fitzgen opened PR #8317 from fitzgen:dont-optimize-bitcast-from-r64
to bytecodealliance:main
:
Deduping bitcasts to integers from references can make the references no long
longer live across safepoints, and instead only the bitcasted integer results
would be. Because the reference is no longer live after the safepoint, the
safepoint's stack map would not have an entry for the reference, which could
result in the collector reclaiming an object too early, which is basically a
use-after-free bug. Luckily, we sandbox the GC heap now, so such UAF bugs aren't
memory unsafe, but they could potentially result in denial of service
attacks. Either way, we don't want those bugs!On the other hand, it is technically fine to dedupe bitcasts to reference
types. Doing so extends, rather than shortens, the live range of the GC
reference. This potentially adds it to more stack maps than it otherwise would
have been in, which means it might unnecessarily survive a GC it otherwise
wouldn't have. But that is fine. Shrinking live ranges of GC references, and
removing them from stack maps they otherwise should have been in, is the
problematic transformation.
fitzgen requested elliottt for a review on PR #8317.
fitzgen requested wasmtime-compiler-reviewers for a review on PR #8317.
fitzgen requested alexcrichton for a review on PR #8317.
fitzgen requested wasmtime-core-reviewers for a review on PR #8317.
github-actions[bot] commented on PR #8317:
Subscribe to Label Action
cc @peterhuene
<details>
This issue or pull request has been labeled: "cranelift", "cranelift:area:machinst", "wasmtime:api"Thus the following users have been cc'd because of the following labels:
- peterhuene: wasmtime:api
To subscribe or unsubscribe from this label, edit the <code>.github/subscribe-to-label.json</code> configuration file.
Learn more.
</details>
elliottt submitted PR review:
Makes sense to me!
fitzgen merged PR #8317.
Last updated: Dec 23 2024 at 12:05 UTC