1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* vim: set ts=8 sts=2 et sw=2 tw=80:
*
* Copyright 2016 Mozilla Foundation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef wasm_validate_h
#define wasm_validate_h
#include <type_traits>
#include "js/Utility.h"
#include "js/WasmFeatures.h"
#include "wasm/WasmBinary.h"
#include "wasm/WasmCompile.h"
#include "wasm/WasmCompileArgs.h"
#include "wasm/WasmModuleTypes.h"
#include "wasm/WasmProcess.h"
#include "wasm/WasmTypeDef.h"
namespace js {
namespace wasm {
using mozilla::Some;
// ModuleEnvironment contains all the state necessary to process or render
// functions, and all of the state necessary to validate all aspects of the
// functions.
//
// A ModuleEnvironment is created by decoding all the sections before the wasm
// code section and then used immutably during. When compiling a module using a
// ModuleGenerator, the ModuleEnvironment holds state shared between the
// ModuleGenerator thread and background compile threads. All the threads
// are given a read-only view of the ModuleEnvironment, thus preventing race
// conditions.
struct ModuleEnvironment {
// Constant parameters for the entire compilation:
const ModuleKind kind;
const FeatureArgs features;
// Module fields decoded from the module environment (or initialized while
// validating an asm.js module) and immutable during compilation:
Maybe<uint32_t> dataCount;
MemoryDescVector memories;
MutableTypeContext types;
FuncDescVector funcs;
uint32_t numFuncImports;
uint32_t numGlobalImports;
GlobalDescVector globals;
TagDescVector tags;
TableDescVector tables;
Uint32Vector asmJSSigToTableIndex;
ImportVector imports;
ExportVector exports;
Maybe<uint32_t> startFuncIndex;
ModuleElemSegmentVector elemSegments;
MaybeSectionRange codeSection;
// The start offset of the FuncImportInstanceData[] section of the instance
// data. There is one entry for every imported function.
uint32_t funcImportsOffsetStart;
// The start offset of the TypeDefInstanceData[] section of the instance
// data. There is one entry for every type.
uint32_t typeDefsOffsetStart;
// The start offset of the MemoryInstanceData[] section of the instance data.
// There is one entry for every memory.
uint32_t memoriesOffsetStart;
// The start offset of the TableInstanceData[] section of the instance data.
// There is one entry for every table.
uint32_t tablesOffsetStart;
// The start offset of the tag section of the instance data. There is one
// entry for every tag.
uint32_t tagsOffsetStart;
// Fields decoded as part of the wasm module tail:
DataSegmentEnvVector dataSegments;
CustomSectionEnvVector customSections;
Maybe<uint32_t> nameCustomSectionIndex;
Maybe<Name> moduleName;
NameVector funcNames;
explicit ModuleEnvironment(FeatureArgs features,
ModuleKind kind = ModuleKind::Wasm)
: kind(kind),
features(features),
numFuncImports(0),
numGlobalImports(0),
funcImportsOffsetStart(UINT32_MAX),
typeDefsOffsetStart(UINT32_MAX),
memoriesOffsetStart(UINT32_MAX),
tablesOffsetStart(UINT32_MAX),
tagsOffsetStart(UINT32_MAX) {}
[[nodiscard]] bool init() {
types = js_new<TypeContext>(features);
return types;
}
size_t numTables() const { return tables.length(); }
size_t numTypes() const { return types->length(); }
size_t numFuncs() const { return funcs.length(); }
size_t numFuncDefs() const { return funcs.length() - numFuncImports; }
bool funcIsImport(uint32_t funcIndex) const {
return funcIndex < numFuncImports;
}
size_t numMemories() const { return memories.length(); }
#define WASM_FEATURE(NAME, SHORT_NAME, ...) \
bool SHORT_NAME##Enabled() const { return features.SHORT_NAME; }
JS_FOR_WASM_FEATURES(WASM_FEATURE)
#undef WASM_FEATURE
Shareable sharedMemoryEnabled() const { return features.sharedMemory; }
bool simdAvailable() const { return features.simd; }
bool isAsmJS() const { return kind == ModuleKind::AsmJS; }
// A builtin module is a host constructed wasm module that exports host
// functionality, using special opcodes. Otherwise, it has the same rules
// as wasm modules and so it does not get a new ModuleKind.
