| Quellcodebibliothek Statistik Leitseite products/sources/formale Sprachen/C/Firefox/js/src/wasm/ (Browser von der Mozilla Stiftung Version 136.0.1©) Datei vom 10.2.2025 mit Größe 165 kB |
|
Quelle WasmJS.cpp Sprache: C |
|||||||||||||||
|
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- * vim: set ts=8 sts=2 et sw=2 tw=80: * * Copyright 2016 Mozilla Foundation * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "wasm/WasmJS.h" #include "mozilla/EndianUtils.h" #include "mozilla/Maybe.h" #include <algorithm> #include <cstdint> #include "jsapi.h" #include "jsexn.h" #include "ds/IdValuePair.h" // js::IdValuePair #include "frontend/FrontendContext.h" // AutoReportFrontendContext #include "gc/GCContext.h" #include "jit/AtomicOperations.h" #include "jit/FlushICache.h" #include "jit/JitContext.h" #include "jit/JitOptions.h" #include "jit/Simulator.h" #include "js/ColumnNumber.h" // JS::ColumnNumberOneOrigin #include "js/ForOfIterator.h" #include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_* #include "js/Printf.h" #include "js/PropertyAndElement.h" // JS_DefineProperty, JS_GetProperty #include "js/PropertySpec.h" // JS_{PS,FN}{,_END} #include "js/Stack.h" // BuildStackString #include "js/StreamConsumer.h" #include "util/StringBuilder.h" #include "util/Text.h" #include "vm/ErrorObject.h" #include "vm/FunctionFlags.h" // js::FunctionFlags #include "vm/GlobalObject.h" // js::GlobalObject #include "vm/HelperThreadState.h" // js::PromiseHelperTask #include "vm/Interpreter.h" #include "vm/JSFunction.h" #include "vm/PlainObject.h" // js::PlainObject #include "vm/PromiseObject.h" // js::PromiseObject #include "vm/SharedArrayObject.h" #include "vm/StringType.h" #include "vm/Warnings.h" // js::WarnNumberASCII #include "wasm/WasmBaselineCompile.h" #include "wasm/WasmBuiltinModule.h" #include "wasm/WasmBuiltins.h" #include "wasm/WasmCompile.h" #include "wasm/WasmDebug.h" #include "wasm/WasmFeatures.h" #include "wasm/WasmInstance.h" #include "wasm/WasmIonCompile.h" #include "wasm/WasmMemory.h" #include "wasm/WasmModule.h" #include "wasm/WasmPI.h" #include "wasm/WasmProcess.h" #include "wasm/WasmSignalHandlers.h" #include "wasm/WasmStubs.h" #include "wasm/WasmValidate.h" #include "gc/GCContext-inl.h" #include "gc/StableCellHasher-inl.h" #include "vm/ArrayBufferObject-inl.h" #include "vm/JSObject-inl.h" #include "vm/NativeObject-inl.h" #include "wasm/WasmInstance-inl.h" /* * [SMDOC] WebAssembly code rules (evolving) * * TlsContext.get() is only to be invoked from functions that have been invoked * _directly_ by generated code as cold(!) Builtin calls, from code that is * only used by signal handlers, or from helper functions that have been * called _directly_ from a simulator. All other code shall pass in a * JSContext* to functions that need it, or an Instance* or Instance* since * the context is available through them. * * Code that uses TlsContext.get() shall annotate each such call with the * reason why the call is OK. */ using namespace js; using namespace js::jit; using namespace js::wasm; using mozilla::Maybe; using mozilla::Nothing; using mozilla::Some; using mozilla::Span; static bool ThrowCompileOutOfMemory(JSContext* cx) { // Most OOMs during compilation are due to large contiguous allocations, // and future allocations are likely to succeed. Throwing a proper error // object is nicer for users in these circumstances. JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_OUT_OF_MEMORY); return false; } // ============================================================================ // Imports static bool ThrowBadImportArg(JSContext* cx) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_IMPORT_ARG); return false; } static bool ThrowBadImportType(JSContext* cx, const CacheableName& field, const char* str) { UniqueChars fieldQuoted = field.toQuotedString(cx); if (!fieldQuoted) { ReportOutOfMemory(cx); return false; } JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_IMPORT_TYPE, fieldQuoted.get(), str); return false; } // For now reject cross-compartment wrappers. These have more complicated realm // semantics (we use nonCCWRealm in a few places) and may require unwrapping to // test for specific function types. static bool IsCallableNonCCW(const Value& v) { return IsCallable(v) && !IsCrossCompartmentWrapper(&v.toObject()); } static bool IsWasmSuspendingWrapper(const Value& v) { return v.isObject() && js::IsWasmSuspendingObject(&v.toObject()); } bool js::wasm::GetImports(JSContext* cx, const Module& module, HandleObject importObj, ImportValues* imports) { const ModuleMetadata& moduleMeta = module.moduleMeta(); const CodeMetadata& codeMeta = module.codeMeta(); const BuiltinModuleIds& builtinModules = codeMeta.features().builtinModules; if (!moduleMeta.imports.empty() && !importObj) { return ThrowBadImportArg(cx); } BuiltinModuleInstances builtinInstances(cx); RootedValue importModuleValue(cx); RootedObject importModuleObject(cx); bool isImportedStringModule = false; RootedValue importFieldValue(cx); uint32_t tagIndex = 0; const TagDescVector& tags = codeMeta.tags; uint32_t globalIndex = 0; const GlobalDescVector& globals = codeMeta.globals; uint32_t tableIndex = 0; const TableDescVector& tables = codeMeta.tables; for (const Import& import : moduleMeta.imports) { Maybe<BuiltinModuleId> builtinModule = ImportMatchesBuiltinModule(import.module.utf8Bytes(), builtinModules); if (builtinModule) { if (*builtinModule == BuiltinModuleId::JSStringConstants) { isImportedStringModule = true; importModuleObject = nullptr; } else { MutableHandle<JSObject*> builtinInstance = builtinInstances[*builtinModule]; if (!builtinInstance && !wasm::InstantiateBuiltinModule( cx, *builtinModule, builtinInstance)) { return false; } isImportedStringModule = false; importModuleObject = builtinInstance; } } else { RootedId moduleName(cx); if (!import.module.toPropertyKey(cx, &moduleName)) { return false; } if (!GetProperty(cx, importObj, importObj, moduleName, &importModuleValue)) { return false; } if (!importModuleValue.isObject()) { UniqueChars moduleQuoted = import.module.toQuotedString(cx); if (!moduleQuoted) { ReportOutOfMemory(cx); return false; } JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_IMPORT_FIELD, moduleQuoted.get()); return false; } isImportedStringModule = false; importModuleObject = &importModuleValue.toObject(); } MOZ_RELEASE_ASSERT(!isImportedStringModule || import.kind == DefinitionKind::Global); if (isImportedStringModule) { RootedString stringConstant(cx, import.field.toJSString(cx)); if (!stringConstant) { ReportOutOfMemory(cx); return false; } importFieldValue = StringValue(stringConstant); } else { RootedId fieldName(cx); if (!import.field.toPropertyKey(cx, &fieldName)) { return false; } if (!GetProperty(cx, importModuleObject, importModuleObject, fieldName, &importFieldValue)) { return false; } } switch (import.kind) { case