WebAssembly · conrad-watt · Oct 11, 2022 · Sep 29, 2022 · Oct 4, 2022 · rossberg
diff --git a/interpreter/binary/decode.ml b/interpreter/binary/decode.ml
@@ -466,6 +466,7 @@ let rec instr s =
     | 0x00 -> let a, o = memop s in memory_atomic_notify a o
     | 0x01 -> let a, o = memop s in memory_atomic_wait32 a o
     | 0x02 -> let a, o = memop s in memory_atomic_wait64 a o
+    | 0x03 -> expect 0x00 s "zero flag expected"; atomic_fence
 
     | 0x10 -> let a, o = memop s in i32_atomic_load a o
     | 0x11 -> let a, o = memop s in i64_atomic_load a o

diff --git a/interpreter/binary/encode.ml b/interpreter/binary/encode.ml
@@ -221,6 +221,9 @@ let encode m =
           assert false
       | MemoryAtomicWait {ty = F32Type | F64Type; _} -> assert false
 
+      | AtomicFence ->
+        op 0xfe; op 0x03; op 0x00
+
       | AtomicLoad ({ty = I32Type; sz = None; _} as mo) ->
         op 0xfe; op 0x10; memop mo
       | AtomicLoad ({ty = I64Type; sz = None; _} as mo) ->

diff --git a/interpreter/exec/eval.ml b/interpreter/exec/eval.ml
@@ -132,6 +132,10 @@ let check_align addr ty sz at =
   if not (Memory.is_aligned addr ty sz) then
     Trap.error at "unaligned atomic memory access"
 
+let check_shared mem at =
+  if shared_memory_type (Memory.type_of mem) <> Shared then
+    Trap.error at "expected shared memory"
+
 
 (* Evaluation *)
 
@@ -319,18 +323,28 @@ let rec step_thread (t : thread) : thread =
         (try
           assert (sz = None);
           check_align addr ty sz e.at;
+          check_shared mem e.at;
           let v = Memory.load_value mem addr offset ty in
           if v = ve then
             assert false  (* TODO *)
           else
             I32 1l :: vs', []  (* Not equal *)
         with exn -> vs', [Trapping (memory_error e.at exn) @@ e.at])
 
-      | MemoryAtomicNotify x, I32 count :: I32 i :: vs' ->
+      | MemoryAtomicNotify {offset; ty; sz; _}, I32 count :: I32 i :: vs' ->
+        let mem = memory frame.inst (0l @@ e.at) in
+        let addr = I64_convert.extend_i32_u i in
+        (try
+          check_align addr ty sz e.at;
+          let _ = Memory.load_value mem addr offset ty in
           if count = 0l then
             I32 0l :: vs', []  (* Trivial case waking 0 waiters *)
           else
             assert false  (* TODO *)
+        with exn -> vs', [Trapping (memory_error e.at exn) @@ e.at])
+
+      | AtomicFence, vs ->
+        vs, []
 
       | MemorySize, vs ->
         let mem = memory frame.inst (0l @@ e.at) in

diff --git a/interpreter/syntax/ast.ml b/interpreter/syntax/ast.ml
@@ -106,6 +106,7 @@ and instr' =
   | Convert of cvtop                  (* conversion *)
   | MemoryAtomicWait of atomicop      (* atomically wait for notification at address *)
   | MemoryAtomicNotify of atomicop    (* atomically notify all waiters at address *)
+  | AtomicFence                       (* perform an atomic fence *)
   | AtomicLoad of atomicop            (* atomically read memory at address *)
   | AtomicStore of atomicop           (* atomically write memory at address *)
   | AtomicRmw of rmwop * atomicop     (* atomically read, modify, write memory at address *)

diff --git a/interpreter/syntax/operators.ml b/interpreter/syntax/operators.ml
@@ -78,6 +78,9 @@ let memory_atomic_wait32 align offset =
 let memory_atomic_wait64 align offset =
   MemoryAtomicWait {ty = I64Type; align; offset; sz = None}
 
