From a10360b378f182c1d658902ca054e8dd81b20571 Mon Sep 17 00:00:00 2001 From: Andreas Rossberg Date: Fri, 19 May 2017 12:53:15 +0200 Subject: [PATCH 1/8] [spec] Implementation limits --- document/appendix-names/index.rst | 6 - document/appendix-properties/index.rst | 6 - document/appendix-textual/index.rst | 8 -- .../index.rst => appendix/algorithm.rst} | 4 +- document/appendix/implementation.rst | 121 ++++++++++++++++++ document/appendix/index.rst | 12 ++ document/appendix/names.rst | 6 + document/appendix/properties.rst | 8 ++ document/index.rst | 5 +- 9 files changed, 150 insertions(+), 26 deletions(-) delete mode 100644 document/appendix-names/index.rst delete mode 100644 document/appendix-properties/index.rst delete mode 100644 document/appendix-textual/index.rst rename document/{appendix-algorithm/index.rst => appendix/algorithm.rst} (59%) create mode 100644 document/appendix/implementation.rst create mode 100644 document/appendix/index.rst create mode 100644 document/appendix/names.rst create mode 100644 document/appendix/properties.rst diff --git a/document/appendix-names/index.rst b/document/appendix-names/index.rst deleted file mode 100644 index 6c8fe7a20b..0000000000 --- a/document/appendix-names/index.rst +++ /dev/null @@ -1,6 +0,0 @@ -Appendix: Name Section ----------------------- - -.. todo:: - - Describe diff --git a/document/appendix-properties/index.rst b/document/appendix-properties/index.rst deleted file mode 100644 index d43f7ccf99..0000000000 --- a/document/appendix-properties/index.rst +++ /dev/null @@ -1,6 +0,0 @@ -Appendix: Formal Properties ---------------------------- - -.. todo:: - - Describe and sketch proof (progress, preservation, uniqueness) diff --git a/document/appendix-textual/index.rst b/document/appendix-textual/index.rst deleted file mode 100644 index e7ea647eb8..0000000000 --- a/document/appendix-textual/index.rst +++ /dev/null @@ -1,8 +0,0 @@ -.. text-format: - -Appendix: Text Format ---------------------- - -.. todo:: - - Describe diff --git a/document/appendix-algorithm/index.rst b/document/appendix/algorithm.rst similarity index 59% rename from document/appendix-algorithm/index.rst rename to document/appendix/algorithm.rst index 883daeb7db..48797273eb 100644 --- a/document/appendix-algorithm/index.rst +++ b/document/appendix/algorithm.rst @@ -1,5 +1,5 @@ -Appendix: Validation Algorithm ------------------------------- +Validation Algorithm +-------------------- .. todo:: diff --git a/document/appendix/implementation.rst b/document/appendix/implementation.rst new file mode 100644 index 0000000000..f1087d1234 --- /dev/null +++ b/document/appendix/implementation.rst @@ -0,0 +1,121 @@ +.. _impl: +.. index:: ! implementation limitations, implementation + +Implementation Limitations +-------------------------- + +Implementations typically impose additional restrictions on a number of aspects of a WebAssembly module or execution. +These may stem from: + +* physical resource limits, +* constraints imposed by the embedder or its environment, +* limitations of selected implementation strategies. + +This section lists allowed limitations. +Where restrictions take the form of numeric limits, no minimum requirements are given, +nor are the limits assumed to be concrete, fixed numbers. +However, it is expected that all implementations have "reasonably" large limits to enable common applications. + +.. note:: + A conforming implementation is not allowed to leave out individual *features*. + However, designated subsets of WebAssembly may be specified in the future. + + +Syntactic Limits +~~~~~~~~~~~~~~~~ + +.. _impl-syntax: +.. index:: abstract syntax, module, type, function, table, memory, global, element, data, import, export, parameter, result, local, structured control instruction, instruction, name, Unicode, code point + +Structure +......... + +An implementation may impose restrictions on the following dimensions of a module: + +* the number of :ref:`types ` in a :ref:`module ` +* the number of :ref:`functions ` in a :ref:`module `, including imports +* the number of :ref:`tables ` in a :ref:`module `, including imports +* the number of :ref:`memories ` in a :ref:`module `, including imports +* the number of :ref:`globals ` in a :ref:`module `, including imports +* the number of :ref:`element segments ` in a :ref:`module ` +* the number of :ref:`data segments ` in a :ref:`module ` +* the number of :ref:`imports ` to a :ref:`module ` +* the number of :ref:`exports ` form a :ref:`module ` +* the number of parameters in a :ref:`function type ` +* the number of results in a :ref:`function type ` +* the number of :ref:`locals ` in a :ref:`function ` +* the size of a :ref:`function ` body +* the size of a :ref:`structured