Changeset 269998 in webkit
- Timestamp:
- Nov 18, 2020 3:50:34 PM (3 years ago)
- Location:
- trunk
- Files:
-
- 16 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r269986 r269998 1 2020-11-17 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] Improve Wasm binary test coverage 4 https://bugs.webkit.org/show_bug.cgi?id=204843 5 6 Reviewed by Darin Adler. 7 8 * wasm/function-tests/grow-memory.js: 9 (binaryShouldNotParse): 10 * wasm/spec-tests/binary-leb128.wast.js: 11 * wasm/spec-tests/binary.wast.js: 12 * wasm/wasm.json: 13 1 14 2020-11-18 Ross Kirsling <ross.kirsling@sony.com> 2 15 -
trunk/JSTests/wasm/Builder_WebAssemblyBinary.js
r269729 r269998 39 39 } 40 40 41 put(bin, " varuint1", hasMaximum);41 put(bin, "uint8", hasMaximum); 42 42 put(bin, "varuint32", initial); 43 43 if (hasMaximum) … … 56 56 const putGlobalType = (bin, global) => { 57 57 put(bin, valueType, WASM.typeValue[global.type]); 58 put(bin, " varuint1", global.mutability);58 put(bin, "uint8", global.mutability); 59 59 }; 60 60 -
trunk/JSTests/wasm/function-tests/grow-memory.js
r210201 r269998 67 67 .End(); 68 68 69 binaryShouldNotParse(builder, "reserved varUint1for grow_memory must be zero");69 binaryShouldNotParse(builder, "reserved byte for grow_memory must be zero"); 70 70 } 71 71 … … 84 84 .End(); 85 85 86 binaryShouldNotParse(builder, "reserved varUint1for current_memory must be zero");87 } 88 89 { 90 const builder = (new Builder()) 91 .Type().End() 92 .Function().End() 93 .Memory().InitialMaxPages(1, 1).End() 94 .Export().End() 95 .Code() 96 .Function({ret: "void", params: []}) 97 .I32Const(25) 98 .CurrentMemory(0xff ffff00)99 .Drop() 100 .End() 101 .End(); 102 103 binaryShouldNotParse(builder, " can't parse reserved varUint1 for current_memory");104 } 105 106 { 107 const builder = (new Builder()) 108 .Type().End() 109 .Function().End() 110 .Memory().InitialMaxPages(1, 1).End() 111 .Export().End() 112 .Code() 113 .Function({ret: "void", params: []}) 114 .I32Const(25) 115 .GrowMemory(0xff ffff00)116 .Drop() 117 .End() 118 .End(); 119 120 binaryShouldNotParse(builder, " can't parse reserved varUint1 for grow_memory");86 binaryShouldNotParse(builder, "reserved byte for current_memory must be zero"); 87 } 88 89 { 90 const builder = (new Builder()) 91 .Type().End() 92 .Function().End() 93 .Memory().InitialMaxPages(1, 1).End() 94 .Export().End() 95 .Code() 96 .Function({ret: "void", params: []}) 97 .I32Const(25) 98 .CurrentMemory(0xff) 99 .Drop() 100 .End() 101 .End(); 102 103 binaryShouldNotParse(builder, "reserved byte for current_memory must be zero"); 104 } 105 106 { 107 const builder = (new Builder()) 108 .Type().End() 109 .Function().End() 110 .Memory().InitialMaxPages(1, 1).End() 111 .Export().End() 112 .Code() 113 .Function({ret: "void", params: []}) 114 .I32Const(25) 115 .GrowMemory(0xff) 116 .Drop() 117 .End() 118 .End(); 119 120 binaryShouldNotParse(builder, "reserved byte for grow_memory must be zero"); 121 121 } 122 122 -
trunk/JSTests/wasm/spec-tests/binary-leb128.wast.js
r269831 r269998 16 16 17 17 // binary-leb128.wast:32 18 // FIXME: Improve wasm binary test coverage.19 // https:// bugs.webkit.org/show_bug.cgi?id=20484318 // This is skipped because this module becomes invalid if wasm-reference is enabled. And we are supporting it. 19 // https://webassembly.github.io/reference-types/core/binary/modules.html#element-section 20 20 // let $6 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x04\x04\x01\x70\x00\x00\x09\x07\x01\x80\x00\x41\x00\x0b\x00"); 21 21 … … 147 147 148 148 // binary-leb128.wast:524 149 // FIXME: Improve wasm binary test coverage. 150 // https://bugs.webkit.org/show_bug.cgi?id=204843 151 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x07\x01\x00\x82\x80\x80\x80\x70"); 149 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x07\x01\x00\x82\x80\x80\x80\x70"); 152 150 153 151 // binary-leb128.wast:532 154 // FIXME: Improve wasm binary test coverage. 155 // https://bugs.webkit.org/show_bug.cgi?id=204843 156 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x07\x01\x00\x82\x80\x80\x80\x40"); 152 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x07\x01\x00\x82\x80\x80\x80\x40"); 157 153 158 154 // binary-leb128.wast:540 159 // FIXME: Improve wasm binary test coverage. 160 // https://bugs.webkit.org/show_bug.cgi?id=204843 161 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x09\x01\x01\x82\x00\x82\x80\x80\x80\x10"); 155 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x09\x01\x01\x82\x00\x82\x80\x80\x80\x10"); 162 156 163 157 // binary-leb128.wast:549 164 // FIXME: Improve wasm binary test coverage. 165 // https://bugs.webkit.org/show_bug.cgi?id=204843 166 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x09\x01\x01\x82\x00\x82\x80\x80\x80\x40"); 158 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x09\x01\x01\x82\x00\x82\x80\x80\x80\x40"); 167 159 168 160 // binary-leb128.wast:558 169 // FIXME: Improve wasm binary test coverage. 170 // https://bugs.webkit.org/show_bug.cgi?id=204843 171 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x00\x00\x0b\x0a\x01\x80\x80\x80\x80\x10\x41\x00\x0b\x00"); 161 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x00\x00\x0b\x0a\x01\x80\x80\x80\x80\x10\x41\x00\x0b\x00"); 172 162 173 163 // binary-leb128.wast:569 … … 175 165 176 166 // binary-leb128.wast:580 177 // FIXME: Improve wasm binary test coverage. 178 // https://bugs.webkit.org/show_bug.cgi?id=204843 179 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x00\x83\x80\x80\x80\x10\x01\x31\x32"); 167 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x00\x83\x80\x80\x80\x10\x01\x31\x32"); 180 168 181 169 // binary-leb128.wast:591 182 // FIXME: Improve wasm binary test coverage. 183 // https://bugs.webkit.org/show_bug.cgi?id=204843 184 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x00\x09\x83\x80\x80\x80\x40\x31\x32\x33\x34"); 170 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x00\x09\x83\x80\x80\x80\x40\x31\x32\x33\x34"); 185 171 186 172 // binary-leb128.wast:602 187 // FIXME: Improve wasm binary test coverage. 188 // https://bugs.webkit.org/show_bug.cgi?id=204843 189 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x0b\x01\x60\x82\x80\x80\x80\x10\x7f\x7e\x01\x7f"); 173 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x0b\x01\x60\x82\x80\x80\x80\x10\x7f\x7e\x01\x7f"); 190 174 191 175 // binary-leb128.wast:614 192 // FIXME: Improve wasm binary test coverage. 193 // https://bugs.webkit.org/show_bug.cgi?id=204843 194 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x0b\x01\x60\x02\x7f\x7e\x81\x80\x80\x80\x40\x7f"); 176 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x0b\x01\x60\x02\x7f\x7e\x81\x80\x80\x80\x40\x7f"); 195 177 196 178 // binary-leb128.wast:626 197 // FIXME: Improve wasm binary test coverage. 198 // https://bugs.webkit.org/show_bug.cgi?id=204843 199 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x88\x80\x80\x80\x10\x73\x70\x65\x63\x74\x65\x73\x74\x09\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x00"); 179 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x88\x80\x80\x80\x10\x73\x70\x65\x63\x74\x65\x73\x74\x09\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x00"); 200 180 201 181 // binary-leb128.wast:641 202 // FIXME: Improve wasm binary test coverage. 203 // https://bugs.webkit.org/show_bug.cgi?id=204843 204 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x08\x73\x70\x65\x63\x74\x65\x73\x74\x89\x80\x80\x80\x40\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x00"); 182 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x08\x73\x70\x65\x63\x74\x65\x73\x74\x89\x80\x80\x80\x40\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x00"); 205 183 206 184 // binary-leb128.wast:656 207 // FIXME: Improve wasm binary test coverage. 208 // https://bugs.webkit.org/show_bug.cgi?id=204843 209 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x08\x73\x70\x65\x63\x74\x65\x73\x74\x09\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x80\x80\x80\x80\x10"); 185 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\x60\x01\x7f\x00\x02\x1a\x01\x08\x73\x70\x65\x63\x74\x65\x73\x74\x09\x70\x72\x69\x6e\x74\x5f\x69\x33\x32\x00\x80\x80\x80\x80\x10"); 210 186 211 187 // binary-leb128.wast:671 212 // FIXME: Improve wasm binary test coverage. 213 // https://bugs.webkit.org/show_bug.cgi?id=204843 214 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x06\x01\x80\x80\x80\x80\x10\x0a\x04\x01\x02\x00\x0b"); 188 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x06\x01\x80\x80\x80\x80\x10\x0a\x04\x01\x02\x00\x0b"); 215 189 216 190 // binary-leb128.wast:684 217 // FIXME: Improve wasm binary test coverage. 218 // https://bugs.webkit.org/show_bug.cgi?id=204843 219 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x07\x0a\x01\x82\x80\x80\x80\x10\x66\x31\x00\x00\x0a\x04\x01\x02\x00\x0b"); 191 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x07\x0a\x01\x82\x80\x80\x80\x10\x66\x31\x00\x00\x0a\x04\x01\x02\x00\x0b"); 220 192 221 193 // binary-leb128.wast:700 222 // FIXME: Improve wasm binary test coverage. 223 // https://bugs.webkit.org/show_bug.cgi?id=204843 224 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x07\x0a\x01\x02\x66\x31\x00\x80\x80\x80\x80\x10\x0a\x04\x01\x02\x00\x0b"); 194 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x07\x0a\x01\x02\x66\x31\x00\x80\x80\x80\x80\x10\x0a\x04\x01\x02\x00\x0b"); 225 195 226 196 // binary-leb128.wast:716 227 // FIXME: Improve wasm binary test coverage. 228 // https://bugs.webkit.org/show_bug.cgi?id=204843 229 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x0a\x08\x81\x80\x80\x80\x10\x02\x00\x0b"); 197 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x0a\x08\x81\x80\x80\x80\x10\x02\x00\x0b"); 230 198 231 199 // binary-leb128.wast:729 232 // FIXME: Improve wasm binary test coverage. 233 // https://bugs.webkit.org/show_bug.cgi?id=204843 234 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x02\x82\x80\x80\x80\x10\x1a\x0b"); 200 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x02\x82\x80\x80\x80\x10\x1a\x0b"); 235 201 236 202 // binary-leb128.wast:748 237 // FIXME: Improve wasm binary test coverage. 238 // https://bugs.webkit.org/show_bug.cgi?id=204843 239 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x02\x82\x80\x80\x80\x40\x1a\x0b"); 203 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x02\x82\x80\x80\x80\x40\x1a\x0b"); 240 204 241 205 // binary-leb128.wast:767 242 // FIXME: Improve wasm binary test coverage. 243 // https://bugs.webkit.org/show_bug.cgi?id=204843 244 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x82\x80\x80\x80\x10\x00\x1a\x0b"); 206 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x82\x80\x80\x80\x10\x00\x1a\x0b"); 245 207 246 208 // binary-leb128.wast:785 247 // FIXME: Improve wasm binary test coverage. 248 // https://bugs.webkit.org/show_bug.cgi?id=204843 249 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x82\x80\x80\x80\x40\x00\x1a\x0b"); 209 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x10\x01\x0e\x01\x01\x7f\x41\x00\x28\x82\x80\x80\x80\x40\x00\x1a\x0b"); 250 210 251 211 // binary-leb128.wast:804 252 // FIXME: Improve wasm binary test coverage. 