Skip to content

Commit ee35e0f

Browse files
arunetm-zzarunetm-zz
committed
[MERGE chakra-core#899] SIMD.js: Restrict simd args and returns from Asm.js functions to signed
Merge pull request chakra-core#899 from arunetm:SimdEnforceSignedArgs Asm.js functions should only allow signed simd values as arguments and return types. tc39/ecmascript_simd#307 (comment) Fixes chakra-core#897
2 parents 84fc1aa + 31da820 commit ee35e0f

67 files changed

Lines changed: 1435 additions & 861 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

lib/Runtime/Language/AsmJsByteCodeGenerator.cpp

Lines changed: 6 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -883,7 +883,6 @@ namespace Js
883883
retType = AsmJsRetType::Float64x2;
884884
}
885885
#endif // 0
886-
887886
else if (info.type.isSubType(AsmJsType::Int16x8))
888887
{
889888
CheckNodeLocation(info, AsmJsSIMDValue);
@@ -900,30 +899,6 @@ namespace Js
900899
emitInfo.type = AsmJsType::Int8x16;
901900
retType = AsmJsRetType::Int8x16;
902901
}
903-
else if (info.type.isSubType(AsmJsType::Uint32x4))
904-
{
905-
CheckNodeLocation(info, AsmJsSIMDValue);
906-
mWriter.Conv(OpCodeAsmJs::Simd128_Return_U4, 0, info.location);
907-
mFunction->ReleaseLocation<AsmJsSIMDValue>(&info);
908-
emitInfo.type = AsmJsType::Uint32x4;
909-
retType = AsmJsRetType::Uint32x4;
910-
}
911-
else if (info.type.isSubType(AsmJsType::Uint16x8))
912-
{
913-
CheckNodeLocation(info, AsmJsSIMDValue);
914-
mWriter.Conv(OpCodeAsmJs::Simd128_Return_U8, 0, info.location);
915-
mFunction->ReleaseLocation<AsmJsSIMDValue>(&info);
916-
emitInfo.type = AsmJsType::Uint16x8;
917-
retType = AsmJsRetType::Uint16x8;
918-
}
919-
else if (info.type.isSubType(AsmJsType::Uint8x16))
920-
{
921-
CheckNodeLocation(info, AsmJsSIMDValue);
922-
mWriter.Conv(OpCodeAsmJs::Simd128_Return_U16, 0, info.location);
923-
mFunction->ReleaseLocation<AsmJsSIMDValue>(&info);
924-
emitInfo.type = AsmJsType::Uint8x16;
925-
retType = AsmJsRetType::Uint8x16;
926-
}
927902
else
928903
{
929904
throw AsmJsCompilationException(_u("Expression for return must be subtype of Signed, Double, or Float"));
@@ -1197,16 +1172,7 @@ namespace Js
11971172
case AsmJsType::Int8x16:
11981173
opcode = OpCodeAsmJs::Simd128_I_ArgOut_I16;
11991174
break;
1200-
case AsmJsType::Uint32x4:
1201-
opcode = OpCodeAsmJs::Simd128_I_ArgOut_U4;
1202-
break;
1203-
case AsmJsType::Uint16x8:
1204-
opcode = OpCodeAsmJs::Simd128_I_ArgOut_U8;
1205-
break;
1206-
case AsmJsType::Uint8x16:
1207-
opcode = OpCodeAsmJs::Simd128_I_ArgOut_U16;
1208-
break;
1209-
case AsmJsType::Bool32x4:
1175+
case AsmJsType::Bool32x4:
12101176
opcode = OpCodeAsmJs::Simd128_I_ArgOut_B4;
12111177
break;
12121178
case AsmJsType::Bool16x8:
@@ -1215,6 +1181,11 @@ namespace Js
12151181
case AsmJsType::Bool8x16:
12161182
opcode = OpCodeAsmJs::Simd128_I_ArgOut_B16;
12171183
break;
1184+
case AsmJsType::Uint32x4:
1185+
case AsmJsType::Uint16x8:
1186+
case AsmJsType::Uint8x16:
1187+
//In Asm.js unsigned SIMD types are not allowed as function arguments or return values.
1188+
throw AsmJsCompilationException(_u("Function %s doesn't support argument of type %s. Argument must be of signed type."), funcName->Psz(), argInfo.type.toChars());
12181189
default:
12191190
Assert(UNREACHED);
12201191
}

lib/Runtime/Language/AsmJsModule.cpp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -780,6 +780,10 @@ namespace Js
780780
{
781781
return Fail(rhs, _u("Invalid SIMD argument type check. E.g. expected x = f4check(x)"));
782782
}
783+
if (simdFunc->IsUnsignedTypeCheck())
784+
{
785+
return Fail(rhs, _u("Invalid SIMD argument type. Expecting Signed arguments."));
786+
}
783787
var->SetVarType(simdFunc->GetTypeCheckVarType());
784788
// We don't set SIMD args reg location here. We defer that after all function locals are processed.
785789
// This allows us to capture all SIMD constants from locals initializations, add them to the register space before we assign registers to args and locals.

lib/Runtime/Language/AsmJsTypes.cpp

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1258,6 +1258,13 @@ namespace Js
12581258
mBuiltIn == AsmJsSIMDBuiltin_bool8x16_check;
12591259
}
12601260

1261+
bool AsmJsSIMDFunction::IsUnsignedTypeCheck()
1262+
{
1263+
return mBuiltIn == AsmJsSIMDBuiltin_uint32x4_check ||
1264+
mBuiltIn == AsmJsSIMDBuiltin_uint16x8_check ||
1265+
mBuiltIn == AsmJsSIMDBuiltin_uint8x16_check;
1266+
}
1267+
12611268
AsmJsVarType AsmJsSIMDFunction::GetTypeCheckVarType()
12621269
{
12631270
Assert(this->IsTypeCheck());

lib/Runtime/Language/AsmJsTypes.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1169,6 +1169,7 @@ namespace Js
11691169
bool IsConstructor();
11701170
bool IsConstructor(uint argCount);
11711171
bool IsTypeCheck(); // e.g. float32x4(x)
1172+
bool IsUnsignedTypeCheck();
11721173
bool IsInt32x4Func() { return mBuiltIn > AsmJsSIMDBuiltinFunction::AsmJsSIMDBuiltin_Int32x4_Start && mBuiltIn < AsmJsSIMDBuiltinFunction::AsmJsSIMDBuiltin_Int32x4_End; }
11731174
bool IsBool32x4Func() { return mBuiltIn >= AsmJsSIMDBuiltinFunction::AsmJsSIMDBuiltin_Bool32x4_Start && mBuiltIn < AsmJsSIMDBuiltinFunction::AsmJsSIMDBuiltin_Bool32x4_End; }
11741175
bool IsBool16x8Func() { return mBuiltIn >= AsmJsSIMDBuiltinFunction::AsmJsSIMDBuiltin_Bool16x8_Start && mBuiltIn < AsmJsSIMDBuiltinFunction::AsmJsSIMDBuiltin_Bool16x8_End; }

0 commit comments

Comments
 (0)