bool isBuiltinModule() const { return features.isBuiltinModule; }
bool hugeMemoryEnabled(uint32_t memoryIndex) const {
return !isAsmJS() && memoryIndex < memories.length() &&
IsHugeMemoryEnabled(memories[memoryIndex].indexType());
}
bool usesSharedMemory(uint32_t memoryIndex) const {
return memoryIndex < memories.length() && memories[memoryIndex].isShared();
}
void declareFuncExported(uint32_t funcIndex, bool eager, bool canRefFunc) {
FuncFlags flags = funcs[funcIndex].flags;
// Set the `Exported` flag, if not set.
flags = FuncFlags(uint8_t(flags) | uint8_t(FuncFlags::Exported));
// Merge in the `Eager` and `CanRefFunc` flags, if they're set. Be sure
// to not unset them if they've already been set.
if (eager) {
flags = FuncFlags(uint8_t(flags) | uint8_t(FuncFlags::Eager));
}
if (canRefFunc) {
flags = FuncFlags(uint8_t(flags) | uint8_t(FuncFlags::CanRefFunc));
}
funcs[funcIndex].flags = flags;
}
uint32_t offsetOfFuncImportInstanceData(uint32_t funcIndex) const {
MOZ_ASSERT(funcIndex < numFuncImports);
return funcImportsOffsetStart + funcIndex * sizeof(FuncImportInstanceData);
}
uint32_t offsetOfTypeDefInstanceData(uint32_t typeIndex) const {
MOZ_ASSERT(typeIndex < types->length());
return typeDefsOffsetStart + typeIndex * sizeof(TypeDefInstanceData);
}
uint32_t offsetOfTypeDef(uint32_t typeIndex) const {
return offsetOfTypeDefInstanceData(typeIndex) +
offsetof(TypeDefInstanceData, typeDef);
}
uint32_t offsetOfSuperTypeVector(uint32_t typeIndex) const {
return offsetOfTypeDefInstanceData(typeIndex) +
offsetof(TypeDefInstanceData, superTypeVector);
}
uint32_t offsetOfMemoryInstanceData(uint32_t memoryIndex) const {
MOZ_ASSERT(memoryIndex < memories.length());
return memoriesOffsetStart + memoryIndex * sizeof(MemoryInstanceData);
}
uint32_t offsetOfTableInstanceData(uint32_t tableIndex) const {
MOZ_ASSERT(tableIndex < tables.length());
return tablesOffsetStart + tableIndex * sizeof(TableInstanceData);
}
uint32_t offsetOfTagInstanceData(uint32_t tagIndex) const {
MOZ_ASSERT(tagIndex < tags.length());
return tagsOffsetStart + tagIndex * sizeof(TagInstanceData);
}
};
// ElemSegmentFlags provides methods for decoding and encoding the flags field
// of an element segment. This is needed as the flags field has a non-trivial
// encoding that is effectively split into independent `kind` and `payload`
// enums.
class ElemSegmentFlags {
enum class Flags : uint32_t {
// 0 means active. 1 means (passive or declared), disambiguated by the next
// bit.
Passive = 0x1,
// For active segments, 1 means a table index is present. Otherwise, 0 means
// passive and 1 means declared.
TableIndexOrDeclared = 0x2,
// 0 means element kind / index (currently only func indexes). 1 means
// element ref type and initializer expressions.