253 // https://bugs.webkit.org/show_bug.cgi?id=204843 254 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x82\x80\x80\x80\x10\x03\x0b"); 212 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x82\x80\x80\x80\x10\x03\x0b"); 255 213 256 214 // binary-leb128.wast:823 257 // FIXME: Improve wasm binary test coverage. 258 // https://bugs.webkit.org/show_bug.cgi?id=204843 259 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x82\x80\x80\x80\x40\x03\x0b"); 215 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x82\x80\x80\x80\x40\x03\x0b"); 260 216 261 217 // binary-leb128.wast:842 262 // FIXME: Improve wasm binary test coverage. 263 // https://bugs.webkit.org/show_bug.cgi?id=204843 264 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x02\x82\x80\x80\x80\x10\x0b"); 218 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x02\x82\x80\x80\x80\x10\x0b"); 265 219 266 220 // binary-leb128.wast:861 267 // FIXME: Improve wasm binary test coverage. 268 // https://bugs.webkit.org/show_bug.cgi?id=204843 269 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x02\x82\x80\x80\x80\x40\x0b"); 221 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x01\x0a\x11\x01\x0f\x01\x01\x7f\x41\x00\x41\x03\x36\x02\x82\x80\x80\x80\x40\x0b"); 270 222 271 223 // binary-leb128.wast:883 272 // FIXME: Improve wasm binary test coverage. 273 // https://bugs.webkit.org/show_bug.cgi?id=204843 274 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\x80\x80\x80\x80\x70\x0b"); 224 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\x80\x80\x80\x80\x70\x0b"); 275 225 276 226 // binary-leb128.wast:893 277 // FIXME: Improve wasm binary test coverage. 278 // https://bugs.webkit.org/show_bug.cgi?id=204843 279 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\xff\xff\xff\xff\x0f\x0b"); 227 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\xff\xff\xff\xff\x0f\x0b"); 280 228 281 229 // binary-leb128.wast:903 282 // FIXME: Improve wasm binary test coverage. 283 // https://bugs.webkit.org/show_bug.cgi?id=204843 284 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\x80\x80\x80\x80\x1f\x0b"); 230 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\x80\x80\x80\x80\x1f\x0b"); 285 231 286 232 // binary-leb128.wast:913 287 // FIXME: Improve wasm binary test coverage. 288 // https://bugs.webkit.org/show_bug.cgi?id=204843 289 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\xff\xff\xff\xff\x4f\x0b"); 233 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0a\x01\x7f\x00\x41\xff\xff\xff\xff\x4f\x0b"); 290 234 291 235 // binary-leb128.wast:924 292 // FIXME: Improve wasm binary test coverage. 293 // https://bugs.webkit.org/show_bug.cgi?id=204843 294 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\x80\x80\x80\x80\x80\x80\x80\x80\x80\x7e\x0b"); 236 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\x80\x80\x80\x80\x80\x80\x80\x80\x80\x7e\x0b"); 295 237 296 238 // binary-leb128.wast:934 297 // FIXME: Improve wasm binary test coverage. 298 // https://bugs.webkit.org/show_bug.cgi?id=204843 299 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x0b"); 239 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x0b"); 300 240 301 241 // binary-leb128.wast:944 302 // FIXME: Improve wasm binary test coverage. 303 // https://bugs.webkit.org/show_bug.cgi?id=204843 304 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\x80\x80\x80\x80\x80\x80\x80\x80\x80\x02\x0b"); 242 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\x80\x80\x80\x80\x80\x80\x80\x80\x80\x02\x0b"); 305 243 306 244 // binary-leb128.wast:954 307 // FIXME: Improve wasm binary test coverage. 308 // https://bugs.webkit.org/show_bug.cgi?id=204843 309 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\xff\xff\xff\xff\xff\xff\xff\xff\xff\x41\x0b"); 245 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x06\x0f\x01\x7e\x00\x42\xff\xff\xff\xff\xff\xff\xff\xff\xff\x41\x0b"); 310 246 311 247 // binary-leb128.wast:966 312 // FIXME: Improve wasm binary test coverage.313 // https://bugs.webkit.org/show_bug.cgi?id=204843248 // https://bugs.webkit.org/show_bug.cgi?id=173471 249 // FIXME: Implement non-trapping float to int conversions. 314 250 // let $26 = instance("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x0a\x1b\x01\x19\x00\x00\xfc\x80\x00\x00\xfc\x81\x80\x00\x00\xfc\x86\x80\x80\x00\x00\xfc\x87\x80\x80\x80\x00\x00\x0b"); 315 251 -
trunk/JSTests/wasm/spec-tests/binary.wast.js
r269831 r269998 99 99 100 100 // binary.wast:48 101 // FIXME: Improve wasm binary test coverage. 102 // https://bugs.webkit.org/show_bug.cgi?id=204843 103 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x0c\x00"); 101 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x0c\x00"); 104 102 105 103 // binary.wast:49 106 // FIXME: Improve wasm binary test coverage. 107 // https://bugs.webkit.org/show_bug.cgi?id=204843 108 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x7f\x00"); 104 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x7f\x00"); 109 105 110 106 // binary.wast:50 111 // FIXME: Improve wasm binary test coverage. 112 // https://bugs.webkit.org/show_bug.cgi?id=204843 113 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x80\x00\x01\x00"); 107 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x80\x00\x01\x00"); 114 108 115 109 // binary.wast:51 116 // FIXME: Improve wasm binary test coverage. 117 // https://bugs.webkit.org/show_bug.cgi?id=204843 118 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x81\x00\x01\x00"); 110 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x81\x00\x01\x00"); 119 111 120 112 // binary.wast:52 121 // FIXME: Improve wasm binary test coverage. 