Bump version to 2.4.4 (#4722)

* fix: update git clone branch for threads spec to main-legacy (#4687)
* Fast-interp should report unsupport opcode when meeting simd opcode on non-posix platforms (#4723)

.github/workflows/build_iwasm_release.yml

@@ -127,7 +127,7 @@ jobs:
         working-directory: ${{ inputs.cwd }}
 
       - name: Compress the binary on Windows
-        if: inputs.runner == 'windows-latest'
+        if: inputs.runner == 'windows-2022'
         run: |
           tar -czf iwasm${{ matrix.suffix }}-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz iwasm.exe
           Compress-Archive -Path iwasm.exe -DestinationPath iwasm${{ matrix.suffix }}-${{ inputs.ver_num }}-${{ inputs.runner }}.zip
@@ -135,7 +135,7 @@ jobs:
         working-directory: ${{ inputs.cwd }}/build/Release
 
       - name: compress the binary on non-Windows
-        if: inputs.runner != 'windows-latest'
+        if: inputs.runner != 'windows-2022'
         run: |
           # Follow the symlink to the actual binary file
           tar --dereference -czf iwasm${{ matrix.suffix }}-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz iwasm

.github/workflows/build_llvm_libraries.yml

@@ -118,11 +118,11 @@ jobs:
           key: 0-ccache-${{ inputs.os }}-${{ steps.get_last_commit.outputs.last_commit }}
           restore-keys: |
             0-ccache-${{ inputs.os }}
-        if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-latest'
+        if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-2022'
 
       # Install tools on Windows
       - run: choco install -y ccache ninja
-        if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-latest'
+        if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true' && inputs.os == 'windows-2022'
 
       - name: Build LLVM libraries
         if: steps.retrieve_llvm_libs.outputs.cache-hit != 'true'

.github/workflows/build_wamrc.yml

@@ -63,7 +63,7 @@ jobs:
         working-directory: wamr-compiler
 
       - name: Compress the binary on Windows
-        if: inputs.runner == 'windows-latest' && inputs.release
+        if: inputs.runner == 'windows-2022' && inputs.release
         run: |
           tar -czf wamrc-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz wamrc.exe
           Compress-Archive -Path wamrc.exe -DestinationPath wamrc-${{ inputs.ver_num }}-${{ inputs.runner }}.zip
@@ -71,7 +71,7 @@ jobs:
         working-directory: wamr-compiler/build/Release
 
       - name: compress the binary on non-Windows
-        if: inputs.runner != 'windows-latest' && inputs.release
+        if: inputs.runner != 'windows-2022' && inputs.release
         run: |
           # Follow the symlink to the actual binary file
           tar --dereference -czf wamrc-${{ inputs.ver_num }}-${{ inputs.runner }}.tar.gz wamrc

.github/workflows/compilation_on_windows.yml

@@ -1,7 +1,7 @@
 # Copyright (C) 2019 Intel Corporation.  All rights reserved.
 # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 
-name: compilation on windows-latest
+name: compilation on windows-2022
 
 on:
   # will be triggered on PR events
@@ -63,11 +63,11 @@ jobs:
       actions: write
     uses: ./.github/workflows/build_llvm_libraries.yml
     with:
-      os: "windows-latest"
+      os: "windows-2022"
       arch: "AArch64 ARM Mips RISCV X86"
 
   build_iwasm:
-    runs-on: windows-latest
+    runs-on: windows-2022
     strategy:
       matrix:
         build_options:
@@ -105,7 +105,7 @@ jobs:
     strategy:
       matrix:
         include:
-          - os: windows-latest
+          - os: windows-2022
             llvm_cache_key: ${{ needs.build_llvm_libraries_on_windows.outputs.cache_key }}
     steps:
       - name: checkout
@@ -136,7 +136,7 @@ jobs:
         working-directory: wamr-compiler
 
   test:
-    runs-on: windows-latest
+    runs-on: windows-2022
     needs: [build_iwasm, build_wamrc]
     strategy:
       fail-fast: false

