2016-08-06 03:48:10 +00:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2016 Apple Inc. All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
|
|
|
|
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
|
|
|
|
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
|
|
|
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
|
|
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
|
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
|
|
|
|
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#pragma once
|
|
|
|
|
|
|
|
#include <algorithm>
|
2017-08-10 23:42:14 +00:00
|
|
|
#include <limits.h>
|
2018-10-15 14:24:49 +00:00
|
|
|
#include <wtf/Compiler.h>
|
2016-08-06 03:48:10 +00:00
|
|
|
|
|
|
|
// This file contains a bunch of helper functions for decoding LEB numbers.
|
|
|
|
// See https://en.wikipedia.org/wiki/LEB128 for more information about the
|
|
|
|
// LEB format.
|
|
|
|
|
2016-10-21 16:02:39 +00:00
|
|
|
namespace WTF { namespace LEBDecoder {
|
2016-08-06 03:48:10 +00:00
|
|
|
|
2016-12-09 01:34:05 +00:00
|
|
|
template<typename T>
|
2018-10-25 22:23:23 +00:00
|
|
|
constexpr size_t maxByteLength()
|
2016-08-06 03:48:10 +00:00
|
|
|
{
|
[JSC] Improve Wasm binary test coverage
https://bugs.webkit.org/show_bug.cgi?id=204843
Reviewed by Darin Adler.
JSTests:
* wasm/function-tests/grow-memory.js:
(binaryShouldNotParse):
* wasm/spec-tests/binary-leb128.wast.js:
* wasm/spec-tests/binary.wast.js:
* wasm/wasm.json:
Source/JavaScriptCore:
This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
2. global section should have uint8 mutability information, not varuint32.
3. memory section should have varuint32 memory count.
* wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobalType):
* wasm/wasm.json:
Source/WTF:
LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
0xff, 0xff, 0xff, 0xff, 0x0f
0b1111111_1111111_1111111_1111111_1111
Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
But we can also make it in the following form
0xff, 0xff, 0xff, 0xff, 0xff
0b1111111_1111111_1111111_1111111_1111
In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
We should reject this input since the last byte includes overflown bits.
This patch adds this validation to WTF.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::lastByteMask):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Tools:
We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
* TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
(TestWebKitAPI::toString):
(TestWebKitAPI::testUInt32LEBDecode):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testUInt64LEBDecode):
(TestWebKitAPI::testInt32LEBDecode):
(TestWebKitAPI::testInt64LEBDecode):
Canonical link: https://commits.webkit.org/231741@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269998 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 23:50:34 +00:00
|
|
|
constexpr size_t numBits = sizeof(T) * CHAR_BIT;
|
[WebAssembly] Parse wasm modules in a streaming fashion
https://bugs.webkit.org/show_bug.cgi?id=188943
Reviewed by Mark Lam.
JSTests:
Wasm parsing error should not report the total byte size since streaming parsing does not
want to load all the bytes.
Add a simple test wasm/stress/streaming-basic.js for initial streaming parsing implementation.
* wasm/function-tests/invalid-duplicate-export.js:
* wasm/function-tests/memory-alignment.js:
(const.op.of.WASM.opcodes):
* wasm/function-tests/memory-section-and-import.js:
* wasm/function-tests/void-argument-type-should-be-a-validation-error.js:
* wasm/js-api/Module-compile.js:
(async.testPromiseAPI):
* wasm/js-api/element.js:
(assert.throws.new.WebAssembly.Module.builder.WebAssembly):
(assert.throws):
* wasm/js-api/global-error.js:
(assert.throws.new.WebAssembly.Module.bin):
(assert.throws):
* wasm/js-api/table.js:
(new.WebAssembly.Module):
(assert.throws):
(assertBadTableImport):
* wasm/js-api/test_Data.js:
(DataSectionWithoutMemory):
* wasm/js-api/test_Start.js:
(InvalidStartFunctionIndex):
* wasm/js-api/test_basic_api.js:
(const.c.in.constructorProperties.switch):
* wasm/js-api/version.js:
* wasm/stress/nameSection.wasm: Added.
* wasm/stress/streaming-basic.js: Added.
(check):
Source/JavaScriptCore:
This patch adds Wasm::StreamingParser, which parses wasm binary in a streaming fashion.
Currently, this StreamingParser is not enabled and integrated. In subsequent patches,
we start integrating it into BBQPlan and dropping the old ModuleParser.
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* tools/JSDollarVM.cpp:
(WTF::WasmStreamingParser::WasmStreamingParser):
(WTF::WasmStreamingParser::create):
(WTF::WasmStreamingParser::createStructure):
(WTF::WasmStreamingParser::streamingParser):
(WTF::WasmStreamingParser::finishCreation):
(WTF::functionWasmStreamingParserAddBytes):
(WTF::functionWasmStreamingParserFinalize):
(JSC::functionCreateWasmStreamingParser):
(JSC::JSDollarVM::finishCreation):
The $vm Wasm::StreamingParser object is introduced for testing purpose. Added new stress test uses
this interface to test streaming parser in the JSC shell.
* wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::BBQPlan):
(JSC::Wasm::BBQPlan::parseAndValidateModule):
(JSC::Wasm::BBQPlan::prepare):
(JSC::Wasm::BBQPlan::compileFunctions):
(JSC::Wasm::BBQPlan::complete):
(JSC::Wasm::BBQPlan::work):
* wasm/WasmBBQPlan.h:
BBQPlan has m_source, but once ModuleInformation is parsed, it is no longer necessary.
In subsequent patches, we will remove this, and stream the data into the BBQPlan.
* wasm/WasmFormat.h:
* wasm/WasmModuleInformation.cpp:
(JSC::Wasm::ModuleInformation::ModuleInformation):
* wasm/WasmModuleInformation.h:
One of the largest change in this patch is that ModuleInformation no longer holds source bytes,
since source bytes can be added in a streaming fashion. Instead of holding all the source bytes
in ModuleInformation, each function (ModuleInformation::functions, FunctionData) should have
Vector<uint8_t> for its data. This data is eventually filled by StreamingParser, and compiling
a function with this data can be done concurrently with StreamingParser.
(JSC::Wasm::ModuleInformation::create):
(JSC::Wasm::ModuleInformation::memoryCount const):
(JSC::Wasm::ModuleInformation::tableCount const):
memoryCount and tableCount should be recorded in ModuleInformation.
* wasm/WasmModuleParser.cpp:
(JSC::Wasm::ModuleParser::parse):
(JSC::Wasm::makeI32InitExpr): Deleted.
(JSC::Wasm::ModuleParser::parseType): Deleted.
(JSC::Wasm::ModuleParser::parseImport): Deleted.
(JSC::Wasm::ModuleParser::parseFunction): Deleted.
(JSC::Wasm::ModuleParser::parseResizableLimits): Deleted.
(JSC::Wasm::ModuleParser::parseTableHelper): Deleted.
(JSC::Wasm::ModuleParser::parseTable): Deleted.
(JSC::Wasm::ModuleParser::parseMemoryHelper): Deleted.
(JSC::Wasm::ModuleParser::parseMemory): Deleted.
(JSC::Wasm::ModuleParser::parseGlobal): Deleted.
(JSC::Wasm::ModuleParser::parseExport): Deleted.
(JSC::Wasm::ModuleParser::parseStart): Deleted.
(JSC::Wasm::ModuleParser::parseElement): Deleted.
(JSC::Wasm::ModuleParser::parseCode): Deleted.
(JSC::Wasm::ModuleParser::parseInitExpr): Deleted.
(JSC::Wasm::ModuleParser::parseGlobalType): Deleted.
(JSC::Wasm::ModuleParser::parseData): Deleted.
(JSC::Wasm::ModuleParser::parseCustom): Deleted.
Extract section parsing code out from ModuleParser. We create SectionParser and ModuleParser uses it.
SectionParser is also used by StreamingParser.
* wasm/WasmModuleParser.h:
(): Deleted.
* wasm/WasmNameSection.h:
(JSC::Wasm::NameSection::NameSection):
(JSC::Wasm::NameSection::create):
(JSC::Wasm::NameSection::setHash):
Hash calculation is deferred since all the source is not available in streaming parsing.
* wasm/WasmNameSectionParser.cpp:
(JSC::Wasm::NameSectionParser::parse):
* wasm/WasmNameSectionParser.h:
Use Ref<NameSection>.
* wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::work):
Wasm::Plan no longer have m_source since data will be eventually filled in a streaming fashion.
OMGPlan can get data of the function by using ModuleInformation::functions.
