Merge pull request WebAssembly#34 from dhil/wasmfx-merge

Merge with WebAssembly/main and wasm-3.0 branch.

Author: dhil

.github/workflows/mirror-to-master.yml

@@ -378,7 +378,7 @@ It decodes into a vector of :ref:`element segments <syntax-elem>` that represent
 
 .. note::
    The initial integer can be interpreted as a bitfield.
-   Bit 0 indicates a passive or declarative segment,
+   Bit 0 distinguishes a passive or declarative segment from an active segment,
    bit 1 indicates the presence of an explicit table index for an active segment and otherwise distinguishes passive from declarative segments,
    bit 2 indicates the use of element type and element :ref:`expressions <binary-expr>` instead of element kind and element indices.
 

document/core/binary/modules.rst

@@ -327,6 +327,7 @@ let memop s =
   let has_var = Int32.logand flags 0x40l <> 0l in
   let x = if has_var then at var s else Source.(0l @@ no_region) in
   let align = Int32.(to_int (logand flags 0x3fl)) in
+  require (align < 32) s pos "malformed memop alignment";
   let offset = u32 s in
   x, align, offset
 

interpreter/binary/decode.ml

@@ -864,3 +864,120 @@
 (assert_trap (invoke "store" (i32.const 65532) (i64.const -1)) "out of bounds memory access")
 ;; No memory was changed
 (assert_return (invoke "load" (i32.const 65532)) (i32.const 0))
+
+;; Test invalid alignment values that may cause overflow when parsed.
+;; These use the binary format, because it stores alignment as a base-2 exponent.
+
+;; Signed 32-bit overflow
+(assert_invalid
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\1f\00"                ;; i32.load offset=0 align=2**31
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "alignment must not be larger than natural"
+)
+
+;; Unsigned 32-bit overflow
+(assert_malformed
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\20\00"                ;; i32.load offset=0 align=2**32
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "malformed memop alignment"
+)
+
+;; 32-bit out of range
+(assert_malformed
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\21\00"                ;; i32.load offset=0 align=2**33
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "malformed memop alignment"
+)
+
+;; Signed 64-bit overflow
+(assert_malformed
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\3f\00"                ;; i32.load offset=0 align=2**63
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "malformed memop alignment"
+)
+
+;; Unsigned 64-bit overflow
+(assert_invalid
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\40\00"                ;; i32.load offset=0 align=2**64 (parsed as align=0, memidx present)
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "type mismatch"
+)
+
+;; 64-bit out of range
+(assert_invalid
+  (module binary 
+    "\00asm" "\01\00\00\00"
+    "\01\04\01\60\00\00"       ;; Type section: 1 type
+    "\03\02\01\00"             ;; Function section: 1 function
+    "\05\03\01\00\01"          ;; Memory section: 1 memory
+    "\0a\0a\01"                ;; Code section: 1 function
+
+    ;; function 0
+    "\08\00"
+    "\41\00"                   ;; i32.const 0
+    "\28\41\00"                ;; i32.load offset=0 align=2**65 (parsed as align=1, memidx present)
+    "\1a"                      ;; drop
+    "\0b"                      ;; end
+  )
+  "type mismatch"
+)

test/core/align.wast

@@ -237,3 +237,28 @@
   "(import \"\" \"\" (memory $foo 1))"
   "(import \"\" \"\" (memory $foo 1))")
   "duplicate memory")
+
+;; Test that exporting random globals does not change a memory's semantics.
+
+(module
+  (memory (export "memory") 1 1)
+
+  ;; These should not change the behavior of memory accesses.
+  (global (export "__data_end") i32 (i32.const 10000))
+  (global (export "__stack_top") i32 (i32.const 10000))
+  (global (export "__heap_base") i32 (i32.const 10000))
+
+  (func (export "load") (param i32) (result i32)
+    (i32.load8_u (local.get 0))
+  )
+)
+
+;; None of these memory accesses should trap.
+(assert_return (invoke "load" (i32.const 0)) (i32.const 0))
+(assert_return (invoke "load" (i32.const 10000)) (i32.const 0))
+(assert_return (invoke "load" (i32.const 20000)) (i32.const 0))
+(assert_return (invoke "load" (i32.const 30000)) (i32.const 0))
+(assert_return (invoke "load" (i32.const 40000)) (i32.const 0))
+(assert_return (invoke "load" (i32.const 50000)) (i32.const 0))
+(assert_return (invoke "load" (i32.const 60000)) (i32.const 0))
+(assert_return (invoke "load" (i32.const 65535)) (i32.const 0))