Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GC] Fix trapping on array.new_data of dropped segments of offset > 0 #7124

Merged
merged 5 commits into from
Dec 2, 2024
Merged

[GC] Fix trapping on array.new_data of dropped segments of offset > 0 #7124

merged 5 commits into from
Dec 2, 2024
+33 −3

Conversation

kripken
Copy link
Member

@kripken kripken commented Nov 27, 2024

Even if the size is 0, if the offset is > 0 then we should trap.

@tlively Is it expected there are no spec tests for this combination of GC+bulk memory?

@kripken kripken requested a review from tlively November 27, 2024 17:19
tlively
tlively reviewed Nov 27, 2024
View reviewed changes
Copy link
Member

@tlively tlively left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like there are no tests for dropped segments in combination with array.new_data or array.new_elem upstream. I'll make a PR adding some.

src/wasm-interpreter.h Outdated
@@ -4023,7 +4023,7 @@ class ModuleRunnerBase : public ExpressionRunner<SubType> {
const auto& seg = *wasm.getDataSegment(curr->segment);
auto elemBytes = element.getByteSize();
auto end = offset + size * elemBytes;
if ((size != 0ull && droppedDataSegments.count(curr->segment)) ||
if ((offset + size > 0 && droppedDataSegments.count(curr->segment)) ||
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like we should check for overflow as well.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@tlively
Copy link
Member

tlively commented Nov 27, 2024

WebAssembly/spec#1849

tlively
tlively approved these changes Nov 27, 2024
View reviewed changes
src/wasm-interpreter.h Outdated Show resolved Hide resolved
@kripken kripken merged commit 31c988b into WebAssembly:main Dec 2, 2024
13 checks passed
@kripken kripken deleted the array.new_data_trap branch December 2, 2024 20:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tlively tlively tlively approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kripken @tlively