122 // https://bugs.webkit.org/show_bug.cgi?id=204843 123 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\xff\x00\x01\x00"); 113 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\xff\x00\x01\x00"); 124 114 125 115 // binary.wast:56 126 // FIXME: Improve wasm binary test coverage. 127 // https://bugs.webkit.org/show_bug.cgi?id=204843 128 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\xe0\x7f\x00\x00"); 116 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x05\x01\xe0\x7f\x00\x00"); 129 117 130 118 // binary.wast:70 … … 147 135 148 136 // binary.wast:183 149 // FIXME: Improve wasm binary test coverage. 150 // https://bugs.webkit.org/show_bug.cgi?id=204843 151 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0a\x01\x08\x00\x41\x00\x40\x80\x00\x1a\x0b"); 137 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0a\x01\x08\x00\x41\x00\x40\x80\x00\x1a\x0b"); 152 138 153 139 // binary.wast:203 154 // FIXME: Improve wasm binary test coverage. 155 // https://bugs.webkit.org/show_bug.cgi?id=204843 156 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0b\x01\x09\x00\x41\x00\x40\x80\x80\x00\x1a\x0b"); 140 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0b\x01\x09\x00\x41\x00\x40\x80\x80\x00\x1a\x0b"); 157 141 158 142 // binary.wast:222 159 // FIXME: Improve wasm binary test coverage. 160 // https://bugs.webkit.org/show_bug.cgi?id=204843 161 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0c\x01\x0a\x00\x41\x00\x40\x80\x80\x80\x00\x1a\x0b"); 143 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0c\x01\x0a\x00\x41\x00\x40\x80\x80\x80\x00\x1a\x0b"); 162 144 163 145 // binary.wast:241 164 // FIXME: Improve wasm binary test coverage. 165 // https://bugs.webkit.org/show_bug.cgi?id=204843 166 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0d\x01\x0b\x00\x41\x00\x40\x80\x80\x80\x80\x00\x1a\x0b"); 146 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0d\x01\x0b\x00\x41\x00\x40\x80\x80\x80\x80\x00\x1a\x0b"); 167 147 168 148 // binary.wast:261 … … 170 150 171 151 // binary.wast:280 172 // FIXME: Improve wasm binary test coverage. 173 // https://bugs.webkit.org/show_bug.cgi?id=204843 174 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x08\x01\x06\x00\x3f\x80\x00\x1a\x0b"); 152 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x08\x01\x06\x00\x3f\x80\x00\x1a\x0b"); 175 153 176 154 // binary.wast:299 177 // FIXME: Improve wasm binary test coverage. 178 // https://bugs.webkit.org/show_bug.cgi?id=204843 179 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x09\x01\x07\x00\x3f\x80\x80\x00\x1a\x0b"); 155 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x09\x01\x07\x00\x3f\x80\x80\x00\x1a\x0b"); 180 156 181 157 // binary.wast:317 182 // FIXME: Improve wasm binary test coverage. 183 // https://bugs.webkit.org/show_bug.cgi?id=204843 184 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0a\x01\x08\x00\x3f\x80\x80\x80\x00\x1a\x0b"); 158 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0a\x01\x08\x00\x3f\x80\x80\x80\x00\x1a\x0b"); 185 159 186 160 // binary.wast:335 187 // FIXME: Improve wasm binary test coverage. 188 // https://bugs.webkit.org/show_bug.cgi?id=204843 189 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0b\x01\x09\x00\x3f\x80\x80\x80\x80\x00\x1a\x0b"); 161 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x05\x03\x01\x00\x00\x0a\x0b\x01\x09\x00\x3f\x80\x80\x80\x80\x00\x1a\x0b"); 190 162 191 163 // binary.wast:354 … … 226 198 227 199 // binary.wast:475 228 // FIXME: Improve wasm binary test coverage. 229 // https://bugs.webkit.org/show_bug.cgi?id=204843 230 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x04"); 200 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x04"); 231 201 232 202 // binary.wast:485 233 // FIXME: Improve wasm binary test coverage. 234 // https://bugs.webkit.org/show_bug.cgi?id=204843 235 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x04\x00"); 203 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x04\x00"); 236 204 237 205 // binary.wast:496 238 // FIXME: Improve wasm binary test coverage. 239 // https://bugs.webkit.org/show_bug.cgi?id=204843 240 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x05"); 206 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x05"); 241 207 242 208 // binary.wast:506 243 // FIXME: Improve wasm binary test coverage. 244 // https://bugs.webkit.org/show_bug.cgi?id=204843 245 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x05\x00"); 209 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x05\x00"); 246 210 247 211 // binary.wast:517 248 // FIXME: Improve wasm binary test coverage. 249 // https://bugs.webkit.org/show_bug.cgi?id=204843 250 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x80"); 212 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x04\x01\x00\x00\x80"); 251 213 252 214 // binary.wast:527 253 // FIXME: Improve wasm binary test coverage. 254 // https://bugs.webkit.org/show_bug.cgi?id=204843 255 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x80\x00"); 215 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x02\x05\x01\x00\x00\x80\x00"); 256 216 257 217 // binary.wast:540 … … 268 228 269 229 // binary.wast:600 270 // FIXME: Improve wasm binary test coverage. 271 // https://bugs.webkit.org/show_bug.cgi?id=204843 272 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x70\x02"); 230 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x70\x02"); 273 231 274 232 // binary.wast:609 275 // FIXME: Improve wasm binary test coverage. 