.github/workflows/release_process.yml

@@ -11,6 +11,26 @@ on:
         type: boolean
         required: false
         default: false
+      release_wamr_sdk:
+        description: "If the WAMR SDK in the release"
+        type: boolean
+        required: false
+        default: false
+      release_wamr_lldb:
+        description: "If the WAMR LLDB in the release"
+        type: boolean
+        required: false
+        default: false
+      release_wamr_ide_vscode_ext:
+        description: "If the WAMR VSCode extension in the release"
+        type: boolean
+        required: false
+        default: false
+      release_wamr_wasi_ext:
+        description: "If the WAMR WASI extensions in the release"
+        type: boolean
+        required: false
+        default: true
 
 # Cancel any in-flight jobs for the same PR/branch so there's only one active
 # at a time
@@ -85,7 +105,7 @@ jobs:
     needs: [create_tag, create_release]
     uses: ./.github/workflows/build_llvm_libraries.yml
     with:
-      os: "windows-latest"
+      os: "windows-2022"
       arch: "AArch64 ARM Mips RISCV X86"
 
   #
@@ -122,7 +142,7 @@ jobs:
     with:
       llvm_cache_key: ${{ needs.build_llvm_libraries_on_windows.outputs.cache_key }}
       release: true
-      runner: windows-latest
+      runner: windows-2022
       upload_url: ${{ needs.create_release.outputs.upload_url }}
       ver_num: ${{ needs.create_tag.outputs.new_ver }}
 
@@ -160,7 +180,7 @@ jobs:
     with:
       cwd: product-mini/platforms/windows
       llvm_cache_key: ${{ needs.build_llvm_libraries_on_windows.outputs.cache_key }}
-      runner: windows-latest
+      runner: windows-2022
       upload_url: ${{ needs.create_release.outputs.upload_url }}
       ver_num: ${{ needs.create_tag.outputs.new_ver}}
 
@@ -170,6 +190,7 @@ jobs:
     permissions:
       contents: write # upload release artifact
     needs: [create_tag, create_release]
+    if: ${{ inputs.release_wamr_sdk }}
     uses: ./.github/workflows/build_wamr_sdk.yml
     with:
       config_file: wamr_config_ubuntu_release.cmake
@@ -183,6 +204,7 @@ jobs:
     permissions:
       contents: write # upload release artifact
     needs: [create_tag, create_release]
+    if: ${{ inputs.release_wamr_sdk }}
     uses: ./.github/workflows/build_wamr_sdk.yml
     with:
       config_file: wamr_config_macos_release.cmake
@@ -192,30 +214,29 @@ jobs:
       wasi_sdk_url: https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-19/wasi-sdk-19.0-macos.tar.gz
       wamr_app_framework_url: https://github.com/bytecodealliance/wamr-app-framework.git
 
-  # Let's disable it for now and reopen it when the actual requirement arises.
+  # vscode extension cross-platform
-  # Please ensure all dependencies have been updated before reopening.
+  release_wamr_ide_vscode_ext:
-  #
+    permissions:
-  # # vscode extension cross-platform
+      contents: write # upload release artifact
-  # release_wamr_ide_vscode_ext:
+    needs: [create_tag, create_release]
-  #   permissions:
+    if: ${{ inputs.release_wamr_ide_vscode_ext}}
-  #     contents: write # upload release artifact
+    uses: ./.github/workflows/build_wamr_vscode_ext.yml
-  #   needs: [create_tag, create_release]
+    secrets: inherit
-  #   uses: ./.github/workflows/build_wamr_vscode_ext.yml
+    with:
-  #   secrets: inherit
+      upload_url: ${{ needs.create_release.outputs.upload_url }}
-  #   with:
+      ver_num: ${{ needs.create_tag.outputs.new_ver }}
-  #     upload_url: ${{ needs.create_release.outputs.upload_url }}
-  #     ver_num: ${{ needs.create_tag.outputs.new_ver }}
 
-  # #
+  #
-  # # vscode extension docker images package
+  # vscode extension docker images package
-  # release_wamr_ide_docker_images_package:
+  release_wamr_ide_docker_images_package:
-  #   permissions:
+    permissions:
-  #     contents: write # upload release artifact
+      contents: write # upload release artifact
-  #   needs: [create_tag, create_release]
+    needs: [create_tag, create_release]
-  #   uses: ./.github/workflows/build_docker_images.yml
+    if: ${{ inputs.release_wamr_ide_vscode_ext}}
-  #   with:
+    uses: ./.github/workflows/build_docker_images.yml
-  #     upload_url: ${{ needs.create_release.outputs.upload_url }}
+    with:
-  #     ver_num: ${{ needs.create_tag.outputs.new_ver }}
+      upload_url: ${{ needs.create_release.outputs.upload_url }}
+      ver_num: ${{ needs.create_tag.outputs.new_ver }}
 
