Thibaud Michaud (Gerrit)

unread,

11:01 AM (9 hours ago) 11:01 AM

to v8-s...@luci-project-accounts.iam.gserviceaccount.com, Clemens Backes, v8-re...@googlegroups.com, was...@google.com

Attention needed from Clemens Backes

Thibaud Michaud added 1 comment

Patchset-level comments

File-level comment, Patchset 1:

Thibaud Michaud . resolved

PTAL

Open in Gerrit

Related details

Attention is currently required from:

Clemens Backes

Submit Requirements:

Code-Owners
Code-Review
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Clemens Backes (Gerrit)

unread,

11:12 AM (8 hours ago) 11:12 AM

to Thibaud Michaud, v8-s...@luci-project-accounts.iam.gserviceaccount.com, v8-re...@googlegroups.com, was...@google.com

Attention needed from Thibaud Michaud

Clemens Backes voted and added 6 comments

Votes added by Clemens Backes

Code-Review

+1

6 comments

Patchset-level comments

File-level comment, Patchset 2 (Latest):

Clemens Backes . resolved

Ah, unfortunate that we need a different hash. But makes sense. A few comments to make this all a bit shorter and nicer, otherwise LGTM.

File src/wasm/signature-hashing.h

Line 280, Patchset 2 (Latest):class ContinuationSignatureHasher {

Clemens Backes . unresolved

Just `using ContinuationSignatureHasher = SignatureHasher;`?

Line 260, Patchset 2 (Latest):

    for (size_t i = 0; i < sig->return_count(); ++i) {
      hasher.Add(GetMachineRepresentation(sig->GetReturn(i)));
    }
    for (size_t i = 0; i < sig->parameter_count(); ++i) {
      hasher.Add(GetMachineRepresentation(sig->GetParam(i)));
    }

Clemens Backes . unresolved

Just iterate over `sig->all()` (one (range-based) loop instead of two)?

Line 258, Patchset 2 (Latest):

    hasher.Add(sig->return_count());
    hasher.Add(sig->parameter_count());

Clemens Backes . unresolved

Shouldn't one of them be enough?

Line 253, Patchset 2 (Latest):class ContinuationSignatureHasher {

Clemens Backes . unresolved

This class needs a comment explaining the difference to `SignatureHasher` and why we need that.

File src/wasm/turboshaft-graph-interface.cc

Line 4028, Patchset 2 (Latest):

    CanonicalTypeIndex expected_csig_index =
        env_->module->canonical_type_id(imm.cont_type->contfun_typeindex());
    const CanonicalSig* expected_csig =
        GetTypeCanonicalizer()->LookupFunctionSignature(expected_csig_index);
    uint64_t expected_hash = ContinuationSignatureHasher::Hash(expected_csig);

Clemens Backes . unresolved

Now that we need to compute a new hash anyway it's probably nicer to just use the module-specific type (saves the lookup via the type canonicalizer).

Open in Gerrit

Related details

Attention is currently required from:

Thibaud Michaud

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Thibaud Michaud (Gerrit)

unread,

11:25 AM (8 hours ago) 11:25 AM

to Clemens Backes, v8-s...@luci-project-accounts.iam.gserviceaccount.com, v8-re...@googlegroups.com, was...@google.com

Attention needed from Clemens Backes

Thibaud Michaud added 5 comments

File src/wasm/signature-hashing.h

Line 280, Patchset 2:class ContinuationSignatureHasher {

Clemens Backes . resolved

Just `using ContinuationSignatureHasher = SignatureHasher;`?

Thibaud Michaud

Done

Line 260, Patchset 2: for (size_t i = 0; i < sig->return_count(); ++i) {


      hasher.Add(GetMachineRepresentation(sig->GetReturn(i)));
    }
    for (size_t i = 0; i < sig->parameter_count(); ++i) {
      hasher.Add(GetMachineRepresentation(sig->GetParam(i)));
    }

Clemens Backes . unresolved

Just iterate over `sig->all()` (one (range-based) loop instead of two)?

Thibaud Michaud

We also use this with the recently introduced `VectorSignature` which stores parameters and returns separately and does not have an `all()` method.

Line 258, Patchset 2:

    hasher.Add(sig->return_count());
    hasher.Add(sig->parameter_count());

Clemens Backes . resolved

Shouldn't one of them be enough?

Thibaud Michaud

Done

Line 253, Patchset 2:class ContinuationSignatureHasher {

Clemens Backes . resolved

This class needs a comment explaining the difference to `SignatureHasher` and why we need that.

Thibaud Michaud

Done

File src/wasm/turboshaft-graph-interface.cc

Line 4028, Patchset 2: CanonicalTypeIndex expected_csig_index =


        env_->module->canonical_type_id(imm.cont_type->contfun_typeindex());
    const CanonicalSig* expected_csig =
        GetTypeCanonicalizer()->LookupFunctionSignature(expected_csig_index);
    uint64_t expected_hash = ContinuationSignatureHasher::Hash(expected_csig);

Clemens Backes . resolved

Now that we need to compute a new hash anyway it's probably nicer to just use the module-specific type (saves the lookup via the type canonicalizer).

Thibaud Michaud

Done

Open in Gerrit

Related details

Attention is currently required from:

Clemens Backes

Submit Requirements:

Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Clemens Backes (Gerrit)

unread,

11:34 AM (8 hours ago) 11:34 AM

to Thibaud Michaud, Jakob Kummerow, v8-s...@luci-project-accounts.iam.gserviceaccount.com, v8-re...@googlegroups.com, was...@google.com

Attention needed from Jakob Kummerow and Thibaud Michaud

Clemens Backes voted and added 2 comments

Votes added by Clemens Backes

Code-Review

+0

2 comments

Patchset-level comments

File-level comment, Patchset 3 (Latest):

Clemens Backes . unresolved

Oh, wait, there is a more serious problem with this change:
Even though the old hasher is called `SignatureHasher`, it does not actually compute a hash, but basically a bitfield containing all information. Hence it's collision-free.
Our hashes are not cryptographically safe, so for an attacker it would be simple enough to still cause confusion here.

Adding Jakob as well. This needs more discussion and probably a fundamentally different approach.

What if we compute a "canonical generic signature" where each type is replaced by the most generic compatible type, and then store the canonical signature ID of that type? It needs relocation though. Maybe someone has a better idea.

File src/wasm/signature-hashing.h

Line 260, Patchset 2:

    for (size_t i = 0; i < sig->return_count(); ++i) {
      hasher.Add(GetMachineRepresentation(sig->GetReturn(i)));
    }
    for (size_t i = 0; i < sig->parameter_count(); ++i) {
      hasher.Add(GetMachineRepresentation(sig->GetParam(i)));
    }

Clemens Backes . resolved

Just iterate over `sig->all()` (one (range-based) loop instead of two)?

Thibaud Michaud

We also use this with the recently introduced `VectorSignature` which stores parameters and returns separately and does not have an `all()` method.

Clemens Backes

Ah, bummer.

Open in Gerrit

Related details

Attention is currently required from:

Jakob Kummerow
Thibaud Michaud

Submit Requirements:

Code-Owners
Code-Review

No-Unresolved-Comments

Review-Enforcement

Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings.

Gerrit

satisfied_requirement

unsatisfied_requirement

open

diffy

Reply all

Reply to author

Forward

[wasmfx] Fix continuation signature hash collisions [v8/v8 : main]

Thibaud Michaud (Gerrit)

Thibaud Michaud added 1 comment

Related details

Clemens Backes (Gerrit)

Clemens Backes voted and added 6 comments

Votes added by Clemens Backes

6 comments

Related details

Thibaud Michaud (Gerrit)

Thibaud Michaud added 5 comments

Related details

Clemens Backes (Gerrit)

Clemens Backes voted and added 2 comments

Votes added by Clemens Backes

2 comments

Related details