1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
// Cloned from memory.js but kept separate because it may have to be disabled on
// some devices until bugs are fixed.
// Bug 1666747 - partially OOB unaligned stores are not handled correctly on ARM
// and ARM64. The simulators don't implement the correct semantics anyhow, so
// when the bug is fixed in the code generator they must remain excluded here.
var conf = getBuildConfiguration();
var excluded = conf.arm64 || conf["arm64-simulator"] || conf.arm || conf["arm-simulator"];
var thirtytwobit = conf["pointer-byte-size"] == 4;
const RuntimeError = WebAssembly.RuntimeError;
function storeModuleSrc(type, ext, offset, align) {
var load_ext = ext === '' ? '' : ext + '_s';
return `(module
(memory (export "mem") 1)
(data (i32.const 0) "\\00\\01\\02\\03\\04\\05\\06\\07\\08\\09\\0a\\0b\\0c\\0d\\0e\\0f")
(data (i32.const 16) "\\f0\\f1\\f2\\f3\\f4\\f5\\f6\\f7\\f8\\f9\\fa\\fb\\fc\\fd\\fe\\ff")
(func $store (param i32) (param ${type})
(${type}.store${ext}
offset=${offset}
${align != 0 ? 'align=' + align : ''}
(local.get 0)
(local.get 1)
)
) (export "store" (func 0))
(func $load (param i32) (result ${type})
(${type}.load${load_ext}
offset=${offset}
${align != 0 ? 'align=' + align : ''}
(local.get 0)
)
) (export "load" (func 1)))`;
}
function storeModule(type, ext, offset, align, exportBox = null) {
let exports = wasmEvalText(storeModuleSrc(type, ext, offset, align)).exports;
if (exportBox !== null)
exportBox.exports = exports;
return exports;
}
function testStoreOOB(type, ext, base, offset, align, value) {
let exportBox = {};
if (type === 'i64') {
assertErrorMessage(() => wasmAssert(
storeModuleSrc(type, ext, offset, align),
[{type, func: '$store', args: [`i32.const ${base}`, `i64.const ${value}`]}],
{},
exportBox
), RuntimeError, /index out of bounds/);
} else {
assertErrorMessage(() => storeModule(type, ext, offset, align, exportBox).store(base, value),
RuntimeError,
/index out of bounds/);
}
// Check that there were no partial writes at the end of the memory.
let buf = new Int8Array(exportBox.exports.mem.buffer);
let len = buf.length;
for ( let addr = base + offset ; addr < len; addr++ )
assertEq(buf[addr], 0);
}
// Test bounds checks and edge cases.
for (let align of [0,1,2,4]) {
for (let offset of [0, 1, 2, 3, 4, 8, 16, 41, 0xfff0, 0xfff8]) {
// Accesses of 1 byte.
let lastValidIndex = 0x10000 - 1 - offset;
if (align < 2 && !excluded) {
testStoreOOB('i32', '8', lastValidIndex + 1, offset, align, -42);
}
// Accesses of 2 bytes.
lastValidIndex = 0x10000 - 2 - offset;
if (align < 4 && !excluded) {
testStoreOOB('i32', '16', lastValidIndex + 1, offset, align, -32768);
}
// Accesses of 4 bytes.
lastValidIndex = 0x10000 - 4 - offset;
if (!excluded) {
testStoreOOB('i32', '', lastValidIndex + 1, offset, align, 1337);
testStoreOOB('f32', '', lastValidIndex + 1, offset, align, Math.fround(13.37));
}
// Accesses of 8 bytes.
lastValidIndex = 0x10000 - 8 - offset;
if (!excluded) {
testStoreOOB('f64', '', lastValidIndex + 1, offset, align, 1.23456789);
}
}
for (let offset of [0, 1, 2, 3, 4, 8, 16, 41, 0xfff0, 0xfff8]) {
// Accesses of 1 byte.
let lastValidIndex = 0x10000 - 1 - offset;
if (align < 2 && !excluded) {
testStoreOOB('i64', '8', lastValidIndex + 1, offset, align, -42);
}
// Accesses of 2 bytes.
lastValidIndex = 0x10000 - 2 - offset;
if (align < 4 && !excluded) {
testStoreOOB('i64', '16', lastValidIndex + 1, offset, align, -32768);
}
// Accesses of 4 bytes.
lastValidIndex = 0x10000 - 4 - offset;
if (!excluded) {
testStoreOOB('i64', '32', lastValidIndex + 1, offset, align, 0xf1231337 | 0);
}
// Accesses of 8 bytes.
lastValidIndex = 0x10000 - 8 - offset;
if (!excluded) {
testStoreOOB('i64', '', lastValidIndex + 1, offset, align, '0x1234567887654321');
}
}
}
// On 32-bit platforms, a declared-aligned i64 store is implemented as two
// presumed-aligned 32-bit stores. This tests that we don't store the low
// word before the high word if the low word is in-bounds but the high word
// is not.
if (thirtytwobit) {
testStoreOOB('i64', '', 0x10000 - 4, 0, 0, '0x0123456789abcdef');
}
|