Behavior on initializing array with negative size

WebAssembly / gc

Branch of the spec repo scoped to discussion of GC integration in WebAssembly

https://webassembly.github.io/gc/

Other

997 stars 72 forks source link

Behavior on initializing array with negative size #489

Closed Yu-zh closed 10 months ago

Yu-zh commented 10 months ago

Hello, I wanted to ask what is the expected behavior on initializing array with negative size. I have tried the following program

(module
  (type $vec (array f32))
  (global $v (ref $vec) (array.new $vec (f32.const 1) (i32.const -3)))
  (func (export "_start") (result i32) (global.get $v) (array.len))
)

I build the spec interpreter, and run ./wasm index.wat -e "(invoke \"_start\")". Then the interpreter hangs. I also try it on Chrome, and it says RuntimeError: requested new array is too large.

rossberg commented 10 months ago

There are no negative sizes, since they are unsigned. The code is trying to allocate a very large array with 0xffff_fffc elements. The behaviour of a Wasm engine in the case of resource exhaustion isn't specified, similar to e.g. stack overflow.

Yu-zh commented 10 months ago

@rossberg Thanks. That makes sense.