* wasm/WasmParser.h:
(JSC::Wasm::Parser::source const):
(JSC::Wasm::Parser::length const):
(JSC::Wasm::Parser::offset const):
(JSC::Wasm::Parser::fail const):
(JSC::Wasm::makeI32InitExpr):
* wasm/WasmPlan.cpp:
(JSC::Wasm::Plan::Plan):
Wasm::Plan should not have all the source apriori. Streamed data will be pumped from the provider.
* wasm/WasmPlan.h:
* wasm/WasmSectionParser.cpp: Copied from Source/JavaScriptCore/wasm/WasmModuleParser.cpp.
SectionParser is extracted from ModuleParser. And it is used by both the old (currently working)
ModuleParser and the new StreamingParser.
(JSC::Wasm::SectionParser::parseType):
(JSC::Wasm::SectionParser::parseImport):
(JSC::Wasm::SectionParser::parseFunction):
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseTableHelper):
(JSC::Wasm::SectionParser::parseTable):
(JSC::Wasm::SectionParser::parseMemoryHelper):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobal):
(JSC::Wasm::SectionParser::parseExport):
(JSC::Wasm::SectionParser::parseStart):
(JSC::Wasm::SectionParser::parseElement):
(JSC::Wasm::SectionParser::parseCode):
(JSC::Wasm::SectionParser::parseInitExpr):
(JSC::Wasm::SectionParser::parseGlobalType):
(JSC::Wasm::SectionParser::parseData):
(JSC::Wasm::SectionParser::parseCustom):
* wasm/WasmSectionParser.h: Copied from Source/JavaScriptCore/wasm/WasmModuleParser.h.
* wasm/WasmStreamingParser.cpp: Added.
(JSC::Wasm::parseUInt7):
(JSC::Wasm::StreamingParser::fail):
(JSC::Wasm::StreamingParser::StreamingParser):
(JSC::Wasm::StreamingParser::parseModuleHeader):
(JSC::Wasm::StreamingParser::parseSectionID):
(JSC::Wasm::StreamingParser::parseSectionSize):
(JSC::Wasm::StreamingParser::parseCodeSectionSize):
Code section in Wasm binary is specially handled compared with the other sections since it includes
a bunch of functions. StreamingParser extracts each function in a streaming fashion and enable
streaming validation / compilation of Wasm functions.
(JSC::Wasm::StreamingParser::parseFunctionSize):
(JSC::Wasm::StreamingParser::parseFunctionPayload):
(JSC::Wasm::StreamingParser::parseSectionPayload):
(JSC::Wasm::StreamingParser::consume):
(JSC::Wasm::StreamingParser::consumeVarUInt32):
(JSC::Wasm::StreamingParser::addBytes):
(JSC::Wasm::StreamingParser::failOnState):
(JSC::Wasm::StreamingParser::finalize):
* wasm/WasmStreamingParser.h: Added.
(JSC::Wasm::StreamingParser::addBytes):
(JSC::Wasm::StreamingParser::errorMessage const):
This is our new StreamingParser implementation. StreamingParser::consumeXXX functions get data, and
StreamingParser::parseXXX functions parse consumed data. The user of StreamingParser calls
StreamingParser::addBytes() to pump the bytes stream into the parser. And once all the data is pumped,
the user calls StreamingParser::finalize. StreamingParser is a state machine which feeds on the
incoming byte stream.
* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::source const): Deleted.
All the source should not be held.
* wasm/js/JSWebAssemblyModule.h:
* wasm/js/WebAssemblyPrototype.cpp:
(JSC::webAssemblyValidateFunc):
Source/WTF:
Add maxByteLength function to get the maximum size for T.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Canonical link: https://commits.webkit.org/204074@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235420 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-08-28 06:38:29 +00:00
|
|
|
return (numBits - 1) / 7 + 1; // numBits / 7 rounding up.
|
|
|
|
}
|
|
|
|
|
[JSC] Improve Wasm binary test coverage
https://bugs.webkit.org/show_bug.cgi?id=204843
Reviewed by Darin Adler.
JSTests:
* wasm/function-tests/grow-memory.js:
(binaryShouldNotParse):
* wasm/spec-tests/binary-leb128.wast.js:
* wasm/spec-tests/binary.wast.js:
* wasm/wasm.json:
Source/JavaScriptCore:
This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
2. global section should have uint8 mutability information, not varuint32.
3. memory section should have varuint32 memory count.
* wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobalType):
* wasm/wasm.json:
Source/WTF:
LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
0xff, 0xff, 0xff, 0xff, 0x0f
0b1111111_1111111_1111111_1111111_1111
Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
But we can also make it in the following form
0xff, 0xff, 0xff, 0xff, 0xff
0b1111111_1111111_1111111_1111111_1111
In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
We should reject this input since the last byte includes overflown bits.
This patch adds this validation to WTF.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::lastByteMask):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Tools:
We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
* TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
(TestWebKitAPI::toString):
(TestWebKitAPI::testUInt32LEBDecode):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testUInt64LEBDecode):
(TestWebKitAPI::testInt32LEBDecode):
(TestWebKitAPI::testInt64LEBDecode):
Canonical link: https://commits.webkit.org/231741@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269998 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 23:50:34 +00:00
|
|
|
template<typename T>
|
|
|
|
constexpr unsigned lastByteMask()
|
|
|
|
{
|
|
|
|
constexpr size_t numBits = sizeof(T) * CHAR_BIT;
|
|
|
|
static_assert(numBits % 7);
|
|
|
|
return ~((1U << (numBits % 7)) - 1);
|
|
|
|
}
|
|
|
|
|
[WebAssembly] Parse wasm modules in a streaming fashion
https://bugs.webkit.org/show_bug.cgi?id=188943
Reviewed by Mark Lam.
JSTests:
Wasm parsing error should not report the total byte size since streaming parsing does not
want to load all the bytes.
Add a simple test wasm/stress/streaming-basic.js for initial streaming parsing implementation.
* wasm/function-tests/invalid-duplicate-export.js:
* wasm/function-tests/memory-alignment.js:
(const.op.of.WASM.opcodes):
* wasm/function-tests/memory-section-and-import.js:
* wasm/function-tests/void-argument-type-should-be-a-validation-error.js:
* wasm/js-api/Module-compile.js:
(async.testPromiseAPI):
* wasm/js-api/element.js:
(assert.throws.new.WebAssembly.Module.builder.WebAssembly):
(assert.throws):
* wasm/js-api/global-error.js:
(assert.throws.new.WebAssembly.Module.bin):
(assert.throws):
* wasm/js-api/table.js:
(new.WebAssembly.Module):
(assert.throws):
(assertBadTableImport):
* wasm/js-api/test_Data.js:
(DataSectionWithoutMemory):
* wasm/js-api/test_Start.js:
(InvalidStartFunctionIndex):
* wasm/js-api/test_basic_api.js:
(const.c.in.constructorProperties.switch):
* wasm/js-api/version.js:
* wasm/stress/nameSection.wasm: Added.
* wasm/stress/streaming-basic.js: Added.
(check):
Source/JavaScriptCore:
This patch adds Wasm::StreamingParser, which parses wasm binary in a streaming fashion.
Currently, this StreamingParser is not enabled and integrated. In subsequent patches,
we start integrating it into BBQPlan and dropping the old ModuleParser.
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* tools/JSDollarVM.cpp:
(WTF::WasmStreamingParser::WasmStreamingParser):
(WTF::WasmStreamingParser::create):
(WTF::WasmStreamingParser::createStructure):
(WTF::WasmStreamingParser::streamingParser):
(WTF::WasmStreamingParser::finishCreation):
(WTF::functionWasmStreamingParserAddBytes):
(WTF::functionWasmStreamingParserFinalize):
(JSC::functionCreateWasmStreamingParser):
(JSC::JSDollarVM::finishCreation):
The $vm Wasm::StreamingParser object is introduced for testing purpose. Added new stress test uses
this interface to test streaming parser in the JSC shell.
* wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::BBQPlan):
(JSC::Wasm::BBQPlan::parseAndValidateModule):
(JSC::Wasm::BBQPlan::prepare):
(JSC::Wasm::BBQPlan::compileFunctions):
(JSC::Wasm::BBQPlan::complete):
(JSC::Wasm::BBQPlan::work):
* wasm/WasmBBQPlan.h:
BBQPlan has m_source, but once ModuleInformation is parsed, it is no longer necessary.
In subsequent patches, we will remove this, and stream the data into the BBQPlan.
