Skip to content

GitLab

T
tangled
Commit a34ccb08 authored by Eric Holk's avatar Eric Holk Committed by Commit Bot
Browse files
Options

Reland "Add browser_tests for WebAssembly out-of-bounds behavior" 

This is a reland of bbd7b898
Original change's description:
> Add browser_tests for WebAssembly out-of-bounds behavior
> 
> Trap-based bounds checking requires interaction with the crash reporter
> to catch out of bounds accesses. These browser tests make sure this
> behavior is working in the context of a full Chrome browser.
> 
> Bug: chromium:722585
> Change-Id: I1993540f85f5d3500681cd3fbd7a9af817fe4ce8
> Reviewed-on: https://chromium-review.googlesource.com/648363
> Commit-Queue: Eric Holk <eholk@chromium.org>
> Reviewed-by: Scott Violet <sky@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#503907}

Bug: chromium:722585
Change-Id: Ic76c769af88134be215127c190706f8ae4fb6ed1
Reviewed-on: https://chromium-review.googlesource.com/682114Reviewed-by: default avatarJochen Eisinger <jochen@chromium.org>
Commit-Queue: Eric Holk <eholk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#504399}
parent 817c65fe
Hide whitespace changes
Inline Side-by-side
Showing with 1474 additions and 0 deletions
chrome/test/BUILD.gn
View file @ a34ccb08
...@@ -1615,6 +1615,7 @@ test("browser_tests") { ...@@ -1615,6 +1615,7 @@ test("browser_tests") {
"gpu/webgl_infobar_browsertest.cc", "gpu/webgl_infobar_browsertest.cc",
"ppapi/ppapi_browsertest.cc", "ppapi/ppapi_browsertest.cc",
"ppapi/ppapi_filechooser_browsertest.cc", "ppapi/ppapi_filechooser_browsertest.cc",
"v8/wasm_trap_handler.cc",
] ]
deps += [ deps += [
......
chrome/test/data/wasm/out_of_bounds.html 0 → 100644
View file @ a34ccb08
<!--
Copyright (c) 2017 The Chromium Authors. All rights reserved.
Use of this source code is governed by a BSD-style license that can be
found in the LICENSE file.
-->
<!DOCTYPE html>
<html>
<head>
<script src="wasm_constants.js"></script>
<script src="wasm_module_builder.js"></script>
<script src="out_of_bounds.js"></script>
</head>
</html>
chrome/test/data/wasm/out_of_bounds.js 0 → 100644
View file @ a34ccb08
// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This file contains tests to exercise Wasm's in- and out- of bounds behavior.
function testPass() {
console.error("testPass");
domAutomationController.send(true);
};
function testFail() { return false; }
const module_bytes = (function createModule() {
const builder = new WasmModuleBuilder;
builder.addImportedMemory("external", "memory");
const peek = builder.addFunction("peek", kSig_i_i).exportFunc();
peek.body
.get_local(0)
.i32_load()
.end();
const poke = builder.addFunction("poke", kSig_v_ii).exportFunc();
poke.body
.get_local(0)
.get_local(1)
.i32_store()
.end();
const grow = builder.addFunction("grow", kSig_i_i).exportFunc();
grow.body
.get_local(0)
.grow_memory()
.end();
return builder.toBuffer();
})();
function assert_true(b) {
if (!b) {
throw new Error("assert_true failed");
}
}
function assert_throws(error_class, f) {
try {
f()
} catch (e) {
if (e instanceof error_class) {
return;
}
}
throw new Error(
"function was expected to throw " + error_class + " but did not");
}
function assert_equals(actual, expected) {
if (actual != expected) {
throw new Error("Expected " + expected + " but got " + actual);
}
}
function instantiate(memory) {
assert_true(module_bytes instanceof ArrayBuffer,
"module bytes should be an ArrayBuffer");
assert_true(memory instanceof WebAssembly.Memory,
"memory must be a WebAssembly.Memory");
return WebAssembly.instantiate(module_bytes, { external: { memory: memory } })
.then(result => result.instance);
}
function instantiatePages(num_pages) {
return instantiate(new WebAssembly.Memory({ initial: num_pages }));
}
function assert_oob(func) {
return assert_throws(WebAssembly.RuntimeError, func);
}
function define_promise_test(name, f) {
window[name] = function() {
try {
f()
.then(_ => domAutomationController.send(true))
.catch(function(e) {
console.error("uncaught exception: " + e);
domAutomationController.send(false)
})
} catch (e) {
console.error("uncaught exception: " + e);
domAutomationController.send(false);
}
}
}
define_promise_test("peek_in_bounds", function() {
return instantiatePages(1).then(function(instance) {
const peek = instance.exports.peek;
assert_equals(peek(0), 0);
assert_equals(peek(10000), 0);
assert_equals(peek(65532), 0);
});
});
define_promise_test("peek_out_of_bounds", function() {
return instantiatePages(1).then(function(instance) {
const peek = instance.exports.peek;
assert_oob(_ => peek(65536));
assert_oob(_ => peek(65535));
assert_oob(_ => peek(65534));
