compiler: allow memory access after table.grow (#721)

Signed-off-by: Takeshi Yoneda <takeshi@tetrate.io>
2022-07-27 09:56:48 +09:00
parent d15cc069c6
commit a064f68532
5 changed files with 32 additions and 1 deletions
--- a/internal/engine/compiler/impl_amd64.go
+++ b/internal/engine/compiler/impl_amd64.go
@@ -3417,7 +3417,6 @@ func (c *amd64Compiler) compileMemoryGrow() error {
 	// After the function call, we have to initialize the stack base pointer and memory reserved registers.
 	c.compileReservedStackBasePointerInitialization()
 	c.compileReservedMemoryPointerInitialization()
-
 	return nil
 }

@@ -4130,6 +4129,7 @@ func (c *amd64Compiler) compileTableGrow(o *wazeroir.OperationTableGrow) error {

 	// After return, we re-initialize reserved registers just like preamble of functions.
 	c.compileReservedStackBasePointerInitialization()
+	c.compileReservedMemoryPointerInitialization()
 	return nil
 }

--- a/internal/engine/compiler/impl_arm64.go
+++ b/internal/engine/compiler/impl_arm64.go
@@ -3870,6 +3870,7 @@ func (c *arm64Compiler) compileTableGrow(o *wazeroir.OperationTableGrow) error {

 	// After return, we re-initialize reserved registers just like preamble of functions.
 	c.compileReservedStackBasePointerRegisterInitialization()
+	c.compileReservedMemoryRegisterInitialization()
 	return nil
 }

--- a/internal/integration_test/fuzzcases/fuzzcases_test.go
+++ b/internal/integration_test/fuzzcases/fuzzcases_test.go
@@ -209,6 +209,19 @@ func Test719(t *testing.T) {
 	})
 }

+func Test720(t *testing.T) {
+	run(t, func(t *testing.T, r wazero.Runtime) {
+		mod, err := r.InstantiateModuleFromBinary(ctx, getWasmBinary(t, 720))
+		require.NoError(t, err)
+
+		f := mod.ExportedFunction("access memory after table.grow")
+		require.NotNil(t, f)
+		res, err := f.Call(ctx)
+		require.NoError(t, err)
+		require.Equal(t, uint32(0xffffffff), uint32(res[0]))
+	})
+}
+
 func Test721(t *testing.T) {
 	run(t, func(t *testing.T, r wazero.Runtime) {
 		mod, err := r.InstantiateModuleFromBinary(ctx, getWasmBinary(t, 721))
--- a/internal/integration_test/fuzzcases/testdata/720.wasm
+++ b/internal/integration_test/fuzzcases/testdata/720.wasm
--- a/internal/integration_test/fuzzcases/testdata/720.wat
+++ b/internal/integration_test/fuzzcases/testdata/720.wat
@@ -0,0 +1,17 @@
+(module
+  (func (export "access memory after table.grow") (result i32)
+    ref.null extern
+    i32.const 10
+    table.grow 0
+    ;; This should work without any problem,
+    ;; and should return non-trivial i32 result.
+    i32.load offset=396028 align=1
+  )
+
+  ;; Table and memory are as-is produced by fuzzer.
+  (table 1 264 externref)
+  (memory 10 10)
+
+  ;; Setup the non trivial content on the i32.load
+  (data (i32.const 396028) "\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff\ff")
+)