* wasm/WasmFormat.h:
* wasm/WasmModuleInformation.cpp:
(JSC::Wasm::ModuleInformation::ModuleInformation):
* wasm/WasmModuleInformation.h:
One of the largest change in this patch is that ModuleInformation no longer holds source bytes,
since source bytes can be added in a streaming fashion. Instead of holding all the source bytes
in ModuleInformation, each function (ModuleInformation::functions, FunctionData) should have
Vector<uint8_t> for its data. This data is eventually filled by StreamingParser, and compiling
a function with this data can be done concurrently with StreamingParser.
(JSC::Wasm::ModuleInformation::create):
(JSC::Wasm::ModuleInformation::memoryCount const):
(JSC::Wasm::ModuleInformation::tableCount const):
memoryCount and tableCount should be recorded in ModuleInformation.
* wasm/WasmModuleParser.cpp:
(JSC::Wasm::ModuleParser::parse):
(JSC::Wasm::makeI32InitExpr): Deleted.
(JSC::Wasm::ModuleParser::parseType): Deleted.
(JSC::Wasm::ModuleParser::parseImport): Deleted.
(JSC::Wasm::ModuleParser::parseFunction): Deleted.
(JSC::Wasm::ModuleParser::parseResizableLimits): Deleted.
(JSC::Wasm::ModuleParser::parseTableHelper): Deleted.
(JSC::Wasm::ModuleParser::parseTable): Deleted.
(JSC::Wasm::ModuleParser::parseMemoryHelper): Deleted.
(JSC::Wasm::ModuleParser::parseMemory): Deleted.
(JSC::Wasm::ModuleParser::parseGlobal): Deleted.
(JSC::Wasm::ModuleParser::parseExport): Deleted.
(JSC::Wasm::ModuleParser::parseStart): Deleted.
(JSC::Wasm::ModuleParser::parseElement): Deleted.
(JSC::Wasm::ModuleParser::parseCode): Deleted.
(JSC::Wasm::ModuleParser::parseInitExpr): Deleted.
(JSC::Wasm::ModuleParser::parseGlobalType): Deleted.
(JSC::Wasm::ModuleParser::parseData): Deleted.
(JSC::Wasm::ModuleParser::parseCustom): Deleted.
Extract section parsing code out from ModuleParser. We create SectionParser and ModuleParser uses it.
SectionParser is also used by StreamingParser.
* wasm/WasmModuleParser.h:
(): Deleted.
* wasm/WasmNameSection.h:
(JSC::Wasm::NameSection::NameSection):
(JSC::Wasm::NameSection::create):
(JSC::Wasm::NameSection::setHash):
Hash calculation is deferred since all the source is not available in streaming parsing.
* wasm/WasmNameSectionParser.cpp:
(JSC::Wasm::NameSectionParser::parse):
* wasm/WasmNameSectionParser.h:
Use Ref<NameSection>.
* wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::work):
Wasm::Plan no longer have m_source since data will be eventually filled in a streaming fashion.
OMGPlan can get data of the function by using ModuleInformation::functions.
* wasm/WasmParser.h:
(JSC::Wasm::Parser::source const):
(JSC::Wasm::Parser::length const):
(JSC::Wasm::Parser::offset const):
(JSC::Wasm::Parser::fail const):
(JSC::Wasm::makeI32InitExpr):
* wasm/WasmPlan.cpp:
(JSC::Wasm::Plan::Plan):
Wasm::Plan should not have all the source apriori. Streamed data will be pumped from the provider.
* wasm/WasmPlan.h:
* wasm/WasmSectionParser.cpp: Copied from Source/JavaScriptCore/wasm/WasmModuleParser.cpp.
SectionParser is extracted from ModuleParser. And it is used by both the old (currently working)
ModuleParser and the new StreamingParser.
(JSC::Wasm::SectionParser::parseType):
(JSC::Wasm::SectionParser::parseImport):
(JSC::Wasm::SectionParser::parseFunction):
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseTableHelper):
(JSC::Wasm::SectionParser::parseTable):
(JSC::Wasm::SectionParser::parseMemoryHelper):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobal):
(JSC::Wasm::SectionParser::parseExport):
(JSC::Wasm::SectionParser::parseStart):
(JSC::Wasm::SectionParser::parseElement):
(JSC::Wasm::SectionParser::parseCode):
(JSC::Wasm::SectionParser::parseInitExpr):
(JSC::Wasm::SectionParser::parseGlobalType):
(JSC::Wasm::SectionParser::parseData):
(JSC::Wasm::SectionParser::parseCustom):
* wasm/WasmSectionParser.h: Copied from Source/JavaScriptCore/wasm/WasmModuleParser.h.
* wasm/WasmStreamingParser.cpp: Added.
(JSC::Wasm::parseUInt7):
(JSC::Wasm::StreamingParser::fail):
(JSC::Wasm::StreamingParser::StreamingParser):
(JSC::Wasm::StreamingParser::parseModuleHeader):
(JSC::Wasm::StreamingParser::parseSectionID):
(JSC::Wasm::StreamingParser::parseSectionSize):
(JSC::Wasm::StreamingParser::parseCodeSectionSize):
Code section in Wasm binary is specially handled compared with the other sections since it includes
a bunch of functions. StreamingParser extracts each function in a streaming fashion and enable
streaming validation / compilation of Wasm functions.
(JSC::Wasm::StreamingParser::parseFunctionSize):
(JSC::Wasm::StreamingParser::parseFunctionPayload):
(JSC::Wasm::StreamingParser::parseSectionPayload):
(JSC::Wasm::StreamingParser::consume):
(JSC::Wasm::StreamingParser::consumeVarUInt32):
(JSC::Wasm::StreamingParser::addBytes):
(JSC::Wasm::StreamingParser::failOnState):
(JSC::Wasm::StreamingParser::finalize):
* wasm/WasmStreamingParser.h: Added.
(JSC::Wasm::StreamingParser::addBytes):
(JSC::Wasm::StreamingParser::errorMessage const):
This is our new StreamingParser implementation. StreamingParser::consumeXXX functions get data, and
StreamingParser::parseXXX functions parse consumed data. The user of StreamingParser calls
StreamingParser::addBytes() to pump the bytes stream into the parser. And once all the data is pumped,
the user calls StreamingParser::finalize. StreamingParser is a state machine which feeds on the
incoming byte stream.
* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::source const): Deleted.
All the source should not be held.
* wasm/js/JSWebAssemblyModule.h:
* wasm/js/WebAssemblyPrototype.cpp:
(JSC::webAssemblyValidateFunc):
Source/WTF:
Add maxByteLength function to get the maximum size for T.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Canonical link: https://commits.webkit.org/204074@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235420 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-08-28 06:38:29 +00:00
|
|
|
template<typename T>
|
|
|
|
inline bool WARN_UNUSED_RETURN decodeUInt(const uint8_t* bytes, size_t length, size_t& offset, T& result)
|
|
|
|
{
|
[JSC] Improve Wasm binary test coverage
https://bugs.webkit.org/show_bug.cgi?id=204843
Reviewed by Darin Adler.
JSTests:
* wasm/function-tests/grow-memory.js:
(binaryShouldNotParse):
* wasm/spec-tests/binary-leb128.wast.js:
* wasm/spec-tests/binary.wast.js:
* wasm/wasm.json:
Source/JavaScriptCore:
This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
2. global section should have uint8 mutability information, not varuint32.
3. memory section should have varuint32 memory count.
* wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobalType):
* wasm/wasm.json:
Source/WTF:
LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
0xff, 0xff, 0xff, 0xff, 0x0f
0b1111111_1111111_1111111_1111111_1111
Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
But we can also make it in the following form
0xff, 0xff, 0xff, 0xff, 0xff
0b1111111_1111111_1111111_1111111_1111
In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
We should reject this input since the last byte includes overflown bits.
This patch adds this validation to WTF.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::lastByteMask):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Tools:
We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
* TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
(TestWebKitAPI::toString):
(TestWebKitAPI::testUInt32LEBDecode):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testUInt64LEBDecode):
(TestWebKitAPI::testInt32LEBDecode):
(TestWebKitAPI::testInt64LEBDecode):
Canonical link: https://commits.webkit.org/231741@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269998 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 23:50:34 +00:00
|
|
|
static_assert(std::is_unsigned_v<T>);
|
2016-11-10 23:07:15 +00:00
|
|
|
if (length <= offset)
|
|
|
|
return false;
|
2016-08-06 03:48:10 +00:00
|
|
|
result = 0;
|
|
|
|
unsigned shift = 0;
|
[WebAssembly] Parse wasm modules in a streaming fashion
https://bugs.webkit.org/show_bug.cgi?id=188943
Reviewed by Mark Lam.