DefinitionKind::Function: { if (!IsCallableNonCCW(importFieldValue) && !IsWasmSuspendingWrapper(importFieldValue)) { return ThrowBadImportType(cx, import.field, "Function"); } if (!imports->funcs.append(&importFieldValue.toObject())) { ReportOutOfMemory(cx); return false; } break; } case DefinitionKind::Table: { const uint32_t index = tableIndex++; if (!importFieldValue.isObject() || !importFieldValue.toObject().is<WasmTableObject>()) { return ThrowBadImportType(cx, import.field, "Table"); } Rooted<WasmTableObject*> obj( cx, &importFieldValue.toObject().as<WasmTableObject>()); if (obj->table().elemType() != tables[index].elemType) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_TBL_TYPE_LINK); return false; } if (!imports->tables.append(obj)) { ReportOutOfMemory(cx); return false; } break; } case DefinitionKind::Memory: { if (!importFieldValue.isObject() || !importFieldValue.toObject().is<WasmMemoryObject>()) { return ThrowBadImportType(cx, import.field, "Memory"); } if (!imports->memories.append( &importFieldValue.toObject().as<WasmMemoryObject>())) { ReportOutOfMemory(cx); return false; } break; } case DefinitionKind::Tag: { const uint32_t index = tagIndex++; if (!importFieldValue.isObject() || !importFieldValue.toObject().is<WasmTagObject>()) { return ThrowBadImportType(cx, import.field, "Tag"); } Rooted<WasmTagObject*> obj( cx, &importFieldValue.toObject().as<WasmTagObject>()); // Checks whether the signature of the imported exception object matches // the signature declared in the exception import's TagDesc. if (!TagType::matches(*obj->tagType(), *tags[index].type)) { UniqueChars fieldQuoted = import.field.toQuotedString(cx); UniqueChars moduleQuoted = import.module.toQuotedString(cx); if (!fieldQuoted || !moduleQuoted) { ReportOutOfMemory(cx); return false; } JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_TAG_SIG, moduleQuoted.get(), fieldQuoted.get()); return false; } if (!imports->tagObjs.append(obj)) { ReportOutOfMemory(cx); return false; } break; } case DefinitionKind::Global: { const uint32_t index = globalIndex++; const GlobalDesc& global = globals[index]; MOZ_ASSERT(global.importIndex() == index); RootedVal val(cx); if (importFieldValue.isObject() && importFieldValue.toObject().is<WasmGlobalObject>()) { Rooted<WasmGlobalObject*> obj( cx, &importFieldValue.toObject().as<WasmGlobalObject>()); if (obj->isMutable() != global.isMutable()) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_GLOB_MUT_LINK); return false; } bool matches = global.isMutable() ? obj->type() == global.type() : ValType::isSubTypeOf(obj->type(), global.type()); if (!matches) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_GLOB_TYPE_LINK); return false; } if (imports->globalObjs.length() <= index && !imports->globalObjs.resize(index + 1)) { ReportOutOfMemory(cx); return false; } imports->globalObjs[index] = obj; val = obj->val(); } else { if (!global.type().isRefType()) { if (global.type() == ValType::I64 && !importFieldValue.isBigInt()) { return ThrowBadImportType(cx, import.field, "BigInt"); } if (global.type() != ValType::I64 && !importFieldValue.isNumber()) { return ThrowBadImportType(cx, import.field, "Number"); } } if (global.isMutable()) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_GLOB_MUT_LINK); return false; } if (!Val::fromJSValue(cx, global.type(), importFieldValue, &val)) { return false; } } if (!imports->globalValues.append(val)) { ReportOutOfMemory(cx); return false; } break; } } } MOZ_ASSERT(globalIndex == globals.length() || !globals[globalIndex].isImport()); return true; } static bool DescribeScriptedCaller(JSContext* cx, ScriptedCaller* caller, const char* introducer) { // Note: JS::DescribeScriptedCaller returns whether a scripted caller was // found, not whether an error was thrown. This wrapper function converts // back to the more ordinary false-if-error form. JS::AutoFilename af; if (JS::DescribeScriptedCaller(&af, cx, &caller->line)) { caller->filename = FormatIntroducedFilename(af.get(), caller->line, introducer); if (!caller->filename) { ReportOutOfMemory(cx); return false; } } return true; } static SharedCompileArgs InitCompileArgs(JSContext* cx, FeatureOptions options, const char* introducer) { ScriptedCaller scriptedCaller; if (!DescribeScriptedCaller(cx, &scriptedCaller, introducer)) { return nullptr; } return CompileArgs::buildAndReport(cx, std::move(scriptedCaller), options); } // ============================================================================ // Testing / Fuzzing support bool wasm::Eval(JSContext* cx, Handle<TypedArrayObject*> code, HandleObject importObj, MutableHandle<WasmInstanceObject*> instanceObj) { if (!GlobalObject::ensureConstructor(cx, cx->global(), JSProto_WebAssembly)) { return false; } MutableBytes bytecode = cx->new_<ShareableBytes>(); if (!bytecode) { return false; } if (!bytecode->append((uint8_t*)code->dataPointerEither().unwrap(), code->byteLength().valueOr(0))) { ReportOutOfMemory(cx); return false; } FeatureOptions options; SharedCompileArgs compileArgs = InitCompileArgs(cx, options, "wasm_eval"); if (!compileArgs) { return false; } UniqueChars error; UniqueCharsVector warnings; SharedModule module = CompileBuffer(*compileArgs, *bytecode, &error, &warnings, nullptr); if (!module) { if (error) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_COMPILE_ERROR, error.get()); return false; } return ThrowCompileOutOfMemory(cx); } Rooted<ImportValues> imports(cx); if (!GetImports(cx, *module, importObj, imports.address())) { return false; } return module->instantiate(cx, imports.get(), nullptr, instanceObj); } struct MOZ_STACK_CLASS SerializeListener : JS::OptimizedEncodingListener { // MOZ_STACK_CLASS means these can be nops. MozExternalRefCountType MOZ_XPCOM_ABI AddRef() override { return 0; } MozExternalRefCountType MOZ_XPCOM_ABI Release() override { return 0; } mozilla::DebugOnly<bool> called = false; Bytes* serialized; explicit SerializeListener(Bytes* serialized) : serialized(serialized) {} void storeOptimizedEncoding(const uint8_t* bytes, size_t length) override { MOZ_ASSERT(!called); called = true; if (serialized->resizeUninitialized(length)) { memcpy(serialized->begin(), bytes, length); } } }; bool wasm::CompileAndSerialize(JSContext* cx, const ShareableBytes& bytecode, Bytes* serialized) { // The caller must check that code caching is available MOZ_ASSERT(CodeCachingAvailable(cx)); // Create and manually fill in compile args for code caching MutableCompileArgs compileArgs = js_new<CompileArgs>(); if (!compileArgs) { return false; } // The caller has ensured CodeCachingAvailable(). Moreover, we want to ensure // we go straight to tier-2 so that we synchronously call // JS::OptimizedEncodingListener::storeOptimizedEncoding(). compileArgs->baselineEnabled = false; compileArgs->forceTiering = false; // We always pick Ion here, and we depend on CodeCachingAvailable() having // determined that Ion is available, see comments at CodeCachingAvailable(). // To do better, we need to pass information about which compiler that should // be used into CompileAndSerialize(). compileArgs->ionEnabled = true; // Select features that are enabled. This is guaranteed to be consistent with // our compiler selection, as code caching is only available if ion is // available, and ion is only available if it's not disabled by enabled // features. compileArgs->features = FeatureArgs::build(cx, FeatureOptions()); SerializeListener listener(serialized); UniqueChars error; UniqueCharsVector warnings; SharedModule module = CompileBuffer(*compileArgs, bytecode, &error, &warnings, &listener); if (!module) { fprintf(stderr, "Compilation error: %s\n", error ? error.get() : "oom"); return false; } MOZ_ASSERT(module->code().hasCompleteTier(Tier::Serialized)); MOZ_ASSERT(listener.called); return !listener.serialized->empty(); } bool wasm::DeserializeModule(JSContext* cx, const Bytes& serialized, MutableHandleObject moduleObj) { MutableModule module = Module::deserialize(serialized.begin(), serialized.length()); if (!module) { ReportOutOfMemory(cx); return false; } moduleObj.set(module->createObject(cx)); return !!moduleObj; } // ============================================================================ // Common functions // '[EnforceRange] unsigned long' types are coerced with // ConvertToInt(v, 32, 'unsigned') // defined in Web IDL Section 3.2.4.9. // // This just generalizes that to an arbitrary limit that is representable as an // integer in double form. static bool EnforceRange(JSContext* cx, HandleValue v, const char* kind, const char* noun, uint64_t max, uint64_t* val) { // Step 4. double x; if (!ToNumber(cx, v, &x)) { return false; } // Step 5. if (mozilla::IsNegativeZero(x)) { x = 0.0; } // Step 6.1. if (!std::isfinite(x)) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_ENFORCE_RANGE, kind, noun); return false; } // Step 6.2. x = JS::ToInteger(x); // Step 6.3. if (x < 0 || x > double(max)) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_ENFORCE_RANGE, kind, noun); return false; } *val = uint64_t(x); MOZ_ASSERT(double(*val) == x); return true; } static bool EnforceRangeU32(JSContext* cx, HandleValue v, const char* kind, const char* noun, uint32_t* u32) { uint64_t u64 = 0; if (!EnforceRange(cx, v, kind, noun, uint64_t(UINT32_MAX), &u64)) { return false; } *u32 = uint32_t(u64); return true; } static bool EnforceRangeU64(JSContext* cx, HandleValue v, const char* kind, const char* noun, uint64_t* u64) { // The max is Number.MAX_SAFE_INTEGER return EnforceRange(cx, v, kind, noun, (1LL << 53) - 1, u64); } static bool EnforceRangeBigInt64(JSContext* cx, HandleValue v, const char* kind, const char* noun, uint64_t* u64) { RootedBigInt bi(cx, ToBigInt(cx, v)); if (!bi) { return false; } if (!BigInt::isUint64(bi, u64)) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_ENFORCE_RANGE, kind, noun); return false; } return true; } static bool EnforceAddressValue(JSContext* cx, HandleValue v, AddressType addressType, const char* kind, const char* noun, uint64_t* result) { switch (addressType) { case AddressType::I32: { uint32_t result32; if (!EnforceRangeU32(cx, v, kind, noun, &result32)) { return false; } *result = uint64_t(result32); return true; } case AddressType::I64: return EnforceRangeBigInt64(cx, v, kind, noun, result); default: MOZ_CRASH("unknown address type"); } } // The AddressValue typedef, a union of number and bigint, is used in the JS API // spec for memory and table arguments, where number is used for memory32 and // bigint is used for memory64. [[nodiscard]] static bool CreateAddressValue(JSContext* cx, uint64_t value, AddressType addressType, MutableHandleValue addressValue) { switch (addressType) { case AddressType::I32: MOZ_ASSERT(value <= UINT32_MAX); addressValue.set(NumberValue(value)); return true; case AddressType::I64: { BigInt* bi = BigInt::createFromUint64(cx, value); if (!bi) { return false; } addressValue.set(BigIntValue(bi)); return true; } default: MOZ_CRASH("unknown address type"); } } // Gets an AddressValue property ("initial" or "maximum") from a // MemoryDescriptor or TableDescriptor. The values returned by this should be // run through CheckLimits to enforce the validation limits prescribed by the // spec. static bool GetDescriptorAddressValue(JSContext* cx, HandleObject obj, const char* name, const char* noun, const char* msg, AddressType addressType, bool* found, uint64_t* value) { JSAtom* atom = Atomize(cx, name, strlen(name)); if (!atom) { return false; } RootedId id(cx, AtomToId(atom)); RootedValue val(cx); if (!GetProperty(cx, obj, obj, id, &val)) { return false; } if (val.isUndefined()) { *found = false; return true; } *found = true; return EnforceAddressValue(cx, val, addressType, noun, msg, value); } static bool GetLimits(JSContext* cx, HandleObject obj, LimitsKind kind, Limits* limits) { limits->addressType = AddressType::I32; // Limits may specify an alternate address type, and we need this to check the // ranges for initial and maximum, so look for the address type first. #ifdef ENABLE_WASM_MEMORY64 // Get the address type field JSAtom* addressTypeAtom = Atomize(cx, "address", strlen("address")); if (!addressTypeAtom) { return false; } RootedId addressTypeId(cx, AtomToId(addressTypeAtom)); RootedValue addressTypeVal(cx); if (!GetProperty(cx, obj, obj, addressTypeId, &addressTypeVal)) { return false; } // The address type has a default value if (!addressTypeVal.isUndefined()) { if (!ToAddressType(cx, addressTypeVal, &limits->addressType)) { return false; } if (limits->addressType == AddressType::I64 && !Memory64Available(cx)) { JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_WASM_NO_MEM64_LINK); return false; } } #endif const char* noun = ToString(kind); uint64_t limit = 0; bool haveInitial = false; if (!GetDescriptorAddressValue(cx, obj, "initial", noun, "initial size", limits->addressType, &haveInitial, &limit)) { return false; } if (haveInitial) { limits->initial = limit; } bool haveMinimum = false; #ifdef ENABLE_WASM_TYPE_REFLECTIONS if (!GetDescriptorAddressValue(cx, obj, "minimum", noun, "initial size", limits->addressType, &haveMinimum, &limit)) { return false; } if (haveMinimum) { limits->initial = limit; } #endif if (!