ElemExpressions = 0x4,
// Below this line are convenient combinations of flags
KindMask = Passive | TableIndexOrDeclared,
PayloadMask = ElemExpressions,
AllFlags = Passive | TableIndexOrDeclared | ElemExpressions,
};
uint32_t encoded_;
explicit ElemSegmentFlags(uint32_t encoded) : encoded_(encoded) {}
public:
ElemSegmentFlags(ElemSegmentKind kind, ElemSegmentPayload payload) {
encoded_ = uint32_t(kind) | uint32_t(payload);
}
static Maybe<ElemSegmentFlags> construct(uint32_t encoded) {
if (encoded > uint32_t(Flags::AllFlags)) {
return Nothing();
}
return Some(ElemSegmentFlags(encoded));
}
uint32_t encoded() const { return encoded_; }
ElemSegmentKind kind() const {
return static_cast<ElemSegmentKind>(encoded_ & uint32_t(Flags::KindMask));
}
ElemSegmentPayload payload() const {
return static_cast<ElemSegmentPayload>(encoded_ &
uint32_t(Flags::PayloadMask));
}
};
// OpIter specialized for validation.
class NothingVector {
Nothing unused_;
public:
bool reserve(size_t size) { return true; }
bool resize(size_t length) { return true; }
Nothing& operator[](size_t) { return unused_; }
Nothing& back() { return unused_; }
size_t length() const { return 0; }
bool append(Nothing& nothing) { return true; }
void infallibleAppend(Nothing& nothing) {}
};
struct ValidatingPolicy {
using Value = Nothing;
using ValueVector = NothingVector;
using ControlItem = Nothing;
};
template <typename Policy>
class OpIter;
using ValidatingOpIter = OpIter<ValidatingPolicy>;
// Shared subtyping function across validation.
[[nodiscard]] bool CheckIsSubtypeOf(Decoder& d, const ModuleEnvironment& env,
size_t opcodeOffset, StorageType subType,
StorageType superType);
// The local entries are part of function bodies and thus serialized by both
// wasm and asm.js and decoded as part of both validation and compilation.
[[nodiscard]] bool EncodeLocalEntries(Encoder& e, const ValTypeVector& locals);
// This performs no validation; the local entries must already have been
// validated by an earlier pass.
[[nodiscard]] bool DecodeValidatedLocalEntries(const TypeContext& types,
Decoder& d,
ValTypeVector* locals);
// This validates the entries.
[[nodiscard]] bool DecodeLocalEntries(Decoder& d, const TypeContext& types,
const FeatureArgs& features,
ValTypeVector* locals);
// Returns whether the given [begin, end) prefix of a module's bytecode starts a
// code section and, if so, returns the SectionRange of that code section.
// Note that, even if this function returns 'false', [begin, end) may actually
// be a valid module in the special case when there are no function defs and the
// code section is not present. Such modules can be valid so the caller must
// handle this special case.
[[nodiscard]] bool StartsCodeSection(const uint8_t* begin, const uint8_t* end,
SectionRange* codeSection);
// Calling DecodeModuleEnvironment decodes all sections up to the code section
// and performs full validation of all those sections. The client must then
// decode the code section itself, reusing ValidateFunctionBody if necessary,
// and finally call DecodeModuleTail to decode all remaining sections after the
// code section (again, performing full validation).
[[nodiscard]] bool DecodeModuleEnvironment(Decoder& d, ModuleEnvironment* env);
[[nodiscard]] bool ValidateFunctionBody(const ModuleEnvironment& env,
uint32_t funcIndex, uint32_t bodySize,
Decoder& d);
[[nodiscard]] bool DecodeModuleTail(Decoder& d, ModuleEnvironment* env);
// Validate an entire module, returning true if the module was validated
// successfully. If Validate returns false:
// - if *error is null, the caller should report out-of-memory
// - otherwise, there was a legitimate error described by *error
[[nodiscard]] bool Validate(JSContext* cx, const ShareableBytes& bytecode,
const FeatureOptions& options, UniqueChars* error);
} // namespace wasm
} // namespace js
#endif // namespace wasm_validate_h
|