control instruction ` +* the number of :ref:`structured control instructions ` in a :ref:`function ` +* the nesting depth of :ref:`structured control instructions ` +* the length of an :ref:`element segment ` +* the length of a :ref:`data segment ` +* the length of a :ref:`name ` +* the range of :ref:`code points ` in a :ref:`name ` + + +.. _impl-binary: +.. index:: binary format, module, section, function, code + +Binary Format +............. + +For a module given in :ref:`binary format `, additional limitations may be imposed on the following dimensions: + +* the size of a :ref:`module ` +* the size of any :ref:`section ` +* the size of an individual :ref:`function's code ` +* the number of :ref:`sections ` + + +.. _impl-text: +.. index:: text format, source text, token, identifier, character, unicode + +Text Format +........... + +For a module given in :ref:`text format `, additional limitations may be imposed on the following dimensions: + +* the size of the :ref:`source text ` +* the size of any syntactic element +* the size of an individual :ref:`token ` +* the nesting depth of :ref:`folded instructions ` +* the length of symbolic :ref:`identifiers ` +* the range of literal :ref:`characters ` (code points) allowed in the :ref:`source text ` + + +.. _impl-valid: +.. index:: validation, function + +Validation +~~~~~~~~~~ + +An implementation may defer :ref:`validation ` of individual :ref:`functions ` until they are first :ref:`invoked `. +If a function turns out to be invalid, the invocation, and every consecutive call to the same function, results in a :ref:`trap `. + +.. note:: + This is to allow implementations to use interpretation or just-in-time compilation for functions. + The function must still be fully validated before execution of its body begins. + + +.. _impl-exec: +.. index:: execution, module instance, function instance, table instance, memory instance, global instance, allocation, frame, label, value + +Execution +~~~~~~~~~ + +Restrictions on the following dimensions may be imposed during :ref:`execution ` of a WebAssembly program: + +* the number of allocated :ref:`module instances ` +* the number of allocated :ref:`function instances ` +* the number of allocated :ref:`table instances ` +* the number of allocated :ref:`memory instances ` +* the number of allocated :ref:`global instances ` +* the size of a :ref:`table instance ` +* the size of a :ref:`memory instance ` +* the number of :ref:`frames ` on the :ref:`stack ` +* the number of :ref:`labels ` on the :ref:`stack ` +* the number of :ref:`values ` on the :ref:`stack ` + +.. note:: + Concrete limits are usually not fixed but may be dependent on specifics, interdependent, vary over time, or depend on other implementation- or embedder-specific variables. diff --git a/document/appendix/index.rst b/document/appendix/index.rst new file mode 100644 index 0000000000..628e859994 --- /dev/null +++ b/document/appendix/index.rst @@ -0,0 +1,12 @@ +.. _appendix: + +Appendix +======== + +.. toctree:: + :maxdepth: 2 + + implementation + names + properties + algorithm diff --git a/document/appendix/names.rst b/document/appendix/names.rst new file mode 100644 index 0000000000..a203ce2ded --- /dev/null +++ b/document/appendix/names.rst @@ -0,0 +1,6 @@ +Name Section +------------ + +.. todo:: + + Describe diff --git a/document/appendix/properties.rst b/document/appendix/properties.rst new file mode 100644 index 0000000000..5d0acdaaae --- /dev/null +++ b/document/appendix/properties.rst @@ -0,0 +1,8 @@ +Formal Properties +----------------- + +.. todo:: + + * representation (bijection between abstract and binary) + * validation (progress, preservation) + * ... diff --git a/document/index.rst b/document/index.rst index 417975647c..91c81f6653 100644 --- a/document/index.rst +++ b/document/index.rst @@ -13,10 +13,7 @@ WebAssembly Specification validation/index execution/index binary/index - appendix-properties/index - appendix-algorithm/index - appendix-textual/index - appendix-names/index + appendix/index .. only:: latex From de5d66c427c30922e01cf2a734fb1bd91718bb47 Mon Sep 17 00:00:00 2001 From: Andreas Rossberg Date: Fri, 19 May 2017 16:40:41 +0200 Subject: [PATCH 2/8] Define what may happen when limits are exceeded --- document/appendix/implementation.rst | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/document/appendix/implementation.rst b/document/appendix/implementation.rst index f1087d1234..70e3fa1ce7 100644 --- a/document/appendix/implementation.rst +++ b/document/appendix/implementation.rst @@ -53,6 +53,9 @@ An implementation may impose restrictions on the following dimensions of a modul * the length of a :ref:`name ` * the range of :ref:`code points ` in a :ref:`name ` +If the