Bug 1342045: Allow wasm::Memory of size 2**32; r=luke

MozReview-Commit-ID: EVzM6yr0UHf

--HG--
extra : rebase_source : 8f8a1537687b3a23ab18e3beb3cdcf45c5bf9663

js/src/jit-test/tests/wasm/memory.js

@@ -275,7 +275,8 @@ for (var foldOffsets = 0; foldOffsets <= 1; foldOffsets++) {
     wasmFailValidateText('(module (memory 1) (func (i32.store offset=0 (i32.const 0) (f64.const 0))))', mismatchError("f64", "i32"));
 
     wasmEvalText('(module (memory 0 65535))')
-    wasmFailValidateText('(module (memory 0 65536))', /maximum memory size too big/);
+    wasmEvalText('(module (memory 0 65536))')
+    wasmFailValidateText('(module (memory 0 65537))', /maximum memory size too big/);
 
     // Test high charge of registers
     function testRegisters() {

js/src/vm/ArrayBufferObject.cpp

@@ -945,7 +945,9 @@ ArrayBufferObject::wasmGrowToSizeInPlace(uint32_t newSize,
     // wasm-visible length of the buffer has been increased so it must be the
     // last fallible operation.
 
-    // byteLength can be at most INT32_MAX.
+    // byteLength can be at most INT32_MAX. Note: if this hard limit changes,
+    // update the clamping behavior in wasm::DecodeMemoryLimits and remove this
+    // comment as well as the one in wasmMovingGrowToSize.
     if (newSize > INT32_MAX)
         return false;
 
@@ -976,6 +978,7 @@ ArrayBufferObject::wasmMovingGrowToSize(uint32_t newSize,
     // unmodified and valid.
 
     // byteLength can be at most INT32_MAX.
+    // See comment in wasmGrowToSizeInPlace about wasm::DecodeMemoryLimits.
     if (newSize > INT32_MAX)
         return false;
 

js/src/wasm/WasmBinaryConstants.h

@@ -454,7 +454,8 @@ static const unsigned MaxStringBytes         =   100000;
 static const unsigned MaxLocals              =    50000;
 static const unsigned MaxParams              =     1000;
 static const unsigned MaxBrTableElems        =  1000000;
-static const unsigned MaxMemoryInitialBytes  = 1024 * 1024 * 1024;
+static const unsigned MaxMemoryInitialPages  = 16384;
+static const unsigned MaxMemoryMaximumPages  = 65536;
 static const unsigned MaxModuleBytes         = 1024 * 1024 * 1024;
 static const unsigned MaxFunctionBytes       =         128 * 1024;
 

js/src/wasm/WasmValidate.cpp

@@ -829,20 +829,24 @@ DecodeMemoryLimits(Decoder& d, ModuleEnvironment* env)
     if (!DecodeLimits(d, &memory))
         return false;
 
-    CheckedInt<uint32_t> initialBytes = memory.initial;
-    initialBytes *= PageSize;
-    if (!initialBytes.isValid() || initialBytes.value() > MaxMemoryInitialBytes)
+    if (memory.initial > MaxMemoryInitialPages)
         return d.fail("initial memory size too big");
 
+    CheckedInt<uint32_t> initialBytes = memory.initial;
+    initialBytes *= PageSize;
+    MOZ_ASSERT(initialBytes.isValid());
     memory.initial = initialBytes.value();
 
     if (memory.maximum) {
-        CheckedInt<uint32_t> maximumBytes = *memory.maximum;
-        maximumBytes *= PageSize;
-        if (!maximumBytes.isValid())
+        if (*memory.maximum > MaxMemoryMaximumPages)
             return d.fail("maximum memory size too big");
 
-        memory.maximum = Some(maximumBytes.value());
+        CheckedInt<uint32_t> maximumBytes = *memory.maximum;
+        maximumBytes *= PageSize;
+
+        // Clamp the maximum memory value to UINT32_MAX; it's not semantically
+        // visible since growing will fail for values greater than INT32_MAX.
+        memory.maximum = Some(maximumBytes.isValid() ? maximumBytes.value() : UINT32_MAX);
     }
 
     env->memoryUsage = MemoryUsage::Unshared;
@@ -1462,7 +1466,7 @@ DecodeDataSection(Decoder& d, ModuleEnvironment* env)
         if (!d.readVarU32(&seg.length))
             return d.fail("expected segment size");
 
-        if (seg.length > MaxMemoryInitialBytes)
+        if (seg.length > MaxMemoryInitialPages * PageSize)
             return d.fail("segment size too big");
 
         seg.bytecodeOffset = d.currentOffset();