JSTests:
Wasm parsing error should not report the total byte size since streaming parsing does not
want to load all the bytes.
Add a simple test wasm/stress/streaming-basic.js for initial streaming parsing implementation.
* wasm/function-tests/invalid-duplicate-export.js:
* wasm/function-tests/memory-alignment.js:
(const.op.of.WASM.opcodes):
* wasm/function-tests/memory-section-and-import.js:
* wasm/function-tests/void-argument-type-should-be-a-validation-error.js:
* wasm/js-api/Module-compile.js:
(async.testPromiseAPI):
* wasm/js-api/element.js:
(assert.throws.new.WebAssembly.Module.builder.WebAssembly):
(assert.throws):
* wasm/js-api/global-error.js:
(assert.throws.new.WebAssembly.Module.bin):
(assert.throws):
* wasm/js-api/table.js:
(new.WebAssembly.Module):
(assert.throws):
(assertBadTableImport):
* wasm/js-api/test_Data.js:
(DataSectionWithoutMemory):
* wasm/js-api/test_Start.js:
(InvalidStartFunctionIndex):
* wasm/js-api/test_basic_api.js:
(const.c.in.constructorProperties.switch):
* wasm/js-api/version.js:
* wasm/stress/nameSection.wasm: Added.
* wasm/stress/streaming-basic.js: Added.
(check):
Source/JavaScriptCore:
This patch adds Wasm::StreamingParser, which parses wasm binary in a streaming fashion.
Currently, this StreamingParser is not enabled and integrated. In subsequent patches,
we start integrating it into BBQPlan and dropping the old ModuleParser.
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* tools/JSDollarVM.cpp:
(WTF::WasmStreamingParser::WasmStreamingParser):
(WTF::WasmStreamingParser::create):
(WTF::WasmStreamingParser::createStructure):
(WTF::WasmStreamingParser::streamingParser):
(WTF::WasmStreamingParser::finishCreation):
(WTF::functionWasmStreamingParserAddBytes):
(WTF::functionWasmStreamingParserFinalize):
(JSC::functionCreateWasmStreamingParser):
(JSC::JSDollarVM::finishCreation):
The $vm Wasm::StreamingParser object is introduced for testing purpose. Added new stress test uses
this interface to test streaming parser in the JSC shell.
* wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::BBQPlan):
(JSC::Wasm::BBQPlan::parseAndValidateModule):
(JSC::Wasm::BBQPlan::prepare):
(JSC::Wasm::BBQPlan::compileFunctions):
(JSC::Wasm::BBQPlan::complete):
(JSC::Wasm::BBQPlan::work):
* wasm/WasmBBQPlan.h:
BBQPlan has m_source, but once ModuleInformation is parsed, it is no longer necessary.
In subsequent patches, we will remove this, and stream the data into the BBQPlan.
* wasm/WasmFormat.h:
* wasm/WasmModuleInformation.cpp:
(JSC::Wasm::ModuleInformation::ModuleInformation):
* wasm/WasmModuleInformation.h:
One of the largest change in this patch is that ModuleInformation no longer holds source bytes,
since source bytes can be added in a streaming fashion. Instead of holding all the source bytes
in ModuleInformation, each function (ModuleInformation::functions, FunctionData) should have
Vector<uint8_t> for its data. This data is eventually filled by StreamingParser, and compiling
a function with this data can be done concurrently with StreamingParser.
(JSC::Wasm::ModuleInformation::create):
(JSC::Wasm::ModuleInformation::memoryCount const):
(JSC::Wasm::ModuleInformation::tableCount const):
memoryCount and tableCount should be recorded in ModuleInformation.
* wasm/WasmModuleParser.cpp:
(JSC::Wasm::ModuleParser::parse):
(JSC::Wasm::makeI32InitExpr): Deleted.
(JSC::Wasm::ModuleParser::parseType): Deleted.
(JSC::Wasm::ModuleParser::parseImport): Deleted.
(JSC::Wasm::ModuleParser::parseFunction): Deleted.
(JSC::Wasm::ModuleParser::parseResizableLimits): Deleted.
(JSC::Wasm::ModuleParser::parseTableHelper): Deleted.
(JSC::Wasm::ModuleParser::parseTable): Deleted.
(JSC::Wasm::ModuleParser::parseMemoryHelper): Deleted.
(JSC::Wasm::ModuleParser::parseMemory): Deleted.
(JSC::Wasm::ModuleParser::parseGlobal): Deleted.
(JSC::Wasm::ModuleParser::parseExport): Deleted.
(JSC::Wasm::ModuleParser::parseStart): Deleted.
(JSC::Wasm::ModuleParser::parseElement): Deleted.
(JSC::Wasm::ModuleParser::parseCode): Deleted.
(JSC::Wasm::ModuleParser::parseInitExpr): Deleted.
(JSC::Wasm::ModuleParser::parseGlobalType): Deleted.
(JSC::Wasm::ModuleParser::parseData): Deleted.
(JSC::Wasm::ModuleParser::parseCustom): Deleted.
Extract section parsing code out from ModuleParser. We create SectionParser and ModuleParser uses it.
SectionParser is also used by StreamingParser.
* wasm/WasmModuleParser.h:
(): Deleted.
* wasm/WasmNameSection.h:
(JSC::Wasm::NameSection::NameSection):
(JSC::Wasm::NameSection::create):
(JSC::Wasm::NameSection::setHash):
Hash calculation is deferred since all the source is not available in streaming parsing.
* wasm/WasmNameSectionParser.cpp:
(JSC::Wasm::NameSectionParser::parse):
* wasm/WasmNameSectionParser.h:
Use Ref<NameSection>.
* wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::work):
Wasm::Plan no longer have m_source since data will be eventually filled in a streaming fashion.
OMGPlan can get data of the function by using ModuleInformation::functions.
* wasm/WasmParser.h:
(JSC::Wasm::Parser::source const):
(JSC::Wasm::Parser::length const):
(JSC::Wasm::Parser::offset const):
(JSC::Wasm::Parser::fail const):
(JSC::Wasm::makeI32InitExpr):
* wasm/WasmPlan.cpp:
(JSC::Wasm::Plan::Plan):
Wasm::Plan should not have all the source apriori. Streamed data will be pumped from the provider.
* wasm/WasmPlan.h:
* wasm/WasmSectionParser.cpp: Copied from Source/JavaScriptCore/wasm/WasmModuleParser.cpp.
SectionParser is extracted from ModuleParser. And it is used by both the old (currently working)
ModuleParser and the new StreamingParser.
(JSC::Wasm::SectionParser::parseType):
(JSC::Wasm::SectionParser::parseImport):
(JSC::Wasm::SectionParser::parseFunction):
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseTableHelper):
(JSC::Wasm::SectionParser::parseTable):
(JSC::Wasm::SectionParser::parseMemoryHelper):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobal):
(JSC::Wasm::SectionParser::parseExport):
(JSC::Wasm::SectionParser::parseStart):
(JSC::Wasm::SectionParser::parseElement):
(JSC::Wasm::SectionParser::parseCode):
(JSC::Wasm::SectionParser::parseInitExpr):
(JSC::Wasm::SectionParser::parseGlobalType):
(JSC::Wasm::SectionParser::parseData):
(JSC::Wasm::SectionParser::parseCustom):
* wasm/WasmSectionParser.h: Copied from Source/JavaScriptCore/wasm/WasmModuleParser.h.
* wasm/WasmStreamingParser.cpp: Added.
(JSC::Wasm::parseUInt7):
(JSC::Wasm::StreamingParser::fail):
(JSC::Wasm::StreamingParser::StreamingParser):
(JSC::Wasm::StreamingParser::parseModuleHeader):
(JSC::Wasm::StreamingParser::parseSectionID):
(JSC::Wasm::StreamingParser::parseSectionSize):
(JSC::Wasm::StreamingParser::parseCodeSectionSize):
Code section in Wasm binary is specially handled compared with the other sections since it includes
a bunch of functions. StreamingParser extracts each function in a streaming fashion and enable
streaming validation / compilation of Wasm functions.
(JSC::Wasm::StreamingParser::parseFunctionSize):
(JSC::Wasm::StreamingParser::parseFunctionPayload):
(JSC::Wasm::StreamingParser::parseSectionPayload):
(JSC::Wasm::StreamingParser::consume):
(JSC::Wasm::StreamingParser::consumeVarUInt32):
(JSC::Wasm::StreamingParser::addBytes):
(JSC::Wasm::StreamingParser::failOnState):
(JSC::Wasm::StreamingParser::finalize):
* wasm/WasmStreamingParser.h: Added.