assert_oob(_ => peek(65533));
assert_oob(_ => peek(1 << 30));
assert_oob(_ => peek(3 << 30));
});
});
define_promise_test("peek_out_of_bounds_grow_memory_from_zero_js", function() {
const memory = new WebAssembly.Memory({initial: 0});
return instantiate(memory).then(function(instance) {
const peek = instance.exports.peek;
assert_oob(_ => peek(0));
memory.grow(1);
assert_equals(peek(0), 0);
});
});
define_promise_test("peek_out_of_bounds_grow_memory_js", function() {
const memory = new WebAssembly.Memory({initial: 1});
return instantiate(memory).then(function(instance) {
const peek = instance.exports.peek;
assert_oob(_ => peek(70000));
memory.grow(1);
assert_equals(peek(70000), 0);
});
});
define_promise_test("peek_out_of_bounds_grow_memory_from_zero_wasm",
function() {
const memory = new WebAssembly.Memory({initial: 0});
return instantiate(memory).then(function(instance) {
const peek = instance.exports.peek;
const grow = instance.exports.grow;
assert_oob(_ => peek(0));
grow(1);
assert_equals(peek(0), 0);
});
});
define_promise_test("peek_out_of_bounds_grow_memory_wasm", function() {
const memory = new WebAssembly.Memory({initial: 1});
return instantiate(memory).then(function(instance) {
const peek = instance.exports.peek;
const grow = instance.exports.grow;
assert_oob(_ => peek(70000));
grow(1);
assert_equals(peek(70000), 0);
});
});
define_promise_test("poke_in_bounds", function() {
return instantiatePages(1).then(function(instance) {
const peek = instance.exports.peek;
const poke = instance.exports.poke;
poke(0, 41);
poke(10000, 42);
poke(65532, 43);
assert_equals(peek(0), 41);
assert_equals(peek(10000), 42);
assert_equals(peek(65532), 43);
});
});
define_promise_test("poke_out_of_bounds", function() {
return instantiatePages(1).then(function(instance) {
const poke = instance.exports.poke;
assert_oob(_ => poke(65536, 0));
assert_oob(_ => poke(65535, 0));
assert_oob(_ => poke(65534, 0));
assert_oob(_ => poke(65533, 0));
assert_oob(_ => poke(1 << 30, 0));
assert_oob(_ => poke(3 << 30, 0));
});
});
define_promise_test("poke_out_of_bounds_grow_memory_from_zero_js", function() {
const memory = new WebAssembly.Memory({initial: 0});
return instantiate(memory).then(function(instance) {
const peek = instance.exports.peek;
const poke = instance.exports.poke;
function check_poke(index, value) {
poke(index, value);
assert_equals(peek(index), value);
}
assert_oob(_ => poke(0, 42));
memory.grow(1);
check_poke(0, 42);
});
});
define_promise_test("poke_out_of_bounds_grow_memory_js", function() {
const memory = new WebAssembly.Memory({initial: 1});
return instantiate(memory).then(function(instance) {
const peek = instance.exports.peek;
const poke = instance.exports.poke;
function check_poke(index, value) {
poke(index, value);
assert_equals(peek(index), value);
}
assert_oob(_ => poke(70000, 42));
memory.grow(1);
check_poke(70000, 42);
});
});
define_promise_test("poke_out_of_bounds_grow_memory_from_zero_wasm",
function() {
const memory = new WebAssembly.Memory({initial: 0});
return instantiate(memory).then(function(instance) {
const peek = instance.exports.peek;
const poke = instance.exports.poke;
const grow = instance.exports.grow;
function check_poke(index, value) {
poke(index, value);
assert_equals(peek(index), value);
}
assert_oob(_ => poke(0, 42));
grow(1);
check_poke(0, 42);
});
});
define_promise_test("poke_out_of_bounds_grow_memory_wasm", function() {
const memory = new WebAssembly.Memory({initial: 1});
return instantiate(memory).then(function(instance) {
const peek = instance.exports.peek;
const poke = instance.exports.poke;
const grow = instance.exports.grow;
function check_poke(index, value) {
poke(index, value);
assert_equals(peek(index), value);
}
assert_oob(_ => poke(70000, 42));
grow(1);
check_poke(70000, 42);
});
});
chrome/test/data/wasm/wasm_constants.js 0 → 100644
View file @ a34ccb08
// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
function bytes() {
var buffer = new ArrayBuffer(arguments.length);
var view = new Uint8Array(buffer);
for (var i = 0; i < arguments.length; i++) {
var val = arguments[i];
if ((typeof val) == "string") val = val.charCodeAt(0);
view[i] = val | 0;
}
return buffer;
}
// Header declaration constants
var kWasmH0 = 0;
var kWasmH1 = 0x61;
var kWasmH2 = 0x73;
var kWasmH3 = 0x6d;
var kWasmV0 = 0x1;
var kWasmV1 = 0;
var kWasmV2 = 0;
var kWasmV3 = 0;
var kHeaderSize = 8;
var kPageSize = 65536;
function bytesWithHeader() {
var buffer = new ArrayBuffer(kHeaderSize + arguments.length);
var view = new Uint8Array(buffer);
view[0] = kWasmH0;
view[1] = kWasmH1;
view[2] = kWasmH2;
view[3] = kWasmH3;
view[4] = kWasmV0;
view[5] = kWasmV1;
