Skip to content

Fix trapping and dangling insts in memory packing#2540

Merged
aheejin merged 2 commits intoWebAssembly:masterfrom
aheejin:memory_packing_fix
Dec 19, 2019
Merged

Fix trapping and dangling insts in memory packing#2540
aheejin merged 2 commits intoWebAssembly:masterfrom
aheejin:memory_packing_fix

Conversation

@aheejin
Copy link
Copy Markdown
Member

@aheejin aheejin commented Dec 19, 2019
edited
Loading

This does two things:

  • Restore visitDataDrop handler deleted in Implement 0-len/drop spec changes in bulk memory #2529, but now we convert
    invalid data.drops to not unreachable but nop. This conforms to
    the revised spec that data.drop on the active segment can be treated
    as a nop.
  • Make visitMemoryInit trap if offset or size are not equal to 0 or if
    the dest address is out of bounds. Otherwise drop all its argument.

Fixes #2535.

@aheejin
Fix trapping and dangling insts in memory packing
017205d 
This does two things:
- Restore `visitDataDrop` handler deleted in WebAssembly#2529, but now we convert
  invalid `data.drop`s to not `unreachable` but `nop`. This conforms to
  the revised spec that `data.drop` on the active segment can be treated
  as a nop.
- Now `visitMemoryInit` does the same thing; its handling was missing in
  WebAssembly#2529. It drops all its arguments.

Fixes WebAssembly#2535.
@aheejin aheejin requested a review from tlively December 19, 2019 01:23
@aheejin aheejin mentioned this pull request Dec 19, 2019
Closed
tlively
tlively reviewed Dec 19, 2019
View reviewed changes
Comment thread src/passes/MemoryPacking.cpp Outdated
builder.makeDrop(curr->offset),
builder.makeDrop(curr->size),
builder.makeUnreachable()));
builder.makeDrop(curr->size)));
Copy link
Copy Markdown
Member

@tlively tlively Dec 19, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This still needs to trap if offset or size are not equal to 0 or if the dest address is out of bounds. I'm actively working on my MemoryPacking patch again, but in the interim changing this code to the following should make the code correct again.

          // trap if (dest > memory.size | offset | size) != 0
          replaceCurrent(builder.makeIf(
            builder.makeBinary(
              OrInt32,
              builder.makeBinary(
                GtUInt32, curr->dest, builder.makeHost(MemorySize, Name(), {})),
              builder.makeBinary(OrInt32, curr->offset, curr->size)),
            builder.makeUnreachable()));

Copy link
Copy Markdown
Member Author

@aheejin aheejin Dec 19, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

tlively
tlively approved these changes Dec 19, 2019
View reviewed changes
Copy link
Copy Markdown
Member

@tlively tlively left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM otherwise.

@aheejin aheejin merged commit 0048f5b into WebAssembly:master Dec 19, 2019
@aheejin aheejin deleted the memory_packing_fix branch December 19, 2019 10:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tlively tlively tlively approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

MemoryPacking can result in dangling data.drops

2 participants

@aheejin @tlively