Changeset 286092 in webkit


Ignore:
Timestamp:
Nov 19, 2021 10:57:51 PM (8 months ago)
Author:
commit-queue@webkit.org
Message:

Fix WebAssembly memory.fill out of bounds error message
https://bugs.webkit.org/show_bug.cgi?id=233392

Patch by Asumu Takikawa <asumu@igalia.com> on 2021-11-19
Reviewed by Yusuke Suzuki.

JSTests:

  • wasm/references/memory_fill_out_of_bounds.js: Added.

(async test):

Source/JavaScriptCore:

  • wasm/WasmAirIRGenerator.cpp:

(JSC::Wasm::AirIRGenerator::addMemoryFill):

  • wasm/WasmB3IRGenerator.cpp:

(JSC::Wasm::B3IRGenerator::addMemoryFill):

  • wasm/WasmSlowPaths.cpp:

(JSC::LLInt::WASM_SLOW_PATH_DECL):

Location:
trunk
Files:
1 added
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/JSTests/ChangeLog

    r286070 r286092  
     12021-11-19  Asumu Takikawa  <asumu@igalia.com>
     2
     3        Fix WebAssembly memory.fill out of bounds error message
     4        https://bugs.webkit.org/show_bug.cgi?id=233392
     5
     6        Reviewed by Yusuke Suzuki.
     7
     8        * wasm/references/memory_fill_out_of_bounds.js: Added.
     9        (async test):
     10
    1112021-11-19  Saam Barati  <sbarati@apple.com>
    212

  • trunk/Source/JavaScriptCore/ChangeLog

    r286083 r286092  
     12021-11-19  Asumu Takikawa  <asumu@igalia.com>
     2
     3        Fix WebAssembly memory.fill out of bounds error message
     4        https://bugs.webkit.org/show_bug.cgi?id=233392
     5
     6        Reviewed by Yusuke Suzuki.
     7
     8        * wasm/WasmAirIRGenerator.cpp:
     9        (JSC::Wasm::AirIRGenerator::addMemoryFill):
     10        * wasm/WasmB3IRGenerator.cpp:
     11        (JSC::Wasm::B3IRGenerator::addMemoryFill):
     12        * wasm/WasmSlowPaths.cpp:
     13        (JSC::LLInt::WASM_SLOW_PATH_DECL):
     14
    1152021-11-19  Commit Queue  <commit-queue@webkit.org>
    216

  • trunk/Source/JavaScriptCore/wasm/WasmAirIRGenerator.cpp

    r285065 r286092  
    13441344        return Inst(BranchTest32, nullptr, Arg::resCond(MacroAssembler::Zero), result, result);
    13451345    }, [=] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
    1346         this->emitThrowException(jit, ExceptionType::OutOfBoundsTableAccess);
     1346        this->emitThrowException(jit, ExceptionType::OutOfBoundsMemoryAccess);
    13471347    });
    13481348

  • trunk/Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp

    r285065 r286092  
    12921292
    12931293        check->setGenerator([=] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
    1294             this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsTableAccess);
     1294            this->emitExceptionCheck(jit, ExceptionType::OutOfBoundsMemoryAccess);
    12951295        });
    12961296    }

  • trunk/Source/JavaScriptCore/wasm/WasmSlowPaths.cpp

    r285149 r286092  
    391391    uint32_t count = READ(instruction.m_count).unboxedUInt32();
    392392    if (!Wasm::operationWasmMemoryFill(instance, dstAddress, targetValue, count))
    393         WASM_THROW(Wasm::ExceptionType::OutOfBoundsTableAccess);
     393        WASM_THROW(Wasm::ExceptionType::OutOfBoundsMemoryAccess);
    394394    WASM_END();
    395395}
Note: See TracChangeset for help on using the changeset viewer.