view[6] = kWasmV2;
view[7] = kWasmV3;
for (var i = 0; i < arguments.length; i++) {
var val = arguments[i];
if ((typeof val) == "string") val = val.charCodeAt(0);
view[kHeaderSize + i] = val | 0;
}
return buffer;
}
let kDeclNoLocals = 0;
// Section declaration constants
let kUnknownSectionCode = 0;
let kTypeSectionCode = 1; // Function signature declarations
let kImportSectionCode = 2; // Import declarations
let kFunctionSectionCode = 3; // Function declarations
let kTableSectionCode = 4; // Indirect function table and other tables
let kMemorySectionCode = 5; // Memory attributes
let kGlobalSectionCode = 6; // Global declarations
let kExportSectionCode = 7; // Exports
let kStartSectionCode = 8; // Start function declaration
let kElementSectionCode = 9; // Elements section
let kCodeSectionCode = 10; // Function code
let kDataSectionCode = 11; // Data segments
let kNameSectionCode = 12; // Name section (encoded as string)
let kExceptionSectionCode = 13; // Exceptions (must appear before code section)
// Name section types
let kModuleNameCode = 0;
let kFunctionNamesCode = 1;
let kLocalNamesCode = 2;
let kWasmFunctionTypeForm = 0x60;
let kWasmAnyFunctionTypeForm = 0x70;
let kResizableMaximumFlag = 1;
// Function declaration flags
let kDeclFunctionName = 0x01;
let kDeclFunctionImport = 0x02;
let kDeclFunctionLocals = 0x04;
let kDeclFunctionExport = 0x08;
// Local types
let kWasmStmt = 0x40;
let kWasmI32 = 0x7f;
let kWasmI64 = 0x7e;
let kWasmF32 = 0x7d;
let kWasmF64 = 0x7c;
let kExternalFunction = 0;
let kExternalTable = 1;
let kExternalMemory = 2;
let kExternalGlobal = 3;
let kTableZero = 0;
let kMemoryZero = 0;
// Useful signatures
let kSig_i_i = makeSig([kWasmI32], [kWasmI32]);
let kSig_l_l = makeSig([kWasmI64], [kWasmI64]);
let kSig_i_l = makeSig([kWasmI64], [kWasmI32]);
let kSig_i_ii = makeSig([kWasmI32, kWasmI32], [kWasmI32]);
let kSig_i_iii = makeSig([kWasmI32, kWasmI32, kWasmI32], [kWasmI32]);
let kSig_d_dd = makeSig([kWasmF64, kWasmF64], [kWasmF64]);
let kSig_l_ll = makeSig([kWasmI64, kWasmI64], [kWasmI64]);
let kSig_i_dd = makeSig([kWasmF64, kWasmF64], [kWasmI32]);
let kSig_v_v = makeSig([], []);
let kSig_i_v = makeSig([], [kWasmI32]);
let kSig_l_v = makeSig([], [kWasmI64]);
let kSig_f_v = makeSig([], [kWasmF64]);
let kSig_d_v = makeSig([], [kWasmF64]);
let kSig_v_i = makeSig([kWasmI32], []);
let kSig_v_ii = makeSig([kWasmI32, kWasmI32], []);
let kSig_v_iii = makeSig([kWasmI32, kWasmI32, kWasmI32], []);
let kSig_v_l = makeSig([kWasmI64], []);
let kSig_v_d = makeSig([kWasmF64], []);
let kSig_v_dd = makeSig([kWasmF64, kWasmF64], []);
let kSig_v_ddi = makeSig([kWasmF64, kWasmF64, kWasmI32], []);
function makeSig(params, results) {
return {params: params, results: results};
}
function makeSig_v_x(x) {
return makeSig([x], []);
}
function makeSig_v_xx(x) {
return makeSig([x, x], []);
}
function makeSig_r_v(r) {
return makeSig([], [r]);
}
function makeSig_r_x(r, x) {
return makeSig([x], [r]);
}
function makeSig_r_xx(r, x) {
return makeSig([x, x], [r]);
}
// Opcodes
let kExprUnreachable = 0x00;
let kExprNop = 0x01;
let kExprBlock = 0x02;
let kExprLoop = 0x03;
let kExprIf = 0x04;
let kExprElse = 0x05;
let kExprTry = 0x06;
let kExprCatch = 0x07;
let kExprThrow = 0x08;
let kExprEnd = 0x0b;
let kExprBr = 0x0c;
let kExprBrIf = 0x0d;
let kExprBrTable = 0x0e;
let kExprReturn = 0x0f;
let kExprCallFunction = 0x10;
let kExprCallIndirect = 0x11;
let kExprDrop = 0x1a;
let kExprSelect = 0x1b;
let kExprGetLocal = 0x20;
let kExprSetLocal = 0x21;
let kExprTeeLocal = 0x22;
let kExprGetGlobal = 0x23;
let kExprSetGlobal = 0x24;
let kExprI32Const = 0x41;
let kExprI64Const = 0x42;
let kExprF32Const = 0x43;
let kExprF64Const = 0x44;
let kExprI32LoadMem = 0x28;
let kExprI64LoadMem = 0x29;
let kExprF32LoadMem = 0x2a;
let kExprF64LoadMem = 0x2b;
let kExprI32LoadMem8S = 0x2c;
let kExprI32LoadMem8U = 0x2d;
let kExprI32LoadMem16S = 0x2e;
let kExprI32LoadMem16U = 0x2f;
let kExprI64LoadMem8S = 0x30;
let kExprI64LoadMem8U = 0x31;
let kExprI64LoadMem16S = 0x32;
let kExprI64LoadMem16U = 0x33;
let kExprI64LoadMem32S = 0x34;
let kExprI64LoadMem32U = 0x35;
let kExprI32StoreMem = 0x36;
let kExprI64StoreMem = 0x37;
let kExprF32StoreMem = 0x38;
let kExprF64StoreMem = 0x39;
let kExprI32StoreMem8 = 0x3a;
let kExprI32StoreMem16 = 0x3b;
let kExprI64StoreMem8 = 0x3c;
let kExprI64StoreMem16 = 0x3d;
let kExprI64StoreMem32 = 0x3e;
let kExprMemorySize = 0x3f;
let kExprGrowMemory = 0x40;
let kExprI32Eqz = 0x45;
let kExprI32Eq = 0x46;
let kExprI32Ne = 0x47;
let kExprI32LtS = 0x48;
let kExprI32LtU = 0x49;
let kExprI32GtS = 0x4a;
let kExprI32GtU = 0x4b;
let kExprI32LeS = 0x4c;
let kExprI32LeU = 0x4d;
let kExprI32GeS = 0x4e;