+let atomic_fence =
+  AtomicFence
+
 let i32_atomic_load align offset =
   AtomicLoad {ty = I32Type; align; offset; sz = None}
 let i64_atomic_load align offset =

diff --git a/interpreter/text/arrange.ml b/interpreter/text/arrange.ml
@@ -311,6 +311,7 @@ let rec instr e =
     | Convert op -> cvtop op, []
     | MemoryAtomicWait op -> memoryatomicwaitop op, []
     | MemoryAtomicNotify op -> memoryatomicnotifyop op, []
+    | AtomicFence -> "atomic.fence", []
     | AtomicLoad op -> atomicloadop op, []
     | AtomicStore op -> atomicstoreop op, []
     | AtomicRmw (rmwop, op) -> atomicrmwop op rmwop, []

diff --git a/interpreter/text/lexer.mll b/interpreter/text/lexer.mll
@@ -259,6 +259,7 @@ rule token = parse
         intop ("i" ^ sz)
           (memory_atomic_wait32 (opt a 2))
           (memory_atomic_wait64 (opt a 3)) o) }
+  | "atomic.fence" { ATOMIC_FENCE }
   | (ixx as t)".atomic.load"
     { ATOMIC_LOAD (fun a o ->
         intop t (i32_atomic_load (opt a 2)) (i64_atomic_load (opt a 3)) o) }

diff --git a/interpreter/text/parser.mly b/interpreter/text/parser.mly
@@ -169,7 +169,7 @@ let inline_type_explicit (c : context) x ft at =
 %token CALL CALL_INDIRECT RETURN
 %token LOCAL_GET LOCAL_SET LOCAL_TEE GLOBAL_GET GLOBAL_SET
 %token LOAD STORE OFFSET_EQ_NAT ALIGN_EQ_NAT
-%token MEMORY_ATOMIC_WAIT MEMORY_ATOMIC_NOTIFY
+%token MEMORY_ATOMIC_WAIT MEMORY_ATOMIC_NOTIFY ATOMIC_FENCE
 %token ATOMIC_LOAD ATOMIC_STORE ATOMIC_RMW ATOMIC_RMW_CMPXCHG
 %token CONST UNARY BINARY TEST COMPARE CONVERT
 %token UNREACHABLE MEMORY_SIZE MEMORY_GROW
@@ -358,6 +358,7 @@ plain_instr :
   | CONVERT { fun c -> $1 }
   | MEMORY_ATOMIC_WAIT offset_opt align_opt { fun c -> $1 $3 $2 }
   | MEMORY_ATOMIC_NOTIFY offset_opt align_opt { fun c -> $1 $3 $2 }
+  | ATOMIC_FENCE { fun c -> atomic_fence }
   | ATOMIC_LOAD offset_opt align_opt { fun c -> $1 $3 $2 }
   | ATOMIC_STORE offset_opt align_opt { fun c -> $1 $3 $2 }
   | ATOMIC_RMW offset_opt align_opt { fun c -> $1 $3 $2 }

diff --git a/interpreter/valid/valid.ml b/interpreter/valid/valid.ml
@@ -308,6 +308,9 @@ let rec check_instr (c : context) (e : instr) (s : infer_stack_type) : op_type =
     check_memop c memop (fun sz -> sz) e.at;
     [I32Type; memop.ty; I64Type] --> [I32Type]
 
+  | AtomicFence ->
+    [] --> []
+
   | AtomicLoad memop ->
     check_memop c memop (fun sz -> sz) e.at;
     [I32Type] --> [memop.ty]

diff --git a/test/core/atomic.wast b/test/core/atomic.wast
@@ -417,6 +417,7 @@
 (assert_trap (invoke "i64.atomic.rmw16.cmpxchg_u" (i32.const 1) (i64.const 0) (i64.const 0)) "unaligned atomic")
 (assert_trap (invoke "i64.atomic.rmw32.cmpxchg_u" (i32.const 1) (i64.const 0) (i64.const 0)) "unaligned atomic")
 
