[test] Add a test for non-treelike behavior of stack #961
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
binji
reviewed
Feb 1, 2019
test/core/call.wast
Outdated
| call $add_one_to_global | ||
| call $add_one_to_global | ||
| call $add_one_to_global_and_drop | ||
| i32.add |
There was a problem hiding this comment.
Can this be simplified to:
i32.const 0
i32.const 0
nop
i32.addTo exhibit the same behavior?
There was a problem hiding this comment.
I think the idea here is to try and have something that has visible side effects and can't be trivially simplified to a tree like (i32.add (...) (...)).
There was a problem hiding this comment.
Ah yeah the bug with our implementation at least was to reorder this accidentally to:
nop
i32.const 0
i32.const 0
i32.addso I figured it'd be good to assert that the runtime behavior is as expected as well. I'm not sure how to best do that though and there may be an easier way to do so that's less convoluted!
We've recently found a bug in a WebAssembly library we've been working
with where we're mapping WebAssembly to a tree-like IR internally. The
way we parse into this representation, however, has a bug when the
function isn't itself tree-like but rather exibits properties that
exploit a stack machine. For example this isn't so straightforward to
represent in a tree-like fashion:
(import "" "a" (func $foo))
(import "" "b" (func $foo (result i32)))
(func (result i32)
call $b
call $b
call $a
i32.xor)
The extra `call $a` in the middle is valid `WebAssembly` but needs
special treatment when converting to a more tree-like IR format. I
figured it'd be good to ensure there's a spec test covering this case as
we currently pass the suite of spec tests but still contain this bug!
alexcrichton
force-pushed
the
non-treelike-test
branch
from
b4e8343
to
61170ba
Compare
|
There are many tests like that for And what about other instructions with side effects? |
|
Oh dear sorry for posting .... over a year later, this totally slipped my mind and I just got back to this from seeing this commit elsewhere. Sorry about that! @rossberg FWIW this test is intended to exercise the side effects of executing instructions in order vs a test specifically for the I certainly don't mind adding more tests, though, if you feel that we should add more for specific instructions! |
rossberg
approved these changes
Feb 27, 2020
rossberg
changed the title
gumb0
pushed a commit
to wasmx/wasm-spec
that referenced
this pull request
Sep 18, 2020
We've recently found a bug in a WebAssembly library we've been working
with where we're mapping WebAssembly to a tree-like IR internally. The
way we parse into this representation, however, has a bug when the
function isn't itself tree-like but rather exibits properties that
exploit a stack machine. For example this isn't so straightforward to
represent in a tree-like fashion:
(import "" "a" (func $foo))
(import "" "b" (func $foo (result i32)))
(func (result i32)
call $b
call $b
call $a
i32.xor)
The extra `call $a` in the middle is valid `WebAssembly` but needs
special treatment when converting to a more tree-like IR format. I
figured it'd be good to ensure there's a spec test covering this case as
we currently pass the suite of spec tests but still contain this bug!
gumb0
pushed a commit
to wasmx/wasm-spec
that referenced
this pull request
Sep 21, 2020
We've recently found a bug in a WebAssembly library we've been working
with where we're mapping WebAssembly to a tree-like IR internally. The
way we parse into this representation, however, has a bug when the
function isn't itself tree-like but rather exibits properties that
exploit a stack machine. For example this isn't so straightforward to
represent in a tree-like fashion:
(import "" "a" (func $foo))
(import "" "b" (func $foo (result i32)))
(func (result i32)
call $b
call $b
call $a
i32.xor)
The extra `call $a` in the middle is valid `WebAssembly` but needs
special treatment when converting to a more tree-like IR format. I
figured it'd be good to ensure there's a spec test covering this case as
we currently pass the suite of spec tests but still contain this bug!
rossberg
added a commit
that referenced
this pull request
Feb 11, 2021
* Upgrade to latest Sphinx release (2.4.4) (#1171) Fixes #1157 * Support 4GB of memory both in initial and max. * [interpreter] Strictify and specify .bin.wast format (#1173) * Merge nontrapping-float-to-int proposal into spec (#1143) See the non-trapping-float-to-int-conversions proposal here: https://github.com/WebAssembly/nontrapping-float-to-int-conversions * Merge sign-extension-ops proposal into spec (#1144) See the sign-extension-ops proposal here: https://github.com/WebAssembly/sign-extension-ops This PR is built on top of #1143 (merge nontrapping-float-to-int). * Merge multi-value proposal into spec (#1145) See the multi-value proposal here: https://github.com/WebAssembly/multi-value This PR is built on top of the following PRs: * #1143 (merge nontrapping-float-to-int) * #1144 (merge sign-extension-ops) * [interpreter] Remove junk in README * [interpreter] Remove junk in README * [spec] Fix grammar for fractions (#1178) * [spec] Add missing i64.extend32_s syntax (#1179) * [js-api][web-api] Fix some markup errors. * Add a README to the proposals directory. * Add more address overflow tests (#1188) There are already tests for effective address overflow, but those have a large value baked into the offset. These tests all use `1` as the immediate offset, and use `-1` for the address on the stack, which may be compiled differently. * Add a test for non-treelike behavior of stack (#961) We've recently found a bug in a WebAssembly library we've been working with where we're mapping WebAssembly to a tree-like IR internally. The way we parse into this representation, however, has a bug when the function isn't itself tree-like but rather exibits properties that exploit a stack machine. For example this isn't so straightforward to represent in a tree-like fashion: (import "" "a" (func $foo)) (import "" "b" (func $foo (result i32))) (func (result i32) call $b call $b call $a i32.xor) The extra `call $a` in the middle is valid `WebAssembly` but needs special treatment when converting to a more tree-like IR format. I figured it'd be good to ensure there's a spec test covering this case as we currently pass the suite of spec tests but still contain this bug! * [js-api] Various editorial improvements. * [js-api] Replace pseudo-ASCII characters by normal ones. This also required disambiguating the references to "module", as there are now two definitions by that name. * [js-api] Improve prose in 'run a host function'. * [js-api] Improve some of the multi-value prose. * Synchronize js-api tests. * Add script to synchronize js-api tests. Co-authored-by: Ng Zhi An <ngzhian@gmail.com> Co-authored-by: Alon Zakai <azakai@google.com> Co-authored-by: Ben Smith <binji@chromium.org> Co-authored-by: Ms2ger <Ms2ger@igalia.com> Co-authored-by: Alex Crichton <alex@alexcrichton.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We've recently found a bug in a WebAssembly library we've been working
with where we're mapping WebAssembly to a tree-like IR internally. The
way we parse into this representation, however, has a bug when the
function isn't itself tree-like but rather exibits properties that
exploit a stack machine. For example this isn't so straightforward to
represent in a tree-like fashion:
The extra
call $ain the middle is validWebAssemblybut needsspecial treatment when converting to a more tree-like IR format. I
figured it'd be good to ensure there's a spec test covering this case as
we currently pass the suite of spec tests but still contain this bug!