From 98af4110ad0a027e8a541949b6644a40dc2c5c6b Mon Sep 17 00:00:00 2001 From: Ryan Macnak Date: Wed, 14 Dec 2022 23:34:18 +0000 Subject: [PATCH] [vm] Increase supported range of TypeParameters to 16 bits. TypeParameter::set_index was already asserting for 16 bits but silently truncating to 8 bits. The size of TypeParameter does not increase due to allocation rounding. Add explicit range check to class finalization. TEST=ci Change-Id: Id4017f74b7dba47b00d64e77e787712c70290dac Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/275560 Reviewed-by: Alexander Markov Commit-Queue: Ryan Macnak --- runtime/vm/app_snapshot.cc | 8 +-- runtime/vm/class_finalizer.cc | 7 ++- .../vm/compiler/runtime_offsets_extracted.h | 60 +++++++++---------- runtime/vm/compiler/stub_code_compiler.cc | 8 +-- runtime/vm/object.cc | 12 +++- runtime/vm/raw_object.h | 4 +- .../medium_offset_type_parameter_test.dart | 10 ++-- 7 files changed, 62 insertions(+), 47 deletions(-) diff --git a/runtime/vm/app_snapshot.cc b/runtime/vm/app_snapshot.cc index 88fa6e7670b..5349bd30a09 100644 --- a/runtime/vm/app_snapshot.cc +++ b/runtime/vm/app_snapshot.cc @@ -4562,8 +4562,8 @@ class TypeParameterSerializationCluster AutoTraceObject(type); WriteFromTo(type); s->Write(type->untag()->parameterized_class_id_); - s->Write(type->untag()->base_); - s->Write(type->untag()->index_); + s->Write(type->untag()->base_); + s->Write(type->untag()->index_); ASSERT(Utils::IsUint(8, type->untag()->flags())); s->Write(type->untag()->flags()); } @@ -4596,8 +4596,8 @@ class TypeParameterDeserializationCluster mark_canonical); d.ReadFromTo(type); type->untag()->parameterized_class_id_ = d.Read(); - type->untag()->base_ = d.Read(); - type->untag()->index_ = d.Read(); + type->untag()->base_ = d.Read(); + type->untag()->index_ = d.Read(); type->untag()->set_flags(d.Read()); } } diff --git a/runtime/vm/class_finalizer.cc b/runtime/vm/class_finalizer.cc index b37ed066e7d..90b19e638df 100644 --- a/runtime/vm/class_finalizer.cc +++ b/runtime/vm/class_finalizer.cc @@ -796,8 +796,13 @@ AbstractTypePtr ClassFinalizer::FinalizeType(const AbstractType& type, // parameterized class. const intptr_t offset = parameterized_class.NumTypeArguments() - parameterized_class.NumTypeParameters(); + const intptr_t index = type_parameter.index() + offset; + if (!Utils::IsUint(16, index)) { + FATAL("Too many type parameters in %s", + parameterized_class.UserVisibleNameCString()); + } type_parameter.set_base(offset); // Informative, but not needed. - type_parameter.set_index(type_parameter.index() + offset); + type_parameter.set_index(index); // Remove the reference to the parameterized class. type_parameter.set_parameterized_class_id(kClassCid); diff --git a/runtime/vm/compiler/runtime_offsets_extracted.h b/runtime/vm/compiler/runtime_offsets_extracted.h index 698f1b37d75..ef0ee1ac2cb 100644 --- a/runtime/vm/compiler/runtime_offsets_extracted.h +++ b/runtime/vm/compiler/runtime_offsets_extracted.h @@ -542,7 +542,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 16; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 24; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 29; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 30; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 12; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 4; @@ -1215,7 +1215,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 32; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 48; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 53; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 54; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 8; @@ -1880,7 +1880,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 16; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 24; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 29; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 30; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 12; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 4; @@ -2553,7 +2553,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 32; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 48; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 53; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 54; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 8; @@ -3226,7 +3226,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 24; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 32; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 37; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 38; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 16; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 8; @@ -3898,7 +3898,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 24; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 32; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 37; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 38; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 16; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 8; @@ -4564,7 +4564,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 16; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 24; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 29; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 30; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 12; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 4; @@ -5239,7 +5239,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 32; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 48; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 53; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 54; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 8; @@ -5899,7 +5899,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 16; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 24; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 29; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 30; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 12; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 4; @@ -6564,7 +6564,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 32; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 48; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 53; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 54; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 8; @@ -7221,7 +7221,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 16; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 24; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 29; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 30; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 12; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 4; @@ -7886,7 +7886,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 32; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 48; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 53; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 54; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 8; @@ -8551,7 +8551,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 24; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 32; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 37; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 38; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 16; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 8; @@ -9215,7 +9215,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 24; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 32; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 37; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 38; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 16; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 8; @@ -9873,7 +9873,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 16; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 24; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 29; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 30; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 12; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 4; @@ -10540,7 +10540,7 @@ static constexpr dart::compiler::target::word FunctionType_type_parameters_offset = 32; static constexpr dart::compiler::target::word TypeParameter_parameterized_class_id_offset = 48; -static constexpr dart::compiler::target::word TypeParameter_index_offset = 53; +static constexpr dart::compiler::target::word TypeParameter_index_offset = 54; static constexpr dart::compiler::target::word TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word TypeArguments_instantiations_offset = 8; @@ -11259,7 +11259,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 24; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 29; + 30; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 12; static constexpr dart::compiler::target::word @@ -12002,7 +12002,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 48; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 53; + 54; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word @@ -12750,7 +12750,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 48; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 53; + 54; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word @@ -13497,7 +13497,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 32; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 37; + 38; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 16; static constexpr dart::compiler::target::word @@ -14243,7 +14243,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 32; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 37; + 38; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 16; static constexpr dart::compiler::target::word @@ -14985,7 +14985,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 24; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 29; + 30; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 12; static constexpr dart::compiler::target::word @@ -15730,7 +15730,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 48; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 53; + 54; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word @@ -16465,7 +16465,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 24; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 29; + 30; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 12; static constexpr dart::compiler::target::word @@ -17199,7 +17199,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 48; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 53; + 54; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word @@ -17938,7 +17938,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 48; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 53; + 54; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word @@ -18676,7 +18676,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 32; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 37; + 38; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 16; static constexpr dart::compiler::target::word @@ -19413,7 +19413,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 32; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 37; + 38; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 16; static constexpr dart::compiler::target::word @@ -20146,7 +20146,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 24; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 29; + 30; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 12; static constexpr dart::compiler::target::word @@ -20882,7 +20882,7 @@ static constexpr dart::compiler::target::word static constexpr dart::compiler::target::word AOT_TypeParameter_parameterized_class_id_offset = 48; static constexpr dart::compiler::target::word AOT_TypeParameter_index_offset = - 53; + 54; static constexpr dart::compiler::target::word AOT_TypeArguments_hash_offset = 24; static constexpr dart::compiler::target::word diff --git a/runtime/vm/compiler/stub_code_compiler.cc b/runtime/vm/compiler/stub_code_compiler.cc index 335d9ea2551..36c7048871d 100644 --- a/runtime/vm/compiler/stub_code_compiler.cc +++ b/runtime/vm/compiler/stub_code_compiler.cc @@ -571,7 +571,7 @@ static void BuildInstantiateTypeParameterStub(Assembler* assembler, __ BranchIf(EQUAL, &return_dynamic); __ LoadFieldFromOffset( InstantiateTypeABI::kResultTypeReg, InstantiateTypeABI::kTypeReg, - target::TypeParameter::index_offset(), kUnsignedByte); + target::TypeParameter::index_offset(), kUnsignedTwoBytes); __ LoadIndexedCompressed(InstantiateTypeABI::kResultTypeReg, InstantiateTypeABI::kFunctionTypeArgumentsReg, target::TypeArguments::types_offset(), @@ -582,7 +582,7 @@ static void BuildInstantiateTypeParameterStub(Assembler* assembler, __ BranchIf(EQUAL, &return_dynamic); __ LoadFieldFromOffset( InstantiateTypeABI::kResultTypeReg, InstantiateTypeABI::kTypeReg, - target::TypeParameter::index_offset(), kUnsignedByte); + target::TypeParameter::index_offset(), kUnsignedTwoBytes); __ LoadIndexedCompressed(InstantiateTypeABI::kResultTypeReg, InstantiateTypeABI::kInstantiatorTypeArgumentsReg, target::TypeArguments::types_offset(), @@ -919,7 +919,7 @@ static void GenerateNullIsAssignableToType(Assembler* assembler, // Resolve the type parameter to its instantiated type and loop. __ LoadFieldFromOffset(kIndexReg, kCurrentTypeReg, target::TypeParameter::index_offset(), - kUnsignedByte); + kUnsignedTwoBytes); __ LoadIndexedCompressed(kCurrentTypeReg, tav, target::TypeArguments::types_offset(), kIndexReg); @@ -1035,7 +1035,7 @@ static void BuildTypeParameterTypeTestStub(Assembler* assembler, // instantiated type's TTS. __ LoadFieldFromOffset(TypeTestABI::kScratchReg, TypeTestABI::kDstTypeReg, target::TypeParameter::index_offset(), - kUnsignedByte); + kUnsignedTwoBytes); __ LoadIndexedCompressed(TypeTestABI::kScratchReg, tav, target::TypeArguments::types_offset(), TypeTestABI::kScratchReg); diff --git a/runtime/vm/object.cc b/runtime/vm/object.cc index 7fc042e077b..f4b547c0b43 100644 --- a/runtime/vm/object.cc +++ b/runtime/vm/object.cc @@ -3727,8 +3727,16 @@ UnboxedFieldBitmap Class::CalculateFieldOffsets() const { } } } - set_instance_size(RoundedAllocationSize(host_offset), - compiler::target::RoundedAllocationSize(target_offset)); + + const intptr_t host_instance_size = RoundedAllocationSize(host_offset); + const intptr_t target_instance_size = + compiler::target::RoundedAllocationSize(target_offset); + if (!Utils::IsInt(32, target_instance_size)) { + // Many parts of the compiler assume offsets can be represented with + // int32_t. + FATAL("Too many fields in %s\n", UserVisibleNameCString()); + } + set_instance_size(host_instance_size, target_instance_size); set_next_field_offset(host_offset, target_offset); return host_bitmap; } diff --git a/runtime/vm/raw_object.h b/runtime/vm/raw_object.h index c4f3ef33256..9b2d9898d5e 100644 --- a/runtime/vm/raw_object.h +++ b/runtime/vm/raw_object.h @@ -2754,8 +2754,8 @@ class UntaggedTypeParameter : public UntaggedAbstractType { COMPRESSED_POINTER_FIELD(AbstractTypePtr, bound) VISIT_TO(bound) ClassIdTagType parameterized_class_id_; // Or kFunctionCid for function tp. - uint8_t base_; // Number of enclosing function type parameters. - uint8_t index_; // Keep size in sync with BuildTypeParameterTypeTestStub. + uint16_t base_; // Number of enclosing function type parameters. + uint16_t index_; // Keep size in sync with BuildTypeParameterTypeTestStub. private: CompressedObjectPtr* to_snapshot(Snapshot::Kind kind) { return to(); } diff --git a/tests/language/scaling/medium_offset_type_parameter_test.dart b/tests/language/scaling/medium_offset_type_parameter_test.dart index 13a66c7f26c..1817192c867 100644 --- a/tests/language/scaling/medium_offset_type_parameter_test.dart +++ b/tests/language/scaling/medium_offset_type_parameter_test.dart @@ -260,7 +260,8 @@ class C< T252, T253, T254, - T255> { + T255, + T256> { @pragma("vm:never-inline") static create() { return new C< @@ -519,23 +520,24 @@ class C< double, double, double, + double, T>(); } @pragma("vm:never-inline") @pragma("vm:entry-point") // Stop TFA @pragma("dart2js:noInline") - dynamic checkIs(dynamic x) => x is T255; + dynamic checkIs(dynamic x) => x is T256; @pragma("vm:never-inline") @pragma("vm:entry-point") // Stop TFA @pragma("dart2js:noInline") - dynamic checkAs(dynamic x) => x as T255; + dynamic checkAs(dynamic x) => x as T256; @pragma("vm:never-inline") @pragma("vm:entry-point") // Stop TFA @pragma("dart2js:noInline") - dynamic checkInstantiate() => new G>(); + dynamic checkInstantiate() => new G>(); } class G {}