+;; wait/notify
 (module
   (memory 1 1 shared)
 
@@ -431,10 +432,54 @@
 )
 
 (invoke "init" (i64.const 0xffffffffffff))
+
+;; wait returns immediately if values do not match
 (assert_return (invoke "memory.atomic.wait32" (i32.const 0) (i32.const 0) (i64.const 0)) (i32.const 1))
 (assert_return (invoke "memory.atomic.wait64" (i32.const 0) (i64.const 0) (i64.const 0)) (i32.const 1))
+
+;; notify always returns
+(assert_return (invoke "memory.atomic.notify" (i32.const 0) (i32.const 0)) (i32.const 0))
+
+;; OOB wait and notify always trap
+(assert_trap (invoke "memory.atomic.wait32" (i32.const 65536) (i32.const 0) (i64.const 0)) "out of bounds memory access")
+(assert_trap (invoke "memory.atomic.wait64" (i32.const 65536) (i64.const 0) (i64.const 0)) "out of bounds memory access")
+
+;; in particular, notify always traps even if waking 0 threads
+(assert_trap (invoke "memory.atomic.notify" (i32.const 65536) (i32.const 0)) "out of bounds memory access")
+
+;; similarly, unaligned wait and notify always trap
+(assert_trap (invoke "memory.atomic.wait32" (i32.const 65531) (i32.const 0) (i64.const 0)) "unaligned atomic")
+(assert_trap (invoke "memory.atomic.wait64" (i32.const 65524) (i64.const 0) (i64.const 0)) "unaligned atomic")
+
+(assert_trap (invoke "memory.atomic.notify" (i32.const 65531) (i32.const 0)) "unaligned atomic")
+
+;; atomic.wait traps on unshared memory even if it wouldn't block
+(module
+  (memory 1 1)
+
+  (func (export "init") (param $value i64) (i64.store (i32.const 0) (local.get $value)))
+
+  (func (export "memory.atomic.notify") (param $addr i32) (param $count i32) (result i32)
+      (memory.atomic.notify (local.get 0) (local.get 1)))
+  (func (export "memory.atomic.wait32") (param $addr i32) (param $expected i32) (param $timeout i64) (result i32)
+      (memory.atomic.wait32 (local.get 0) (local.get 1) (local.get 2)))
+  (func (export "memory.atomic.wait64") (param $addr i32) (param $expected i64) (param $timeout i64) (result i32)
+      (memory.atomic.wait64 (local.get 0) (local.get 1) (local.get 2)))
+)
+
+(invoke "init" (i64.const 0xffffffffffff))
+
+(assert_trap (invoke "memory.atomic.wait32" (i32.const 0) (i32.const 0) (i64.const 0)) "expected shared memory")
+(assert_trap (invoke "memory.atomic.wait64" (i32.const 0) (i64.const 0) (i64.const 0)) "expected shared memory")
+
+;; notify still works
 (assert_return (invoke "memory.atomic.notify" (i32.const 0) (i32.const 0)) (i32.const 0))
 
+;; OOB and unaligned notify still trap
+(assert_trap (invoke "memory.atomic.notify" (i32.const 65536) (i32.const 0)) "out of bounds memory access")
+(assert_trap (invoke "memory.atomic.notify" (i32.const 65531) (i32.const 0)) "unaligned atomic")
+
+
 ;; unshared memory is OK
 (module
   (memory 1 1)
@@ -488,6 +533,13 @@
   (func (drop (i64.atomic.rmw32.cmpxchg_u (i32.const 0) (i64.const 0) (i64.const 0))))
 )
 
+;; atomic.fence: no memory is ok
+(module
+  (func (export "fence") (atomic.fence))
+)
+
+(assert_return (invoke "fence"))
+
 ;; Fails with no memory
 (assert_invalid (module (func (drop (memory.atomic.notify (i32.const 0) (i32.const 0))))) "unknown memory")
 (assert_invalid (module (func (drop (memory.atomic.wait32 (i32.const 0) (i32.const 0) (i64.const 0))))) "unknown memory")