(JSC::Wasm::StreamingParser::addBytes):
(JSC::Wasm::StreamingParser::errorMessage const):
This is our new StreamingParser implementation. StreamingParser::consumeXXX functions get data, and
StreamingParser::parseXXX functions parse consumed data. The user of StreamingParser calls
StreamingParser::addBytes() to pump the bytes stream into the parser. And once all the data is pumped,
the user calls StreamingParser::finalize. StreamingParser is a state machine which feeds on the
incoming byte stream.
* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::source const): Deleted.
All the source should not be held.
* wasm/js/JSWebAssemblyModule.h:
* wasm/js/WebAssemblyPrototype.cpp:
(JSC::webAssemblyValidateFunc):
Source/WTF:
Add maxByteLength function to get the maximum size for T.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Canonical link: https://commits.webkit.org/204074@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235420 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-08-28 06:38:29 +00:00
|
|
|
size_t last = std::min(maxByteLength<T>(), length - offset) - 1;
|
2016-08-06 03:48:10 +00:00
|
|
|
for (unsigned i = 0; true; ++i) {
|
|
|
|
uint8_t byte = bytes[offset++];
|
2016-12-09 01:34:05 +00:00
|
|
|
result |= static_cast<T>(byte & 0x7f) << shift;
|
2016-08-06 03:48:10 +00:00
|
|
|
shift += 7;
|
|
|
|
if (!(byte & 0x80))
|
[JSC] Improve Wasm binary test coverage
https://bugs.webkit.org/show_bug.cgi?id=204843
Reviewed by Darin Adler.
JSTests:
* wasm/function-tests/grow-memory.js:
(binaryShouldNotParse):
* wasm/spec-tests/binary-leb128.wast.js:
* wasm/spec-tests/binary.wast.js:
* wasm/wasm.json:
Source/JavaScriptCore:
This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
2. global section should have uint8 mutability information, not varuint32.
3. memory section should have varuint32 memory count.
* wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobalType):
* wasm/wasm.json:
Source/WTF:
LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
0xff, 0xff, 0xff, 0xff, 0x0f
0b1111111_1111111_1111111_1111111_1111
Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
But we can also make it in the following form
0xff, 0xff, 0xff, 0xff, 0xff
0b1111111_1111111_1111111_1111111_1111
In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
We should reject this input since the last byte includes overflown bits.
This patch adds this validation to WTF.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::lastByteMask):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Tools:
We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
* TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
(TestWebKitAPI::toString):
(TestWebKitAPI::testUInt32LEBDecode):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testUInt64LEBDecode):
(TestWebKitAPI::testInt32LEBDecode):
(TestWebKitAPI::testInt64LEBDecode):
Canonical link: https://commits.webkit.org/231741@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269998 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 23:50:34 +00:00
|
|
|
return !(((maxByteLength<T>() - 1) == i && (byte & lastByteMask<T>())));
|
2016-08-06 03:48:10 +00:00
|
|
|
if (i == last)
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
RELEASE_ASSERT_NOT_REACHED();
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2016-12-09 01:34:05 +00:00
|
|
|
template<typename T>
|
|
|
|
inline bool WARN_UNUSED_RETURN decodeInt(const uint8_t* bytes, size_t length, size_t& offset, T& result)
|
2016-08-06 03:48:10 +00:00
|
|
|
{
|
[JSC] Improve Wasm binary test coverage
https://bugs.webkit.org/show_bug.cgi?id=204843
Reviewed by Darin Adler.
JSTests:
* wasm/function-tests/grow-memory.js:
(binaryShouldNotParse):
* wasm/spec-tests/binary-leb128.wast.js:
* wasm/spec-tests/binary.wast.js:
* wasm/wasm.json:
Source/JavaScriptCore:
This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
2. global section should have uint8 mutability information, not varuint32.
3. memory section should have varuint32 memory count.
* wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobalType):
* wasm/wasm.json:
Source/WTF:
LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
0xff, 0xff, 0xff, 0xff, 0x0f
0b1111111_1111111_1111111_1111111_1111
Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
But we can also make it in the following form
0xff, 0xff, 0xff, 0xff, 0xff
0b1111111_1111111_1111111_1111111_1111
In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
We should reject this input since the last byte includes overflown bits.
This patch adds this validation to WTF.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::lastByteMask):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Tools:
We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
* TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
(TestWebKitAPI::toString):
(TestWebKitAPI::testUInt32LEBDecode):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testUInt64LEBDecode):
(TestWebKitAPI::testInt32LEBDecode):
(TestWebKitAPI::testInt64LEBDecode):
Canonical link: https://commits.webkit.org/231741@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269998 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 23:50:34 +00:00
|
|
|
static_assert(std::is_signed_v<T>);
|
2016-11-10 23:07:15 +00:00
|
|
|
if (length <= offset)
|
|
|
|
return false;
|
[JSC] Improve Wasm binary test coverage
https://bugs.webkit.org/show_bug.cgi?id=204843
Reviewed by Darin Adler.
JSTests:
* wasm/function-tests/grow-memory.js:
(binaryShouldNotParse):
* wasm/spec-tests/binary-leb128.wast.js:
* wasm/spec-tests/binary.wast.js:
* wasm/wasm.json:
Source/JavaScriptCore:
This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
2. global section should have uint8 mutability information, not varuint32.
3. memory section should have varuint32 memory count.
* wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobalType):
* wasm/wasm.json:
Source/WTF:
LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
0xff, 0xff, 0xff, 0xff, 0x0f
0b1111111_1111111_1111111_1111111_1111
Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
But we can also make it in the following form
0xff, 0xff, 0xff, 0xff, 0xff
0b1111111_1111111_1111111_1111111_1111
In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
We should reject this input since the last byte includes overflown bits.
This patch adds this validation to WTF.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::lastByteMask):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Tools:
We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
* TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
(TestWebKitAPI::toString):
(TestWebKitAPI::testUInt32LEBDecode):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testUInt64LEBDecode):
(TestWebKitAPI::testInt32LEBDecode):
(TestWebKitAPI::testInt64LEBDecode):
Canonical link: https://commits.webkit.org/231741@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269998 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 23:50:34 +00:00
|
|
|
using UnsignedT = typename std::make_unsigned<T>::type;
|
2016-08-06 03:48:10 +00:00
|
|
|
result = 0;
|
|
|
|
unsigned shift = 0;
|
[WebAssembly] Parse wasm modules in a streaming fashion
https://bugs.webkit.org/show_bug.cgi?id=188943
Reviewed by Mark Lam.
JSTests:
Wasm parsing error should not report the total byte size since streaming parsing does not
want to load all the bytes.
Add a simple test wasm/stress/streaming-basic.js for initial streaming parsing implementation.
* wasm/function-tests/invalid-duplicate-export.js:
* wasm/function-tests/memory-alignment.js:
(const.op.of.WASM.opcodes):
* wasm/function-tests/memory-section-and-import.js:
* wasm/function-tests/void-argument-type-should-be-a-validation-error.js:
* wasm/js-api/Module-compile.js:
(async.testPromiseAPI):
* wasm/js-api/element.js:
(assert.throws.new.WebAssembly.Module.builder.WebAssembly):
(assert.throws):
* wasm/js-api/global-error.js:
(assert.throws.new.WebAssembly.Module.bin):
(assert.throws):
* wasm/js-api/table.js:
(new.WebAssembly.Module):
(assert.throws):
(assertBadTableImport):
* wasm/js-api/test_Data.js:
(DataSectionWithoutMemory):
* wasm/js-api/test_Start.js:
(InvalidStartFunctionIndex):
* wasm/js-api/test_basic_api.js:
(const.c.in.constructorProperties.switch):
* wasm/js-api/version.js:
* wasm/stress/nameSection.wasm: Added.
* wasm/stress/streaming-basic.js: Added.
(check):
Source/JavaScriptCore:
This patch adds Wasm::StreamingParser, which parses wasm binary in a streaming fashion.
Currently, this StreamingParser is not enabled and integrated. In subsequent patches,
we start integrating it into BBQPlan and dropping the old ModuleParser.
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* tools/JSDollarVM.cpp:
(WTF::WasmStreamingParser::WasmStreamingParser):
(WTF::WasmStreamingParser::create):
(WTF::WasmStreamingParser::createStructure):
(WTF::WasmStreamingParser::streamingParser):
(WTF::WasmStreamingParser::finishCreation):
(WTF::functionWasmStreamingParserAddBytes):
(WTF::functionWasmStreamingParserFinalize):
(JSC::functionCreateWasmStreamingParser):
(JSC::JSDollarVM::finishCreation):
The $vm Wasm::StreamingParser object is introduced for testing purpose. Added new stress test uses
this interface to test streaming parser in the JSC shell.
* wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::BBQPlan):
(JSC::Wasm::BBQPlan::parseAndValidateModule):
(JSC::Wasm::BBQPlan::prepare):
(JSC::Wasm::BBQPlan::compileFunctions):
(JSC::Wasm::BBQPlan::complete):
(JSC::Wasm::BBQPlan::work):
* wasm/WasmBBQPlan.h:
BBQPlan has m_source, but once ModuleInformation is parsed, it is no longer necessary.
In subsequent patches, we will remove this, and stream the data into the BBQPlan.
* wasm/WasmFormat.h:
* wasm/WasmModuleInformation.cpp:
(JSC::Wasm::ModuleInformation::ModuleInformation):
* wasm/WasmModuleInformation.h:
One of the largest change in this patch is that ModuleInformation no longer holds source bytes,
since source bytes can be added in a streaming fashion. Instead of holding all the source bytes
in ModuleInformation, each function (ModuleInformation::functions, FunctionData) should have
Vector<uint8_t> for its data. This data is eventually filled by StreamingParser, and compiling
a function with this data can be done concurrently with StreamingParser.
(JSC::Wasm::ModuleInformation::create):
(JSC::Wasm::ModuleInformation::memoryCount const):
(JSC::Wasm::ModuleInformation::tableCount const):
memoryCount and tableCount should be recorded in ModuleInformation.
* wasm/WasmModuleParser.cpp:
(JSC::Wasm::ModuleParser::parse):
(JSC::Wasm::makeI32InitExpr): Deleted.
(JSC::Wasm::ModuleParser::parseType): Deleted.
(JSC::Wasm::ModuleParser::parseImport): Deleted.
(JSC::Wasm::ModuleParser::parseFunction): Deleted.
(JSC::Wasm::ModuleParser::parseResizableLimits): Deleted.
(JSC::Wasm::ModuleParser::parseTableHelper): Deleted.
(JSC::Wasm::ModuleParser::parseTable): Deleted.
(JSC::Wasm::ModuleParser::parseMemoryHelper): Deleted.
(JSC::Wasm::ModuleParser::parseMemory): Deleted.
(JSC::Wasm::ModuleParser::parseGlobal): Deleted.
(JSC::Wasm::ModuleParser::parseExport): Deleted.
(JSC::Wasm::ModuleParser::parseStart): Deleted.
(JSC::Wasm::ModuleParser::parseElement): Deleted.
(JSC::Wasm::ModuleParser::parseCode): Deleted.
(JSC::Wasm::ModuleParser::parseInitExpr): Deleted.
(JSC::Wasm::ModuleParser::parseGlobalType): Deleted.
(JSC::Wasm::ModuleParser::parseData): Deleted.
(JSC::Wasm::ModuleParser::parseCustom): Deleted.
Extract section parsing code out from ModuleParser. We create SectionParser and ModuleParser uses it.
SectionParser is also used by StreamingParser.
* wasm/WasmModuleParser.h:
(): Deleted.
* wasm/WasmNameSection.h:
(JSC::Wasm::NameSection::NameSection):
(JSC::Wasm::NameSection::create):
(JSC::Wasm::NameSection::setHash):
Hash calculation is deferred since all the source is not available in streaming parsing.
* wasm/WasmNameSectionParser.cpp:
(JSC::Wasm::NameSectionParser::parse):
* wasm/WasmNameSectionParser.h:
Use Ref<NameSection>.
* wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::work):
Wasm::Plan no longer have m_source since data will be eventually filled in a streaming fashion.
OMGPlan can get data of the function by using ModuleInformation::functions.
* wasm/WasmParser.h:
(JSC::Wasm::Parser::source const):
(JSC::Wasm::Parser::length const):
(JSC::Wasm::Parser::offset const):
(JSC::Wasm::Parser::fail const):
(JSC::Wasm::makeI32InitExpr):
* wasm/WasmPlan.cpp:
(JSC::Wasm::Plan::Plan):
Wasm::Plan should not have all the source apriori. Streamed data will be pumped from the provider.
* wasm/WasmPlan.h:
* wasm/WasmSectionParser.cpp: Copied from Source/JavaScriptCore/wasm/WasmModuleParser.cpp.
SectionParser is extracted from ModuleParser. And it is used by both the old (currently working)
ModuleParser and the new StreamingParser.
(JSC::Wasm::SectionParser::parseType):
(JSC::Wasm::SectionParser::parseImport):
(JSC::Wasm::SectionParser::parseFunction):
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseTableHelper):
(JSC::Wasm::SectionParser::parseTable):
(JSC::Wasm::SectionParser::parseMemoryHelper):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobal):
(JSC::Wasm::SectionParser::parseExport):
(JSC::Wasm::SectionParser::parseStart):
(JSC::Wasm::SectionParser::parseElement):
(JSC::Wasm::SectionParser::parseCode):
(JSC::Wasm::SectionParser::parseInitExpr):
(JSC::Wasm::SectionParser::parseGlobalType):
(JSC::Wasm::SectionParser::parseData):
(JSC::Wasm::SectionParser::parseCustom):
* wasm/WasmSectionParser.h: Copied from Source/JavaScriptCore/wasm/WasmModuleParser.h.
* wasm/WasmStreamingParser.cpp: Added.
(JSC::Wasm::parseUInt7):
(JSC::Wasm::StreamingParser::fail):
(JSC::Wasm::StreamingParser::StreamingParser):
(JSC::Wasm::StreamingParser::parseModuleHeader):
(JSC::Wasm::StreamingParser::parseSectionID):
(JSC::Wasm::StreamingParser::parseSectionSize):
(JSC::Wasm::StreamingParser::parseCodeSectionSize):
Code section in Wasm binary is specially handled compared with the other sections since it includes
a bunch of functions. StreamingParser extracts each function in a streaming fashion and enable
streaming validation / compilation of Wasm functions.
(JSC::Wasm::StreamingParser::parseFunctionSize):
(JSC::Wasm::StreamingParser::parseFunctionPayload):
(JSC::Wasm::StreamingParser::parseSectionPayload):
(JSC::Wasm::StreamingParser::consume):
(JSC::Wasm::StreamingParser::consumeVarUInt32):
(JSC::Wasm::StreamingParser::addBytes):
(JSC::Wasm::StreamingParser::failOnState):
(JSC::Wasm::StreamingParser::finalize):
* wasm/WasmStreamingParser.h: Added.
(JSC::Wasm::StreamingParser::addBytes):
(JSC::Wasm::StreamingParser::errorMessage const):
This is our new StreamingParser implementation. StreamingParser::consumeXXX functions get data, and
StreamingParser::parseXXX functions parse consumed data. The user of StreamingParser calls
StreamingParser::addBytes() to pump the bytes stream into the parser. And once all the data is pumped,
the user calls StreamingParser::finalize. StreamingParser is a state machine which feeds on the
incoming byte stream.
* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::source const): Deleted.
All the source should not be held.
* wasm/js/JSWebAssemblyModule.h:
* wasm/js/WebAssemblyPrototype.cpp:
(JSC::webAssemblyValidateFunc):
Source/WTF:
Add maxByteLength function to get the maximum size for T.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Canonical link: https://commits.webkit.org/204074@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235420 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-08-28 06:38:29 +00:00
|
|
|
size_t last = std::min(maxByteLength<T>(), length - offset) - 1;
|
2016-08-06 03:48:10 +00:00
|
|
|
uint8_t byte;
|
|
|
|
for (unsigned i = 0; true; ++i) {
|
|
|
|
byte = bytes[offset++];
|
[JSC] Improve Wasm binary test coverage
https://bugs.webkit.org/show_bug.cgi?id=204843
Reviewed by Darin Adler.
JSTests:
* wasm/function-tests/grow-memory.js:
(binaryShouldNotParse):
* wasm/spec-tests/binary-leb128.wast.js:
* wasm/spec-tests/binary.wast.js:
* wasm/wasm.json:
Source/JavaScriptCore:
This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
2. global section should have uint8 mutability information, not varuint32.
3. memory section should have varuint32 memory count.
* wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobalType):
* wasm/wasm.json:
Source/WTF:
LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
0xff, 0xff, 0xff, 0xff, 0x0f
0b1111111_1111111_1111111_1111111_1111
Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
But we can also make it in the following form
0xff, 0xff, 0xff, 0xff, 0xff
0b1111111_1111111_1111111_1111111_1111
In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
We should reject this input since the last byte includes overflown bits.