276 // https://bugs.webkit.org/show_bug.cgi?id=204843 277 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x04\x01\x70\x02\x00"); 233 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x04\x01\x70\x02\x00"); 278 234 279 235 // binary.wast:619 280 // FIXME: Improve wasm binary test coverage. 281 // https://bugs.webkit.org/show_bug.cgi?id=204843 282 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x06\x01\x70\x81\x00\x00\x00"); 236 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x06\x01\x70\x81\x00\x00\x00"); 283 237 284 238 // binary.wast:631 … … 289 243 290 244 // binary.wast:647 291 // FIXME: Improve wasm binary test coverage. 292 // https://bugs.webkit.org/show_bug.cgi?id=204843 293 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x02\x01\x02"); 245 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x02\x01\x02"); 294 246 295 247 // binary.wast:655 296 // FIXME: Improve wasm binary test coverage. 297 // https://bugs.webkit.org/show_bug.cgi?id=204843 298 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x02\x00"); 248 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x03\x01\x02\x00"); 299 249 300 250 // binary.wast:664 301 // FIXME: Improve wasm binary test coverage. 302 // https://bugs.webkit.org/show_bug.cgi?id=204843 303 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x05\x01\x81\x00\x00\x00"); 251 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x05\x01\x81\x00\x00\x00"); 304 252 305 253 // binary.wast:673 306 // FIXME: Improve wasm binary test coverage. 307 // https://bugs.webkit.org/show_bug.cgi?id=204843 308 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x05\x01\x81\x01\x00\x00"); 254 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x05\x05\x01\x81\x01\x00\x00"); 309 255 310 256 // binary.wast:684 … … 330 276 331 277 // binary.wast:779 332 // FIXME: Improve wasm binary test coverage. 333 // https://bugs.webkit.org/show_bug.cgi?id=204843 334 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x01\x09\x07\x02\x00\x41\x00\x0b\x01\x00"); 278 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x01\x09\x07\x02\x00\x41\x00\x0b\x01\x00"); 335 279 336 280 // binary.wast:795 337 // FIXME: Improve wasm binary test coverage. 338 // https://bugs.webkit.org/show_bug.cgi?id=204843 339 // assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x01\x09\x07\x02\x00\x41\x00\x0b\x01\x00\x00\x41\x00"); 281 assert_malformed("\x00\x61\x73\x6d\x01\x00\x00\x00\x01\x04\x01\x60\x00\x00\x03\x02\x01\x00\x04\x04\x01\x70\x00\x01\x09\x07\x02\x00\x41\x00\x0b\x01\x00\x00\x41\x00"); 340 282 341 283 // binary.wast:812 -
trunk/JSTests/wasm/wasm.json
r269929 r269998 98 98 "f32.store": { "category": "memory", "value": 56, "return": [], "parameter": ["addr", "f32"], "immediate": [{"name": "flags", "type": "varuint32"}, {"name": "offset", "type": "varuint32"}], "description": "store to memory" }, 99 99 "f64.store": { "category": "memory", "value": 57, "return": [], "parameter": ["addr", "f64"], "immediate": [{"name": "flags", "type": "varuint32"}, {"name": "offset", "type": "varuint32"}], "description": "store to memory" }, 100 "current_memory": { "category": "operation", "value": 63, "return": ["size"], "parameter": [], "immediate": [{"name": "flags", "type": " varuint32"}], "description": "query the size of memory" },101 "grow_memory": { "category": "operation", "value": 64, "return": ["size"], "parameter": ["size"], "immediate": [{"name": "flags", "type": " varuint32"}], "description": "grow the size of memory" },100 "current_memory": { "category": "operation", "value": 63, "return": ["size"], "parameter": [], "immediate": [{"name": "flags", "type": "uint8"}], "description": "query the size of memory" }, 101 "grow_memory": { "category": "operation", "value": 64, "return": ["size"], "parameter": ["size"], "immediate": [{"name": "flags", "type": "uint8"}], "description": "grow the size of memory" }, 102 102 "i32.add": { "category": "arithmetic", "value": 106, "return": ["i32"], "parameter": ["i32", "i32"], "immediate": [], "b3op": "Add" }, 103 103 "i32.sub": { "category": "arithmetic", "value": 107, "return": ["i32"], "parameter": ["i32", "i32"], "immediate": [], "b3op": "Sub" }, -
trunk/Source/JavaScriptCore/ChangeLog
r269974 r269998 1 2020-11-17 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] Improve Wasm binary test coverage 4 https://bugs.webkit.org/show_bug.cgi?id=204843 5 6 Reviewed by Darin Adler. 7 8 This patch fixes some of bugs in wasm parser so that we validate malformed wasm modules more strictly. 9 10 1. current_memory / grow_memory should have uint8 flag, not varuint32 flag. 11 2. global section should have uint8 mutability information, not varuint32. 12 3. memory section should have varuint32 memory count. 13 14 * wasm/WasmFunctionParser.h: 15 (JSC::Wasm::FunctionParser<Context>::parseExpression): 16 (JSC::Wasm::FunctionParser<Context>::parseUnreachableExpression): 17 * wasm/WasmSectionParser.cpp: 18 (JSC::Wasm::SectionParser::parseResizableLimits): 19 (JSC::Wasm::SectionParser::parseMemory): 20 (JSC::Wasm::SectionParser::parseGlobalType): 21 * wasm/wasm.json: 22 1 23 2020-11-18 Yusuke Suzuki <ysuzuki@apple.com> 2 24 -
trunk/Source/JavaScriptCore/wasm/WasmFunctionParser.h
