* Remove hashbrown and use BTree{Map,Set} from the alloc crate
wasmi-validation must handle untrusted input and hence we switch from
Hash{Set,Map} (whether std's or hashbrown's) to BTree{Set,Map} to avoid
algorithmic complexity attacks while retaining no_std support.
Closes#183
* Improve memory locality of checking for duplicate exports
Using a sorted slice gives us the same O(N log N) worst case execution
time as using a BTreeMap, but using a single allocation as with HashMap,
so that we should see better memory locality and hence better constant
factors when checking for duplicate exports.
* Add some docs.
* return_type isn't failable
* Add comment about safety of top_label
* Attempt number 10
* Rework.
Now we will a compiler which wraps and uses info from a evaluation simulator.
* Get rid of outcome
* Introduce StartedWith
* Actually use started_with.
* Mirror label_stack.
* Avoid using frame_type.
* Finally get rid from frame_type.
* Extract compilation
* Refactoring cleaning
* Validation separated from compilation.
* Move sink to FunctionReader
* Rename to compiler.
* fmt
* Move push_label under validation context.
* Add Validation traits
* Express the compiler using validation trait
* Move code under prepare
* Comments.
* WIP
* The great move of validation
* Make validation compile
* Make it compile.
* Format it.
* Fix warnings.
* Clean.
* Make it work under no_std
* Move deny_floating_point to wasmi
* Rename validate_module2 → validate_module
* Make validation tests work
* Make wasmi compilation tests work
* Renamings.
* Get rid of memory_units dependency in validation
* Rename.
* Clean.
* Estimate capacity.
* fmt.
* Clean and detail End opcode.
* Add comment about top_label safety
* Remove another TODO
* Comment access to require_target
* Remove redundant PartialEq
* Print value that can't be coerced to u32
* s/with_instruction_capacity/with_capacity
* fmt.
* fmt
* Proofs
* Add better proof
* Get rid of unreachable in StackValueType
* Propagate error if frame stack overflown on create
* use checked sub instead of -
* Keep::count
* add default-enabled std feature
* use parity-wasm/std feature only if std is enabled
* drop dependency on std::io
* use hashmap_core instead of std::collections::HashMap
* disable std::error in no_std
* core and alloc all the things
* mention no_std in readme
* add no_std feature and use hashmap_core only on no_std
* rename the no_std feature to core
* drop dependency on byteorder/std
* simplify float impl macro
* remove some trailing whitespace
* use libm for float math in no_std
* add note about no_std panics of libm to readme
* Embed nan-preserving-float crate.
* Add no_std check to the Travis CI config
* add missing dev-dependency
* Define Instruction Set.
* WIP
* WIP 2
* Tests
* Working
* Bunch of other tests.
* WIP
* WIP
* Use Vec instead of VecDeque.
* Calibrate the limits.
* Clean
* Clean
* Another round of cleaning.
* Ignore traces.
* Optimize value stack
* Optimize a bit more.
* Cache memory index.
* Inline always instruction dispatch function.
* Comments.
* Clean
* Clean
* Use vector to keep unresolved references.
* Estimate resulting size.
* do refactoring
* Validate the locals count in the begging
* Introduce Keep and DropKeep structs in isa
* Rename/Split Validator into Reader
* Document stack layout
* Remove println!
* Fix typo.
* Use .last / .last_mut in stack
* Update docs for BrTable.
* Review fixes.
* Merge.
* Add an assert that stack is empty after the exec
The bug was about instantiating a module with elements segment being out-of-bounds, however, it was with zero length. E.g.:
```
(module
(table 0 anyfunc)
(elem (i32.const 1))
)
```
In our impl there was no out-of-bounds, because there was no attempt to set any table entry.
This change adds early check for specifically this case.
* Initial implementation
* Not use grow as it is makes debug builds very slow
* Use Pages::BYTE_SIZE for LINEAR_MEMORY_PAGE_SIZE
* Tidy docs.
* Use memory_units from git.
* Introduce Trap struct.
* get_local can't fail.
* Add MemoryOutOfBounds trap.
* from_little_endian use slice instead of vec.
* MemoryAccessOutOfBounds for mem get and set.
* from_little_endian conversion can't fail.
* call_indirect traps.
* DivisionByZero and InvalidConversionToInt
* Use traps in value to convey an error
* select: int condition on stack top
* if: int condition on stack top
* Assert pops.
* Another protions of assert pops
* Introduce ValueStack
Also, hide FunctionContext and remove some stale code
* Traps in execution
* Make it compile.
* Check args before invoke.
* Document RuntimeArgs.
* Update host.rs
* Add rustdoc for Trap.
adam-rhebo
Sergei Pepyakin
Elichai Turkel
Leonardo Yvens
Jef
Wei Tang
Julius Rakow
Guanqun Lu