limits of an implementation are exceeded for a given module, +then the implementation may reject the :ref:`instantiation ` of that module with an embedder-specific error. + .. _impl-binary: .. index:: binary format, module, section, function, code @@ -91,7 +94,8 @@ Validation ~~~~~~~~~~ An implementation may defer :ref:`validation ` of individual :ref:`functions ` until they are first :ref:`invoked `. -If a function turns out to be invalid, the invocation, and every consecutive call to the same function, results in a :ref:`trap `. + +If a function turns out to be invalid, then the invocation, and every consecutive call to the same function, results in a :ref:`trap `. .. note:: This is to allow implementations to use interpretation or just-in-time compilation for functions. @@ -117,5 +121,10 @@ Restrictions on the following dimensions may be imposed during :ref:`execution < * the number of :ref:`labels ` on the :ref:`stack ` * the number of :ref:`values ` on the :ref:`stack ` +If the runtime limits of an implementation are exceeded during execution of a computation, +then it may terminate that computation by causing a trap or reporting an embedder-specific error to the invoking code. + +Some of the above limits may already be verified during instantiation, in which case an implementation may report exceedance in the same manner as for :ref:`syntactic limits `. + .. note:: Concrete limits are usually not fixed but may be dependent on specifics, interdependent, vary over time, or depend on other implementation- or embedder-specific variables. From 5cc81c10d91dfee405255452a510d851bd09c2e3 Mon Sep 17 00:00:00 2001 From: Andreas Rossberg Date: Fri, 19 May 2017 19:25:21 +0200 Subject: [PATCH 3/8] Comments --- document/appendix/implementation.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/document/appendix/implementation.rst b/document/appendix/implementation.rst index 70e3fa1ce7..b83045f61a 100644 --- a/document/appendix/implementation.rst +++ b/document/appendix/implementation.rst @@ -127,4 +127,4 @@ then it may terminate that computation by causing a trap or reporting an embedde Some of the above limits may already be verified during instantiation, in which case an implementation may report exceedance in the same manner as for :ref:`syntactic limits `. .. note:: - Concrete limits are usually not fixed but may be dependent on specifics, interdependent, vary over time, or depend on other implementation- or embedder-specific variables. + Concrete limits are usually not fixed but may be dependent on specifics, interdependent, vary over time, or depend on other implementation- or embedder-specific situations or events. From 9d5bdb536c08cca55d8f18a72599dacce85eb812 Mon Sep 17 00:00:00 2001 From: Andreas Rossberg Date: Fri, 19 May 2017 20:00:31 +0200 Subject: [PATCH 4/8] Comments --- document/appendix/implementation.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/document/appendix/implementation.rst b/document/appendix/implementation.rst index b83045f61a..01f91e02da 100644 --- a/document/appendix/implementation.rst +++ b/document/appendix/implementation.rst @@ -56,6 +56,12 @@ An implementation may impose restrictions on the following dimensions of a modul If the limits of an implementation are exceeded for a given module, then the implementation may reject the :ref:`instantiation ` of that module with an embedder-specific error. +.. note:: + The last item allows embedders that operate in limited environments without support for + `Unicode `_ to limit the + names of :ref:`imports ` and :ref:`exports ` + to common subsets like `ASCII `_. + .. _impl-binary: .. index:: binary format, module, section, function, code From 269e9f2c0b4fa036e536081373def8104c387c47 Mon Sep 17 00:00:00 2001 From: rossberg-chromium Date: Mon, 29 May 2017 14:19:40 +0200 Subject: [PATCH 5/8] Mention compilation --- document/appendix/implementation.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/document/appendix/implementation.rst b/document/appendix/implementation.rst index 01f91e02da..f527653b93 100644 --- a/document/appendix/implementation.rst +++ b/document/appendix/implementation.rst @@ -54,7 +54,7 @@ An implementation may impose restrictions on the following dimensions of a modul * the range of :ref:`code points ` in a :ref:`name ` If the limits of an implementation are exceeded for a given module, -then the implementation may reject the :ref:`instantiation ` of that module with an embedder-specific error. +then the implementation may reject the :ref:`validation `, compilation, or :ref:`instantiation ` of that module with an embedder-specific error. .. note:: The last item allows embedders that operate in limited environments without support for From 4c09551d95bbbdcb3884dcbc1b8100045fa40c98 Mon Sep 17 00:00:00 2001 From: rossberg-chromium Date: Mon, 29 May 2017 14:45:07 +0200 Subject: [PATCH 6/8] Defer Unicode limits --- document/appendix/implementation.rst | 8 -------- 1 file changed, 8 deletions(-) diff --git a/document/appendix/implementation.rst b/document/appendix/implementation.rst index f527653b93..f47f5a3d9e 100644 --- a/document/appendix/implementation.rst +++ b/document/appendix/implementation.rst @@ -51,17 +51,10 @@ An implementation may impose restrictions on the following dimensions of a modul * the length of an :ref:`element segment ` * the length of a :ref:`data segment ` * the length of a :ref:`name ` -* the range of :ref:`code points ` in a :ref:`name ` If the limits of an implementation are exceeded for a given module, then the implementation may reject the :ref:`validation `, compilation, or :ref:`instantiation ` of that module with an embedder-specific error. -.. note:: - The last item allows embedders that operate in limited environments without support for - `Unicode `_ to limit the - names of :ref:`imports ` and :ref:`exports ` - to common subsets like `ASCII `_. - .. _impl-binary: .. index:: binary format, module, section, function, code @@ -90,7 +83,6 @@ For a module given in :ref:`text format `, additional limitations may be i * the size of an individual :ref:`token ` * the nesting depth of :ref:`folded instructions ` * the length of symbolic :ref:`identifiers ` -* the range of literal :ref:`characters ` (code points) allowed in the :ref:`source text ` .. _impl-valid: From 9974248fece4a783c31d04725cca7aa6a862cb6e Mon Sep 17 00:00:00 2001 From: rossberg-chromium Date: Tue, 6 Jun 2017 11:13:20 +0200 Subject: [PATCH 7/8] Avoid mentioning traps --- document/appendix/implementation.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/document/appendix/implementation.rst b/document/appendix/implementation.rst index f47f5a3d9e..cd7821f829 100644 --- a/document/appendix/implementation.rst +++ b/document/appendix/implementation.rst @@ -48,6 +48,7 @@ An implementation may impose restrictions on the following dimensions of a modul * the size of a :ref:`structured control instruction ` * the number of :ref:`structured control instructions ` in a :ref:`function ` * the nesting depth of :ref:`structured control instructions ` +* the number of :ref:`label indices ` in a |brtable| instruction * the length of an :ref:`element segment ` * the length of a :ref:`data segment ` * the length of a :ref:`name ` @@ -120,7 +121,7 @@ Restrictions on the following dimensions may be imposed during :ref:`execution < * the number of :ref:`values ` on the :ref:`stack ` If the runtime limits of an implementation are exceeded during execution of a computation, -then it may terminate that computation by causing a trap or reporting an embedder-specific error to the invoking code. +then it may terminate that computation and report an embedder-specific error to the invoking code. Some of the above limits may already be verified during instantiation, in which case an implementation may report exceedance in the same manner as for :ref:`syntactic limits `. From 56ac21e54f573736c580c4593951afed4a205211 Mon Sep 17 00:00:00 2001 From: rossberg-chromium Date: Tue, 6 Jun 2017 13:05:24 +0200 Subject: [PATCH 8/8] [spec] Allow impls to limit code point range (#488) --- document/appendix/implementation.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/document/appendix/implementation.rst b/document/appendix/implementation.rst index cd7821f829..2513fa1130 100644 --- a/document/appendix/implementation.rst +++ b/document/appendix/implementation.rst @@ -52,10 +52,17 @@ An implementation may impose restrictions on the following dimensions of a modul * the length of an :ref:`element segment ` * the length of a :ref:`data segment ` * the length of a :ref:`name ` +* the range of :ref:`code points ` in a :ref:`name ` If the limits of an implementation are exceeded for a given module, then the implementation may reject the :ref:`validation `, compilation, or :ref:`instantiation ` of that module with an embedder-specific error. +.. note:: + The last item allows embedders that operate in limited environments without support for + `Unicode `_ to limit the + names of :ref:`imports ` and :ref:`exports ` + to common subsets like `ASCII `_. + .. _impl-binary: .. index:: binary format, module, section, function, code @@ -84,6 +91,7 @@ For a module given in :ref:`text format `, additional limitations may be i * the size of an individual :ref:`token ` * the nesting depth of :ref:`folded instructions ` * the length of symbolic :ref:`identifiers ` +* the range of literal :ref:`characters ` (code points) allowed in the :ref:`source text ` .. _impl-valid: