Open
Conversation
srberard
requested review from
TianlongLiang,
lum1n0us,
no1wudi and
yamt
as code owners
There was a problem hiding this comment.
Pull request overview
This PR adds build-time support and documentation for the Branch Hints feature, hardens the wasm loader’s branch-hint custom section parsing, and introduces regression coverage for related loader issues.
Changes:
- Add
WAMR_BUILD_BRANCH_HINTSbuild flag wiring and update build/reporting output. - Add loader-side validation for branch hint counts/offsets and adjust logging when hints are present but disabled.
- Add regression test cases and sample
.wasmfixtures for branch-hint loader failures.
Reviewed changes
Copilot reviewed 7 out of 9 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
core/iwasm/interpreter/wasm_loader.c |
Adds branch-hint validation (count/offset), introduces branch-instruction counting helper, adjusts logging severity when feature disabled. |
build-scripts/config_common.cmake |
Adds build configuration message + definition to enable WASM_ENABLE_BRANCH_HINTS. |
tests/regression/ba-issues/build_wamr.sh |
Adds a dedicated iwasm build variant with branch hints enabled for regression runs. |
tests/regression/ba-issues/running_config.json |
Registers two new regression test entries for branch-hint loader failures. |
tests/regression/ba-issues/issues/issue-980002/create_samples.py |
Adds script to generate the crafted branch-hint .wasm samples. |
tests/regression/ba-issues/issues/issue-980002/branch_hint_invalid_free.wasm |
Adds crafted wasm fixture for invalid hint sizing/structure. |
tests/regression/ba-issues/issues/issue-980003/branch_hint_null_deref.wasm |
Adds crafted wasm fixture for oversized hint-count input. |
doc/build_wamr.md |
Documents the WAMR_BUILD_BRANCH_HINTS option and intent. |
doc/tiered_support.md |
Lists Branch Hints in the tiered support matrix with a link to build documentation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+5573
to
+5586
| static uint32 | ||
| calculate_num_branch_instructions(const WASMFunction *func) | ||
| { | ||
| const uint8 *code = func->code; | ||
| const uint8 *code_end = code + func->code_size; | ||
| uint32 max_hints = 0; | ||
|
|
||
| while (code < code_end) { | ||
| uint8 opcode = *code++; | ||
|
|
||
| if (opcode == WASM_OP_IF || opcode == WASM_OP_BR_IF) { | ||
| max_hints++; | ||
| } | ||
| } |
Comment on lines
5640
to
5671
| struct WASMCompilationHintBranchHint *new_hints = loader_malloc( | ||
| sizeof(struct WASMCompilationHintBranchHint) * num_hints, error_buf, | ||
| error_buf_size); | ||
| if (!new_hints) { | ||
| goto fail; | ||
| } | ||
| for (uint32 j = 0; j < num_hints; ++j) { | ||
| struct WASMCompilationHintBranchHint *new_hint = &new_hints[j]; | ||
| new_hint->next = NULL; | ||
| new_hint->type = WASM_COMPILATION_BRANCH_HINT; | ||
| read_leb_uint32(buf, buf_end, new_hint->offset); | ||
|
|
||
| /* Validate offset is within the function's code bounds */ | ||
| if (new_hint->offset >= func->code_size) { | ||
| set_error_buf_v( | ||
| error_buf, error_buf_size, | ||
| "invalid branch hint offset: %u exceeds function " | ||
| "code size %u", | ||
| new_hint->offset, func->code_size); | ||
| goto fail; | ||
| } | ||
|
|
||
| uint32 size; | ||
| read_leb_uint32(buf, buf_end, size); | ||
| if (size != 1) { | ||
| set_error_buf_v(error_buf, error_buf_size, | ||
| "invalid branch hint size, expected 1, got %d.", | ||
| size); | ||
| wasm_runtime_free(new_hint); | ||
| /* Do not free new_hints here - any hints already linked into | ||
| * the module structure will be freed during module cleanup. | ||
| * Freeing here would cause a double-free. */ | ||
| goto fail; |
| "argument": "", | ||
| "expected return": { | ||
| "ret code": 255, | ||
| "stdout content": "WASM module load failed: invalid number of branch hints: expected at most 0, got 42949672", |
Comment on lines
+777
to
+780
| if (WAMR_BUILD_BRANCH_HINTS EQUAL 1) | ||
| message (" Branch hints enabled") | ||
| add_definitions(-DWASM_ENABLE_BRANCH_HINTS=1) | ||
| endif () |
doc/tiered_support.md
Outdated
| | RT-Thread Compatibility | WAMR_BUILD_PLATFORM=rt-thread | Portability | | ||
| | VxWorks Compatibility | WAMR_BUILD_PLATFORM=vxworks | Portability | | ||
| | Windows Compatibility | WAMR_BUILD_PLATFORM=windows | Portability | | ||
| | Branch Hints | [WAMR_BUILD_BRANCH_HINTS](./build_wamr.md#branch-hints-feature) | Wasm Proposal | |
|
|
||
| ## **Branch hints** | ||
|
|
||
| - **WAMR_BUILD_BRANCH_HINTS**=1/0, default to disable if not set |
Signed-off-by: Stephen Berard <stephen.berard@outlook.com>
Signed-off-by: Stephen Berard <stephen.berard@outlook.com>
```bash $ pwd /workspaces/wasm-micro-runtime/tests/regression/ba-issues $ ./run.py -i 980002,980003 ```
srberard
force-pushed
the
fix/branch-hint-parse-issue
branch
from
ceafe3d to
3b88f0e
Compare
Contributor
Author
|
Rebased. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes two security issues in experimental branch hint support (WASM_ENABLE_BRANCH_HINTS=1) reported by @Finder16.
Summary
These issues only affect builds with branch hints enabled, which is currently an experimental, opt-in feature.