From 3b641b17d8dad870661bc0aafed8ed85258c7f42 Mon Sep 17 00:00:00 2001
From: Xu Jun <693788454@qq.com>
Date: Mon, 15 Aug 2022 11:33:20 +0800
Subject: [PATCH] Reserve one pointer size for fast-interp code_compiled_size
 (#1382)

Reserve one pointer size for fast-interp code_compiled_size: if the last opcode of
current function is to be dropped (e.g. OP_DROP), the peak memory usage will
be larger than the final code_compiled_size, we record the peak size to ensure
there won't be invalid memory access during the second traversing.
---
 core/iwasm/interpreter/wasm_loader.c      | 30 +++++++++++++++++------
 core/iwasm/interpreter/wasm_mini_loader.c | 30 +++++++++++++++++------
 2 files changed, 44 insertions(+), 16 deletions(-)

diff --git a/core/iwasm/interpreter/wasm_loader.c b/core/iwasm/interpreter/wasm_loader.c
index 11653a39..658aa005 100644
--- a/core/iwasm/interpreter/wasm_loader.c
+++ b/core/iwasm/interpreter/wasm_loader.c
@@ -4533,6 +4533,10 @@ typedef struct WASMLoaderContext {
     uint8 *p_code_compiled;
     uint8 *p_code_compiled_end;
     uint32 code_compiled_size;
+    /* If the last opcode will be dropped, the peak memory usage will be larger
+     * than the final code_compiled_size, we record the peak size to ensure
+     * there will not be invalid memory access during second traverse */
+    uint32 code_compiled_peak_size;
 #endif
 } WASMLoaderContext;
 
@@ -5077,9 +5081,10 @@ static bool
 wasm_loader_ctx_reinit(WASMLoaderContext *ctx)
 {
     if (!(ctx->p_code_compiled =
-              loader_malloc(ctx->code_compiled_size, NULL, 0)))
+              loader_malloc(ctx->code_compiled_peak_size, NULL, 0)))
         return false;
-    ctx->p_code_compiled_end = ctx->p_code_compiled + ctx->code_compiled_size;
+    ctx->p_code_compiled_end =
+        ctx->p_code_compiled + ctx->code_compiled_peak_size;
 
     /* clean up frame ref */
     memset(ctx->frame_ref_bottom, 0, ctx->frame_ref_size);
@@ -5104,6 +5109,15 @@ wasm_loader_ctx_reinit(WASMLoaderContext *ctx)
     return true;
 }
 
+static void
+increase_compiled_code_space(WASMLoaderContext *ctx, int32 size)
+{
+    ctx->code_compiled_size += size;
+    if (ctx->code_compiled_size >= ctx->code_compiled_peak_size) {
+        ctx->code_compiled_peak_size = ctx->code_compiled_size;
+    }
+}
+
 static void
 wasm_loader_emit_const(WASMLoaderContext *ctx, void *value, bool is_32_bit)
 {
@@ -5122,7 +5136,7 @@ wasm_loader_emit_const(WASMLoaderContext *ctx, void *value, bool is_32_bit)
 #if WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS == 0
         bh_assert((ctx->code_compiled_size & 1) == 0);
 #endif
-        ctx->code_compiled_size += size;
+        increase_compiled_code_space(ctx, size);
     }
 }
 
@@ -5140,7 +5154,7 @@ wasm_loader_emit_uint32(WASMLoaderContext *ctx, uint32 value)
 #if WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS == 0
         bh_assert((ctx->code_compiled_size & 1) == 0);
 #endif
-        ctx->code_compiled_size += sizeof(uint32);
+        increase_compiled_code_space(ctx, sizeof(uint32));
     }
 }
 
@@ -5158,7 +5172,7 @@ wasm_loader_emit_int16(WASMLoaderContext *ctx, int16 value)
 #if WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS == 0
         bh_assert((ctx->code_compiled_size & 1) == 0);
 #endif
-        ctx->code_compiled_size += sizeof(int16);
+        increase_compiled_code_space(ctx, sizeof(uint16));
     }
 }
 