(haveInitial || haveMinimum)) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_MISSING_REQUIRED, "initial"); return false; } if (haveInitial && haveMinimum) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_SUPPLY_ONLY_ONE, "minimum", "initial"); return false; } bool haveMaximum = false; if (!GetDescriptorAddressValue(cx, obj, "maximum", noun, "maximum size", limits->addressType, &haveMaximum, &limit)) { return false; } if (haveMaximum) { limits->maximum = Some(limit); } limits->shared = Shareable::False; // Memory limits may be shared. if (kind == LimitsKind::Memory) { // Get the shared field JSAtom* sharedAtom = Atomize(cx, "shared", strlen("shared")); if (!sharedAtom) { return false; } RootedId sharedId(cx, AtomToId(sharedAtom)); RootedValue sharedVal(cx); if (!GetProperty(cx, obj, obj, sharedId, &sharedVal)) { return false; } // shared's default value is false, which is already the value set above. if (!sharedVal.isUndefined()) { limits->shared = ToBoolean(sharedVal) ? Shareable::True : Shareable::False; if (limits->shared == Shareable::True) { if (!haveMaximum) { JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_WASM_MISSING_MAXIMUM, noun); return false; } if (!cx->realm() ->creationOptions() .getSharedMemoryAndAtomicsEnabled()) { JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_WASM_NO_SHMEM_LINK); return false; } } } } return true; } static bool CheckLimits(JSContext* cx, uint64_t validationMax, LimitsKind kind, Limits* limits) { const char* noun = ToString(kind); // There are several layers of validation and error-throwing here, including // one which is currently not defined by the JS API spec: // // - [EnforceRange] on parameters (must be TypeError) // - A check that initial <= maximum (must be RangeError) // - Either a mem_alloc or table_alloc operation, which has two components: // - A pre-condition that the given memory or table type is valid // (not specified, RangeError in practice) // - The actual allocation (should report OOM if it fails) // // There are two questions currently left open by the spec: when is the memory // or table type validated, and if it is invalid, what type of exception does // it throw? In practice, all browsers throw RangeError, and by the time you // read this the spec will hopefully have been updated to reflect this. See // the following issue: https://github.com/WebAssembly/spec/issues/1792 // Check that initial <= maximum if (limits->maximum.isSome() && *limits->maximum < limits->initial) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_MAX_LT_INITIAL, noun); return false; } // Check wasm validation limits if (limits->initial > validationMax) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_RANGE, noun, "initial size"); return false; } if (limits->maximum.isSome() && *limits->maximum > validationMax) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_RANGE, noun, "maximum size"); return false; } return true; } template <class Class, const char* name> static JSObject* CreateWasmConstructor(JSContext* cx, JSProtoKey key) { Rooted<JSAtom*> className(cx, Atomize(cx, name, strlen(name))); if (!className) { return nullptr; } return NewNativeConstructor(cx, Class::construct, 1, className); } static JSObject* GetWasmConstructorPrototype(JSContext* cx, const CallArgs& callArgs, JSProtoKey key) { RootedObject proto(cx); if (!GetPrototypeFromBuiltinConstructor(cx, callArgs, key, &proto)) { return nullptr; } if (!proto) { proto = GlobalObject::getOrCreatePrototype(cx, key); } return proto; } [[nodiscard]] static bool ParseValTypes(JSContext* cx, HandleValue src, ValTypeVector& dest) { JS::ForOfIterator iterator(cx); if (!iterator.init(src, JS::ForOfIterator::ThrowOnNonIterable)) { return false; } RootedValue nextParam(cx); while (true) { bool done; if (!iterator.next(&nextParam, &done)) { return false; } if (done) { break; } ValType valType; if (!ToValType(cx, nextParam, &valType) || !dest.append(valType)) { return false; } } return true; } #ifdef ENABLE_WASM_TYPE_REFLECTIONS template <typename T> static JSString* TypeToString(JSContext* cx, T type) { UniqueChars chars = ToString(type, nullptr); if (!chars) { return nullptr; } return NewStringCopyUTF8Z( cx, JS::ConstUTF8CharsZ(chars.get(), strlen(chars.get()))); } # ifdef ENABLE_WASM_MEMORY64 static JSString* AddressTypeToString(JSContext* cx, AddressType type) { return JS_NewStringCopyZ(cx, ToString(type)); } # endif [[nodiscard]] static JSObject* ValTypesToArray(JSContext* cx, const ValTypeVector& valTypes) { Rooted<ArrayObject*> arrayObj(cx, NewDenseEmptyArray(cx)); if (!arrayObj) { return nullptr; } for (ValType valType : valTypes) { RootedString type(cx, TypeToString(cx, valType)); if (!type) { return nullptr; } if (!NewbornArrayPush(cx, arrayObj, StringValue(type))) { return nullptr; } } return arrayObj; } static JSObject* FuncTypeToObject(JSContext* cx, const FuncType& type) { Rooted<IdValueVector> props(cx, IdValueVector(cx)); RootedObject parametersObj(cx, ValTypesToArray(cx, type.args())); if (!parametersObj || !props.append(IdValuePair(NameToId(cx->names().parameters), ObjectValue(*parametersObj)))) { ReportOutOfMemory(cx); return nullptr; } RootedObject resultsObj(cx, ValTypesToArray(cx, type.results())); if (!resultsObj || !props.append(IdValuePair(NameToId(cx->names().results), ObjectValue(*resultsObj)))) { ReportOutOfMemory(cx); return nullptr; } return NewPlainObjectWithUniqueNames(cx, props); } static JSObject* TableTypeToObject(JSContext* cx, AddressType addressType, RefType type, uint64_t initial, Maybe<uint64_t> maximum) { Rooted<IdValueVector> props(cx, IdValueVector(cx)); RootedString elementType(cx, TypeToString(cx, type)); if (!elementType || !props.append(IdValuePair(NameToId(cx->names().element), StringValue(elementType)))) { ReportOutOfMemory(cx); return nullptr; } if (maximum.isSome()) { RootedId maximumId(cx, NameToId(cx->names().maximum)); RootedValue maximumValue(cx); if (!CreateAddressValue(cx, maximum.value(), addressType, &maximumValue)) { ReportOutOfMemory(cx); return nullptr; } if (!props.append(IdValuePair(maximumId, maximumValue))) { ReportOutOfMemory(cx); return nullptr; } } RootedId minimumId(cx, NameToId(cx->names().minimum)); RootedValue minimumValue(cx); if (!CreateAddressValue(cx, initial, addressType, &minimumValue)) { ReportOutOfMemory(cx); return nullptr; } if (!props.append(IdValuePair(minimumId, minimumValue))) { ReportOutOfMemory(cx); return nullptr; } # ifdef ENABLE_WASM_MEMORY64 RootedString at(cx, AddressTypeToString(cx, addressType)); if (!at) { return nullptr; } if (!props.append( IdValuePair(NameToId(cx->names().address), StringValue(at)))) { ReportOutOfMemory(cx); return nullptr; } # endif return NewPlainObjectWithUniqueNames(cx, props); } static JSObject* MemoryTypeToObject(JSContext* cx, bool shared, wasm::AddressType addressType, wasm::Pages minPages, Maybe<wasm::Pages> maxPages) { Rooted<IdValueVector> props(cx, IdValueVector(cx)); if (maxPages) { RootedId maximumId(cx, NameToId(cx->names().maximum)); RootedValue maximumValue(cx); if (!CreateAddressValue(cx, maxPages.value().value(), addressType, &maximumValue)) { ReportOutOfMemory(cx); return nullptr; } if (!props.append(IdValuePair(maximumId, maximumValue))) { ReportOutOfMemory(cx); return nullptr; } } RootedId minimumId(cx, NameToId(cx->names().minimum)); RootedValue minimumValue(cx); if (!CreateAddressValue(cx, minPages.value(), addressType, &minimumValue)) { ReportOutOfMemory(cx); return