let kExprI32GeU = 0x4f;
let kExprI64Eqz = 0x50;
let kExprI64Eq = 0x51;
let kExprI64Ne = 0x52;
let kExprI64LtS = 0x53;
let kExprI64LtU = 0x54;
let kExprI64GtS = 0x55;
let kExprI64GtU = 0x56;
let kExprI64LeS = 0x57;
let kExprI64LeU = 0x58;
let kExprI64GeS = 0x59;
let kExprI64GeU = 0x5a;
let kExprF32Eq = 0x5b;
let kExprF32Ne = 0x5c;
let kExprF32Lt = 0x5d;
let kExprF32Gt = 0x5e;
let kExprF32Le = 0x5f;
let kExprF32Ge = 0x60;
let kExprF64Eq = 0x61;
let kExprF64Ne = 0x62;
let kExprF64Lt = 0x63;
let kExprF64Gt = 0x64;
let kExprF64Le = 0x65;
let kExprF64Ge = 0x66;
let kExprI32Clz = 0x67;
let kExprI32Ctz = 0x68;
let kExprI32Popcnt = 0x69;
let kExprI32Add = 0x6a;
let kExprI32Sub = 0x6b;
let kExprI32Mul = 0x6c;
let kExprI32DivS = 0x6d;
let kExprI32DivU = 0x6e;
let kExprI32RemS = 0x6f;
let kExprI32RemU = 0x70;
let kExprI32And = 0x71;
let kExprI32Ior = 0x72;
let kExprI32Xor = 0x73;
let kExprI32Shl = 0x74;
let kExprI32ShrS = 0x75;
let kExprI32ShrU = 0x76;
let kExprI32Rol = 0x77;
let kExprI32Ror = 0x78;
let kExprI64Clz = 0x79;
let kExprI64Ctz = 0x7a;
let kExprI64Popcnt = 0x7b;
let kExprI64Add = 0x7c;
let kExprI64Sub = 0x7d;
let kExprI64Mul = 0x7e;
let kExprI64DivS = 0x7f;
let kExprI64DivU = 0x80;
let kExprI64RemS = 0x81;
let kExprI64RemU = 0x82;
let kExprI64And = 0x83;
let kExprI64Ior = 0x84;
let kExprI64Xor = 0x85;
let kExprI64Shl = 0x86;
let kExprI64ShrS = 0x87;
let kExprI64ShrU = 0x88;
let kExprI64Rol = 0x89;
let kExprI64Ror = 0x8a;
let kExprF32Abs = 0x8b;
let kExprF32Neg = 0x8c;
let kExprF32Ceil = 0x8d;
let kExprF32Floor = 0x8e;
let kExprF32Trunc = 0x8f;
let kExprF32NearestInt = 0x90;
let kExprF32Sqrt = 0x91;
let kExprF32Add = 0x92;
let kExprF32Sub = 0x93;
let kExprF32Mul = 0x94;
let kExprF32Div = 0x95;
let kExprF32Min = 0x96;
let kExprF32Max = 0x97;
let kExprF32CopySign = 0x98;
let kExprF64Abs = 0x99;
let kExprF64Neg = 0x9a;
let kExprF64Ceil = 0x9b;
let kExprF64Floor = 0x9c;
let kExprF64Trunc = 0x9d;
let kExprF64NearestInt = 0x9e;
let kExprF64Sqrt = 0x9f;
let kExprF64Add = 0xa0;
let kExprF64Sub = 0xa1;
let kExprF64Mul = 0xa2;
let kExprF64Div = 0xa3;
let kExprF64Min = 0xa4;
let kExprF64Max = 0xa5;
let kExprF64CopySign = 0xa6;
let kExprI32ConvertI64 = 0xa7;
let kExprI32SConvertF32 = 0xa8;
let kExprI32UConvertF32 = 0xa9;
let kExprI32SConvertF64 = 0xaa;
let kExprI32UConvertF64 = 0xab;
let kExprI64SConvertI32 = 0xac;
let kExprI64UConvertI32 = 0xad;
let kExprI64SConvertF32 = 0xae;
let kExprI64UConvertF32 = 0xaf;
let kExprI64SConvertF64 = 0xb0;
let kExprI64UConvertF64 = 0xb1;
let kExprF32SConvertI32 = 0xb2;
let kExprF32UConvertI32 = 0xb3;
let kExprF32SConvertI64 = 0xb4;
let kExprF32UConvertI64 = 0xb5;
let kExprF32ConvertF64 = 0xb6;
let kExprF64SConvertI32 = 0xb7;
let kExprF64UConvertI32 = 0xb8;
let kExprF64SConvertI64 = 0xb9;
let kExprF64UConvertI64 = 0xba;
let kExprF64ConvertF32 = 0xbb;
let kExprI32ReinterpretF32 = 0xbc;
let kExprI64ReinterpretF64 = 0xbd;
let kExprF32ReinterpretI32 = 0xbe;
let kExprF64ReinterpretI64 = 0xbf;
// Prefix opcodes
let kAtomicPrefix = 0xfe;
let kExprI32AtomicAdd = 0x1e;
let kExprI32AtomicAdd8U = 0x20;
let kExprI32AtomicAdd16U = 0x21;
let kExprI32AtomicSub = 0x25;
let kExprI32AtomicSub8U = 0x27;
let kExprI32AtomicSub16U = 0x28;
let kExprI32AtomicAnd = 0x2c;
let kExprI32AtomicAnd8U = 0x2e;
let kExprI32AtomicAnd16U = 0x2f;
let kExprI32AtomicOr = 0x33;
let kExprI32AtomicOr8U = 0x35;
let kExprI32AtomicOr16U = 0x36;
let kExprI32AtomicXor = 0x3a;
let kExprI32AtomicXor8U = 0x3c;
let kExprI32AtomicXor16U = 0x3d;
let kTrapUnreachable = 0;
let kTrapMemOutOfBounds = 1;
let kTrapDivByZero = 2;
let kTrapDivUnrepresentable = 3;
let kTrapRemByZero = 4;
let kTrapFloatUnrepresentable = 5;
let kTrapFuncInvalid = 6;
let kTrapFuncSigMismatch = 7;
let kTrapInvalidIndex = 8;
let kTrapMsgs = [
"unreachable",
"memory access out of bounds",
"divide by zero",
"divide result unrepresentable",
"remainder by zero",
"integer result unrepresentable",
"invalid function",
"function signature mismatch",
"invalid index into function table"
];
function assertTraps(trap, code) {
try {
if (typeof code === 'function') {
code();
} else {
eval(code);
}
} catch (e) {
assertEquals('object', typeof e);
assertEquals(kTrapMsgs[trap], e.message);
// Success.
return;
}
throw new MjsUnitAssertionError('Did not trap, expected: ' + kTrapMsgs[trap]);
}
function assertWasmThrows(values, code) {
try {
if (typeof code === 'function') {
code();
} else {
eval(code);
}
} catch (e) {
assertTrue(e instanceof WebAssembly.RuntimeError);
assertNotEquals(e['WasmExceptionTag'], undefined);
assertTrue(Number.isInteger(e['WasmExceptionTag']));
// TODO(kschimpf): Extract values from the exception.