@@ -5174,9 +5188,9 @@ wasm_loader_emit_uint8(WASMLoaderContext *ctx, uint8 value)
 #endif
     }
     else {
-        ctx->code_compiled_size += sizeof(uint8);
+        increase_compiled_code_space(ctx, sizeof(uint8));
 #if WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS == 0
-        ctx->code_compiled_size++;
+        increase_compiled_code_space(ctx, sizeof(uint8));
         bh_assert((ctx->code_compiled_size & 1) == 0);
 #endif
     }
@@ -5196,7 +5210,7 @@ wasm_loader_emit_ptr(WASMLoaderContext *ctx, void *value)
 #if WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS == 0
         bh_assert((ctx->code_compiled_size & 1) == 0);
 #endif
-        ctx->code_compiled_size += sizeof(void *);
+        increase_compiled_code_space(ctx, sizeof(void *));
     }
 }
 
diff --git a/core/iwasm/interpreter/wasm_mini_loader.c b/core/iwasm/interpreter/wasm_mini_loader.c
index efc5b607..b1a1380c 100644
--- a/core/iwasm/interpreter/wasm_mini_loader.c
+++ b/core/iwasm/interpreter/wasm_mini_loader.c
@@ -3038,6 +3038,10 @@ typedef struct WASMLoaderContext {
     uint8 *p_code_compiled;
     uint8 *p_code_compiled_end;
     uint32 code_compiled_size;
+    /* If the last opcode will be dropped, the peak memory usage will be larger
+     * than the final code_compiled_size, we record the peak size to ensure
+     * there will not be invalid memory access during second traverse */
+    uint32 code_compiled_peak_size;
 #endif
 } WASMLoaderContext;
 
@@ -3530,9 +3534,10 @@ static bool
 wasm_loader_ctx_reinit(WASMLoaderContext *ctx)
 {
     if (!(ctx->p_code_compiled =
-              loader_malloc(ctx->code_compiled_size, NULL, 0)))
+              loader_malloc(ctx->code_compiled_peak_size, NULL, 0)))
         return false;
-    ctx->p_code_compiled_end = ctx->p_code_compiled + ctx->code_compiled_size;
+    ctx->p_code_compiled_end =
+        ctx->p_code_compiled + ctx->code_compiled_peak_size;
 
     /* clean up frame ref */
     memset(ctx->frame_ref_bottom, 0, ctx->frame_ref_size);
@@ -3557,6 +3562,15 @@ wasm_loader_ctx_reinit(WASMLoaderContext *ctx)
     return true;
 }
 
+static void
+increase_compiled_code_space(WASMLoaderContext *ctx, int32 size)
+{
+    ctx->code_compiled_size += size;
+    if (ctx->code_compiled_size >= ctx->code_compiled_peak_size) {
+        ctx->code_compiled_peak_size = ctx->code_compiled_size;
+    }
+}
+
 static void
 wasm_loader_emit_const(WASMLoaderContext *ctx, void *value, bool is_32_bit)
 {
@@ -3575,7 +3589,7 @@ wasm_loader_emit_const(WASMLoaderContext *ctx, void *value, bool is_32_bit)
 #if WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS == 0
         bh_assert((ctx->code_compiled_size & 1) == 0);
 #endif
-        ctx->code_compiled_size += size;
+        increase_compiled_code_space(ctx, size);
     }
 }
 
@@ -3593,7 +3607,7 @@ wasm_loader_emit_uint32(WASMLoaderContext *ctx, uint32 value)
 #if WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS == 0
         bh_assert((ctx->code_compiled_size & 1) == 0);
 #endif
-        ctx->code_compiled_size += sizeof(uint32);
+        increase_compiled_code_space(ctx, sizeof(uint32));
     }
 }
 
@@ -3611,7 +3625,7 @@ wasm_loader_emit_int16(WASMLoaderContext *ctx, int16 value)
 #if WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS == 0
         bh_assert((ctx->code_compiled_size & 1) == 0);
 #endif
-        ctx->code_compiled_size += sizeof(int16);
+        increase_compiled_code_space(ctx, sizeof(uint16));
     }
 }
 
@@ -3627,9 +3641,9 @@ wasm_loader_emit_uint8(WASMLoaderContext *ctx, uint8 value)
 #endif
     }
     else {
-        ctx->code_compiled_size += sizeof(uint8);
+        increase_compiled_code_space(ctx, sizeof(uint8));
 #if WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS == 0
-        ctx->code_compiled_size++;
+        increase_compiled_code_space(ctx, sizeof(uint8));
         bh_assert((ctx->code_compiled_size & 1) == 0);
 #endif
     }
@@ -3649,7 +3663,7 @@ wasm_loader_emit_ptr(WASMLoaderContext *ctx, void *value)
 #if WASM_CPU_SUPPORTS_UNALIGNED_ADDR_ACCESS == 0
         bh_assert((ctx->code_compiled_size & 1) == 0);
 #endif
-        ctx->code_compiled_size += sizeof(void *);
+        increase_compiled_code_space(ctx, sizeof(void *));
     }
 }