   #
   # WAMR_LLDB
@@ -223,6 +244,7 @@ jobs:
     permissions:
       contents: write # upload release artifact
     needs: [create_tag, create_release]
+    if: ${{ inputs.release_wamr_lldb }}
     uses: ./.github/workflows/build_wamr_lldb.yml
     with:
       runner: ubuntu-22.04
@@ -233,6 +255,7 @@ jobs:
     permissions:
       contents: write # upload release artifact
     needs: [create_tag, create_release]
+    if: ${{ inputs.release_wamr_lldb }}
     uses: ./.github/workflows/build_wamr_lldb.yml
     with:
       runner: macos-13
@@ -244,6 +267,7 @@ jobs:
     permissions:
       contents: write # upload release artifact
     needs: [create_tag, create_release]
+    if: ${{ inputs.release_wamr_wasi_ext }}
     uses: ./.github/workflows/build_wamr_wasi_extensions.yml
     with:
       upload_url: ${{ needs.create_release.outputs.upload_url }}

RELEASE_NOTES.md

@@ -1,3 +1,56 @@
+## WAMR-2.4.4
+
+### Breaking Changes
+
+### New Features
+
+### Bug Fixes
+
+- CVE-2025-64704. Allow the classic interpreter to exit gracefully when encountering SIMD opcodes due to the per-instance running mode.
+- CVE-2025-64713. Fix an unbalanced stack operation when validating special opcode combinations for fast interpretation.
+- fix: update git clone branch for threads spec to main-legacy (#4687) (#4725)
+- Fast-interp should report unsupported opcode when meeting simd opcode on non-posix platforms (#4723) (#4725)
+
+### Enhancements
+
+- Add inputs for optional WAMR releases in the release process workflow (#4486) (#4715)
+
+### Others
+
+---
+
+## WAMR-2.4.3
+
+### Breaking Changes
+
+### New Features
+
+### Bug Fixes
+
+- libc-wasi: add missing pointer validations to socket functions (#4611) (#4665)
+
+### Enhancements
+
+### Others
+
+---
+
+## WAMR-2.4.2
+
+### Breaking Changes
+
+### New Features
+
+### Bug Fixes
+
+- CVE-2025-58749. Fix a potential hang issue in LLVMJIT mode
+
+### Enhancements
+
+### Others
+
+---
+
 ## WAMR-2.4.1
 
 ### Breaking Changes

build-scripts/version.cmake

@@ -8,7 +8,7 @@ endif()
 
 set(WAMR_VERSION_MAJOR 2)
 set(WAMR_VERSION_MINOR 4)
-set(WAMR_VERSION_PATCH 1)
+set(WAMR_VERSION_PATCH 4)
 
 message("-- WAMR version: ${WAMR_VERSION_MAJOR}.${WAMR_VERSION_MINOR}.${WAMR_VERSION_PATCH}")
 

core/iwasm/compilation/aot_emit_memory.c

@@ -1486,7 +1486,7 @@ LLVMValueRef
 check_bulk_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
                            LLVMValueRef offset, LLVMValueRef bytes)
 {
-    LLVMValueRef maddr, max_addr, cmp, cmp1;
+    LLVMValueRef maddr, max_addr, cmp, cmp1, offset1;
     LLVMValueRef mem_base_addr;
     LLVMBasicBlockRef block_curr = LLVMGetInsertBlock(comp_ctx->builder);
     LLVMBasicBlockRef check_succ;
@@ -1539,8 +1539,18 @@ check_bulk_memory_overflow(AOTCompContext *comp_ctx, AOTFuncContext *func_ctx,
         if (mem_data_size > 0 && mem_offset + mem_len <= mem_data_size) {
             /* inside memory space */
             /* maddr = mem_base_addr + moffset */
+            /* Perform zero extension in advance to avoid LLVMBuildInBoundsGEP2
+             * interpreting a negative address due to sign extension when
+             * mem_offset >= 2GiB */
+            if (comp_ctx->pointer_size == sizeof(uint64)) {
+                offset1 = I64_CONST(mem_offset);
+            }
+            else {
+                offset1 = I32_CONST((uint32)mem_offset);
+            }
+            CHECK_LLVM_CONST(offset1);
             if (!(maddr = LLVMBuildInBoundsGEP2(comp_ctx->builder, INT8_TYPE,
-                                                mem_base_addr, &offset, 1,
+                                                mem_base_addr, &offset1, 1,
                                                 "maddr"))) {
                 aot_set_last_error("llvm build add failed.");
                 goto fail;