nullptr; } if (!props.append(IdValuePair(minimumId, minimumValue))) { ReportOutOfMemory(cx); return nullptr; } # ifdef ENABLE_WASM_MEMORY64 RootedString at(cx, AddressTypeToString(cx, addressType)); if (!at) { return nullptr; } if (!props.append( IdValuePair(NameToId(cx->names().address), StringValue(at)))) { ReportOutOfMemory(cx); return nullptr; } # endif if (!props.append( IdValuePair(NameToId(cx->names().shared), BooleanValue(shared)))) { ReportOutOfMemory(cx); return nullptr; } return NewPlainObjectWithUniqueNames(cx, props); } static JSObject* GlobalTypeToObject(JSContext* cx, ValType type, bool isMutable) { Rooted<IdValueVector> props(cx, IdValueVector(cx)); if (!props.append(IdValuePair(NameToId(cx->names().mutable_), BooleanValue(isMutable)))) { ReportOutOfMemory(cx); return nullptr; } RootedString valueType(cx, TypeToString(cx, type)); if (!valueType || !props.append(IdValuePair(NameToId(cx->names().value), StringValue(valueType)))) { ReportOutOfMemory(cx); return nullptr; } return NewPlainObjectWithUniqueNames(cx, props); } static JSObject* TagTypeToObject(JSContext* cx, const wasm::ValTypeVector& params) { Rooted<IdValueVector> props(cx, IdValueVector(cx)); RootedObject parametersObj(cx, ValTypesToArray(cx, params)); if (!parametersObj || !props.append(IdValuePair(NameToId(cx->names().parameters), ObjectValue(*parametersObj)))) { ReportOutOfMemory(cx); return nullptr; } return NewPlainObjectWithUniqueNames(cx, props); } #endif // ENABLE_WASM_TYPE_REFLECTIONS // ============================================================================ // WebAssembly.Module class and methods const JSClassOps WasmModuleObject::classOps_ = { nullptr, // addProperty nullptr, // delProperty nullptr, // enumerate nullptr, // newEnumerate nullptr, // resolve nullptr, // mayResolve WasmModuleObject::finalize, // finalize nullptr, // call nullptr, // construct nullptr, // trace }; const JSClass WasmModuleObject::class_ = { "WebAssembly.Module", JSCLASS_DELAY_METADATA_BUILDER | JSCLASS_HAS_RESERVED_SLOTS(WasmModuleObject::RESERVED_SLOTS) | JSCLASS_FOREGROUND_FINALIZE, &WasmModuleObject::classOps_, &WasmModuleObject::classSpec_, }; const JSClass& WasmModuleObject::protoClass_ = PlainObject::class_; static constexpr char WasmModuleName[] = "Module"; const ClassSpec WasmModuleObject::classSpec_ = { CreateWasmConstructor<WasmModuleObject, WasmModuleName>, GenericCreatePrototype<WasmModuleObject>, WasmModuleObject::static_methods, nullptr, WasmModuleObject::methods, WasmModuleObject::properties, nullptr, ClassSpec::DontDefineConstructor, }; const JSPropertySpec WasmModuleObject::properties[] = { JS_STRING_SYM_PS(toStringTag, "WebAssembly.Module", JSPROP_READONLY), JS_PS_END, }; const JSFunctionSpec WasmModuleObject::methods[] = { JS_FS_END, }; const JSFunctionSpec WasmModuleObject::static_methods[] = { JS_FN("imports", WasmModuleObject::imports, 1, JSPROP_ENUMERATE), JS_FN("exports", WasmModuleObject::exports, 1, JSPROP_ENUMERATE), JS_FN("customSections", WasmModuleObject::customSections, 2, JSPROP_ENUMERATE), JS_FS_END, }; /* static */ void WasmModuleObject::finalize(JS::GCContext* gcx, JSObject* obj) { const Module& module = obj->as<WasmModuleObject>().module(); size_t codeMemory = module.tier1CodeMemoryUsed(); if (codeMemory) { obj->zone()->decJitMemory(codeMemory); } gcx->release(obj, &module, module.gcMallocBytesExcludingCode(), MemoryUse::WasmModule); } static bool IsModuleObject(JSObject* obj, const Module** module) { WasmModuleObject* mobj = obj->maybeUnwrapIf<WasmModuleObject>(); if (!mobj) { return false; } *module = &mobj->module(); return true; } static bool GetModuleArg(JSContext* cx, const CallArgs& args, uint32_t numRequired, const char* name, const Module** module) { if (!args.requireAtLeast(cx, name, numRequired)) { return false; } if (!args[0].isObject() || !IsModuleObject(&args[0].toObject(), module)) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_MOD_ARG); return false; } return true; } struct KindNames { Rooted<PropertyName*> kind; Rooted<PropertyName*> table; Rooted<PropertyName*> memory; Rooted<PropertyName*> tag; Rooted<PropertyName*> type; explicit KindNames(JSContext* cx) : kind(cx), table(cx), memory(cx), tag(cx), type(cx) {} }; static bool InitKindNames(JSContext* cx, KindNames* names) { JSAtom* kind = Atomize(cx, "kind", strlen("kind")); if (!kind) { return false; } names->kind = kind->asPropertyName(); JSAtom* table = Atomize(cx, "table", strlen("table")); if (!table) { return false; } names->table = table->asPropertyName(); JSAtom* memory = Atomize(cx, "memory", strlen("memory")); if (!memory) { return false; } names->memory = memory->asPropertyName(); JSAtom* tag = Atomize(cx, "tag", strlen("tag")); if (!tag) { return false; } names->tag = tag->asPropertyName(); JSAtom* type = Atomize(cx, "type", strlen("type")); if (!type) { return false; } names->type = type->asPropertyName(); return true; } static JSString* KindToString(JSContext* cx, const KindNames& names, DefinitionKind kind) { switch (kind) { case DefinitionKind::Function: return cx->names().function; case DefinitionKind::Table: return names.table; case DefinitionKind::Memory: return names.memory; case DefinitionKind::Global: return cx->names().global; case DefinitionKind::Tag: return names.tag; } MOZ_CRASH("invalid kind"); } /* static */ bool WasmModuleObject::imports(JSContext* cx, unsigned argc, Value* vp) { CallArgs args = CallArgsFromVp(argc, vp); const Module* module; if (!GetModuleArg(cx, args, 1, "WebAssembly.Module.imports", &module)) { return false; } KindNames names(cx); if (!InitKindNames(cx, &names)) { return false; } const ModuleMetadata& moduleMeta = module->moduleMeta(); RootedValueVector elems(cx); if (!elems.reserve(moduleMeta.imports.length())) { return false; } #if defined(ENABLE_WASM_JS_STRING_BUILTINS) || \ defined(ENABLE_WASM_TYPE_REFLECTIONS) const CodeMetadata& codeMeta = module->codeMeta(); #endif #if defined(ENABLE_WASM_TYPE_REFLECTIONS) size_t numFuncImport = 0; size_t numMemoryImport = 0; size_t numGlobalImport = 0; size_t numTableImport = 0; size_t numTagImport = 0; #endif // ENABLE_WASM_TYPE_REFLECTIONS for (const Import& import : moduleMeta.imports) { #ifdef ENABLE_WASM_JS_STRING_BUILTINS Maybe<BuiltinModuleId> builtinModule = ImportMatchesBuiltinModule( import.module.utf8Bytes(), codeMeta.features().builtinModules); if (builtinModule) { continue; } #endif Rooted<IdValueVector> props(cx, IdValueVector(cx)); if (!props.reserve(3)) { return false; } JSString* moduleStr = import.module.toAtom(cx); if (!moduleStr) { return false; } props.infallibleAppend( IdValuePair(NameToId(cx->names().module), StringValue(moduleStr))); JSString* nameStr = import.field.toAtom(cx); if (!nameStr) { return false; } props.infallibleAppend( IdValuePair(NameToId(cx->names().name), StringValue(nameStr))); JSString* kindStr = KindToString(cx, names, import.kind); if (!kindStr) { return false; } props.infallibleAppend( IdValuePair(NameToId(names.kind), StringValue(kindStr))); #ifdef ENABLE_WASM_TYPE_REFLECTIONS RootedObject typeObj(cx); switch (import.kind) { case DefinitionKind::Function: { size_t funcIndex = numFuncImport++; const FuncType& funcType = codeMeta.getFuncType(funcIndex); typeObj = FuncTypeToObject(cx, funcType); break; } case DefinitionKind::Table: { size_t tableIndex = numTableImport++; const TableDesc& table = codeMeta.tables[tableIndex]; typeObj = TableTypeToObject(cx, table.addressType(), table.elemType, table.initialLength(), table.maximumLength()); break; } case DefinitionKind::Memory: { size_t memoryIndex = numMemoryImport++; const MemoryDesc& memory = codeMeta.memories[memoryIndex]; typeObj = MemoryTypeToObject(cx, memory.isShared(), memory.addressType(), memory.initialPages(), memory.maximumPages()); break; } case DefinitionKind::Global: { size_t globalIndex = numGlobalImport++; const GlobalDesc& global = codeMeta.globals[globalIndex]; typeObj = GlobalTypeToObject(cx, global.type(), global.isMutable()); break; } case DefinitionKind::Tag: { size_t tagIndex = numTagImport++; const TagDesc& tag = codeMeta.tags[tagIndex]; typeObj = TagTypeToObject(cx, tag.type->argTypes()); break; } } if (!typeObj || !props.append(IdValuePair(NameToId(names.type), ObjectValue(*typeObj)))) { ReportOutOfMemory(cx); return false; } #endif // ENABLE_WASM_TYPE_REFLECTIONS JSObject* obj = NewPlainObjectWithUniqueNames(cx, props); if (!obj) { return false; } elems.infallibleAppend(ObjectValue(*obj)); } JSObject* arr = NewDenseCopiedArray(cx, elems.length(), elems.begin()); if (!arr) { return false; } args.rval().setObject(*arr); return true; } /* static */ bool WasmModuleObject::exports(JSContext* cx, unsigned argc, Value* vp) { CallArgs args = CallArgsFromVp(argc, vp); const Module* module; if (!GetModuleArg(cx, args, 1, "WebAssembly.Module.exports", &module)) { return false; } KindNames names(cx); if (!InitKindNames(cx, &names)) { return false; } const ModuleMetadata& moduleMeta = module->moduleMeta(); RootedValueVector elems(cx); if (!elems.reserve(moduleMeta.exports.length())) { return false; } #ifdef ENABLE_WASM_TYPE_REFLECTIONS const CodeMetadata& codeMeta = module->codeMeta(); #endif // ENABLE_WASM_TYPE_REFLECTIONS for (const Export& exp : moduleMeta.exports) { Rooted<IdValueVector> props(cx, IdValueVector(cx)); if (!props.reserve(2)) { return false; } JSString* nameStr = exp.fieldName().toAtom(cx); if (!nameStr) { return false; } props.infallibleAppend( IdValuePair(NameToId(cx->names().name), StringValue(nameStr))); JSString* kindStr = KindToString(cx, names, exp.kind()); if (!kindStr) { return false; } props.infallibleAppend( IdValuePair(NameToId(names.kind), StringValue(kindStr))); #ifdef ENABLE_WASM_TYPE_REFLECTIONS RootedObject typeObj(cx); switch (exp.kind()) { case DefinitionKind::Function: { const FuncType& funcType = module->codeMeta().getFuncType(exp.funcIndex()); typeObj = FuncTypeToObject(cx, funcType); break; } case DefinitionKind::Table: { const TableDesc& table = codeMeta.tables[exp.tableIndex()]; typeObj = TableTypeToObject(cx, table.addressType(), table.elemType, table.initialLength(), table.maximumLength()); break; } case DefinitionKind::Memory: { const MemoryDesc& memory = codeMeta.memories[exp.memoryIndex()]; typeObj = MemoryTypeToObject(cx, memory.isShared(), memory.addressType(), memory.initialPages(), memory.maximumPages()); break; } case DefinitionKind::Global: { const GlobalDesc& global = codeMeta.globals[exp.globalIndex()]; typeObj = GlobalTypeToObject(cx, global.type(), global.isMutable()); break; } case DefinitionKind::Tag: { const TagDesc& tag = codeMeta.tags[exp.tagIndex()]; typeObj = TagTypeToObject(cx, tag.type->argTypes()); break; } } if (!typeObj || !props.append(IdValuePair(NameToId(names.type), ObjectValue(*typeObj)))) { ReportOutOfMemory(cx); return false; } #endif // ENABLE_WASM_TYPE_REFLECTIONS JSObject* obj = NewPlainObjectWithUniqueNames(cx, props); if (!obj) { return false; } elems.infallibleAppend(ObjectValue(*obj)); } JSObject* arr = NewDenseCopiedArray(cx, elems.length(), elems.begin()); if (!arr) { return false; } args.rval().setObject(*arr); return true; } /* static */ bool WasmModuleObject::customSections(JSContext* cx, unsigned argc, Value* vp) { CallArgs args = CallArgsFromVp(argc, vp); const Module* module; if (!GetModuleArg(cx, args, 2, "WebAssembly.Module.customSections", &module)) { return false; } Vector<char, 8> name(cx); { RootedString str(cx, ToString(cx, args.get(1))); if (!str) { return false; } Rooted<JSLinearString*> linear(cx, str->ensureLinear(cx)); if (!linear) { return false; } if (!name.initLengthUninitialized( JS::GetDeflatedUTF8StringLength(linear))) { return false; } (void)JS::DeflateStringToUTF8Buffer(linear, Span(name.begin(), name.length())); } RootedValueVector elems(cx); Rooted<ArrayBufferObject*> buf(cx); for (const CustomSection& cs : module->moduleMeta().customSections) { if (name.length() != cs.name.length()) { continue; } if (memcmp(name.begin(), cs.name.begin(), name.length()) != 0) { continue; } buf = ArrayBufferObject::createZeroed(cx, cs.payload->length()); if (!buf) { return false; } memcpy(buf->dataPointer(), cs.payload->begin(), cs.payload->length()); if (!elems.append(ObjectValue(*buf))) { return false; } } JSObject* arr = NewDenseCopiedArray(cx, elems.length(), elems.begin()); if (!arr) { return false; } args.rval().setObject(*arr); return true; } /* static */ WasmModuleObject* WasmModuleObject::create(JSContext* cx, const Module& module, HandleObject proto) { AutoSetNewObjectMetadata metadata(cx); auto* obj = NewObjectWithGivenProto<WasmModuleObject>(cx, proto); if (!obj) { return nullptr; } // The pipeline state on some architectures may retain stale instructions // even after we invalidate the instruction cache. There is no generally // available method to broadcast this pipeline flush to all threads after // we've compiled new code, so conservatively perform one here when we're // receiving a module that may have been compiled from another thread. // // The cost of this flush is expected to minimal enough to not be worth // optimizing away in the case the module was compiled on this thread. jit::FlushExecutionContext(); // This accounts for module allocation size (excluding code which is handled // separately - see below). This assumes that the size of associated data // doesn't change for the life of the WasmModuleObject. The size is counted // once per WasmModuleObject referencing a Module. InitReservedSlot(obj, MODULE_SLOT, const_cast<Module*>(&module), module.gcMallocBytesExcludingCode(), MemoryUse::WasmModule); module.AddRef(); // Bug 1569888: We account for the first tier here; the second tier, if // different, also needs to be accounted for. size_t codeMemory = module.tier1CodeMemoryUsed(); if (codeMemory) { cx->zone()->incJitMemory(codeMemory); } return obj; } static bool GetBufferSource(JSContext* cx, JSObject* obj, unsigned errorNumber, MutableBytes* bytecode) { *bytecode = cx->new_<ShareableBytes>(); if (!