Stream: general

Topic: ✔ storage Layout depending on Compiler?


view this post on Zulip Lasse (Jul 09 2024 at 11:52):

In Fig. 4 of Everything old is new Again, it is suggested that the memory layout in Linear Memory varies depending on the compiler.

When looking at the Documentation it seems more like the operand stack is not even in the linear Memory and a the storage layout is uniformly defined.

Which is the Case?
Is there documentation for which compiler uses which layout?
Is WebAssembly with different Storage Layouts still deterministic in case of a buffer overflow?

WebAssembly Micro Runtime (WAMR). Contribute to bytecodealliance/wasm-micro-runtime development by creating an account on GitHub.

view this post on Zulip bjorn3 (Jul 09 2024 at 16:32):

The operand stack is completely separate from the linear memory and the wasm engine will ensure it isn't tampered with. The stack that figure is referring to is the emulated stack which contains values that need to be stored in the linear memory. For example because they got their address taken, or are too large to be placed on the operand stack or in locals. It doesn't contain return addresses and the like. As far as the wasm engine is concerned this emulated stack is just regular memory.

view this post on Zulip bjorn3 (Jul 09 2024 at 16:33):

Is WebAssembly with different Storage Layouts still deterministic in case of a buffer overflow?

Yes

view this post on Zulip Notification Bot (Jul 10 2024 at 09:31):

Lasse Krähner has marked this topic as resolved.

view this post on Zulip Lasse (Jul 17 2024 at 11:22):

bjorn3 said:

Is WebAssembly with different Storage Layouts still deterministic in case of a buffer overflow?

Yes

do you have literature/documentation for this?

view this post on Zulip bjorn3 (Jul 17 2024 at 11:36):

As far as the wasm engine is concerned, there is no such thing as a buffer overflow. It has no knowledge at all about how the wasm module uses it's linear memory, so it can't do anything like optimizing based on UB (wasm has no UB)

view this post on Zulip Chris Fallin (Jul 17 2024 at 15:24):

@Lasse I think the canonical citation for that would be the determism of Wasm overall (in addition to what bjorn3 said -- what happens inside is opaque, but each step is well-defined)

view this post on Zulip Chris Fallin (Jul 17 2024 at 15:24):

think of it like a CPU emulator stepping through an exploit sequence -- every instruction is still well-defined as the exploit happens "inside the machine"


Last updated: Dec 23 2024 at 12:05 UTC