Code()
.Function("foo", {params: ["i32", "i32"]})
.GetLocal(1)
.GetLocal(0)
.I32Store(2, 0)
.End()
.End();
const bin = builder.WebAssembly().get();
const module = new WebAssembly.Module(bin);
const foo = new WebAssembly.Instance(module, {a: {b: new WebAssembly.Memory({initial: numPages, maximum: numPages * 2, shared: true})}}).exports.foo;
for (let i = 0; i < 10000; i++)
assert.throws(() => foo(i, numPages * pageSize + 1), WebAssembly.RuntimeError, "Out of bounds memory access");
}