let e_values = [];
assertEquals(values, e_values);
// Success.
return;
}
throw new MjsUnitAssertionError('Did not throw, expected: ' + values);
}
chrome/test/data/wasm/wasm_module_builder.js 0 → 100644
View file @ a34ccb08
// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Used for encoding f32 and double constants to bits.
let __buffer = new ArrayBuffer(8);
let byte_view = new Int8Array(__buffer);
let f32_view = new Float32Array(__buffer);
let f64_view = new Float64Array(__buffer);
class Binary extends Array {
emit_u8(val) {
this.push(val);
}
emit_u16(val) {
this.push(val & 0xff);
this.push((val >> 8) & 0xff);
}
emit_u32(val) {
this.push(val & 0xff);
this.push((val >> 8) & 0xff);
this.push((val >> 16) & 0xff);
this.push((val >> 24) & 0xff);
}
emit_u32v(val) {
while (true) {
let v = val & 0xff;
val = val >>> 7;
if (val == 0) {
this.push(v);
break;
}
this.push(v | 0x80);
}
}
emit_bytes(data) {
for (let i = 0; i < data.length; i++) {
this.push(data[i] & 0xff);
}
}
emit_string(string) {
// When testing illegal names, we pass a byte array directly.
if (string instanceof Array) {
this.emit_u32v(string.length);
this.emit_bytes(string);
return;
}
// This is the hacky way to convert a JavaScript string to a UTF8 encoded
// string only containing single-byte characters.
let string_utf8 = unescape(encodeURIComponent(string));
this.emit_u32v(string_utf8.length);
for (let i = 0; i < string_utf8.length; i++) {
this.emit_u8(string_utf8.charCodeAt(i));
}
}
emit_header() {
this.push(kWasmH0, kWasmH1, kWasmH2, kWasmH3,
kWasmV0, kWasmV1, kWasmV2, kWasmV3);
}
emit_section(section_code, content_generator) {
// Emit section name.
this.emit_u8(section_code);
// Emit the section to a temporary buffer: its full length isn't know yet.
let section = new Binary;
content_generator(section);
// Emit section length.
this.emit_u32v(section.length);
// Copy the temporary buffer.
for (var i = 0; i < section.length; i++) this.push(section[i]);
}
}
class FunctionBodyBuilder extends Binary {
get_local(index) {
this.emit_u8(kExprGetLocal);
this.emit_u32v(index);
return this;
}
i32_const(k) {
this.emit_u8(kExprI32Const);
this.emit_u32v(k);
return this;
}
i32_load(args) {
let align = args != undefined && args.align != undefined ? args.align : 1;
let offset =
args != undefined && args.offset != undefined ? args.offset : 0;
this.emit_u8(kExprI32LoadMem);
this.emit_u32v(align);
this.emit_u32v(offset);
return this;
}
i32_store(args) {
let align = args != undefined && args.align != undefined ? args.align : 1;
let offset =
args != undefined && args.offset != undefined ? args.offset : 0;
this.emit_u8(kExprI32StoreMem);
this.emit_u32v(align);
this.emit_u32v(offset);
return this;
}
grow_memory() {
this.emit_u8(kExprGrowMemory);
this.emit_u8(0);
return this;
}
end() {
this.emit_u8(kExprEnd);
}
}
class WasmFunctionBuilder {
constructor(module, name, type_index) {
this.module = module;
this.name = name;
this.type_index = type_index;
this.body = new FunctionBodyBuilder;
}
numLocalNames() {
if (this.local_names === undefined) return 0;
let num_local_names = 0;
for (let loc_name of this.local_names) {
if (loc_name !== undefined) ++num_local_names;
}
return num_local_names;
}
exportAs(name) {
this.module.addExport(name, this.index);
return this;
}
exportFunc() {
this.exportAs(this.name);
return this;
}
addBody(body) {
for (let b of body) {
if (typeof b !== 'number' || (b & (~0xFF)) !== 0 )
throw new Error('invalid body (entries must be 8 bit values): ' + body);
}
this.body = body.slice();
// Automatically add the end for the function block to the body.
