From c9155b8f2be18bcbcf8b74708c9d12d90c51e1e3 Mon Sep 17 00:00:00 2001
From: Takeshi Yoneda <takeshi@tetrate.io>
Date: Tue, 24 Jan 2023 08:07:11 +0900
Subject: [PATCH] amd64: fixes memory.fill bug (#1055)

Signed-off-by: Takeshi Yoneda <takeshi@tetrate.io>
Signed-off-by: Edoardo Vacchi <evacchi@users.noreply.github.com>
---
 internal/engine/compiler/impl_amd64.go        |   2 ++
 .../fuzzcases/fuzzcases_test.go               |  20 ++++++++++++++++++
 .../fuzzcases/testdata/1054.wasm              | Bin 0 -> 45 bytes
 .../fuzzcases/testdata/1054.wat               |  11 ++++++++++
 4 files changed, 33 insertions(+)
 create mode 100644 internal/integration_test/fuzzcases/testdata/1054.wasm
 create mode 100644 internal/integration_test/fuzzcases/testdata/1054.wat

diff --git a/internal/engine/compiler/impl_amd64.go b/internal/engine/compiler/impl_amd64.go
index c7b13152..efd39d8d 100644
--- a/internal/engine/compiler/impl_amd64.go
+++ b/internal/engine/compiler/impl_amd64.go
@@ -3799,6 +3799,8 @@ func (c *amd64Compiler) compileFillLoopImpl(destinationOffset, value, fillSize *
 	emptyEightGroupsJump := c.assembler.CompileJump(amd64.JEQ)
 
 	if replicateByte {
+		// Truncate value.register to a single byte
+		c.assembler.CompileConstToRegister(amd64.ANDQ, 0xff, value.register)
 		// Replicate single byte onto full 8-byte register.
 		c.assembler.CompileConstToRegister(amd64.MOVQ, 0x0101010101010101, tmp)
 		c.assembler.CompileRegisterToRegister(amd64.IMULQ, tmp, value.register)
diff --git a/internal/integration_test/fuzzcases/fuzzcases_test.go b/internal/integration_test/fuzzcases/fuzzcases_test.go
index d896fcbf..d85ec3f5 100644
--- a/internal/integration_test/fuzzcases/fuzzcases_test.go
+++ b/internal/integration_test/fuzzcases/fuzzcases_test.go
@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"github.com/tetratelabs/wazero"
+	"github.com/tetratelabs/wazero/api"
 	"github.com/tetratelabs/wazero/internal/platform"
 	"github.com/tetratelabs/wazero/internal/testing/require"
 	"github.com/tetratelabs/wazero/internal/wasm"
@@ -383,3 +384,22 @@ func Test888(t *testing.T) {
 		require.NoError(t, err)
 	})
 }
+
+func Test1054(t *testing.T) {
+	if !platform.CompilerSupported() {
+		return
+	}
+
+	modules := make([]api.Module, 0, 2)
+	run(t, func(t *testing.T, r wazero.Runtime) {
+		mod, err := r.InstantiateModuleFromBinary(ctx, getWasmBinary(t, 1054))
+		require.NoError(t, err)
+		modules = append(modules, mod)
+	})
+
+	// Checks if the memory state is the same between engines.
+	require.Equal(t,
+		modules[0].Memory().(*wasm.MemoryInstance).Buffer,
+		modules[1].Memory().(*wasm.MemoryInstance).Buffer,
+	)
+}
diff --git a/internal/integration_test/fuzzcases/testdata/1054.wasm b/internal/integration_test/fuzzcases/testdata/1054.wasm
new file mode 100644
index 0000000000000000000000000000000000000000..14a845cd1a5542ec26dc5a56406f92b3933e33cb
GIT binary patch
literal 45
vcmZQbEY4+QU|?WmVN76PU}j=uU}a%sWMtxCWZ)8D<YRDr!45%xxEZ(sZXyPe

literal 0
HcmV?d00001

diff --git a/internal/integration_test/fuzzcases/testdata/1054.wat b/internal/integration_test/fuzzcases/testdata/1054.wat
new file mode 100644
index 00000000..5d96c674
--- /dev/null
+++ b/internal/integration_test/fuzzcases/testdata/1054.wat
@@ -0,0 +1,11 @@
+(module
+  (type (;0;) (func))
+  (func (;0;) (type 0)
+    i32.const 1000
+    i32.const 1000
+    i32.const 1000
+    memory.fill
+  )
+  (memory (;0;) 1 2)
+  (start 0)
+)