diff options
| -rw-r--r-- | src/wasm-interpreter.h | 23 | ||||
| -rw-r--r-- | test/lit/exec/memory64.wast | 39 | ||||
| -rw-r--r-- | test/lit/exec/simd.wast | 21 | ||||
| -rw-r--r-- | test/lit/exec/table64.wast | 53 |
4 files changed, 127 insertions, 9 deletions
diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h index 5f20819a1..7f1cf9054 100644 --- a/src/wasm-interpreter.h +++ b/src/wasm-interpreter.h @@ -2957,18 +2957,22 @@ private: void initializeMemoryContents() { initializeMemorySizes(); - Const zero; - zero.value = Literal(uint32_t(0)); - zero.finalize(); - // apply active memory segments for (size_t i = 0, e = wasm.dataSegments.size(); i < e; ++i) { auto& segment = wasm.dataSegments[i]; if (segment->isPassive) { continue; } + + auto* memory = wasm.getMemory(segment->memory); + + Const zero; + zero.value = Literal::makeFromInt32(0, memory->indexType); + zero.finalize(); + Const size; - size.value = Literal(uint32_t(segment->data.size())); + size.value = + Literal::makeFromInt32(segment->data.size(), memory->indexType); size.finalize(); MemoryInit init; @@ -3136,13 +3140,14 @@ public: return target; } - Index index = target.getSingleValue().geti32(); + auto index = target.getSingleValue().getUnsigned(); auto info = getTableInstanceInfo(curr->table); if (curr->isReturn) { // Return calls are represented by their arguments followed by a reference // to the function to be called. + // TODO: switch tableLoad index from Index to Address, to support table64. auto funcref = info.interface()->tableLoad(info.name, index); if (!Type::isSubType(funcref.type, Type(curr->heapType, NonNullable))) { trap("cast failure in call_indirect"); @@ -3673,7 +3678,7 @@ public: return flow; } NOTE_EVAL1(flow); - Address src(uint32_t(flow.getSingleValue().geti32())); + Address src(flow.getSingleValue().getUnsigned()); auto info = getMemoryInstanceInfo(curr->memory); auto loadLane = [&](Address addr) { switch (curr->op) { @@ -3878,8 +3883,8 @@ public: auto* segment = wasm.getDataSegment(curr->segment); Address destVal(dest.getSingleValue().getUnsigned()); - Address offsetVal(uint32_t(offset.getSingleValue().geti32())); - Address sizeVal(uint32_t(size.getSingleValue().geti32())); + Address offsetVal(offset.getSingleValue().getUnsigned()); + Address sizeVal(size.getSingleValue().getUnsigned()); if (offsetVal + sizeVal > 0 && droppedDataSegments.count(curr->segment)) { trap("out of bounds segment access in memory.init"); diff --git a/test/lit/exec/memory64.wast b/test/lit/exec/memory64.wast new file mode 100644 index 000000000..273f2679a --- /dev/null +++ b/test/lit/exec/memory64.wast @@ -0,0 +1,39 @@ +;; NOTE: Assertions have been generated by update_lit_checks.py --output=fuzz-exec and should not be edited. + +;; RUN: wasm-opt %s -all --fuzz-exec -q -o /dev/null 2>&1 | filecheck %s + +(module + (memory $0 i64 16 17) + + (data $0 "\00\00\00\00\00") + + ;; CHECK: [fuzz-exec] calling memory.init.trap + ;; CHECK-NEXT: [trap out of bounds segment access in memory.init] + (func $memory.init.trap (export "memory.init.trap") + ;; Trap on OOB on the segment offset. + (memory.init $0 + (i64.const 0) + (i32.const -3) + (i32.const 1) + ) + ) + + ;; CHECK: [fuzz-exec] calling memory.init.trap2 + ;; CHECK-NEXT: [trap out of bounds segment access in memory.init] + (func $memory.init.trap2 (export "memory.init.trap2") + ;; Trap on OOB on the size. + (memory.init $0 + (i64.const 0) + (i32.const 1) + (i32.const 10) + ) + ) +) + +;; CHECK: [fuzz-exec] calling memory.init.trap +;; CHECK-NEXT: [trap out of bounds segment access in memory.init] + +;; CHECK: [fuzz-exec] calling memory.init.trap2 +;; CHECK-NEXT: [trap out of bounds segment access in memory.init] +;; CHECK-NEXT: [fuzz-exec] comparing memory.init.trap +;; CHECK-NEXT: [fuzz-exec] comparing memory.init.trap2 diff --git a/test/lit/exec/simd.wast b/test/lit/exec/simd.wast new file mode 100644 index 000000000..5ab6489a2 --- /dev/null +++ b/test/lit/exec/simd.wast @@ -0,0 +1,21 @@ +;; NOTE: Assertions have been generated by update_lit_checks.py --output=fuzz-exec and should not be edited. + +;; RUN: wasm-opt %s -all --fuzz-exec -q -o /dev/null 2>&1 | filecheck %s + +(module + (memory $0 i64 16 17 shared) + + (data $0 (i64.const 0) "abcdefg") + + ;; CHECK: [fuzz-exec] calling load8x8_s + ;; CHECK-NEXT: [fuzz-exec] note result: load8x8_s => i32x4 0x00620061 0x00640063 0x00660065 0x00000067 + (func $load8x8_s (export "load8x8_s") (result v128) + (v128.load8x8_s align=2 + (i64.const 0) + ) + ) +) + +;; CHECK: [fuzz-exec] calling load8x8_s +;; CHECK-NEXT: [fuzz-exec] note result: load8x8_s => i32x4 0x00620061 0x00640063 0x00660065 0x00000067 +;; CHECK-NEXT: [fuzz-exec] comparing load8x8_s diff --git a/test/lit/exec/table64.wast b/test/lit/exec/table64.wast new file mode 100644 index 000000000..e24741838 --- /dev/null +++ b/test/lit/exec/table64.wast @@ -0,0 +1,53 @@ +;; NOTE: Assertions have been generated by update_lit_checks.py --output=fuzz-exec and should not be edited. + +;; RUN: wasm-opt %s -all --fuzz-exec -q -o /dev/null 2>&1 | filecheck %s + +(module + (type $i32 (func (result i32))) + + (table $table i64 10 funcref) + (elem (i64.const 0) $i32) + + (func $i32 (result i32) + (i32.const 42) + ) + + ;; CHECK: [fuzz-exec] calling call + ;; CHECK-NEXT: [fuzz-exec] note result: call => 42 + (func $call (export "call") (result i32) + ;; This call succeeds, and calls $i32 which returns 42. + (call_indirect (type $i32) + (i64.const 0) + ) + ) + + ;; CHECK: [fuzz-exec] calling oob + ;; CHECK-NEXT: [trap callTable overflow] + (func $oob (export "oob") (result i32) + ;; This call traps on oob. + (call_indirect (type $i32) + (i64.const 999) + ) + ) + + ;; CHECK: [fuzz-exec] calling null + ;; CHECK-NEXT: [trap uninitialized table element] + (func $null (export "null") (result i32) + ;; This call traps on null + (call_indirect (type $i32) + (i64.const 1) + ) + ) +) + +;; CHECK: [fuzz-exec] calling call +;; CHECK-NEXT: [fuzz-exec] note result: call => 42 + +;; CHECK: [fuzz-exec] calling oob +;; CHECK-NEXT: [trap callTable overflow] + +;; CHECK: [fuzz-exec] calling null +;; CHECK-NEXT: [trap uninitialized table element] +;; CHECK-NEXT: [fuzz-exec] comparing call +;; CHECK-NEXT: [fuzz-exec] comparing null +;; CHECK-NEXT: [fuzz-exec] comparing oob |