core/iwasm/interpreter/wasm_interp_classic.c

@@ -6572,12 +6572,10 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
         HANDLE_OP(WASM_OP_CATCH_ALL)
         HANDLE_OP(EXT_OP_TRY)
 #endif
-#if WASM_ENABLE_JIT != 0 && WASM_ENABLE_SIMD != 0
         /* SIMD isn't supported by interpreter, but when JIT is
            enabled, `iwasm --interp <wasm_file>` may be run to
            trigger the SIMD opcode in interpreter */
         HANDLE_OP(WASM_OP_SIMD_PREFIX)
-#endif
         HANDLE_OP(WASM_OP_UNUSED_0x16)
         HANDLE_OP(WASM_OP_UNUSED_0x17)
         HANDLE_OP(WASM_OP_UNUSED_0x27)

core/iwasm/interpreter/wasm_interp_fast.c

@@ -7528,6 +7528,9 @@ wasm_interp_call_func_bytecode(WASMModuleInstance *module,
         HANDLE_OP(EXT_OP_LOOP)
         HANDLE_OP(EXT_OP_IF)
         HANDLE_OP(EXT_OP_BR_TABLE_CACHE)
+#if WASM_ENABLE_SIMDE == 0
+        HANDLE_OP(WASM_OP_SIMD_PREFIX)
+#endif
         {
             wasm_set_exception(module, "unsupported opcode");
             goto got_exception;

core/iwasm/interpreter/wasm_loader.c

@@ -9572,6 +9572,16 @@ preserve_local_for_block(WASMLoaderContext *loader_ctx, uint8 opcode,
 
     /* preserve locals before blocks to ensure that "tee/set_local" inside
         blocks will not influence the value of these locals */
+    uint32 frame_offset_cell =
+        (uint32)(loader_ctx->frame_offset - loader_ctx->frame_offset_bottom);
+    uint32 frame_ref_cell =
+        (uint32)(loader_ctx->frame_ref - loader_ctx->frame_ref_bottom);
+    if (frame_offset_cell < loader_ctx->stack_cell_num
+        || frame_ref_cell < loader_ctx->stack_cell_num) {
+        set_error_buf(error_buf, error_buf_size, "stack cell num error");
+        return false;
+    }
+
     while (i < loader_ctx->stack_cell_num) {
         int16 cur_offset = loader_ctx->frame_offset_bottom[i];
         uint8 cur_type = loader_ctx->frame_ref_bottom[i];
@@ -11928,13 +11938,19 @@ re_scan:
                             break;
                         }
 
+                        uint8 *frame_ref_before_pop = loader_ctx->frame_ref;
                         POP_TYPE(
                             wasm_type->types[wasm_type->param_count - i - 1]);
 #if WASM_ENABLE_FAST_INTERP != 0
                         /* decrease the frame_offset pointer accordingly to keep
-                         * consistent with frame_ref stack */
+                         * consistent with frame_ref stack. Use the actual
-                        cell_num = wasm_value_type_cell_num(
+                         * popped cell count instead of
-                            wasm_type->types[wasm_type->param_count - i - 1]);
+                         * wasm_value_type_cell_num() because when the stack top
+                         * is VALUE_TYPE_ANY, wasm_loader_pop_frame_ref always
+                         * pops exactly 1 cell regardless of the expected type
+                         */
+                        cell_num = (uint32)(frame_ref_before_pop
+                                            - loader_ctx->frame_ref);
                         loader_ctx->frame_offset -= cell_num;
 
                         if (loader_ctx->frame_offset

core/iwasm/interpreter/wasm_opcode.h

@@ -790,13 +790,6 @@ typedef enum WASMAtomicEXTOpcode {
 #endif
 #define SET_GOTO_TABLE_ELEM(opcode) [opcode] = HANDLE_OPCODE(opcode)
 