r269729 r269998 839 839 840 840 uint8_t reserved; 841 WASM_PARSER_FAIL_IF(!parse VarUInt1(reserved), "can't parse reserved varUint1for grow_memory");842 WASM_PARSER_FAIL_IF(reserved != 0, "reserved varUint1for grow_memory must be zero");841 WASM_PARSER_FAIL_IF(!parseUInt8(reserved), "can't parse reserved byte for grow_memory"); 842 WASM_PARSER_FAIL_IF(reserved != 0, "reserved byte for grow_memory must be zero"); 843 843 844 844 TypedExpression delta; … … 857 857 858 858 uint8_t reserved; 859 WASM_PARSER_FAIL_IF(!parse VarUInt1(reserved), "can't parse reserved varUint1for current_memory");860 WASM_PARSER_FAIL_IF(reserved != 0, "reserved varUint1for current_memory must be zero");859 WASM_PARSER_FAIL_IF(!parseUInt8(reserved), "can't parse reserved byte for current_memory"); 860 WASM_PARSER_FAIL_IF(reserved != 0, "reserved byte for current_memory must be zero"); 861 861 862 862 ExpressionType result; … … 1008 1008 case CurrentMemory: { 1009 1009 uint8_t reserved; 1010 WASM_PARSER_FAIL_IF(!parseVarUInt1(reserved), "can't parse reserved varUint1 for grow_memory/current_memory"); 1010 WASM_PARSER_FAIL_IF(!parseUInt8(reserved), "can't parse reserved byte for grow_memory/current_memory"); 1011 WASM_PARSER_FAIL_IF(reserved != 0, "reserved byte for grow_memory/current_memory must be zero"); 1011 1012 return { }; 1012 1013 } -
trunk/Source/JavaScriptCore/wasm/WasmSectionParser.cpp
r269729 r269998 35 35 #include "WasmOps.h" 36 36 #include "WasmSignatureInlines.h" 37 #include <wtf/HexNumber.h> 37 38 #include <wtf/Optional.h> 38 39 … … 182 183 183 184 uint8_t flags; 184 WASM_PARSER_FAIL_IF(!parseVarUInt1(flags), "can't parse resizable limits flags"); 185 WASM_PARSER_FAIL_IF(!parseUInt8(flags), "can't parse resizable limits flags"); 186 WASM_PARSER_FAIL_IF(flags != 0x0 && flags != 0x1, "resizable limits flag should be 0x00 or 0x01 but 0x", hex(flags, 2, Lowercase)); 185 187 WASM_PARSER_FAIL_IF(!parseVarUInt32(initial), "can't parse resizable limits initial page count"); 186 188 … … 264 266 auto SectionParser::parseMemory() -> PartialResult 265 267 { 266 uint 8_t count;267 WASM_PARSER_FAIL_IF(!parseVarUInt 1(count), "can't parse Memory section's count");268 uint32_t count; 269 WASM_PARSER_FAIL_IF(!parseVarUInt32(count), "can't parse Memory section's count"); 268 270 269 271 if (!count) … … 507 509 uint8_t mutability; 508 510 WASM_PARSER_FAIL_IF(!parseValueType(global.type), "can't get Global's value type"); 509 WASM_PARSER_FAIL_IF(!parseVarUInt1(mutability), "can't get Global type's mutability"); 511 WASM_PARSER_FAIL_IF(!parseUInt8(mutability), "can't get Global type's mutability"); 512 WASM_PARSER_FAIL_IF(mutability != 0x0 && mutability != 0x1, "invalid Global's mutability: 0x", hex(mutability, 2, Lowercase)); 510 513 global.mutability = static_cast<GlobalInformation::Mutability>(mutability); 511 514 return { }; -
trunk/Source/JavaScriptCore/wasm/wasm.json
r269929 r269998 98 98 "f32.store": { "category": "memory", "value": 56, "return": [], "parameter": ["addr", "f32"], "immediate": [{"name": "flags", "type": "varuint32"}, {"name": "offset", "type": "varuint32"}], "description": "store to memory" }, 99 99 "f64.store": { "category": "memory", "value": 57, "return": [], "parameter": ["addr", "f64"], "immediate": [{"name": "flags", "type": "varuint32"}, {"name": "offset", "type": "varuint32"}], "description": "store to memory" }, 100 "current_memory": { "category": "operation", "value": 63, "return": ["size"], "parameter": [], "immediate": [{"name": "flags", "type": " varuint32"}], "description": "query the size of memory" },101 "grow_memory": { "category": "operation", "value": 64, "return": ["size"], "parameter": ["size"], "immediate": [{"name": "flags", "type": " varuint32"}], "description": "grow the size of memory" },100 "current_memory": { "category": "operation", "value": 63, "return": ["size"], "parameter": [], "immediate": [{"name": "flags", "type": "uint8"}], "description": "query the size of memory" }, 101 "grow_memory": { "category": "operation", "value": 64, "return": ["size"], "parameter": ["size"], "immediate": [{"name": "flags", "type": "uint8"}], "description": "grow the size of memory" }, 102 102 "i32.add": { "category": "arithmetic", "value": 106, "return": ["i32"], "parameter": ["i32", "i32"], "immediate": [], "b3op": "Add" }, 103 103 "i32.sub": { "category": "arithmetic", "value": 107, "return": ["i32"], "parameter": ["i32", "i32"], "immediate": [], "b3op": "Sub" }, -
trunk/Source/WTF/ChangeLog
r269985 r269998 1 2020-11-17 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] Improve Wasm binary test coverage 4 https://bugs.webkit.org/show_bug.cgi?id=204843 5 6 Reviewed by Darin Adler. 7 8 LEBDecoder should have more strict validation. One thing is that, we should reject pattern that includes ignored bits. 9 For example, in uint32_t, we can represent UINT32_MAX in 5 bytes like this. 10 11 0xff, 0xff, 0xff, 0xff, 0x0f 12 0b1111111_1111111_1111111_1111111_1111 13 14 Leading bytes has 0x80 trailing marker. And they includes each 7 bit slice. And the last byte includes 0b1111 part. 15 But we can also make it in the following form 16 17 0xff, 0xff, 0xff, 0xff, 0xff 18 0b1111111_1111111_1111111_1111111_1111 19 20 In the above case, the last byte's upper 4 bits are ignored in the result, and this is wrong in LEB128 encoding. 21 We should reject this input since the last byte includes overflown bits. 22 This patch adds this validation to WTF. 23 24 * wtf/LEBDecoder.h: 25 (WTF::LEBDecoder::maxByteLength): 26 (WTF::LEBDecoder::lastByteMask): 27 (WTF::LEBDecoder::decodeUInt): 28 (WTF::LEBDecoder::decodeInt): 29 1 30 2020-11-18 Darin Adler <darin@apple.com> 2 31 -
trunk/Source/WTF/wtf/HexNumber.cpp
r241751 r269998 20 20 #include "config.h" 21 21 #include "HexNumber.h" 22 23 #include <wtf/PrintStream.h> 24 #include <wtf/text/StringView.h> 22 25 23 26 namespace WTF { … … 44 47 } 45 48 49 void printInternal(PrintStream& out, HexNumberBuffer buffer) 50 { 51 out.print(StringView(buffer.characters(), buffer.length)); 52 } 53 46 54 } // namespace WTF -