*bytecode) { return false; } JSObject* unwrapped = CheckedUnwrapStatic(obj); SharedMem<uint8_t*> dataPointer; size_t byteLength; if (!unwrapped || !IsBufferSource(unwrapped, &dataPointer, &byteLength)) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, errorNumber); return false; } if (!(*bytecode)->append(dataPointer.unwrap(), byteLength)) { ReportOutOfMemory(cx); return false; } return true; } static bool ReportCompileWarnings(JSContext* cx, const UniqueCharsVector& warnings) { // Avoid spamming the console. size_t numWarnings = std::min<size_t>(warnings.length(), 3); for (size_t i = 0; i < numWarnings; i++) { if (!WarnNumberASCII(cx, JSMSG_WASM_COMPILE_WARNING, warnings[i].get())) { return false; } } if (warnings.length() > numWarnings) { if (!WarnNumberASCII(cx, JSMSG_WASM_COMPILE_WARNING, "other warnings suppressed")) { return false; } } return true; } /* static */ bool WasmModuleObject::construct(JSContext* cx, unsigned argc, Value* vp) { CallArgs callArgs = CallArgsFromVp(argc, vp); Log(cx, "sync new Module() started"); if (!ThrowIfNotConstructing(cx, callArgs, "Module")) { return false; } JS::RootedVector<JSString*> parameterStrings(cx); JS::RootedVector<Value> parameterArgs(cx); bool canCompileStrings = false; if (!cx->isRuntimeCodeGenEnabled(JS::RuntimeCode::WASM, nullptr, JS::CompilationType::Undefined, parameterStrings, nullptr, parameterArgs, NullHandleValue, &canCompileStrings)) { return false; } if (!canCompileStrings) { JS_ReportErrorNumberASCII(cx, GetErrorMessage, nullptr, JSMSG_CSP_BLOCKED_WASM, "WebAssembly.Module"); return false; } if (!callArgs.requireAtLeast(cx, "WebAssembly.Module", 1)) { return false; } if (!callArgs[0].isObject()) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_BUF_ARG); return false; } MutableBytes bytecode; if (!GetBufferSource(cx, &callArgs[0].toObject(), JSMSG_WASM_BAD_BUF_ARG, &bytecode)) { return false; } FeatureOptions options; if (!options.init(cx, callArgs.get(1))) { return false; } SharedCompileArgs compileArgs = InitCompileArgs(cx, options, "WebAssembly.Module"); if (!compileArgs) { return false; } UniqueChars error; UniqueCharsVector warnings; SharedModule module = CompileBuffer(*compileArgs, *bytecode, &error, &warnings, nullptr); if (!ReportCompileWarnings(cx, warnings)) { return false; } if (!module) { if (error) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_COMPILE_ERROR, error.get()); return false; } return ThrowCompileOutOfMemory(cx); } RootedObject proto( cx, GetWasmConstructorPrototype(cx, callArgs, JSProto_WasmModule)); if (!proto) { ReportOutOfMemory(cx); return false; } RootedObject moduleObj(cx, WasmModuleObject::create(cx, *module, proto)); if (!moduleObj) { return false; } Log(cx, "sync new Module() succeded"); callArgs.rval().setObject(*moduleObj); return true; } const Module& WasmModuleObject::module() const { MOZ_ASSERT(is<WasmModuleObject>()); return *(const Module*)getReservedSlot(MODULE_SLOT).toPrivate(); } // ============================================================================ // WebAssembly.Instance class and methods const JSClassOps WasmInstanceObject::classOps_ = { nullptr, // addProperty nullptr, // delProperty nullptr, // enumerate nullptr, // newEnumerate nullptr, // resolve nullptr, // mayResolve WasmInstanceObject::finalize, // finalize nullptr, // call nullptr, // construct WasmInstanceObject::trace, // trace }; const JSClass WasmInstanceObject::class_ = { "WebAssembly.Instance", JSCLASS_DELAY_METADATA_BUILDER | JSCLASS_HAS_RESERVED_SLOTS(WasmInstanceObject::RESERVED_SLOTS) | JSCLASS_FOREGROUND_FINALIZE, &WasmInstanceObject::classOps_, &WasmInstanceObject::classSpec_, }; const JSClass& WasmInstanceObject::protoClass_ = PlainObject::class_; static constexpr char WasmInstanceName[] = "Instance"; const ClassSpec WasmInstanceObject::classSpec_ = { CreateWasmConstructor<WasmInstanceObject, WasmInstanceName>, GenericCreatePrototype<WasmInstanceObject>, WasmInstanceObject::static_methods, nullptr, WasmInstanceObject::methods, WasmInstanceObject::properties, nullptr, ClassSpec::DontDefineConstructor, }; static bool IsInstance(HandleValue v) { return v.isObject() && v.toObject().is<WasmInstanceObject>(); } /* static */ bool WasmInstanceObject::exportsGetterImpl(JSContext* cx, const CallArgs& args) { args.rval().setObject( args.thisv().toObject().as<WasmInstanceObject>().exportsObj()); return true; } /* static */ bool WasmInstanceObject::exportsGetter(JSContext* cx, unsigned argc, Value* vp) { CallArgs args = CallArgsFromVp(argc, vp); return CallNonGenericMethod<IsInstance, exportsGetterImpl>(cx, args); } const JSPropertySpec WasmInstanceObject::properties[] = { JS_PSG("exports", WasmInstanceObject::exportsGetter, JSPROP_ENUMERATE), JS_STRING_SYM_PS(toStringTag, "WebAssembly.Instance", JSPROP_READONLY), JS_PS_END, }; const JSFunctionSpec WasmInstanceObject::methods[] = { JS_FS_END, }; const JSFunctionSpec WasmInstanceObject::static_methods[] = { JS_FS_END, }; bool WasmInstanceObject::isNewborn() const { MOZ_ASSERT(is<WasmInstanceObject>()); return getReservedSlot(INSTANCE_SLOT).isUndefined(); } // WeakScopeMap maps from function index to js::Scope. This maps is weak // to avoid holding scope objects alive. The scopes are normally created // during debugging. // // This is defined here in order to avoid recursive dependency between // WasmJS.h and Scope.h. using WasmFunctionScopeMap = JS::WeakCache<GCHashMap<uint32_t, WeakHeapPtr<WasmFunctionScope*>, DefaultHasher<uint32_t>, CellAllocPolicy>>; class WasmInstanceObject::UnspecifiedScopeMap { public: WasmFunctionScopeMap& asWasmFunctionScopeMap() { return *(WasmFunctionScopeMap*)this; } }; /* static */ void WasmInstanceObject::finalize(JS::GCContext* gcx, JSObject* obj) { WasmInstanceObject& instance = obj->as<WasmInstanceObject>(); gcx->delete_(obj, &instance.scopes().asWasmFunctionScopeMap(), MemoryUse::WasmInstanceScopes); gcx->delete_(obj, &instance.indirectGlobals(), MemoryUse::WasmInstanceGlobals); if (!instance.isNewborn()) { if (instance.instance().debugEnabled()) { instance.instance().debug().finalize(gcx); } Instance::destroy(&instance.instance()); gcx->removeCellMemory(obj, sizeof(Instance), MemoryUse::WasmInstanceInstance); } } /* static */ void WasmInstanceObject::trace(JSTracer* trc, JSObject* obj) { WasmInstanceObject& instanceObj = obj->as<WasmInstanceObject>(); instanceObj.indirectGlobals().trace(trc); if (!instanceObj.isNewborn()) { instanceObj.instance().tracePrivate(trc); } } /* static */ WasmInstanceObject* WasmInstanceObject::create( JSContext* cx, const SharedCode& code, const DataSegmentVector& dataSegments, const ModuleElemSegmentVector& elemSegments, uint32_t