Bug 1329018 - Part 2: Wasm: Move function validation to helper threads. r=luke

MozReview-Commit-ID: HA9WOoSjZFr

--HG--
extra : rebase_source : f086c17bd9c7cbaf01f95b9d477e26888f83987b

js/src/wasm/WasmBaselineCompile.cpp

@@ -7881,10 +7881,10 @@ js::wasm::BaselineCanCompile(const FunctionGenerator* fg)
 #endif
 
 #if defined(JS_CODEGEN_X64) || defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_ARM)
-    if (fg->usesAtomics())
-        return false;
-
-    if (fg->usesSimd())
+    // AsmJS code may use SIMD or atomics, which Baseline doesn't currently
+    // handle. Since we haven't yet validated the function, we don't know
+    // whether it actually uses those features. Assume the worst.
+    if (fg->isAsmJS())
         return false;
 
     return true;
@@ -7894,14 +7894,20 @@ js::wasm::BaselineCanCompile(const FunctionGenerator* fg)
 }
 
 bool
-js::wasm::BaselineCompileFunction(CompileTask* task, FuncCompileUnit* unit, UniqueChars* error)
+js::wasm::BaselineCompileFunction(CompileTask* task, FuncCompileUnit* unit, UniqueChars *error)
 {
     MOZ_ASSERT(unit->mode() == CompileMode::Baseline);
 
     const FuncBytes& func = unit->func();
+    uint32_t bodySize = func.bytes().length();
 
     Decoder d(func.bytes(), error);
 
+    if (!ValidateFunctionBody(task->env(), func.index(), bodySize, d))
+        return false;
+
+    d.rollbackPosition(d.begin());
+
     // Build the local types vector.
 
     ValTypeVector locals;

js/src/wasm/WasmCompile.cpp

@@ -36,22 +36,17 @@ DecodeFunctionBody(Decoder& d, ModuleGenerator& mg, uint32_t funcIndex)
     if (!d.readVarU32(&bodySize))
         return d.fail("expected number of function body bytes");
 
-    if (d.bytesRemain() < bodySize)
-        return d.fail("function body length too big");
-
-    const uint8_t* bodyBegin = d.currentPosition();
     const size_t offsetInModule = d.currentOffset();
 
+    // Skip over the function body; we'll validate it later.
+    const uint8_t* bodyBegin;
+    if (!d.readBytes(bodySize, &bodyBegin))
+        return d.fail("function body length too big");
+
     FunctionGenerator fg;
     if (!mg.startFuncDef(offsetInModule, &fg))
         return false;
 
-    if (!ValidateFunctionBody(mg.env(), funcIndex, d))
-        return false;
-
-    if (d.currentPosition() != bodyBegin + bodySize)
-        return d.fail("function body length mismatch");
-
     if (!fg.bytes().resize(bodySize))
         return false;
 

js/src/wasm/WasmGenerator.h

@@ -347,6 +347,10 @@ class MOZ_STACK_CLASS FunctionGenerator
         usesAtomics_ = true;
     }
 
+    bool isAsmJS() const {
+      return m_->isAsmJS();
+    }
+
     Bytes& bytes() {
         return funcBytes_->bytes();
     }

js/src/wasm/WasmIonCompile.cpp

@@ -3661,9 +3661,17 @@ wasm::IonCompileFunction(CompileTask* task, FuncCompileUnit* unit, UniqueChars*
 
     const FuncBytes& func = unit->func();
     const ModuleEnvironment& env = task->env();
+    uint32_t bodySize = func.bytes().length();
 
     Decoder d(func.bytes(), error);
 
+    if (!env.isAsmJS()) {
+        if (!ValidateFunctionBody(task->env(), func.index(), bodySize, d))
+          return false;
+
+        d.rollbackPosition(d.begin());
+    }
+
     // Build the local types vector.
 
     ValTypeVector locals;

js/src/wasm/WasmValidate.cpp

@@ -677,13 +677,16 @@ DecodeFunctionBodyExprs(FunctionDecoder& f)
 }
 
 bool
-wasm::ValidateFunctionBody(const ModuleEnvironment& env, uint32_t funcIndex, Decoder& d)
+wasm::ValidateFunctionBody(const ModuleEnvironment& env, uint32_t funcIndex, uint32_t bodySize,
+                           Decoder& d)
 {
     ValTypeVector locals;
     const Sig& sig = *env.funcSigs[funcIndex];
     if (!locals.appendAll(sig.args()))
         return false;
 
+    const uint8_t* bodyBegin = d.currentPosition();
+
     if (!DecodeLocalEntries(d, ModuleKind::Wasm, &locals))
         return false;
 
@@ -695,7 +698,13 @@ wasm::ValidateFunctionBody(const ModuleEnvironment& env, uint32_t funcIndex, Dec
     if (!DecodeFunctionBodyExprs(f))
         return false;
 
-    return f.iter().readFunctionEnd();
+    if (!f.iter().readFunctionEnd())
+        return false;
+
+    if (d.currentPosition() != bodyBegin + bodySize)
+        return d.fail("function body length mismatch");
+
+    return true;
 }
 
 // Section macros.
@@ -1479,14 +1488,9 @@ DecodeFunctionBody(Decoder& d, const ModuleEnvironment& env, uint32_t funcIndex)
     if (d.bytesRemain() < bodySize)
         return d.fail("function body length too big");
 
-    const uint8_t* bodyBegin = d.currentPosition();
-
-    if (!ValidateFunctionBody(env, funcIndex, d))
+    if (!ValidateFunctionBody(env, funcIndex, bodySize, d))
         return false;
 
-    if (d.currentPosition() != bodyBegin + bodySize)
-        return d.fail("function body length mismatch");
-
     return true;
 }
 

js/src/wasm/WasmValidate.h

@@ -646,7 +646,8 @@ MOZ_MUST_USE bool
 DecodeModuleEnvironment(Decoder& d, ModuleEnvironment* env);
 
 MOZ_MUST_USE bool
-ValidateFunctionBody(const ModuleEnvironment& env, uint32_t funcIndex, Decoder& d);
+ValidateFunctionBody(const ModuleEnvironment& env, uint32_t funcIndex, uint32_t bodySize,
+                     Decoder& d);
 
 MOZ_MUST_USE bool
 DecodeModuleTail(Decoder& d, ModuleEnvironment* env);