Skip to content

Commit b1535da

Browse files
kripkenkripken
authored
[Strings] Fix StringSlice end computation (#6414)
Like JS string slicing, if the end index is out of bounds that is fine, we clamp to the end. This also matches the behavior in V8 and the spec.
1 parent 32e7f19 commit b1535da

File tree

2 files changed

+17
-3
lines changed

2 files changed

+17
-3
lines changed

src/wasm-interpreter.h

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1986,6 +1986,7 @@ class ExpressionRunner : public OverriddenVisitor<SubType, Flow> {
19861986
if (ref.breaking()) {
19871987
return ref;
19881988
}
1989+
// TODO: "WTF-16 position treatment", as in stringview_wtf16.slice?
19891990
Flow ptr = visit(curr->ptr);
19901991
if (ptr.breaking()) {
19911992
return ptr;
@@ -2173,9 +2174,7 @@ class ExpressionRunner : public OverriddenVisitor<SubType, Flow> {
21732174
auto& refValues = refData->values;
21742175
auto startVal = start.getSingleValue().getUnsigned();
21752176
auto endVal = end.getSingleValue().getUnsigned();
2176-
if (endVal > refValues.size()) {
2177-
trap("array oob");
2178-
}
2177+
endVal = std::min<size_t>(endVal, refValues.size());
21792178
if (hasNonAsciiUpTo(refValues, endVal)) {
21802179
return Flow(NONCONSTANT_FLOW);
21812180
}

test/lit/exec/strings.wast

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -255,6 +255,17 @@
255255
(i32.const 6)
256256
)
257257
)
258+
259+
;; CHECK: [fuzz-exec] calling slice-big
260+
;; CHECK-NEXT: [fuzz-exec] note result: slice-big => string("defgh")
261+
(func $slice-big (export "slice-big") (result (ref string))
262+
;; Slicing [3:huge unsigned value] leads to slicing til the end: "defgh".
263+
(stringview_wtf16.slice
264+
(string.const "abcdefgh")
265+
(i32.const 3)
266+
(i32.const -1)
267+
)
268+
)
258269
)
259270
;; CHECK: [fuzz-exec] calling new_wtf16_array
260271
;; CHECK-NEXT: [fuzz-exec] note result: new_wtf16_array => string("ello")
@@ -323,6 +334,9 @@
323334

324335
;; CHECK: [fuzz-exec] calling slice
325336
;; CHECK-NEXT: [fuzz-exec] note result: slice => string("def")
337+
338+
;; CHECK: [fuzz-exec] calling slice-big
339+
;; CHECK-NEXT: [fuzz-exec] note result: slice-big => string("defgh")
326340
;; CHECK-NEXT: [fuzz-exec] comparing compare.1
327341
;; CHECK-NEXT: [fuzz-exec] comparing compare.10
328342
;; CHECK-NEXT: [fuzz-exec] comparing compare.2
@@ -344,3 +358,4 @@
344358
;; CHECK-NEXT: [fuzz-exec] comparing get_length
345359
;; CHECK-NEXT: [fuzz-exec] comparing new_wtf16_array
346360
;; CHECK-NEXT: [fuzz-exec] comparing slice
361+
;; CHECK-NEXT: [fuzz-exec] comparing slice-big

0 commit comments

Comments
 (0)