-#if WASM_ENABLE_SIMDE != 0
-#define SET_GOTO_TABLE_SIMD_PREFIX_ELEM() \
-    SET_GOTO_TABLE_ELEM(WASM_OP_SIMD_PREFIX),
-#else
-#define SET_GOTO_TABLE_SIMD_PREFIX_ELEM()
-#endif
-
 #if WASM_ENABLE_SIMDE != 0
 #define DEF_EXT_V128_HANDLE()                                       \
     SET_GOTO_TABLE_ELEM(EXT_OP_SET_LOCAL_FAST_V128),     /* 0xdd */ \
@@ -1038,7 +1031,7 @@ typedef enum WASMAtomicEXTOpcode {
         HANDLE_OPCODE(EXT_OP_TRY),                   /* 0xdb */ \
         SET_GOTO_TABLE_ELEM(WASM_OP_GC_PREFIX),      /* 0xfb */ \
         SET_GOTO_TABLE_ELEM(WASM_OP_MISC_PREFIX),    /* 0xfc */ \
-        SET_GOTO_TABLE_SIMD_PREFIX_ELEM()            /* 0xfd */ \
+        SET_GOTO_TABLE_ELEM(WASM_OP_SIMD_PREFIX),    /* 0xfd */ \
         SET_GOTO_TABLE_ELEM(WASM_OP_ATOMIC_PREFIX),  /* 0xfe */ \
         DEF_DEBUG_BREAK_HANDLE() DEF_EXT_V128_HANDLE()          \
     };

core/iwasm/libraries/libc-wasi/libc_wasi_wrapper.c

@@ -1161,6 +1161,9 @@ wasi_sock_accept(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_fdflags_t flags,
     if (!wasi_ctx)
         return __WASI_EACCES;
 
+    if (!validate_native_addr(fd_new, sizeof(*fd_new)))
+        return __WASI_EINVAL;
+
     curfds = wasi_ctx_get_curfds(wasi_ctx);
 
     return wasi_ssp_sock_accept(exec_env, curfds, fd, flags, fd_new);
@@ -1219,6 +1222,19 @@ wasi_sock_addr_resolve(wasm_exec_env_t exec_env, const char *host,
     if (!wasi_ctx)
         return __WASI_EACCES;
 
+    if (!validate_native_addr(hints, sizeof(*hints)))
+        return __WASI_EINVAL;
+
+    uint64_t addr_info_byte_size = sizeof(*addr_info) * addr_info_size;
+    if (addr_info_byte_size / addr_info_size != sizeof(*addr_info))
+        return __WASI_EINVAL;
+
+    if (!validate_native_addr(addr_info, addr_info_byte_size))
+        return __WASI_EINVAL;
+
+    if (!validate_native_addr(max_info_size, sizeof(*max_info_size)))
+        return __WASI_EINVAL;
+
     curfds = wasi_ctx_get_curfds(wasi_ctx);
     ns_lookup_list = wasi_ctx_get_ns_lookup_list(wasi_ctx);
 
@@ -1238,6 +1254,9 @@ wasi_sock_bind(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_addr_t *addr)
     if (!wasi_ctx)
         return __WASI_EACCES;
 
+    if (!validate_native_addr(addr, sizeof(*addr)))
+        return __WASI_EINVAL;
+
     curfds = wasi_ctx_get_curfds(wasi_ctx);
     addr_pool = wasi_ctx_get_addr_pool(wasi_ctx);
 
@@ -1264,6 +1283,9 @@ wasi_sock_connect(wasm_exec_env_t exec_env, wasi_fd_t fd, wasi_addr_t *addr)
     if (!wasi_ctx)
         return __WASI_EACCES;
 
+    if (!validate_native_addr(addr, sizeof(*addr)))
+        return __WASI_EINVAL;
+
     curfds = wasi_ctx_get_curfds(wasi_ctx);
     addr_pool = wasi_ctx_get_addr_pool(wasi_ctx);
 
@@ -1643,6 +1665,9 @@ wasi_sock_open(wasm_exec_env_t exec_env, wasi_fd_t poolfd,
     if (!wasi_ctx)
         return __WASI_EACCES;
 