This patch adds this validation to WTF.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::lastByteMask):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Tools:
We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
* TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
(TestWebKitAPI::toString):
(TestWebKitAPI::testUInt32LEBDecode):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testUInt64LEBDecode):
(TestWebKitAPI::testInt32LEBDecode):
(TestWebKitAPI::testInt64LEBDecode):
Canonical link: https://commits.webkit.org/231741@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269998 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 23:50:34 +00:00
|
|
|
result |= static_cast<T>(static_cast<UnsignedT>(byte & 0x7f) << shift);
|
2016-08-06 03:48:10 +00:00
|
|
|
shift += 7;
|
[JSC] Improve Wasm binary test coverage
https://bugs.webkit.org/show_bug.cgi?id=204843
Reviewed by Darin Adler.
JSTests:
* wasm/function-tests/grow-memory.js:
(binaryShouldNotParse):
* wasm/spec-tests/binary-leb128.wast.js:
* wasm/spec-tests/binary.wast.js:
* wasm/wasm.json:
Source/JavaScriptCore:
This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
2. global section should have uint8 mutability information, not varuint32.
3. memory section should have varuint32 memory count.
* wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobalType):
* wasm/wasm.json:
Source/WTF:
LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
0xff, 0xff, 0xff, 0xff, 0x0f
0b1111111_1111111_1111111_1111111_1111
Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
But we can also make it in the following form
0xff, 0xff, 0xff, 0xff, 0xff
0b1111111_1111111_1111111_1111111_1111
In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
We should reject this input since the last byte includes overflown bits.
This patch adds this validation to WTF.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::lastByteMask):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Tools:
We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
* TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
(TestWebKitAPI::toString):
(TestWebKitAPI::testUInt32LEBDecode):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testUInt64LEBDecode):
(TestWebKitAPI::testInt32LEBDecode):
(TestWebKitAPI::testInt64LEBDecode):
Canonical link: https://commits.webkit.org/231741@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269998 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 23:50:34 +00:00
|
|
|
if (!(byte & 0x80)) {
|
|
|
|
if ((maxByteLength<T>() - 1) == i) {
|
|
|
|
if (!(byte & 0x40)) {
|
|
|
|
// This is a non-sign-extended, positive number. Then, the remaining bits should be (lastByteMask<T>() >> 1).
|
|
|
|
// For example, in the int32_t case, the last byte should be less than 0b00000111, since 7 * 4 + 3 = 31.
|
|
|
|
if (byte & (lastByteMask<T>() >> 1))
|
|
|
|
return false;
|
|
|
|
} else {
|
|
|
|
// This is sign-extended, negative number. Then, zero should not exists in (lastByteMask<T>() >> 1) bits except for the top bit.
|
|
|
|
// For example, in the int32_t case, the last byte should be 0b01111XXX and 1 part must be 1. Since we already checked 0x40 is 1,
|
|
|
|
// middle [3,5] bits must be zero (e.g. 0b01000111 is invalid). We convert 0b01111XXX =(| 0x80)=> 0b11111XXX =(~)=> 0b00000YYY.
|
|
|
|
// And check that we do not have 1 in upper 5 bits.
|
|
|
|
if (static_cast<uint8_t>(~(byte | 0x80)) & (lastByteMask<T>() >> 1))
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
2016-08-06 03:48:10 +00:00
|
|
|
break;
|
[JSC] Improve Wasm binary test coverage
https://bugs.webkit.org/show_bug.cgi?id=204843
Reviewed by Darin Adler.
JSTests:
* wasm/function-tests/grow-memory.js:
(binaryShouldNotParse):
* wasm/spec-tests/binary-leb128.wast.js:
* wasm/spec-tests/binary.wast.js:
* wasm/wasm.json:
Source/JavaScriptCore:
This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly.
1. current_memory / grow_memory should have uint8 flag, not varuint32 flag.
2. global section should have uint8 mutability information, not varuint32.
3. memory section should have varuint32 memory count.
* wasm/WasmFunctionParser.h:
(JSC::Wasm::FunctionParser<Context>::parseExpression):
(JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression):
* wasm/WasmSectionParser.cpp:
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobalType):
* wasm/wasm.json:
Source/WTF:
LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits.
For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this.
0xff, 0xff, 0xff, 0xff, 0x0f
0b1111111_1111111_1111111_1111111_1111
Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part.
But we can also make it in the following form
0xff, 0xff, 0xff, 0xff, 0xff
0b1111111_1111111_1111111_1111111_1111
In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding.
We should reject this input since the last byte includes overflown bits.
This patch adds this validation to WTF.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::lastByteMask):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Tools:
We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits.
* TestWebKitAPI/Tests/WTF/LEBDecoder.cpp:
(TestWebKitAPI::toString):
(TestWebKitAPI::testUInt32LEBDecode):
(TestWebKitAPI::TEST):
(TestWebKitAPI::testUInt64LEBDecode):
(TestWebKitAPI::testInt32LEBDecode):
(TestWebKitAPI::testInt64LEBDecode):
Canonical link: https://commits.webkit.org/231741@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269998 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2020-11-18 23:50:34 +00:00
|
|
|
}
|
2016-08-06 03:48:10 +00:00
|
|
|
if (i == last)
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
[WebAssembly] Parse wasm modules in a streaming fashion
https://bugs.webkit.org/show_bug.cgi?id=188943
Reviewed by Mark Lam.
JSTests:
Wasm parsing error should not report the total byte size since streaming parsing does not
want to load all the bytes.
Add a simple test wasm/stress/streaming-basic.js for initial streaming parsing implementation.
* wasm/function-tests/invalid-duplicate-export.js:
* wasm/function-tests/memory-alignment.js:
(const.op.of.WASM.opcodes):
* wasm/function-tests/memory-section-and-import.js:
* wasm/function-tests/void-argument-type-should-be-a-validation-error.js:
* wasm/js-api/Module-compile.js:
(async.testPromiseAPI):
* wasm/js-api/element.js:
(assert.throws.new.WebAssembly.Module.builder.WebAssembly):
(assert.throws):
* wasm/js-api/global-error.js:
(assert.throws.new.WebAssembly.Module.bin):
(assert.throws):
* wasm/js-api/table.js:
(new.WebAssembly.Module):
(assert.throws):
(assertBadTableImport):
* wasm/js-api/test_Data.js:
(DataSectionWithoutMemory):
* wasm/js-api/test_Start.js:
(InvalidStartFunctionIndex):
* wasm/js-api/test_basic_api.js:
(const.c.in.constructorProperties.switch):
* wasm/js-api/version.js:
* wasm/stress/nameSection.wasm: Added.
* wasm/stress/streaming-basic.js: Added.
(check):
Source/JavaScriptCore:
This patch adds Wasm::StreamingParser, which parses wasm binary in a streaming fashion.
Currently, this StreamingParser is not enabled and integrated. In subsequent patches,
we start integrating it into BBQPlan and dropping the old ModuleParser.
* JavaScriptCore.xcodeproj/project.pbxproj:
* Sources.txt:
* tools/JSDollarVM.cpp:
(WTF::WasmStreamingParser::WasmStreamingParser):
(WTF::WasmStreamingParser::create):
(WTF::WasmStreamingParser::createStructure):
(WTF::WasmStreamingParser::streamingParser):
(WTF::WasmStreamingParser::finishCreation):
(WTF::functionWasmStreamingParserAddBytes):
(WTF::functionWasmStreamingParserFinalize):
(JSC::functionCreateWasmStreamingParser):
(JSC::JSDollarVM::finishCreation):
The $vm Wasm::StreamingParser object is introduced for testing purpose. Added new stress test uses
this interface to test streaming parser in the JSC shell.
* wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::BBQPlan):
(JSC::Wasm::BBQPlan::parseAndValidateModule):
(JSC::Wasm::BBQPlan::prepare):
(JSC::Wasm::BBQPlan::compileFunctions):
(JSC::Wasm::BBQPlan::complete):
(JSC::Wasm::BBQPlan::work):
* wasm/WasmBBQPlan.h:
BBQPlan has m_source, but once ModuleInformation is parsed, it is no longer necessary.
In subsequent patches, we will remove this, and stream the data into the BBQPlan.
* wasm/WasmFormat.h:
* wasm/WasmModuleInformation.cpp:
(JSC::Wasm::ModuleInformation::ModuleInformation):
* wasm/WasmModuleInformation.h:
One of the largest change in this patch is that ModuleInformation no longer holds source bytes,
since source bytes can be added in a streaming fashion. Instead of holding all the source bytes
in ModuleInformation, each function (ModuleInformation::functions, FunctionData) should have
Vector<uint8_t> for its data. This data is eventually filled by StreamingParser, and compiling
a function with this data can be done concurrently with StreamingParser.
(JSC::Wasm::ModuleInformation::create):
(JSC::Wasm::ModuleInformation::memoryCount const):
(JSC::Wasm::ModuleInformation::tableCount const):
memoryCount and tableCount should be recorded in ModuleInformation.
* wasm/WasmModuleParser.cpp:
(JSC::Wasm::ModuleParser::parse):
(JSC::Wasm::makeI32InitExpr): Deleted.
(JSC::Wasm::ModuleParser::parseType): Deleted.
(JSC::Wasm::ModuleParser::parseImport): Deleted.
(JSC::Wasm::ModuleParser::parseFunction): Deleted.
(JSC::Wasm::ModuleParser::parseResizableLimits): Deleted.
(JSC::Wasm::ModuleParser::parseTableHelper): Deleted.
(JSC::Wasm::ModuleParser::parseTable): Deleted.
(JSC::Wasm::ModuleParser::parseMemoryHelper): Deleted.
(JSC::Wasm::ModuleParser::parseMemory): Deleted.
(JSC::Wasm::ModuleParser::parseGlobal): Deleted.
(JSC::Wasm::ModuleParser::parseExport): Deleted.
(JSC::Wasm::ModuleParser::parseStart): Deleted.
(JSC::Wasm::ModuleParser::parseElement): Deleted.
(JSC::Wasm::ModuleParser::parseCode): Deleted.
(JSC::Wasm::ModuleParser::parseInitExpr): Deleted.
(JSC::Wasm::ModuleParser::parseGlobalType): Deleted.
(JSC::Wasm::ModuleParser::parseData): Deleted.
(JSC::Wasm::ModuleParser::parseCustom): Deleted.
Extract section parsing code out from ModuleParser. We create SectionParser and ModuleParser uses it.
SectionParser is also used by StreamingParser.
* wasm/WasmModuleParser.h:
(): Deleted.
* wasm/WasmNameSection.h:
(JSC::Wasm::NameSection::NameSection):
(JSC::Wasm::NameSection::create):
(JSC::Wasm::NameSection::setHash):
Hash calculation is deferred since all the source is not available in streaming parsing.
* wasm/WasmNameSectionParser.cpp:
(JSC::Wasm::NameSectionParser::parse):
* wasm/WasmNameSectionParser.h:
Use Ref<NameSection>.
* wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::work):
Wasm::Plan no longer have m_source since data will be eventually filled in a streaming fashion.
OMGPlan can get data of the function by using ModuleInformation::functions.
* wasm/WasmParser.h:
(JSC::Wasm::Parser::source const):
(JSC::Wasm::Parser::length const):
(JSC::Wasm::Parser::offset const):
(JSC::Wasm::Parser::fail const):
(JSC::Wasm::makeI32InitExpr):
* wasm/WasmPlan.cpp:
(JSC::Wasm::Plan::Plan):
Wasm::Plan should not have all the source apriori. Streamed data will be pumped from the provider.
* wasm/WasmPlan.h:
* wasm/WasmSectionParser.cpp: Copied from Source/JavaScriptCore/wasm/WasmModuleParser.cpp.
SectionParser is extracted from ModuleParser. And it is used by both the old (currently working)
ModuleParser and the new StreamingParser.
(JSC::Wasm::SectionParser::parseType):
(JSC::Wasm::SectionParser::parseImport):
(JSC::Wasm::SectionParser::parseFunction):
(JSC::Wasm::SectionParser::parseResizableLimits):
(JSC::Wasm::SectionParser::parseTableHelper):
(JSC::Wasm::SectionParser::parseTable):
(JSC::Wasm::SectionParser::parseMemoryHelper):
(JSC::Wasm::SectionParser::parseMemory):
(JSC::Wasm::SectionParser::parseGlobal):
(JSC::Wasm::SectionParser::parseExport):
(JSC::Wasm::SectionParser::parseStart):
(JSC::Wasm::SectionParser::parseElement):
(JSC::Wasm::SectionParser::parseCode):
(JSC::Wasm::SectionParser::parseInitExpr):
(JSC::Wasm::SectionParser::parseGlobalType):
(JSC::Wasm::SectionParser::parseData):
(JSC::Wasm::SectionParser::parseCustom):
* wasm/WasmSectionParser.h: Copied from Source/JavaScriptCore/wasm/WasmModuleParser.h.
* wasm/WasmStreamingParser.cpp: Added.
(JSC::Wasm::parseUInt7):
(JSC::Wasm::StreamingParser::fail):
(JSC::Wasm::StreamingParser::StreamingParser):
(JSC::Wasm::StreamingParser::parseModuleHeader):
(JSC::Wasm::StreamingParser::parseSectionID):
(JSC::Wasm::StreamingParser::parseSectionSize):
(JSC::Wasm::StreamingParser::parseCodeSectionSize):
Code section in Wasm binary is specially handled compared with the other sections since it includes
a bunch of functions. StreamingParser extracts each function in a streaming fashion and enable
streaming validation / compilation of Wasm functions.
(JSC::Wasm::StreamingParser::parseFunctionSize):
(JSC::Wasm::StreamingParser::parseFunctionPayload):
(JSC::Wasm::StreamingParser::parseSectionPayload):
(JSC::Wasm::StreamingParser::consume):
(JSC::Wasm::StreamingParser::consumeVarUInt32):
(JSC::Wasm::StreamingParser::addBytes):
(JSC::Wasm::StreamingParser::failOnState):
(JSC::Wasm::StreamingParser::finalize):
* wasm/WasmStreamingParser.h: Added.
(JSC::Wasm::StreamingParser::addBytes):
(JSC::Wasm::StreamingParser::errorMessage const):
This is our new StreamingParser implementation. StreamingParser::consumeXXX functions get data, and
StreamingParser::parseXXX functions parse consumed data. The user of StreamingParser calls
StreamingParser::addBytes() to pump the bytes stream into the parser. And once all the data is pumped,
the user calls StreamingParser::finalize. StreamingParser is a state machine which feeds on the
incoming byte stream.
* wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::source const): Deleted.
All the source should not be held.
* wasm/js/JSWebAssemblyModule.h:
* wasm/js/WebAssemblyPrototype.cpp:
(JSC::webAssemblyValidateFunc):
Source/WTF:
Add maxByteLength function to get the maximum size for T.
* wtf/LEBDecoder.h:
(WTF::LEBDecoder::maxByteLength):
(WTF::LEBDecoder::decodeUInt):
(WTF::LEBDecoder::decodeInt):
Canonical link: https://commits.webkit.org/204074@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@235420 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2018-08-28 06:38:29 +00:00
|
|
|
const size_t numBits = sizeof(T) * CHAR_BIT;
|
2016-12-09 01:34:05 +00:00
|
|
|
if (shift < numBits && (byte & 0x40))
|
2017-01-14 19:35:23 +00:00
|
|
|
result = static_cast<T>(static_cast<UnsignedT>(result) | (static_cast<UnsignedT>(-1) << shift));
|
2016-08-06 03:48:10 +00:00
|
|
|
return true;
|
|
|
|
}
|
2016-10-21 16:02:39 +00:00
|
|
|
|
2016-12-09 01:34:05 +00:00
|
|
|
inline bool WARN_UNUSED_RETURN decodeUInt32(const uint8_t* bytes, size_t length, size_t& offset, uint32_t& result)
|
|
|
|
{
|
|
|
|
return decodeUInt<uint32_t>(bytes, length, offset, result);
|
|
|
|
}
|
|
|
|
|
|
|
|
inline bool WARN_UNUSED_RETURN decodeUInt64(const uint8_t* bytes, size_t length, size_t& offset, uint64_t& result)
|
|
|
|
{
|
|
|
|
return decodeUInt<uint64_t>(bytes, length, offset, result);
|
|
|
|
}
|
|
|
|
|
|
|
|
inline bool WARN_UNUSED_RETURN decodeInt32(const uint8_t* bytes, size_t length, size_t& offset, int32_t& result)
|
|
|
|
{
|
|
|
|
return decodeInt<int32_t>(bytes, length, offset, result);
|
|
|
|
}
|
|
|
|
|
|
|
|
inline bool WARN_UNUSED_RETURN decodeInt64(const uint8_t* bytes, size_t length, size_t& offset, int64_t& result)
|
|
|
|
{
|
|
|
|
return decodeInt<int64_t>(bytes, length, offset, result);
|
|
|
|
}
|
|
|
|
|
2016-10-21 16:02:39 +00:00
|
|
|
} } // WTF::LEBDecoder
|