instanceDataLength, Handle<WasmMemoryObjectVector> memories, SharedTableVector&& tables, const JSObjectVector& funcImports, const GlobalDescVector& globals, const ValVector& globalImportValues, const WasmGlobalObjectVector& globalObjs, const WasmTagObjectVector& tagObjs, HandleObject proto, UniqueDebugState maybeDebug) { UniquePtr<WasmFunctionScopeMap> scopes = js::MakeUnique<WasmFunctionScopeMap>(cx->zone(), cx->zone()); if (!scopes) { ReportOutOfMemory(cx); return nullptr; } // Note that `scopes` is a WeakCache, auto-linked into a sweep list on the // Zone, and so does not require rooting. uint32_t indirectGlobals = 0; for (uint32_t i = 0; i < globalObjs.length(); i++) { if (globalObjs[i] && globals[i].isIndirect()) { indirectGlobals++; } } Rooted<UniquePtr<GlobalObjectVector>> indirectGlobalObjs( cx, js::MakeUnique<GlobalObjectVector>(cx->zone())); if (!indirectGlobalObjs || !indirectGlobalObjs->resize(indirectGlobals)) { ReportOutOfMemory(cx); return nullptr; } { uint32_t next = 0; for (uint32_t i = 0; i < globalObjs.length(); i++) { if (globalObjs[i] && globals[i].isIndirect()) { (*indirectGlobalObjs)[next++] = globalObjs[i]; } } } Instance* instance = nullptr; Rooted<WasmInstanceObject*> obj(cx); { // We must delay creating metadata for this object until after all its // slots have been initialized. We must also create the metadata before // calling Instance::init as that may allocate new objects. AutoSetNewObjectMetadata metadata(cx); obj = NewObjectWithGivenProto<WasmInstanceObject>(cx, proto); if (!obj) { return nullptr; } MOZ_ASSERT(obj->isTenured(), "assumed by WasmTableObject write barriers"); InitReservedSlot(obj, SCOPES_SLOT, scopes.release(), MemoryUse::WasmInstanceScopes); InitReservedSlot(obj, GLOBALS_SLOT, indirectGlobalObjs.release(), MemoryUse::WasmInstanceGlobals); obj->initReservedSlot(INSTANCE_SCOPE_SLOT, UndefinedValue()); // The INSTANCE_SLOT may not be initialized if Instance allocation fails, // leading to an observable "newborn" state in tracing/finalization. MOZ_ASSERT(obj->isNewborn()); // Create this just before constructing Instance to avoid rooting hazards. instance = Instance::create(cx, obj, code, instanceDataLength, std::move(tables), std::move(maybeDebug)); if (!instance) { return nullptr; } InitReservedSlot(obj, INSTANCE_SLOT, instance, MemoryUse::WasmInstanceInstance); MOZ_ASSERT(!obj->isNewborn()); } if (!instance->init(cx, funcImports, globalImportValues, memories, globalObjs, tagObjs, dataSegments, elemSegments)) { return nullptr; } return obj; } void WasmInstanceObject::initExportsObj(JSObject& exportsObj) { MOZ_ASSERT(getReservedSlot(EXPORTS_OBJ_SLOT).isUndefined()); setReservedSlot(EXPORTS_OBJ_SLOT, ObjectValue(exportsObj)); } static bool GetImportArg(JSContext* cx, HandleValue importArg, MutableHandleObject importObj) { if (!importArg.isUndefined()) { if (!importArg.isObject()) { return ThrowBadImportArg(cx); } importObj.set(&importArg.toObject()); } return true; } /* static */ bool WasmInstanceObject::construct(JSContext* cx, unsigned argc, Value* vp) { CallArgs args = CallArgsFromVp(argc, vp); Log(cx, "sync new Instance() started"); if (!ThrowIfNotConstructing(cx, args, "Instance")) { return false; } if (!args.requireAtLeast(cx, "WebAssembly.Instance", 1)) { return false; } const Module* module; if (!args[0].isObject() || !IsModuleObject(&args[0].toObject(), &module)) { JS_ReportErrorNumberUTF8(cx, GetErrorMessage, nullptr, JSMSG_WASM_BAD_MOD_ARG); return false; } RootedObject importObj(cx); if (!GetImportArg(cx, args.get(1), &importObj)) { return false; } RootedObject proto( cx, GetWasmConstructorPrototype(cx, args, JSProto_WasmInstance)); if (!proto) { ReportOutOfMemory(cx); return false; } Rooted<ImportValues> imports(cx); if (!GetImports(cx, *module, importObj, imports.address())) { return false; } Rooted<WasmInstanceObject*> instanceObj(cx); if (!module->instantiate(cx, imports.get(), proto, &instanceObj)) { return false; } Log(cx, "sync new Instance() succeeded"); args.rval().setObject(*instanceObj); return true; } Instance& WasmInstanceObject::instance() const { MOZ_ASSERT(!isNewborn()); return *(Instance*)getReservedSlot(INSTANCE_SLOT).toPrivate(); } JSObject& WasmInstanceObject::exportsObj() const { return getReservedSlot(EXPORTS_OBJ_SLOT).toObject(); } WasmInstanceObject::UnspecifiedScopeMap& WasmInstanceObject::scopes() const { return *(UnspecifiedScopeMap*)(getReservedSlot(SCOPES_SLOT).toPrivate()); } WasmInstanceObject::GlobalObjectVector& WasmInstanceObject::indirectGlobals() const { return *(GlobalObjectVector*)getReservedSlot(GLOBALS_SLOT).toPrivate(); } /* static */ bool WasmInstanceObject::getExportedFunction( JSContext* cx, Handle<WasmInstanceObject*> instanceObj, uint32_t funcIndex, MutableHandleFunction fun) { Instance& instance = instanceObj->instance(); return instance.getExportedFunction(cx, funcIndex, fun); } /* static */ WasmInstanceScope* WasmInstanceObject::getScope( JSContext* cx, Handle<WasmInstanceObject*> instanceObj) { if (!instanceObj->getReservedSlot(INSTANCE_SCOPE_SLOT).isUndefined()) { return (WasmInstanceScope*)instanceObj->getReservedSlot(INSTANCE_SCOPE_SLOT) .toGCThing(); } Rooted<WasmInstanceScope*> instanceScope( cx, WasmInstanceScope::create(cx, instanceObj)); if (!instanceScope) { return nullptr; } instanceObj->setReservedSlot(INSTANCE_SCOPE_SLOT, PrivateGCThingValue(instanceScope)); return instanceScope; } /* static */ WasmFunctionScope* WasmInstanceObject::getFunctionScope( JSContext* cx, Handle<WasmInstanceObject*> instanceObj, uint32_t funcIndex) { if (auto p = instanceObj->scopes().asWasmFunctionScopeMap().lookup(funcIndex)) { return p->value(); } Rooted<WasmInstanceScope*> instanceScope( cx, WasmInstanceObject::getScope(cx, instanceObj)); if (!instanceScope) { return nullptr; } Rooted<WasmFunctionScope*> funcScope( cx, WasmFunctionScope::create(cx, instanceScope, funcIndex)); if (!funcScope) { return nullptr; } if (!instanceObj->scopes().asWasmFunctionScopeMap().putNew(funcIndex, funcScope)) { ReportOutOfMemory(cx); return nullptr; } return funcScope; } // ============================================================================ // WebAssembly.Memory class and methods const JSClassOps WasmMemoryObject::classOps_ = { nullptr, // addProperty nullptr, // delProperty nullptr, // enumerate nullptr, // newEnumerate nullptr, // resolve nullptr, // mayResolve WasmMemoryObject::finalize, // finalize nullptr, // call nullptr, // construct nullptr, // trace }; const JSClass WasmMemoryObject::class_ = { "WebAssembly.Memory", JSCLASS_DELAY_METADATA_BUILDER | JSCLASS_HAS_RESERVED_SLOTS(WasmMemoryObject::RESERVED_SLOTS) | JSCLASS_FOREGROUND_FINALIZE, --> -------------------- --> maximum size reached --> --------------------
¤ Dauer der Verarbeitung: 0.27 Sekunden (vorverarbeitet) ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-04-02