Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

partially out of bounds store writes to memory #438

Closed
sunfishcode opened this issue Mar 2, 2017 · 3 comments
Closed

partially out of bounds store writes to memory #438

sunfishcode opened this issue Mar 2, 2017 · 3 comments

Comments

@sunfishcode
Copy link
Member

This testcase:

(module
    (memory 1 1)

    (func (export "store16") (param $v i32)
      (i32.store16 (i32.const 0xffff) (get_local $v))
    )

    (func (export "load8_u") (result i32)
      (i32.load8_u (i32.const 0xffff))
    )
)

(assert_trap (invoke "store16" (i32.const 0x01234567)) "out of bounds memory access")
(assert_return (invoke "load8_u") (i32.const 0))

fails in the spec interpreter. The spec interpreter appears to be storing the first byte of the 2-byte store, before detecting that the second byte is out of bounds and trapping.

Semantics.md in the design repo just says "out of bounds accesses trap", which leaves some room for ambiguity, but my understanding is that stores should trap before storing anything.

@rossberg
Copy link
Member

rossberg commented Mar 2, 2017

I agree. Please see #439 for a fix.

@jfbastien
Copy link
Member

Could this also be clarified in the design repo?

@sunfishcode
Copy link
Member Author

This is now fixed in the spec interpreter and the design repo.

ngzhian added a commit to ngzhian/spec that referenced this issue Nov 4, 2021
…bly#438)

These were accepted into the proposal in WebAssembly#376.

There are 12 instructions in total:

- i16x8.extmul_{low,high}_i8x16_{s,u}
- i32x4.extmul_{low,high}_i16x8_{s,u}
- i64x2.extmul_{low,high}_i32x4_{s,u}

The implementation is straightforward, widen (using existing
operations), then a multiply with the wider shape.

The binary opcodes are not decided yet, they currently follow the ones
used in V8, when those are finalized, we can change it to match.

Added a test generation script that reuses some logic in the generator
for arithmetic instructions. Since these instructions have different
src and dst shapes, I tweaked the base class to allow for having
different shapes.
dhil pushed a commit to dhil/webassembly-spec that referenced this issue Oct 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants