Implement aux stack overflow/underflow check for AOT/interp (#601)

2021-04-07 16:15:59 +08:00
parent fe76c89c25
commit 77c3ddf7d0
18 changed files with 242 additions and 45 deletions
--- a/core/iwasm/interpreter/wasm_interp_classic.c
+++ b/core/iwasm/interpreter/wasm_interp_classic.c
@ -702,7 +702,7 @@ ALLOC_FRAME(WASMExecEnv *exec_env, uint32 size, WASMInterpFrame *prev_frame)
    }
    else {
        wasm_set_exception((WASMModuleInstance*)exec_env->module_inst,
-                           "stack overflow");
+                           "wasm operand stack overflow");
    }

    return frame;
@ -1350,6 +1350,8 @@ label_pop_csp_n:

      HANDLE_OP (WASM_OP_SET_GLOBAL_AUX_STACK):
        {
+          uint32 aux_stack_top;
+
          read_leb_uint32(frame_ip, frame_ip_end, global_idx);
          bh_assert(global_idx < module->global_count);
          global = globals + global_idx;
@ -1361,9 +1363,17 @@ label_pop_csp_n:
                          + global->import_global_inst->data_offset
                        : global_data + global->data_offset;
 #endif
-          if (*(uint32*)(frame_sp - 1) < exec_env->aux_stack_boundary)
-            goto out_of_bounds;
-          *(int32*)global_addr = POP_I32();
+          aux_stack_top = *(uint32*)(frame_sp - 1);
+          if (aux_stack_top <= exec_env->aux_stack_boundary.boundary) {
+            wasm_set_exception(module, "wasm auxiliary stack overflow");
+            goto got_exception;
+          }
+          if (aux_stack_top > exec_env->aux_stack_bottom.bottom) {
+            wasm_set_exception(module, "wasm auxiliary stack underflow");
+            goto got_exception;
+          }
+          *(int32*)global_addr = aux_stack_top;
+          frame_sp--;
 #if WASM_ENABLE_MEMORY_PROFILING != 0
          if (module->module->aux_stack_top_global_index != (uint32)-1) {
              uint32 aux_stack_used =
@ -3021,7 +3031,7 @@ label_pop_csp_n:
                       + (uint64)cur_wasm_func->max_stack_cell_num
                       + ((uint64)cur_wasm_func->max_block_num) * sizeof(WASMBranchBlock) / 4;
        if (all_cell_num >= UINT32_MAX) {
-            wasm_set_exception(module, "stack overflow");
+            wasm_set_exception(module, "wasm operand stack overflow");
            goto got_exception;
        }

--- a/core/iwasm/interpreter/wasm_interp_fast.c
+++ b/core/iwasm/interpreter/wasm_interp_fast.c
@ -775,7 +775,7 @@ ALLOC_FRAME(WASMExecEnv *exec_env, uint32 size, WASMInterpFrame *prev_frame)
    }
    else {
        wasm_set_exception((WASMModuleInstance*)exec_env->module_inst,
-                           "stack overflow");
+                           "wasm operand stack overflow");
    }

    return frame;
@ -1339,6 +1339,8 @@ recover_br_info:

      HANDLE_OP (WASM_OP_SET_GLOBAL_AUX_STACK):
        {
+          uint32 aux_stack_top;
+
          global_idx = read_uint32(frame_ip);
          bh_assert(global_idx < module->global_count);
          global = globals + global_idx;
@ -1350,10 +1352,16 @@ recover_br_info:
                          + global->import_global_inst->data_offset
                        : global_data + global->data_offset;
 #endif
-          addr1 = GET_OFFSET();
-          if (frame_lp[addr1] < exec_env->aux_stack_boundary)
-              goto out_of_bounds;
-          *(int32*)global_addr = frame_lp[addr1];
+          aux_stack_top = frame_lp[GET_OFFSET()];
+          if (aux_stack_top <= exec_env->aux_stack_boundary.boundary) {
+            wasm_set_exception(module, "wasm auxiliary stack overflow");
+            goto got_exception;
+          }
+          if (aux_stack_top > exec_env->aux_stack_bottom.bottom) {
+            wasm_set_exception(module, "wasm auxiliary stack underflow");
+            goto got_exception;
+          }
+          *(int32*)global_addr = aux_stack_top;
 #if WASM_ENABLE_MEMORY_PROFILING != 0
          if (module->module->aux_stack_top_global_index != (uint32)-1) {
              uint32 aux_stack_used =
@ -3130,7 +3138,7 @@ recover_br_info:
                       + (uint64)cur_func->const_cell_num
                       + (uint64)cur_wasm_func->max_stack_cell_num;
        if (all_cell_num >= UINT32_MAX) {
-            wasm_set_exception(module, "stack overflow");
+            wasm_set_exception(module, "wasm operand stack overflow");
            goto got_exception;
        }

--- a/core/iwasm/interpreter/wasm_loader.c
+++ b/core/iwasm/interpreter/wasm_loader.c
@ -6705,7 +6705,6 @@ handle_op_block_and_loop:
                POP_TYPE(global_type);

 #if WASM_ENABLE_FAST_INTERP == 0
-#if (WASM_ENABLE_WAMR_COMPILER == 0) && (WASM_ENABLE_JIT == 0)
                if (global_type == VALUE_TYPE_I64
                    || global_type == VALUE_TYPE_F64) {
                    *p_org = WASM_OP_SET_GLOBAL_64;
@ -6714,7 +6713,6 @@ handle_op_block_and_loop:
                         && global_idx == module->aux_stack_top_global_index) {
                    *p_org = WASM_OP_SET_GLOBAL_AUX_STACK;
                }
-#endif
 #else /* else of WASM_ENABLE_FAST_INTERP */
                if (global_type == VALUE_TYPE_I64
                    || global_type == VALUE_TYPE_F64) {
--- a/core/iwasm/interpreter/wasm_runtime.c
+++ b/core/iwasm/interpreter/wasm_runtime.c
@ -2071,7 +2071,8 @@ wasm_set_aux_stack(WASMExecEnv *exec_env,
        *(int32*)global_addr = start_offset;
        /* The aux stack boundary is a constant value,
            set the value to exec_env */
-        exec_env->aux_stack_boundary = start_offset - size;
+        exec_env->aux_stack_boundary.boundary = start_offset - size;
+        exec_env->aux_stack_bottom.bottom = start_offset;
        return true;
    }