Commit fc29fa8f authored by Andreas Haas's avatar Andreas Haas Committed by V8 LUCI CQ

[wasm] Validate type of ref.null in init expressions

With this CL it is not possible anymore to initialize a func ref table
with extern ref ref.null.

R=manoskouk@chromium.org

Change-Id: If6023da6fc21844dd813cc6191f2a4ca595f8b00
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2912577
Commit-Queue: Andreas Haas <ahaas@chromium.org>
Reviewed-by: 's avatarManos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#74727}
parent baa8c6e5
......@@ -920,6 +920,13 @@ class ModuleDecoderImpl : public Decoder {
? consume_element_expr()
: WasmInitExpr::RefFuncConst(consume_element_func_index());
if (failed()) return;
if (!IsSubtypeOf(TypeOf(init), segment.type, module_.get())) {
errorf(pc_,
"Invalid type in the init expression. The expected type is "
"'%s', but the actual type is '%s'.",
segment.type.name().c_str(), TypeOf(init).name().c_str());
return;
}
segment.entries.push_back(std::move(init));
}
module_->elem_segments.push_back(std::move(segment));
......
......@@ -1860,6 +1860,47 @@ TEST_F(WasmModuleVerifyTest, ElementSectionInitExternRefTableWithFuncRef) {
"Instead, table 0 of type externref is referenced.");
}
TEST_F(WasmModuleVerifyTest, ElementSectionInitFuncRefTableWithFuncRefNull) {
WASM_FEATURE_SCOPE(reftypes);
static const byte data[] = {
// table declaration ---------------------------------------------------
SECTION(Table, ENTRY_COUNT(1), // section header
kFuncRefCode, 0, 9), // table 0
// elements ------------------------------------------------------------
SECTION(Element,
ENTRY_COUNT(1), // entry count
ACTIVE_WITH_ELEMENTS, TABLE_INDEX0, // element for table 0
WASM_INIT_EXPR_I32V_1(0), // index
kFuncRefCode, // .
1, // elements count
WASM_INIT_EXPR_FUNC_REF_NULL) // function
};
EXPECT_VERIFIES(data);
}
TEST_F(WasmModuleVerifyTest, ElementSectionInitFuncRefTableWithExternRefNull) {
WASM_FEATURE_SCOPE(reftypes);
static const byte data[] = {
// table declaration ---------------------------------------------------
SECTION(Table, ENTRY_COUNT(1), // section header
kFuncRefCode, 0, 9), // table 0
// elements ------------------------------------------------------------
SECTION(Element,
ENTRY_COUNT(1), // entry count
ACTIVE_WITH_ELEMENTS, TABLE_INDEX0, // element for table 0
WASM_INIT_EXPR_I32V_1(0), // index
kFuncRefCode, // .
1, // elements count
WASM_INIT_EXPR_EXTERN_REF_NULL) // function
};
EXPECT_FAILURE_WITH_MSG(
data,
"Invalid type in the init expression. The expected "
"type is 'funcref', but the actual type is 'externref'.");
}
TEST_F(WasmModuleVerifyTest, ElementSectionDontInitExternRefImportedTable) {
// Test that imported tables of type ExternRef cannot be initialized in the
// elements section.
......
......@@ -7,7 +7,6 @@
'skip-stack-guard-page': [PASS, ['((arch == ppc or arch == ppc64 or arch == s390 or arch == s390x) and simulator_run)', SKIP]],
# TODO(v8:10994): Failing spec test after update.
'proposals/js-types/data': [FAIL],
'elem': [FAIL],
# Missing rebase in the proposal repository.
'proposals/js-types/table': [FAIL],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment