From efa215847ede578fca9d2ad83cdd45a3ca61879e Mon Sep 17 00:00:00 2001 From: Thomas Lively Date: Mon, 2 Dec 2024 09:05:13 -0800 Subject: [PATCH] Test array.new_data and array.new_elem with dropped segments (#1849) Also test that the instructions trap when the offset and size overflow back to zero, with and without the segments having been dropped. --- test/core/gc/array.wast | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/test/core/gc/array.wast b/test/core/gc/array.wast index 6ad95c0873..cebf20069e 100644 --- a/test/core/gc/array.wast +++ b/test/core/gc/array.wast @@ -158,6 +158,10 @@ (array.new_data $vec $d (i32.const 1) (i32.const 3)) ) + (func $new-overflow (export "new-overflow") (result (ref $vec)) + (array.new_data $vec $d (i32.const 0x8000_0000) (i32.const 0x8000_0000)) + ) + (func $get_u (param $i i32) (param $v (ref $vec)) (result i32) (array.get_u $vec (local.get $v) (local.get $i)) ) @@ -189,6 +193,10 @@ (func (export "len") (result i32) (call $len (call $new)) ) + + (func (export "drop_segs") + (data.drop $d) + ) ) (assert_return (invoke "new") (ref.array)) @@ -198,10 +206,16 @@ (assert_return (invoke "set_get" (i32.const 1) (i32.const 7)) (i32.const 7)) (assert_return (invoke "len") (i32.const 3)) +(assert_trap (invoke "new-overflow") "out of bounds memory access") (assert_trap (invoke "get_u" (i32.const 10)) "out of bounds array access") (assert_trap (invoke "get_s" (i32.const 10)) "out of bounds array access") (assert_trap (invoke "set_get" (i32.const 10) (i32.const 7)) "out of bounds array access") +(assert_return (invoke "drop_segs")) + +(assert_trap (invoke "new") "out of bounds memory access") +(assert_trap (invoke "new-overflow") "out of bounds memory access") + (module (type $bvec (array i8)) (type $vec (array (ref $bvec))) @@ -218,6 +232,10 @@ (array.new_elem $vec $e (i32.const 0) (i32.const 2)) ) + (func $new-overflow (export "new-overflow") (result (ref $vec)) + (array.new_elem $vec $e (i32.const 0x8000_0000) (i32.const 0x8000_0000)) + ) + (func $sub1 (result (ref $nvec)) (array.new_elem $nvec $e (i32.const 0) (i32.const 2)) ) @@ -249,6 +267,10 @@ (func (export "len") (result i32) (call $len (call $new)) ) + + (func (export "drop_segs") + (elem.drop $e) + ) ) (assert_return (invoke "new") (ref.array)) @@ -258,9 +280,15 @@ (assert_return (invoke "set_get" (i32.const 0) (i32.const 1) (i32.const 1)) (i32.const 2)) (assert_return (invoke "len") (i32.const 2)) +(assert_trap (invoke "new-overflow") "out of bounds table access") (assert_trap (invoke "get" (i32.const 10) (i32.const 0)) "out of bounds array access") (assert_trap (invoke "set_get" (i32.const 10) (i32.const 0) (i32.const 0)) "out of bounds array access") +(assert_return (invoke "drop_segs")) + +(assert_trap (invoke "new") "out of bounds table access") +(assert_trap (invoke "new-overflow") "out of bounds table access") + (assert_invalid (module (type $a (array i64))