Init/copy/fill with offsets at the end of the memory or table (WebAssembly#86)

sunfishcode · binji · commit 08be05ad9280 · 2019-05-13T11:42:24.000-07:00
* Fix expected trap messages.

The spec interpreter says "element segment dropped", rather than
"elements segment dropped".

* Fix "zero len, but dst offset out of bounds" test.

Fix this test to test what it's comment says it's testing.

* Add more tests for zero-length operations.

* Update the Overview text to reflect the zero-length at-the-end semantics.
diff --git a/proposals/bulk-memory-operations/Overview.md b/proposals/bulk-memory-operations/Overview.md
@@ -277,8 +277,8 @@ A trap occurs if:
   active segments that were dropped after being copied into memory during module
   instantiation.
 * any of the accessed bytes lies outside the source data segment or the target memory
-* the source offset is outside the source data segment
-* the destination offset is outside the target memory
+* the source offset is greater than the length of the source data segment
+* the destination offset is greater than the length of the target memory
 
 Note that it is allowed to use `memory.init` on the same data segment more than
 once.
@@ -342,8 +342,8 @@ The instruction has the signature `[i32 i32 i32] -> []`. The parameters are, in
 
 A trap occurs if:
 * any of the accessed bytes lies outside the source or target memory
-* the source offset is outside the source memory
-* the destination offset is outside the target memory
+* the source offset is greater than the length of the source memory
+* the destination offset is greater than the length of the target memory
 
 A trap resulting from an access outside the source or target region
 only occurs once the first byte that is outside the source or target
@@ -367,7 +367,7 @@ The instruction has the signature `[i32 i32 i32] -> []`. The parameters are, in
 
 A trap occurs if:
 * any of the accessed bytes lies outside the target memory
-* the destination offset is outside the target memory
+* the destination offset is greater than the length of the target memory
 
 Filling takes place bytewise from lower addresses toward higher
 addresses.  A trap resulting from an access outside the target memory
diff --git a/test/core/memory_copy.wast b/test/core/memory_copy.wast
@@ -4997,12 +4997,30 @@
     (memory.copy (i32.const 0x10000) (i32.const 0x7000) (i32.const 0))))
 (invoke "test")
 
+(module
+  (memory 1 1)
+  (func (export "test")
+    (memory.copy (i32.const 0x20000) (i32.const 0x7000) (i32.const 0))))
+(assert_trap (invoke "test") "out of bounds")
+
 (module
   (memory 1 1)
   (func (export "test")
     (memory.copy (i32.const 0x9000) (i32.const 0x10000) (i32.const 0))))
 (invoke "test")
 
+(module
+  (memory 1 1)
+  (func (export "test")
+    (memory.copy (i32.const 0x9000) (i32.const 0x20000) (i32.const 0))))
+(assert_trap (invoke "test") "out of bounds")
+
+(module
+  (memory 1 1)
+  (func (export "test")
+    (memory.copy (i32.const 0x10000) (i32.const 0x10000) (i32.const 0))))
+(invoke "test")
+
 (module
   (memory 1 1)
   (func (export "test")
diff --git a/test/core/memory_fill.wast b/test/core/memory_fill.wast
@@ -98,6 +98,24 @@
     (memory.fill (i32.const 0x10000) (i32.const 0x55) (i32.const 0))))
 (invoke "test")
 
+(module
+  (memory 1 1)
+  
+  (func (export "checkRange") (param $from i32) (param $to i32) (param $expected i32) (result i32)
+    (loop $cont
+      (if (i32.eq (local.get $from) (local.get $to))
+        (then
+          (return (i32.const -1))))
+      (if (i32.eq (i32.load8_u (local.get $from)) (local.get $expected))
+        (then
+          (local.set $from (i32.add (local.get $from) (i32.const 1)))
+          (br $cont))))
+    (return (local.get $from)))
+
+  (func (export "test")
+    (memory.fill (i32.const 0x20000) (i32.const 0x55) (i32.const 0))))
+(assert_trap (invoke "test") "out of bounds memory access")
+
 (module
   (memory 1 1)
   
diff --git a/test/core/memory_init.wast b/test/core/memory_init.wast
@@ -276,9 +276,30 @@
   (memory 1)
     (data "\37")
   (func (export "test")
-    (memory.init 0 (i32.const 0x10000) (i32.const 2) (i32.const 0))))
+    (memory.init 0 (i32.const 1234) (i32.const 1) (i32.const 0))))
+(invoke "test")
+
+(module
+  (memory 1)
+    (data passive "\37")
+  (func (export "test")
+    (memory.init 0 (i32.const 0x10001) (i32.const 0) (i32.const 0))))
 (assert_trap (invoke "test") "out of bounds")
 
+(module
+  (memory 1)
+    (data passive "\37")
+  (func (export "test")
+    (memory.init 0 (i32.const 0x10000) (i32.const 0) (i32.const 0))))
+(invoke "test")
+
+(module
+  (memory 1)
+    (data passive "\37")
+  (func (export "test")
+    (memory.init 0 (i32.const 0x10000) (i32.const 1) (i32.const 0))))
+(invoke "test")
+
 (assert_invalid
   (module
     (memory 1)
diff --git a/test/core/table_copy.wast b/test/core/table_copy.wast
@@ -625,12 +625,78 @@
   (func (result i32) (i32.const 7))
   (func (result i32) (i32.const 8))
   (func (result i32) (i32.const 9))
+  (func (export "test")
+    (table.copy (i32.const 31) (i32.const 15) (i32.const 0))
+    ))
+
+(assert_trap (invoke "test") "out of bounds")
+
+(module
+  (table 30 30 funcref)
+  (elem (i32.const 2) 3 1 4 1)
+  (elem passive funcref 2 7 1 8)
+  (elem (i32.const 12) 7 5 2 3 6)
+  (elem passive funcref 5 9 2 7 6)
+  (func (result i32) (i32.const 0))
+  (func (result i32) (i32.const 1))
+  (func (result i32) (i32.const 2))
+  (func (result i32) (i32.const 3))
+  (func (result i32) (i32.const 4))
+  (func (result i32) (i32.const 5))
+  (func (result i32) (i32.const 6))
+  (func (result i32) (i32.const 7))
+  (func (result i32) (i32.const 8))
+  (func (result i32) (i32.const 9))
   (func (export "test")
     (table.copy (i32.const 15) (i32.const 30) (i32.const 0))
     ))
 
 (invoke "test")
 
+(module
+  (table 30 30 funcref)
+  (elem (i32.const 2) 3 1 4 1)
+  (elem passive funcref 2 7 1 8)
+  (elem (i32.const 12) 7 5 2 3 6)
+  (elem passive funcref 5 9 2 7 6)
+  (func (result i32) (i32.const 0))
+  (func (result i32) (i32.const 1))
+  (func (result i32) (i32.const 2))
+  (func (result i32) (i32.const 3))
+  (func (result i32) (i32.const 4))
+  (func (result i32) (i32.const 5))
+  (func (result i32) (i32.const 6))
+  (func (result i32) (i32.const 7))
+  (func (result i32) (i32.const 8))
+  (func (result i32) (i32.const 9))
+  (func (export "test")
+    (table.copy (i32.const 15) (i32.const 31) (i32.const 0))
+    ))
+
+(assert_trap (invoke "test") "out of bounds")
+
+(module
+  (table 30 30 funcref)
+  (elem (i32.const 2) 3 1 4 1)
+  (elem passive funcref 2 7 1 8)
+  (elem (i32.const 12) 7 5 2 3 6)
+  (elem passive funcref 5 9 2 7 6)
+  (func (result i32) (i32.const 0))
+  (func (result i32) (i32.const 1))
+  (func (result i32) (i32.const 2))
+  (func (result i32) (i32.const 3))
+  (func (result i32) (i32.const 4))
+  (func (result i32) (i32.const 5))
+  (func (result i32) (i32.const 6))
+  (func (result i32) (i32.const 7))
+  (func (result i32) (i32.const 8))
+  (func (result i32) (i32.const 9))
+  (func (export "test")
+    (table.copy (i32.const 30) (i32.const 30) (i32.const 0))
+    ))
+
+(invoke "test")
+
 (module
   (type (func (result i32)))
   (table 32 64 funcref)
diff --git a/test/core/table_init.wast b/test/core/table_init.wast
@@ -439,11 +439,74 @@
   (func (result i32) (i32.const 7))
   (func (result i32) (i32.const 8))
   (func (result i32) (i32.const 9))
+  (func (export "test")
+    (table.init 1 (i32.const 12) (i32.const 5) (i32.const 0))
+    ))
+(assert_trap (invoke "test") "out of bounds")
+
+(module
+  (table 30 30 funcref)
+  (elem (i32.const 2) 3 1 4 1)
+  (elem passive funcref 2 7 1 8)
+  (elem (i32.const 12) 7 5 2 3 6)
+  (elem passive funcref 5 9 2 7 6)
+  (func (result i32) (i32.const 0))
+  (func (result i32) (i32.const 1))
+  (func (result i32) (i32.const 2))
+  (func (result i32) (i32.const 3))
+  (func (result i32) (i32.const 4))
+  (func (result i32) (i32.const 5))
+  (func (result i32) (i32.const 6))
+  (func (result i32) (i32.const 7))
+  (func (result i32) (i32.const 8))
+  (func (result i32) (i32.const 9))
   (func (export "test")
     (table.init 1 (i32.const 30) (i32.const 2) (i32.const 0))
     ))
 (invoke "test")
 
+(module
+  (table 30 30 funcref)
+  (elem (i32.const 2) 3 1 4 1)
+  (elem passive funcref 2 7 1 8)
+  (elem (i32.const 12) 7 5 2 3 6)
+  (elem passive funcref 5 9 2 7 6)
+  (func (result i32) (i32.const 0))
+  (func (result i32) (i32.const 1))
+  (func (result i32) (i32.const 2))
+  (func (result i32) (i32.const 3))
+  (func (result i32) (i32.const 4))
+  (func (result i32) (i32.const 5))
+  (func (result i32) (i32.const 6))
+  (func (result i32) (i32.const 7))
+  (func (result i32) (i32.const 8))
+  (func (result i32) (i32.const 9))
+  (func (export "test")
+    (table.init 1 (i32.const 31) (i32.const 2) (i32.const 0))
+    ))
+(assert_trap (invoke "test") "out of bounds")
+
+(module
+  (table 30 30 funcref)
+  (elem (i32.const 2) 3 1 4 1)
+  (elem passive funcref 2 7 1 8)
+  (elem (i32.const 12) 7 5 2 3 6)
+  (elem passive funcref 5 9 2 7 6)
+  (func (result i32) (i32.const 0))
+  (func (result i32) (i32.const 1))
+  (func (result i32) (i32.const 2))
+  (func (result i32) (i32.const 3))
+  (func (result i32) (i32.const 4))
+  (func (result i32) (i32.const 5))
+  (func (result i32) (i32.const 6))
+  (func (result i32) (i32.const 7))
+  (func (result i32) (i32.const 8))
+  (func (result i32) (i32.const 9))
+  (func (export "test")
+    (table.init 1 (i32.const 30) (i32.const 4) (i32.const 0))
+    ))
+(invoke "test")
+
 (assert_invalid
   (module
     (table 10 funcref)
diff --git a/test/meta/generate_memory_copy.js b/test/meta/generate_memory_copy.js
@@ -304,6 +304,15 @@ print(
 (invoke "test")
 `);
 
+// Zero len with dest offset out-of-bounds past the end of memory is not allowed
+print(
+`(module
+  (memory 1 1)
+  (func (export "test")
+    (memory.copy (i32.const 0x20000) (i32.const 0x7000) (i32.const 0))))
+(assert_trap (invoke "test") "out of bounds")
+`);
+
 // Zero len with src offset out-of-bounds at the end of memory is allowed
 print(
 `(module
@@ -313,6 +322,24 @@ print(
 (invoke "test")
 `);
 
+// Zero len with src offset out-of-bounds past the end of memory is not allowed
+print(
+`(module
+  (memory 1 1)
+  (func (export "test")
+    (memory.copy (i32.const 0x9000) (i32.const 0x20000) (i32.const 0))))
+(assert_trap (invoke "test") "out of bounds")
+`);
+
+// Zero len with both dest and src offsets out-of-bounds at the end of memory is allowed
+print(
+`(module
+  (memory 1 1)
+  (func (export "test")
+    (memory.copy (i32.const 0x10000) (i32.const 0x10000) (i32.const 0))))
+(invoke "test")
+`);
+
 // 100 random fills followed by 100 random copies, in a single-page buffer,
 // followed by verification of the (now heavily mashed-around) buffer.
 print(
diff --git a/test/meta/generate_memory_fill.js b/test/meta/generate_memory_fill.js
@@ -56,6 +56,15 @@ print(
 (invoke "test")
 `);
 
+// Zero len with offset out-of-bounds past the end of memory is not allowed
+print(
+`(module
+  ${PREAMBLE}
+  (func (export "test")
+    (memory.fill (i32.const 0x20000) (i32.const 0x55) (i32.const 0))))
+(assert_trap (invoke "test") "out of bounds memory access")
+`);
+
 // Very large range
 print(
 `(module
diff --git a/test/meta/generate_memory_init.js b/test/meta/generate_memory_init.js
@@ -164,7 +164,7 @@ print(
 (assert_trap (invoke "test") "out of bounds")
 `);
 
-// init: seg ix is valid passive, zero len, but src offset out of bounds
+// init: seg ix is valid passive, zero len, but src offset past the end
 print(
 `(module
   ${PREAMBLE}
@@ -173,15 +173,42 @@ print(
 (assert_trap (invoke "test") "out of bounds")
 `);
 
-// init: seg ix is valid passive, zero len, but dst offset out of bounds
+// init: seg ix is valid passive, zero len, src offset at the end
 print(
 `(module
   ${PREAMBLE}
   (func (export "test")
-    (memory.init 0 (i32.const 0x10000) (i32.const 2) (i32.const 0))))
+    (memory.init 0 (i32.const 1234) (i32.const 1) (i32.const 0))))
+(invoke "test")
+`);
+
+// init: seg ix is valid passive, zero len, but dst offset past the end
+print(
+`(module
+  ${PREAMBLE}
+  (func (export "test")
+    (memory.init 0 (i32.const 0x10001) (i32.const 0) (i32.const 0))))
 (assert_trap (invoke "test") "out of bounds")
 `);
 
+// init: seg ix is valid passive, zero len, but dst offset at the end
+print(
+`(module
+  ${PREAMBLE}
+  (func (export "test")
+    (memory.init 0 (i32.const 0x10000) (i32.const 0) (i32.const 0))))
+(invoke "test")
+`);
+
+// init: seg ix is valid passive, zero len, dst and src offsets at the end
+print(
+`(module
+  ${PREAMBLE}
+  (func (export "test")
+    (memory.init 0 (i32.const 0x10000) (i32.const 1) (i32.const 0))))
+(invoke "test")
+`);
+
 // invalid argument types.  TODO: can add anyfunc etc here.
 {
     const tys  = ['i32', 'f32', 'i64', 'f64'];
diff --git a/test/meta/generate_table_copy.js b/test/meta/generate_table_copy.js
diff --git a/test/meta/generate_table_init.js b/test/meta/generate_table_init.js
