Sync gitbook with main #4123
Merged
Sync gitbook with main #4123
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.26.13...v3.27.0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Refine looking up aot function with index * refine the code
* Bump AOT_CURRENT_VERSION for WAMR 2.x (gc, memory64) Maybe it's too late because we have already made a few releases since then. But this might still help users who haven't upgraded to WAMR 2.x yet. Also, for the purpose of the versioning, it's safer to bump needlessly than missing necessary bumps. Fixes #3837 * test-tools/aot-analyzer/include/config.h: bump AOT_CURRENT_VERSION
) When checking for integer overflow, you may often write tests like p + i < p. This works fine if p and i are unsigned integers, since any overflow in the addition will cause the value to simply "wrap around." However, using this pattern when p is a pointer is problematic because pointer overflow has undefined behavior according to the C and C++ standards. If the addition overflows and has an undefined result, the comparison will likewise be undefined; it may produce an unintended result, or may be deleted entirely by an optimizing compiler.
This commit refactors the AOT loader in `aot_loader.c` to support compatible versions of the AOT_CURRENT_VERSION constant. Previously, the loader only accepted the exact AOT_CURRENT_VERSION value, but now it also accepts version 3. This change ensures that the runtime can load modules AoT-compiled with different versions of wamrc as long as they have compatible AOT_CURRENT_VERSION values. Related to #3880.
add wasm loader check: in code entry, the code size should match the size of vec(locals) + expr, and expr should end with opcode end
fix(uwp): Gate NTSTATUS definition behind WINAPI_PARTITION_DESKTOP for UWP build
While resolving linked globals in multi-module mode, WAMR tries to copy the linked global's initial value into the destination global in the current module. However, a bug in the implementation causes the copy to be done from the InitializerExpression struct, not from its WASMValue field. This did not come up in WAMR's spec test runner because those are built with WASM_ENABLE_SPEC_TEST, which means these globals are resolved as builtins, not linked globals, which goes through a different (presumably not faulty) path.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.27.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.27.0...v3.27.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…local definition anyway (#3899)
Reference Info: 377955855 wamr:wasm_mutator_fuzz_loader: Direct-leak in wasm_loader_emit_br_info https://issues.oss-fuzz.com/issues/377955855
`module_inst->table_count = module->import_table_count + module->table_count`, using it as an index will go through `module->import_tables` and `module->tables`, but aot init data is only available for non-import tables.
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.1 to 3.27.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.27.1...v3.27.4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
allowing custom ARC toolchain on Windows
The recent version of the rust toolchain will emit ref types opcodes, which needs to enable this feature in the `iwasm` build. The vector format parsing logic has some errors in the current version. I disabled the check for now and am waiting for further investigation.
Check possible integer overflow in aot memory boundary check when the wasm memory is 64-bit.
Filesystem paths can be mapped from the host path to a guest path using the format `<guest-path>::<host-path>`. Previously `strtok` was used to find the `::` delimiter. Unfortunately `strtok` processes each delimiter character individually. This meant that the code was ~equivalent to `strtok(mapping_copy, ":")` which breaks with Windows-style paths (E.g. `C:\my_path\`). To fix this `strstr` is used to search for the exact delimiter.
- add testcases for shared_heap - fix POP_MEM_OFFSET and POP_TBL_ELEM_IDX of memory64 Signed-off-by: wenlingyun1 <wenlingyun1@xiaomi.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.4 to 3.27.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.27.4...v3.27.5) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Currently, if argv_to_results fails (e.g. because an unsupported type is encountered), an non-null trap with an uninitialized message is returned.
- uninitialized buffer pointers (crashes) - match integer constant size with printf specifier Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com>
Signed-off-by: Huang Qi <huangqi3@xiaomi.com>
…4095) if using a debug building of wamrc to run spec test. there will be: core/iwasm/compilation/aot_emit_aot_file.c:1794:13: runtime error: null pointer passed as argument 2, which is declared to never be null
- Utilizes the standard CMake variable BUILD_SHARED_LIBS to simplify the CMake configuration. - Allows the use of a single library definition for both static and shared library cases, improving maintainability and readability of the CMake configuration. - Install vmlib public header files - Installs the public header files for the vmlib target to the include/iwasm directory. - Install cmake package - Adds the necessary CMake configuration files (iwasmConfig.cmake and iwasmConfigVersion.cmake). - Configures the installation of these files to the appropriate directory (lib/cmake/iwasm). - Ensures compatibility with the same major version. - Improve windows product-mini CMakeLists.txt - Fix missing symbols when linking windows product-mini with shared vmlib - Improve Darwin product-mini CMakeLists.txt --------- Signed-off-by: Peter Tatrai <peter.tatrai.ext@siemens.com>
Fix an assertion from *gc_object.c line 91* `bh_assert(rtt_type->type_flag == WASM_TYPE_STRUCT;`
Co-authored-by: xiangjia.xj <xiangjia.xj@alibaba-inc.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.0 to 4.6.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.0...v4.6.1) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.9 to 3.28.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3.28.9...v3.28.10) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
remove confusing comments.
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.0 to 2.4.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@62b2cac...f49aabe) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…pilation context (#4105) Co-authored-by: xiangjia.xj <xiangjia.xj@alibaba-inc.com>
- allocate memory for array initialization based on length - update reference type mapping for struct initialization
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
TianlongLiang
requested review from
loganek,
lum1n0us,
no1wudi,
wenyongh,
xujuntwt95329 and
yamt
as code owners
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -18,6 +18,8 @@ | |||
| #include "../common/libc_wasi.c" | |||
| #endif | |||
|
|
|||
| #include "../common/wasm_proposal.c" | |||
Check notice
Code scanning / CodeQL
Include header files only Note
|
|
||
| steps: | ||
| - name: checkout | ||
| uses: actions/checkout@v4 |
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
| @@ -53,7 +53,7 @@ | |||
|
|
|||
| # Initializes the CodeQL tools for scanning. | |||
| - name: Initialize CodeQL | |||
| uses: github/codeql-action/init@v3.26.13 | |||
| uses: github/codeql-action/init@v3.28.10 | |||
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
| @@ -70,7 +70,7 @@ | |||
| - run: | | |||
| ./.github/scripts/codeql_buildscript.sh | |||
| - name: Perform CodeQL Analysis | |||
| uses: github/codeql-action/analyze@v3.26.13 | |||
| uses: github/codeql-action/analyze@v3.28.10 | |||
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
| @@ -99,14 +99,14 @@ | |||
| output: ${{ steps.step1.outputs.sarif-output }}/cpp.sarif | |||
|
|
|||
| - name: Upload CodeQL results to code scanning | |||
| uses: github/codeql-action/upload-sarif@v3.26.13 | |||
| uses: github/codeql-action/upload-sarif@v3.28.10 | |||
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
| with: | ||
| sarif_file: ${{ steps.step1.outputs.sarif-output }} | ||
| category: "/language:${{matrix.language}}" | ||
|
|
||
| - name: Upload CodeQL results as an artifact | ||
| if: success() || failure() | ||
| uses: actions/upload-artifact@v4.4.3 | ||
| uses: actions/upload-artifact@v4.6.1 |
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
| @@ -350,7 +351,7 @@ | |||
|
|
|||
| - name: upload the log | |||
| if: always() | |||
| uses: actions/upload-artifact@v4.4.3 | |||
| uses: actions/upload-artifact@v4.6.1 | |||
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.