this.body.push(kExprEnd);
return this;
}
addBodyWithEnd(body) {
this.body = body;
return this;
}
addLocals(locals, names) {
this.locals = locals;
this.local_names = names;
return this;
}
end() {
return this.module;
}
}
class WasmGlobalBuilder {
constructor(module, type, mutable) {
this.module = module;
this.type = type;
this.mutable = mutable;
this.init = 0;
}
exportAs(name) {
this.module.exports.push({name: name, kind: kExternalGlobal,
index: this.index});
return this;
}
}
class WasmModuleBuilder {
constructor() {
this.types = [];
this.imports = [];
this.exports = [];
this.globals = [];
this.exceptions = [];
this.functions = [];
this.function_table = [];
this.function_table_length = 0;
this.function_table_inits = [];
this.segments = [];
this.explicit = [];
this.num_imported_funcs = 0;
this.num_imported_globals = 0;
return this;
}
addStart(start_index) {
this.start_index = start_index;
return this;
}
addMemory(min, max, exp) {
this.memory = {min: min, max: max, exp: exp};
return this;
}
addExplicitSection(bytes) {
this.explicit.push(bytes);
return this;
}
stringToBytes(name) {
var result = new Binary();
result.emit_u32v(name.length);
for (var i = 0; i < name.length; i++) {
result.emit_u8(name.charCodeAt(i));
}
return result;
}
addCustomSection(name, bytes) {
name = this.stringToBytes(name);
var length = new Binary();
length.emit_u32v(name.length + bytes.length);
this.explicit.push([0, ...length, ...name, ...bytes]);
}
addType(type) {
this.types.push(type);
var pl = type.params.length; // should have params
var rl = type.results.length; // should have results
return this.types.length - 1;
}
addGlobal(local_type, mutable) {
let glob = new WasmGlobalBuilder(this, local_type, mutable);
glob.index = this.globals.length + this.num_imported_globals;
this.globals.push(glob);
return glob;
}
addException(type) {
if (type.results.length != 0)
throw new Error('Invalid exception signature: ' + type);
this.exceptions.push(type);
return this.exceptions.length - 1;
}
addFunction(name, type) {
let type_index = (typeof type) == "number" ? type : this.addType(type);
let func = new WasmFunctionBuilder(this, name, type_index);
func.index = this.functions.length + this.num_imported_funcs;
this.functions.push(func);
return func;
}
addImport(module = "", name, type) {
let type_index = (typeof type) == "number" ? type : this.addType(type);
this.imports.push({module: module, name: name, kind: kExternalFunction,
type: type_index});
return this.num_imported_funcs++;
}
addImportedGlobal(module = "", name, type) {
let o = {module: module, name: name, kind: kExternalGlobal, type: type,
mutable: false}
this.imports.push(o);
return this.num_imported_globals++;
}
addImportedMemory(module = "", name, initial = 0, maximum) {
let o = {module: module, name: name, kind: kExternalMemory,
initial: initial, maximum: maximum};
this.imports.push(o);
return this;
}
addImportedTable(module = "", name, initial, maximum) {
let o = {module: module, name: name, kind: kExternalTable, initial: initial,
maximum: maximum};
this.imports.push(o);
}
addExport(name, index) {
this.exports.push({name: name, kind: kExternalFunction, index: index});
return this;
}
addExportOfKind(name, kind, index) {
this.exports.push({name: name, kind: kind, index: index});
return this;
}
addDataSegment(addr, data, is_global = false) {
this.segments.push({addr: addr, data: data, is_global: is_global});
return this.segments.length - 1;
}
exportMemoryAs(name) {
this.exports.push({name: name, kind: kExternalMemory, index: 0});
}
addFunctionTableInit(base, is_global, array, is_import = false) {
this.function_table_inits.push({base: base, is_global: is_global,
array: array});
if (!is_global) {
var length = base + array.length;
if (length > this.function_table_length && !is_import) {
this.function_table_length = length;
}
}
return this;
}
appendToTable(array) {
for (let n of array) {
if (typeof n != 'number')
throw new Error('invalid table (entries have to be numbers): ' + array);
}
return this.addFunctionTableInit(this.function_table.length, false, array);
}
setFunctionTableLength(length) {
this.function_table_length = length;
return this;
}
setName(name) {
this.name = name;
return this;
}
toArray(debug = false) {
let binary = new Binary;
let wasm = this;
// Add header
binary.emit_header();
// Add type section
if (wasm.types.length > 0) {
if (debug) print("emitting types @ " + binary.length);
binary.emit_section(kTypeSectionCode, section => {
section.emit_u32v(wasm.types.length);
for (let type of wasm.types) {
section.emit_u8(kWasmFunctionTypeForm);
section.emit_u32v(type.params.length);
for (let param of type.params) {
section.emit_u8(param);
}
section.emit_u32v(type.results.length);
for (let result of type.results) {
section.emit_u8(result);
}
}
});
}
// Add imports section
if (wasm.imports.length > 0) {
if (debug) print("emitting imports @ " + binary.length);
binary.emit_section(kImportSectionCode, section => {
section.emit_u32v(wasm.imports.length);
for (let imp of wasm.imports) {
section.emit_string(imp.module);
section.emit_string(imp.name || '');
section.emit_u8(imp.kind);
if (imp.kind == kExternalFunction) {
section.emit_u32v(imp.type);
} else if (imp.kind == kExternalGlobal) {
section.emit_u32v(imp.type);
section.emit_u8(imp.mutable);
} else if (imp.kind == kExternalMemory) {
var has_max = (typeof imp.maximum) != "undefined";
section.emit_u8(has_max ? 1 : 0); // flags
section.emit_u32v(imp.initial); // initial
if (has_max) section.emit_u32v(imp.maximum); // maximum
} else if (imp.kind == kExternalTable) {
section.emit_u8(kWasmAnyFunctionTypeForm);
var has_max = (typeof imp.maximum) != "undefined";
section.emit_u8(has_max ? 1 : 0); // flags
section.emit_u32v(imp.initial); // initial
if (has_max) section.emit_u32v(imp.maximum); // maximum
} else {
throw new Error("unknown/unsupported import kind " + imp.kind);
}
}
});
}
// Add functions declarations
if (wasm.functions.length > 0) {
if (debug) print("emitting function decls @ " + binary.length);
binary.emit_section(kFunctionSectionCode, section => {
section.emit_u32v(wasm.functions.length);
for (let func of wasm.functions) {
section.emit_u32v(func.type_index);
}
});
}
// Add function_table.
if (wasm.function_table_length > 0) {
if (debug) print("emitting table @ " + binary.length);
binary.emit_section(kTableSectionCode, section => {
section.emit_u8(1); // one table entry
section.emit_u8(kWasmAnyFunctionTypeForm);
section.emit_u8(1);
section.emit_u32v(wasm.function_table_length);
section.emit_u32v(wasm.function_table_length);
});
}
// Add memory section
if (wasm.memory !== undefined) {
if (debug) print("emitting memory @ " + binary.length);
binary.emit_section(kMemorySectionCode, section => {
section.emit_u8(1); // one memory entry
const has_max = wasm.memory.max !== undefined;
section.emit_u32v(has_max ? kResizableMaximumFlag : 0);
section.emit_u32v(wasm.memory.min);
if (has_max) section.emit_u32v(wasm.memory.max);
});
}
// Add global section.
if (wasm.globals.length > 0) {
if (debug) print ("emitting globals @ " + binary.length);
binary.emit_section(kGlobalSectionCode, section => {
section.emit_u32v(wasm.globals.length);
for (let global of wasm.globals) {
section.emit_u8(global.type);
section.emit_u8(global.mutable);
if ((typeof global.init_index) == "undefined") {
// Emit a constant initializer.
switch (global.type) {
case kWasmI32:
section.emit_u8(kExprI32Const);
section.emit_u32v(global.init);
break;
case kWasmI64:
section.emit_u8(kExprI64Const);
section.emit_u32v(global.init);
break;
case kWasmF32:
section.emit_u8(kExprF32Const);
f32_view[0] = global.init;
section.emit_u8(byte_view[0]);
section.emit_u8(byte_view[1]);
section.emit_u8(byte_view[2]);
section.emit_u8(byte_view[3]);
break;
case kWasmF64:
section.emit_u8(kExprF64Const);
f64_view[0] = global.init;
section.emit_u8(byte_view[0]);
section.emit_u8(byte_view[1]);
section.emit_u8(byte_view[2]);
section.emit_u8(byte_view[3]);
section.emit_u8(byte_view[4]);
section.emit_u8(byte_view[5]);
section.emit_u8(byte_view[6]);
section.emit_u8(byte_view[7]);
break;
}
} else {
// Emit a global-index initializer.
section.emit_u8(kExprGetGlobal);
section.emit_u32v(global.init_index);
}
section.emit_u8(kExprEnd); // end of init expression
}
});
}
// Add export table.
var mem_export = (wasm.memory !== undefined && wasm.memory.exp);
var exports_count = wasm.exports.length + (mem_export ? 1 : 0);
if (exports_count > 0) {
if (debug) print("emitting exports @ " + binary.length);
binary.emit_section(kExportSectionCode, section => {
section.emit_u32v(exports_count);
for (let exp of wasm.exports) {
section.emit_string(exp.name);
section.emit_u8(exp.kind);
section.emit_u32v(exp.index);
}
if (mem_export) {
section.emit_string("memory");
section.emit_u8(kExternalMemory);
section.emit_u8(0);
}
});
}
// Add start function section.
if (wasm.start_index !== undefined) {
if (debug) print("emitting start function @ " + binary.length);
binary.emit_section(kStartSectionCode, section => {
section.emit_u32v(wasm.start_index);
});
}
// Add table elements.
if (wasm.function_table_inits.length > 0) {
if (debug) print("emitting table @ " + binary.length);
binary.emit_section(kElementSectionCode, section => {
var inits = wasm.function_table_inits;
section.emit_u32v(inits.length);
for (let init of inits) {
section.emit_u8(0); // table index
if (init.is_global) {
section.emit_u8(kExprGetGlobal);
} else {
section.emit_u8(kExprI32Const);
}
section.emit_u32v(init.base);
section.emit_u8(kExprEnd);
section.emit_u32v(init.array.length);
for (let index of init.array) {
section.emit_u32v(index);
}
}
});
}
// Add exceptions.
if (wasm.exceptions.length > 0) {
if (debug) print("emitting exceptions @ " + binary.length);
binary.emit_section(kExceptionSectionCode, section => {
section.emit_u32v(wasm.exceptions.length);
for (let type of wasm.exceptions) {
section.emit_u32v(type.params.length);
for (let param of type.params) {
section.enit_u8(param);
}
}
});
}
// Add function bodies.
if (wasm.functions.length > 0) {
// emit function bodies
if (debug) print("emitting code @ " + binary.length);
binary.emit_section(kCodeSectionCode, section => {
section.emit_u32v(wasm.functions.length);
for (let func of wasm.functions) {
// Function body length will be patched later.
let local_decls = [];
let l = func.locals;
if (l !== undefined) {
let local_decls_count = 0;
if (l.i32_count > 0) {
local_decls.push({count: l.i32_count, type: kWasmI32});
}
if (l.i64_count > 0) {
local_decls.push({count: l.i64_count, type: kWasmI64});
}
if (l.f32_count > 0) {
local_decls.push({count: l.f32_count, type: kWasmF32});
}
if (l.f64_count > 0) {
local_decls.push({count: l.f64_count, type: kWasmF64});
}
}
let header = new Binary;
header.emit_u32v(local_decls.length);
for (let decl of local_decls) {
header.emit_u32v(decl.count);
header.emit_u8(decl.type);
}
section.emit_u32v(header.length + func.body.length);
section.emit_bytes(header);
section.emit_bytes(func.body);
}
});
}
// Add data segments.
if (wasm.segments.length > 0) {
if (debug) print("emitting data segments @ " + binary.length);
binary.emit_section(kDataSectionCode, section => {
section.emit_u32v(wasm.segments.length);
for (let seg of wasm.segments) {
section.emit_u8(0); // linear memory index 0
if (seg.is_global) {
// initializer is a global variable
section.emit_u8(kExprGetGlobal);
section.emit_u32v(seg.addr);
} else {
// initializer is a constant
section.emit_u8(kExprI32Const);
section.emit_u32v(seg.addr);
}
section.emit_u8(kExprEnd);
section.emit_u32v(seg.data.length);
section.emit_bytes(seg.data);
}
});
}
// Add any explicitly added sections
for (let exp of wasm.explicit) {
if (debug) print("emitting explicit @ " + binary.length);
binary.emit_bytes(exp);
}
// Add names.
let num_function_names = 0;
let num_functions_with_local_names = 0;
for (let func of wasm.functions) {
if (func.name !== undefined) ++num_function_names;
if (func.numLocalNames() > 0) ++num_functions_with_local_names;
}
if (num_function_names > 0 || num_functions_with_local_names > 0 ||
wasm.name !== undefined) {
if (debug) print('emitting names @ ' + binary.length);
binary.emit_section(kUnknownSectionCode, section => {
section.emit_string('name');
// Emit module name.
if (wasm.name !== undefined) {
section.emit_section(kModuleNameCode, name_section => {
name_section.emit_string(wasm.name);
});
}
// Emit function names.
if (num_function_names > 0) {
section.emit_section(kFunctionNamesCode, name_section => {
name_section.emit_u32v(num_function_names);
for (let func of wasm.functions) {
if (func.name === undefined) continue;
name_section.emit_u32v(func.index);
name_section.emit_string(func.name);
}
});
}
// Emit local names.
if (num_functions_with_local_names > 0) {
section.emit_section(kLocalNamesCode, name_section => {
name_section.emit_u32v(num_functions_with_local_names);
for (let func of wasm.functions) {
if (func.numLocalNames() == 0) continue;
name_section.emit_u32v(func.index);
name_section.emit_u32v(func.numLocalNames());
for (let i = 0; i < func.local_names.length; ++i) {
if (func.local_names[i] === undefined) continue;
name_section.emit_u32v(i);
name_section.emit_string(func.local_names[i]);
}
}
});
}
});
}
return binary;
}
toBuffer(debug = false) {
let bytes = this.toArray(debug);
let buffer = new ArrayBuffer(bytes.length);
let view = new Uint8Array(buffer);
for (let i = 0; i < bytes.length; i++) {
let val = bytes[i];
if ((typeof val) == "string") val = val.charCodeAt(0);
view[i] = val | 0;
}
return buffer;
}
instantiate(ffi) {
let module = new WebAssembly.Module(this.toBuffer());
let instance = new WebAssembly.Instance(module, ffi);
return instance;
}
toModule(debug = false) {
return new WebAssembly.Module(this.toBuffer(debug));
}
}
chrome/test/v8/OWNERS 0 → 100644
View file @ a34ccb08
eholk@chromium.org
chrome/test/v8/wasm_trap_handler.cc 0 → 100644
View file @ a34ccb08
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// These tests focus on Wasm out of bounds behavior to make sure trap-based
// bounds checks work when integrated with all of Chrome.
#include "base/base_switches.h"
#include "build/build_config.h"
#include "chrome/browser/ui/browser.h"
#include "chrome/browser/ui/tabs/tab_strip_model.h"
#include "chrome/test/base/in_process_browser_test.h"
#include "chrome/test/base/ui_test_utils.h"
#include "content/public/common/content_features.h"
#include "content/public/common/content_switches.h"
#include "content/public/test/browser_test_utils.h"
class WasmTrapHandler : public InProcessBrowserTest {
public:
WasmTrapHandler() {}
protected:
void RunJSTest(const std::string& js) const {
auto* const tab = browser()->tab_strip_model()->GetActiveWebContents();
bool result = false;
ASSERT_TRUE(content::ExecuteScriptAndExtractBool(tab, js, &result));
ASSERT_TRUE(result);
}
void RunJSTestAndEnsureTrapHandlerRan(const std::string& js) const {
#if defined(OS_LINUX) && defined(ARCH_CPU_X86_64) && !defined(OS_ANDROID)
const bool is_trap_handler_supported = true;
#else
const bool is_trap_handler_supported = false;
#endif
if (is_trap_handler_supported &&
base::FeatureList::IsEnabled(features::kWebAssemblyTrapHandler)) {
const auto* get_fault_count =
"domAutomationController.send(%GetWasmRecoveredTrapCount())";
int original_count = 0;
auto* const tab = browser()->tab_strip_model()->GetActiveWebContents();
ASSERT_TRUE(content::ExecuteScriptAndExtractInt(tab, get_fault_count,
&original_count));
ASSERT_NO_FATAL_FAILURE(RunJSTest(js));
int new_count = 0;
ASSERT_TRUE(content::ExecuteScriptAndExtractInt(tab, get_fault_count,
&new_count));
ASSERT_GT(new_count, original_count);
} else {
ASSERT_NO_FATAL_FAILURE(RunJSTest(js));
}
}
private:
void SetUpCommandLine(base::CommandLine* command_line) override {
// kEnableCrashReporterForTesting only exists on POSIX systems
#if defined(OS_POSIX)
command_line->AppendSwitch(switches::kEnableCrashReporterForTesting);
#endif
command_line->AppendSwitchASCII(switches::kJavaScriptFlags,
"--allow-natives-syntax");
}
DISALLOW_COPY_AND_ASSIGN(WasmTrapHandler);
};
IN_PROC_BROWSER_TEST_F(WasmTrapHandler, OutOfBounds) {
ASSERT_TRUE(embedded_test_server()->Start());
const auto& url = embedded_test_server()->GetURL("/wasm/out_of_bounds.html");
ui_test_utils::NavigateToURL(browser(), url);
ASSERT_NO_FATAL_FAILURE(RunJSTest("peek_in_bounds()"));
ASSERT_NO_FATAL_FAILURE(
RunJSTestAndEnsureTrapHandlerRan("peek_out_of_bounds()"));
ASSERT_NO_FATAL_FAILURE(RunJSTestAndEnsureTrapHandlerRan(
"peek_out_of_bounds_grow_memory_from_zero_js()"));
ASSERT_NO_FATAL_FAILURE(
RunJSTestAndEnsureTrapHandlerRan("peek_out_of_bounds_grow_memory_js()"));
ASSERT_NO_FATAL_FAILURE(RunJSTestAndEnsureTrapHandlerRan(
"peek_out_of_bounds_grow_memory_from_zero_wasm()"));
ASSERT_NO_FATAL_FAILURE(RunJSTestAndEnsureTrapHandlerRan(
"peek_out_of_bounds_grow_memory_wasm()"));
ASSERT_NO_FATAL_FAILURE(RunJSTest("poke_in_bounds()"));
ASSERT_NO_FATAL_FAILURE(
RunJSTestAndEnsureTrapHandlerRan("poke_out_of_bounds()"));
ASSERT_NO_FATAL_FAILURE(RunJSTestAndEnsureTrapHandlerRan(
"poke_out_of_bounds_grow_memory_from_zero_js()"));
ASSERT_NO_FATAL_FAILURE(
RunJSTestAndEnsureTrapHandlerRan("poke_out_of_bounds_grow_memory_js()"));
ASSERT_NO_FATAL_FAILURE(RunJSTestAndEnsureTrapHandlerRan(
"poke_out_of_bounds_grow_memory_from_zero_wasm()"));
ASSERT_NO_FATAL_FAILURE(RunJSTestAndEnsureTrapHandlerRan(
"poke_out_of_bounds_grow_memory_wasm()"));
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment