From 925a4f4858c3ab658e3aeaa7404e7965e391062d Mon Sep 17 00:00:00 2001 From: Alex Crichton Date: Tue, 19 Nov 2024 08:52:17 -0700 Subject: [PATCH] Fix an off-by-one error in translating bounds checks (#9621) Unconditionally trapping accesses had an off-by-one introduced in #9576 which caused loads to produce a trap when they should succeed. --- .../src/translate/code_translator/bounds_checks.rs | 2 +- crates/fuzzing/src/oracles/memory.rs | 3 ++- .../custom-page-sizes/custom-page-sizes.wast | 10 ++++++++++ 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/crates/cranelift/src/translate/code_translator/bounds_checks.rs b/crates/cranelift/src/translate/code_translator/bounds_checks.rs index eb90a9666fb8..ec2869606f54 100644 --- a/crates/cranelift/src/translate/code_translator/bounds_checks.rs +++ b/crates/cranelift/src/translate/code_translator/bounds_checks.rs @@ -144,7 +144,7 @@ where // different bounds checks and optimizations of those bounds checks. It is // intentionally written in a straightforward case-matching style that will // hopefully make it easy to port to ISLE one day. - if offset_and_size >= heap.memory.maximum_byte_size().unwrap_or(u64::MAX) { + if offset_and_size > heap.memory.maximum_byte_size().unwrap_or(u64::MAX) { // Special case: trap immediately if `offset + access_size > // max_memory_size`, since we will end up being out-of-bounds regardless // of the given `index`. diff --git a/crates/fuzzing/src/oracles/memory.rs b/crates/fuzzing/src/oracles/memory.rs index a4b1d8e768f5..a3fa0e0f3be7 100644 --- a/crates/fuzzing/src/oracles/memory.rs +++ b/crates/fuzzing/src/oracles/memory.rs @@ -235,7 +235,8 @@ pub fn check_memory_accesses(input: MemoryAccesses) { }; do_accesses(&mut store, "initial size"); - let _ = memory.grow(&mut store, u64::from(growth)); + let res = memory.grow(&mut store, u64::from(growth)); + log::debug!("grow {growth} -> {res:?}"); do_accesses(&mut store, "after growing"); } diff --git a/tests/misc_testsuite/custom-page-sizes/custom-page-sizes.wast b/tests/misc_testsuite/custom-page-sizes/custom-page-sizes.wast index 67dc275fb485..a675d41f1e4c 100644 --- a/tests/misc_testsuite/custom-page-sizes/custom-page-sizes.wast +++ b/tests/misc_testsuite/custom-page-sizes/custom-page-sizes.wast @@ -109,3 +109,13 @@ (module (memory (import "m" "large-pages-memory") 0 (pagesize 65536)) ) + +(module + (memory 8 8 (pagesize 0x1)) + (func (export "load64") (param i32) (result i64) + local.get 0 + i64.load + ) +) + +(assert_return (invoke "load64" (i32.const 0)) (i64.const 0))