trunk/Source/WTF/wtf/HexNumber.h
r256420 r269998 89 89 }; 90 90 91 class PrintStream; 92 WTF_EXPORT_PRIVATE void printInternal(PrintStream&, HexNumberBuffer); 93 91 94 } // namespace WTF 92 95 -
trunk/Source/WTF/wtf/LEBDecoder.h
r237429 r269998 39 39 constexpr size_t maxByteLength() 40 40 { 41 const size_t numBits = sizeof(T) * CHAR_BIT;41 constexpr size_t numBits = sizeof(T) * CHAR_BIT; 42 42 return (numBits - 1) / 7 + 1; // numBits / 7 rounding up. 43 } 44 45 template<typename T> 46 constexpr unsigned lastByteMask() 47 { 48 constexpr size_t numBits = sizeof(T) * CHAR_BIT; 49 static_assert(numBits % 7); 50 return ~((1U << (numBits % 7)) - 1); 43 51 } 44 52 … … 46 54 inline bool WARN_UNUSED_RETURN decodeUInt(const uint8_t* bytes, size_t length, size_t& offset, T& result) 47 55 { 56 static_assert(std::is_unsigned_v<T>); 48 57 if (length <= offset) 49 58 return false; … … 56 65 shift += 7; 57 66 if (!(byte & 0x80)) 58 return true;67 return !(((maxByteLength<T>() - 1) == i && (byte & lastByteMask<T>()))); 59 68 if (i == last) 60 69 return false; … … 67 76 inline bool WARN_UNUSED_RETURN decodeInt(const uint8_t* bytes, size_t length, size_t& offset, T& result) 68 77 { 78 static_assert(std::is_signed_v<T>); 69 79 if (length <= offset) 70 80 return false; 81 using UnsignedT = typename std::make_unsigned<T>::type; 71 82 result = 0; 72 83 unsigned shift = 0; … … 75 86 for (unsigned i = 0; true; ++i) { 76 87 byte = bytes[offset++]; 77 result |= static_cast<T>( byte & 0x7f) << shift;88 result |= static_cast<T>(static_cast<UnsignedT>(byte & 0x7f) << shift); 78 89 shift += 7; 79 if (!(byte & 0x80)) 90 if (!(byte & 0x80)) { 91 if ((maxByteLength<T>() - 1) == i) { 92 if (!(byte & 0x40)) { 93 // This is a non-sign-extended, positive number. Then, the remaining bits should be (lastByteMask<T>() >> 1). 94 // For example, in the int32_t case, the last byte should be less than 0b00000111, since 7 * 4 + 3 = 31. 95 if (byte & (lastByteMask<T>() >> 1)) 96 return false; 97 } else { 98 // This is sign-extended, negative number. Then, zero should not exists in (lastByteMask<T>() >> 1) bits except for the top bit. 99 // For example, in the int32_t case, the last byte should be 0b01111XXX and 1 part must be 1. Since we already checked 0x40 is 1, 100 // middle [3,5] bits must be zero (e.g. 0b01000111 is invalid). We convert 0b01111XXX =(| 0x80)=> 0b11111XXX =(~)=> 0b00000YYY. 101 // And check that we do not have 1 in upper 5 bits. 102 if (static_cast<uint8_t>(~(byte | 0x80)) & (lastByteMask<T>() >> 1)) 103 return false; 104 } 105 } 80 106 break; 107 } 81 108 if (i == last) 82 109 return false; 83 110 } 84 111 85 using UnsignedT = typename std::make_unsigned<T>::type;86 112 const size_t numBits = sizeof(T) * CHAR_BIT; 87 113 if (shift < numBits && (byte & 0x40)) -
trunk/Tools/ChangeLog
r269992 r269998 1 2020-11-17 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] Improve Wasm binary test coverage 4 https://bugs.webkit.org/show_bug.cgi?id=204843 5 6 Reviewed by Darin Adler. 7 8 We add more tests for LEBDecoder. In particular, the added tests focus on the case which overflow bits. 9 10 * TestWebKitAPI/Tests/WTF/LEBDecoder.cpp: 11 (TestWebKitAPI::toString): 12 (TestWebKitAPI::testUInt32LEBDecode): 13 (TestWebKitAPI::TEST): 14 (TestWebKitAPI::testUInt64LEBDecode): 15 (TestWebKitAPI::testInt32LEBDecode): 16 (TestWebKitAPI::testInt64LEBDecode): 17 1 18 2020-11-18 Aakash Jain <aakash_jain@apple.com> 2 19 -
trunk/Tools/TestWebKitAPI/Tests/WTF/LEBDecoder.cpp
r209586 r269998 26 26 #include "config.h" 27 27 28 #include <string> 28 29 #include <wtf/LEBDecoder.h> 29 30 #include <wtf/Vector.h> … … 31 32 namespace TestWebKitAPI { 32 33 34 static std::string toString(const Vector<uint8_t>& vector) 35 { 36 std::stringstream out; 37 out << std::hex; 38 out << "{ "; 39 for (uint8_t v : vector) 40 out << "0x" << std::setfill('0') << std::setw(2) << static_cast<unsigned>(v) << ", "; 41 out << "}"; 42 return out.str(); 43 } 44 33 45 static void testUInt32LEBDecode(std::initializer_list<uint8_t> data, size_t startOffset, bool expectedStatus, uint32_t expectedResult, size_t expectedOffset) 34 46 { 35 47 Vector<uint8_t> vector(data); 48 auto string = toString(vector); 36 49 uint32_t result; 37 50 bool status = WTF::LEBDecoder::decodeUInt32(vector.data(), vector.size(), startOffset, result); 38 EXPECT_EQ(expectedStatus, status) ;39 if (expectedStatus) { 40 EXPECT_EQ(expectedResult, result) ;41 EXPECT_EQ(expectedOffset, startOffset) ;51 EXPECT_EQ(expectedStatus, status) << string; 52 if (expectedStatus) { 53 EXPECT_EQ(expectedResult, result) << string; 54 EXPECT_EQ(expectedOffset, startOffset) << string; 42 55 } 43 56 } … … 52 65 testUInt32LEBDecode({ 0xf3, 0x85, 0x02 }, 0, true, 0x82f3lu, 3lu); 53 66 testUInt32LEBDecode({ 0xf3, 0x85, 0xff, 0x74 }, 0, true, 0xe9fc2f3lu, 4lu); 54 testUInt32LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x7f }, 0, true, 0xfe9fc2f3lu, 5lu); 67 testUInt32LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x0f }, 0, true, 0xfe9fc2f3lu, 5lu); 68 testUInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x0f }, 0, true, 0xfffffffflu, 5lu); 55 69 // Test with extra trailing numbers 56 70 testUInt32LEBDecode({ 0x07, 0x80 }, 0, true, 0x7lu, 1lu); … … 76 90 // Test decode off end of array 77 91 testUInt32LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 2, false, 0x0lu, 0lu); 92 // Test decode overflow 93 testUInt32LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x1f }, 0, false, 0x0lu, 0lu); 94 testUInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x10 }, 0, false, 0x0lu, 0lu); 78 95 } 79 96 … … 81 98 { 82 99 Vector<uint8_t> vector(data); 100 auto string = toString(vector); 83 101 uint64_t result; 84 102 bool status = WTF::LEBDecoder::decodeUInt64(vector.data(), vector.size(), startOffset, result); 85 EXPECT_EQ(expectedStatus, status) ;86 if (expectedStatus) { 87 EXPECT_EQ(expectedResult, result) ;88 EXPECT_EQ(expectedOffset, startOffset) ;103 EXPECT_EQ(expectedStatus, status) << string; 104 if (expectedStatus) { 105 EXPECT_EQ(expectedResult, result) << string; 106 EXPECT_EQ(expectedOffset, startOffset) << string; 89 107 } 90 108 } … … 105 123 testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f, 0x69 }, 0, true, 0x691eea5ffe9fc2f3lu, 9lu); 106 124 testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f, 0xe9, 0x01 }, 0, true, 0xe91eea5ffe9fc2f3lu, 10lu); 107 testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f, 0xe9, 0x70 }, 0, true, 0x691eea5ffe9fc2f3lu, 10lu); 125 testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f, 0xe9, 0x00 }, 0, true, 0x691eea5ffe9fc2f3lu, 10lu); 126 testUInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01 }, 0, true, 0xfffffffffffffffflu, 10lu); 108 127 // Test with extra trailing numbers 109 128 testUInt64LEBDecode({ 0x07, 0x80 }, 0, true, 0x7lu, 1lu); … … 136 155 testUInt64LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 2, false, 0x0lu, 0lu); 137 156 testUInt64LEBDecode({ 0x92, 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f }, 1, false, 0x0lu, 0lu); 157 // Test decode overflow 158 testUInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0xff, 0xcb, 0xba, 0x8f, 0xe9, 0x02 }, 0, false, 0x0lu, 0lu); 138 159 } 139 160 … … 141 162 { 142 163 Vector<uint8_t> vector(data); 164 auto string = toString(vector); 143 165 int32_t result; 144 166 bool status = WTF::LEBDecoder::decodeInt32(vector.data(), vector.size(), startOffset, result); 145 EXPECT_EQ(expectedStatus, status) ;146 if (expectedStatus) { 147 EXPECT_EQ(expectedResult, result) ;148 EXPECT_EQ(expectedOffset, startOffset) ;167 EXPECT_EQ(expectedStatus, status) << string; 168 if (expectedStatus) { 169 EXPECT_EQ(expectedResult, result) << string; 170 EXPECT_EQ(expectedOffset, startOffset) << string; 149 171 } 150 172 } … … 160 182 testInt32LEBDecode({ 0xf3, 0x85, 0xff, 0x74 }, 0, true, 0xfe9fc2f3, 4lu); 161 183 testInt32LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x7f }, 0, true, 0xfe9fc2f3, 5lu); 184 testInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x07 }, 0, true, INT32_MAX, 5lu); 185 testInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x7f }, 0, true, -1, 5lu); 186 testInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x7b }, 0, true, -1073741825, 5lu); 162 187 // Test with extra trailing numbers 163 188 testInt32LEBDecode({ 0x07, 0x80 }, 0, true, 0x7, 1lu); … … 183 208 // Test decode off end of array 184 209 testInt32LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 2, false, 0x0, 0lu); 210 // Test decode overflow 211 testInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x08 }, 0, false, 0, 0lu); 212 testInt32LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0x77 }, 0, false, 0, 0lu); 185 213 } 186 214 … … 188 216 { 189 217 Vector<uint8_t> vector(data); 218 auto string = toString(vector); 190 219 int64_t result; 191 220 bool status = WTF::LEBDecoder::decodeInt64(vector.data(), vector.size(), startOffset, result); 192 EXPECT_EQ(expectedStatus, status) ;193 if (expectedStatus) { 194 EXPECT_EQ(expectedResult, result) ;195 EXPECT_EQ(expectedOffset, startOffset) ;221 EXPECT_EQ(expectedStatus, status) << string; 222 if (expectedStatus) { 223 EXPECT_EQ(expectedResult, result) << string; 224 EXPECT_EQ(expectedOffset, startOffset) << string; 196 225 } 197 226 } … … 211 240 testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0x2a }, 0, true, 0x5400d0fe9fc2f3, 8lu); 212 241 testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0xaa, 0x41 }, 0, true, 0xc15400d0fe9fc2f3, 9lu); 213 testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0xaa, 0xc1, 0x01 }, 0, true, 0xc15400d0fe9fc2f3, 10lu); 214 testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0xaa, 0xc1, 0x62 }, 0, true, 0x415400d0fe9fc2f3, 10lu); 242 testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f, }, 0, true, INT64_MAX >> 1, 9lu); 243 testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f, }, 0, true, -1, 9lu); 244 testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00 }, 0, true, INT64_MAX, 10lu); 245 testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, 0, true, -1, 10lu); 246 testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0xaa, 0xc1, 0x7f }, 0, true, 0xc15400d0fe9fc2f3, 10lu); 247 testInt64LEBDecode({ 0xf3, 0x85, 0xff, 0xf4, 0x8f, 0x9a, 0x80, 0xaa, 0xc1, 0x00 }, 0, true, 0x415400d0fe9fc2f3, 10lu); 215 248 // Test with extra trailing numbers 216 249 testInt64LEBDecode({ 0x07, 0x80 }, 0, true, 0x7, 1lu); … … 234 267 testInt64LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 1, false, 0x0, 0lu); 235 268 testInt64LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 0, false, 0x0, 0lu); 269 testInt64LEBDecode({ 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x00 }, 0, false, 0lu, 0lu); 236 270 // Test decode off end of array 237 271 testInt64LEBDecode({ 0x80, 0x80, 0xab, 0x8a, 0x9a, 0xa3, 0xff }, 2, false, 0x0, 0lu); 272 // Test decode overflow 273 testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x01 }, 0, false, 0, 0lu); 274 testInt64LEBDecode({ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7e }, 0, false, 0, 0lu); 238 275 } 239 276
Note: See TracChangeset
for help on using the changeset viewer.