From 2c9c74d8b64e1776c6c374af8631995b0be606f1 Mon Sep 17 00:00:00 2001
From: Thomas Lively <tlively@google.com>
Date: Mon, 19 Aug 2024 16:07:11 -0700
Subject: Validate array.init_elem segment in IRBuilder (#6852)

IRBuilder is responsible for validation involving type annotations on GC
instructions because those type annotations may not be preserved in the
built IR to be used by the main validator. For `array.init_elem`, we
were not using the type annotation to validate the element segment,
which allowed us to parse invalid modules when the reference operand was
a nullref. Add the missing validation in IRBuilder and fix a relevant
spec test.
---
 test/spec/shared-array.wast | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'test/spec')

diff --git a/test/spec/shared-array.wast b/test/spec/shared-array.wast
index 8c748fd20..f06fad2a7 100644
--- a/test/spec/shared-array.wast
+++ b/test/spec/shared-array.wast
@@ -122,7 +122,7 @@
   (type $funcs (shared (array (mut (ref null (shared func))))))
 
   (data)
-  (elem (ref null (shared any)))
+  (elem (ref null (shared func)))
 
   (func (array.get_s $i8 (ref.null (shared none)) (i32.const 0)) (drop))
   (func (array.get_u $i8 (ref.null (shared none)) (i32.const 0)) (drop))
@@ -137,3 +137,13 @@
   (func (array.init_data $i8 0 (ref.null (shared none)) (i32.const 0) (i32.const 0) (i32.const 0)))
   (func (array.init_elem $funcs 0 (ref.null (shared none)) (i32.const 0) (i32.const 0) (i32.const 0)))
 )
+
+;; Check validation of element segments
+(assert_invalid
+  (module
+    (type $array (shared (array (mut (ref null (shared any))))))
+    (elem (ref null (shared func)))
+    (func (array.init_elem $array 0 (ref.null (shared none)) (i32.const 0) (i32.const 0) (i32.const 0)))
+  )
+  "invalid field type"
+)
-- 
cgit v1.2.3