Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xplat: enforce TypedArray bound check in AsmJs #1703

Merged
merged 1 commit into from
Oct 6, 2016
Merged

xplat: enforce TypedArray bound check in AsmJs #1703

merged 1 commit into from
Oct 6, 2016

Conversation

jianchun
Copy link

@jianchun jianchun commented Oct 6, 2016

For xplat, always do bound check for Ld/St TypedArray in AsmJs. Currently
we don't support out of bound access violation recovery on non _WIN32.

@jianchun
Copy link
Author

jianchun commented Oct 6, 2016

@MikeHolman Could you please help review?

@jianchun jianchun mentioned this pull request Oct 6, 2016
Closed
MikeHolman
MikeHolman suggested changes Oct 6, 2016
View reviewed changes
lib/Backend/AsmJsJITInfo.cpp
@@ -159,6 +159,11 @@ AsmJsJITInfo::UsesHeapBuffer() const
bool
AsmJsJITInfo::AccessNeedsBoundCheck(uint offset) const
{
#ifdef _WIN32
// Normally, heap has min size of 0x10000, but if you use ChangeHeap, min heap size is increased to 0x1000000
return offset >= 0x1000000 || (IsHeapBufferConst() && offset >= 0x10000);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is runtime guarantee that any access less than this is in bounds, so don't need to exclude this from xplat

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will revert this. (Looks I originally added this when my problem was the other piece not emitting bound check.)

lib/Backend/amd64/LowererMDArch.cpp
@@ -1152,7 +1157,10 @@ LowererMDArch::LowerAsmJsLdElemHelper(IR::Instr * instr, bool isSimdLoad /*= fal
}
Lowerer::InsertBranch(Js::OpCode::Br, loadLabel, helperLabel);

lowererMD->m_lowerer->GenerateRuntimeError(loadLabel, JSERR_ArgumentOutOfRange, IR::HelperOp_RuntimeRangeError);
if (isSimdLoad)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

else, you should move 0 into dst.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, adding.

@jianchun
Copy link
Author

jianchun commented Oct 6, 2016

@MikeHolman Updated, thanks!

xplat: enforce TypedArray bound check in AsmJs
9c211c8 
For xplat always do bound check for Ld/St TypedArray in AsmJs. Currently
we don't support out of bound access violation recovery on non _WIN32.
@chakrabot chakrabot merged commit 9c211c8 into chakra-core:master Oct 6, 2016
chakrabot pushed a commit that referenced this pull request Oct 6, 2016
[MERGE #1703 @jianchun] xplat: enforce TypedArray bound check in AsmJs
e7b5143 
Merge pull request #1703 from jianchun:arrbuf

For xplat, always do bound check for Ld/St TypedArray in AsmJs. Currently
we don't support out of bound access violation recovery on non _WIN32.
@jianchun jianchun deleted the arrbuf branch October 7, 2016 18:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MikeHolman MikeHolman MikeHolman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jianchun @MikeHolman @msftclas @chakrabot