From 7530b2799933b8069aa3a4e9be522ff39769be46 Mon Sep 17 00:00:00 2001 From: Alon Zakai Date: Fri, 12 Jul 2024 14:12:52 -0700 Subject: [PATCH 1/4] fix --- src/wasm/wasm-validator.cpp | 8 ++++++++ test/spec/ref_cast.wast | 10 ++++++++++ 2 files changed, 18 insertions(+) diff --git a/src/wasm/wasm-validator.cpp b/src/wasm/wasm-validator.cpp index eb2f949b24a..6dc61fe6f89 100644 --- a/src/wasm/wasm-validator.cpp +++ b/src/wasm/wasm-validator.cpp @@ -2749,6 +2749,14 @@ void FunctionValidator::visitRefCast(RefCast* curr) { curr->ref->type.isRef(), curr, "ref.cast ref must have ref type")) { return; } + // If the cast is unreachable but not the ref (we ruled out the former + // earlier), then the cast is unreachable because the cast type had no + // common supertype with the ref, which is invalid. This is the same as the + // check below us, but we must do it first (as getHeapType fails otherwise). + if (!shouldBeUnequal(curr->type, Type(Type::unreachable), curr, + "ref.cast target type and ref type must have a common supertype")) { + return; + } shouldBeEqual( curr->type.getHeapType().getBottom(), curr->ref->type.getHeapType().getBottom(), diff --git a/test/spec/ref_cast.wast b/test/spec/ref_cast.wast index 927d82ebcaf..c51e6b05719 100644 --- a/test/spec/ref_cast.wast +++ b/test/spec/ref_cast.wast @@ -170,6 +170,16 @@ "common supertype" ) +(assert_invalid + (module + (type $t0 (struct)) + (func (export "test-ref-cast-extern") (result anyref) + (ref.cast (ref extern) (struct.new $t0)) + ) + ) + "common supertype" +) + (assert_malformed (module quote "(func (ref.cast i32 (unreachable)))") "expected reftype" From 38e1ba971f3adae6d8f5e37fb151e95460dc3441 Mon Sep 17 00:00:00 2001 From: Alon Zakai Date: Fri, 12 Jul 2024 14:13:05 -0700 Subject: [PATCH 2/4] fix --- src/wasm/wasm-validator.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/wasm/wasm-validator.cpp b/src/wasm/wasm-validator.cpp index 6dc61fe6f89..9098673922c 100644 --- a/src/wasm/wasm-validator.cpp +++ b/src/wasm/wasm-validator.cpp @@ -2753,8 +2753,11 @@ void FunctionValidator::visitRefCast(RefCast* curr) { // earlier), then the cast is unreachable because the cast type had no // common supertype with the ref, which is invalid. This is the same as the // check below us, but we must do it first (as getHeapType fails otherwise). - if (!shouldBeUnequal(curr->type, Type(Type::unreachable), curr, - "ref.cast target type and ref type must have a common supertype")) { + if (!shouldBeUnequal( + curr->type, + Type(Type::unreachable), + curr, + "ref.cast target type and ref type must have a common supertype")) { return; } shouldBeEqual( From 3abe58a8cc78560850897802a0952bc34015a156 Mon Sep 17 00:00:00 2001 From: Alon Zakai Date: Tue, 23 Jul 2024 11:40:38 -0700 Subject: [PATCH 3/4] feedback: add test --- src/wasm/wasm-validator.cpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/wasm/wasm-validator.cpp b/src/wasm/wasm-validator.cpp index f1b39d7028b..04deb706079 100644 --- a/src/wasm/wasm-validator.cpp +++ b/src/wasm/wasm-validator.cpp @@ -2791,6 +2791,13 @@ void FunctionValidator::visitRefCast(RefCast* curr) { "ref.cast target type and ref type must have a common supertype")) { return; } + // Also error (more generically) on i32 and anything else invalid here. + if (!shouldBeTrue( + curr->type.isRef(), + curr, + "ref.cast must have ref type")) { + return; + } shouldBeEqual( curr->type.getHeapType().getBottom(), curr->ref->type.getHeapType().getBottom(), From 459552fa794b5cdb1120871e5ff438f1167bd1d8 Mon Sep 17 00:00:00 2001 From: Alon Zakai Date: Tue, 23 Jul 2024 13:08:47 -0700 Subject: [PATCH 4/4] format --- src/wasm/wasm-validator.cpp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/wasm/wasm-validator.cpp b/src/wasm/wasm-validator.cpp index 04deb706079..3abb106b30b 100644 --- a/src/wasm/wasm-validator.cpp +++ b/src/wasm/wasm-validator.cpp @@ -2792,10 +2792,7 @@ void FunctionValidator::visitRefCast(RefCast* curr) { return; } // Also error (more generically) on i32 and anything else invalid here. - if (!shouldBeTrue( - curr->type.isRef(), - curr, - "ref.cast must have ref type")) { + if (!shouldBeTrue(curr->type.isRef(), curr, "ref.cast must have ref type")) { return; } shouldBeEqual(