Relax bulk memory rules (#2186)

tlively · web-flow · commit 6f466401cb5e · 2019-06-30T14:04:21.000-07:00
As decided in the recent in-person CG meeting.
diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
@@ -1683,11 +1683,6 @@ template<typename GlobalManager, typename SubType> class ModuleInstanceBase {
       Address offsetVal(uint32_t(offset.value.geti32()));
       Address sizeVal(uint32_t(size.value.geti32()));
 
-      instance.checkLoadAddress(destVal, 0);
-      if (offsetVal > segment.data.size()) {
-        trap("segment offset out of bounds");
-      }
-
       for (size_t i = 0; i < sizeVal; ++i) {
         if (offsetVal + i >= segment.data.size()) {
           trap("out of bounds segment access in memory.init");
@@ -1727,20 +1722,16 @@ template<typename GlobalManager, typename SubType> class ModuleInstanceBase {
       Address sourceVal(uint32_t(source.value.geti32()));
       Address sizeVal(uint32_t(size.value.geti32()));
 
-      instance.checkLoadAddress(destVal, 0);
-      instance.checkLoadAddress(sourceVal, 0);
-
-      size_t start = 0;
-      size_t end = sizeVal;
+      int64_t start = 0;
+      int64_t end = sizeVal;
       int step = 1;
-      // Reverse direction if source is below dest and they overlap
-      if (sourceVal < destVal &&
-          (sourceVal + sizeVal > destVal || sourceVal + sizeVal < sourceVal)) {
-        start = sizeVal - 1;
+      // Reverse direction if source is below dest
+      if (sourceVal < destVal) {
+        start = int64_t(sizeVal) - 1;
         end = -1;
         step = -1;
       }
-      for (size_t i = start; i != end; i += step) {
+      for (int64_t i = start; i != end; i += step) {
         if (i + destVal >= std::numeric_limits<uint32_t>::max()) {
           trap("Out of bounds memory access");
         }
@@ -1771,8 +1762,6 @@ template<typename GlobalManager, typename SubType> class ModuleInstanceBase {
       Address destVal(uint32_t(dest.value.geti32()));
       Address sizeVal(uint32_t(size.value.geti32()));
 
-      instance.checkLoadAddress(destVal, 0);
-
       uint8_t val(value.value.geti32());
       for (size_t i = 0; i < sizeVal; ++i) {
         instance.externalInterface->store8(
diff --git a/test/spec/bulk-memory.wast b/test/spec/bulk-memory.wast
@@ -33,19 +33,11 @@
 ;; Fill all of memory
 (invoke "fill" (i32.const 0) (i32.const 0) (i32.const 0x10000))
 
-;; Out-of-bounds writes trap, but all previous writes succeed.
-(assert_trap (invoke "fill" (i32.const 0xff00) (i32.const 1) (i32.const 0x101))
-    "out of bounds memory access")
-(assert_return (invoke "load8_u" (i32.const 0xff00)) (i32.const 1))
-(assert_return (invoke "load8_u" (i32.const 0xffff)) (i32.const 1))
-
 ;; Succeed when writing 0 bytes at the end of the region.
 (invoke "fill" (i32.const 0x10000) (i32.const 0) (i32.const 0))
 
-;; Fail on out-of-bounds when writing 0 bytes outside of memory.
-(assert_trap (invoke "fill" (i32.const 0x10001) (i32.const 0) (i32.const 0))
-    "out of bounds memory access")
-
+;; OK to write 0 bytes outside of memory.
+(invoke "fill" (i32.const 0x10001) (i32.const 0) (i32.const 0))
 
 ;; memory.copy
 (module
@@ -105,21 +97,13 @@
 (invoke "copy" (i32.const 0xff00) (i32.const 0) (i32.const 0x100))
 (invoke "copy" (i32.const 0xfe00) (i32.const 0xff00) (i32.const 0x100))
 
-;; Out-of-bounds writes trap, but all previous writes succeed.
-(assert_trap (invoke "copy" (i32.const 0xfffe) (i32.const 0) (i32.const 3))
-    "out of bounds memory access")
-(assert_return (invoke "load8_u" (i32.const 0xfffe)) (i32.const 0xaa))
-(assert_return (invoke "load8_u" (i32.const 0xffff)) (i32.const 0xbb))
-
 ;; Succeed when copying 0 bytes at the end of the region.
 (invoke "copy" (i32.const 0x10000) (i32.const 0) (i32.const 0))
 (invoke "copy" (i32.const 0) (i32.const 0x10000) (i32.const 0))
 
-;; Fail on out-of-bounds when copying 0 bytes outside of memory.
-(assert_trap (invoke "copy" (i32.const 0x10001) (i32.const 0) (i32.const 0))
-    "out of bounds memory access")
-(assert_trap (invoke "copy" (i32.const 0) (i32.const 0x10001) (i32.const 0))
-    "out of bounds memory access")
+;; OK copying 0 bytes outside of memory.
+(invoke "copy" (i32.const 0x10001) (i32.const 0) (i32.const 0))
+(invoke "copy" (i32.const 0) (i32.const 0x10001) (i32.const 0))
 
 ;; memory.init
 (module
@@ -154,11 +138,9 @@
 (invoke "init" (i32.const 0x10000) (i32.const 0) (i32.const 0))
 (invoke "init" (i32.const 0) (i32.const 4) (i32.const 0))
 
-;; Fail on out-of-bounds when writing 0 bytes outside of memory or segment.
-(assert_trap (invoke "init" (i32.const 0x10001) (i32.const 0) (i32.const 0))
-    "out of bounds memory access")
-(assert_trap (invoke "init" (i32.const 0) (i32.const 5) (i32.const 0))
-    "out of bounds memory access")
+;; OK writing 0 bytes outside of memory or segment.
+(invoke "init" (i32.const 0x10001) (i32.const 0) (i32.const 0))
+(invoke "init" (i32.const 0) (i32.const 5) (i32.const 0))
 
 ;; data.drop
 (module