+    if (!validate_native_addr(sockfd, sizeof(*sockfd)))
+        return __WASI_EINVAL;
+
     curfds = wasi_ctx_get_curfds(wasi_ctx);
 
     return wasi_ssp_sock_open(exec_env, curfds, poolfd, af, socktype, sockfd);
@@ -2082,6 +2107,10 @@ wasi_sock_recv_from(wasm_exec_env_t exec_env, wasi_fd_t sock,
         return __WASI_EINVAL;
     }
 
+    /* note: src_addr is NULL when called by wasi_sock_recv */
+    if (src_addr != NULL && !validate_native_addr(src_addr, sizeof(*src_addr)))
+        return __WASI_EINVAL;
+
     if (!validate_native_addr(ro_data_len, (uint64)sizeof(uint32)))
         return __WASI_EINVAL;
 
@@ -2118,16 +2147,19 @@ wasi_sock_recv(wasm_exec_env_t exec_env, wasi_fd_t sock, iovec_app_t *ri_data,
                wasi_roflags_t *ro_flags)
 {
     wasm_module_inst_t module_inst = get_module_inst(exec_env);
-    __wasi_addr_t src_addr;
     wasi_errno_t error;
 
+    if (!validate_native_addr(ro_data_len, sizeof(*ro_data_len)))
+        return __WASI_EINVAL;
+
     if (!validate_native_addr(ro_flags, (uint64)sizeof(wasi_roflags_t)))
         return __WASI_EINVAL;
 
+    // We call `recvfrom` with NULL source address as `recv` doesn't
+    // return the source address and this parameter is not used.
+    *ro_data_len = 0;
     error = wasi_sock_recv_from(exec_env, sock, ri_data, ri_data_len, ri_flags,
-                                &src_addr, ro_data_len);
+                                NULL, ro_data_len);
-    *ro_flags = ri_flags;
-
     return error;
 }
 
@@ -2228,6 +2260,9 @@ wasi_sock_send_to(wasm_exec_env_t exec_env, wasi_fd_t sock,
         return __WASI_EINVAL;
     }
 
+    if (!validate_native_addr((void *)dest_addr, sizeof(*dest_addr)))
+        return __WASI_EINVAL;
+
     if (!validate_native_addr(so_data_len, (uint64)sizeof(uint32)))
         return __WASI_EINVAL;
 

core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/src/posix.c

@@ -2854,7 +2854,11 @@ wasmtime_ssp_sock_recv_from(wasm_exec_env_t exec_env, struct fd_table *curfds,
         return convert_errno(errno);
     }
 
+    // If the source address is not NULL, we need to convert the sockaddr
+    // back to __wasi_addr_t format.
+    if (src_addr != NULL) {
         bh_sockaddr_to_wasi_addr(&sockaddr, src_addr);
+    }
 
     *recv_len = (size_t)ret;
     return __WASI_ESUCCESS;

core/version.h

@@ -18,7 +18,7 @@
 /* clang-format off */
 #define WAMR_VERSION_MAJOR 2
 #define WAMR_VERSION_MINOR 4
-#define WAMR_VERSION_PATCH 1
+#define WAMR_VERSION_PATCH 4
 /* clang-format on */
 
 #endif

tests/regression/ba-issues/issues/issue-980000/frame_offset_overflow.wat

@@ -0,0 +1,70 @@
+(module
+  (global $g0 (mut i32) (i32.const 0))
+  (global $g1 (mut i32) (i32.const 0))
+  (global $g2 (mut i32) (i32.const 0))
+  (global $g3 (mut i32) (i32.const 0))
+  (global $g4 (mut i32) (i32.const 0))
+  (global $g5 (mut i32) (i32.const 0))
+  (global $g6 (mut i32) (i32.const 0))
+  (global $g7 (mut i32) (i32.const 0))
+
+  (export "test" (func $0))
+  (func $0
+    (local i32)
+
+    global.get $g0
+    global.get $g1
+    global.get $g2
+    global.get $g3
+    global.get $g4
+    global.get $g5
+    global.get $g6
+    global.get $g7
+    global.get $g0
+    global.get $g1
+    global.get $g2
+    global.get $g3
+    global.get $g4
+    global.get $g5
+    global.get $g6
+    global.get $g7
+    global.get $g0
+    global.get $g1
+    global.get $g2
+    global.get $g3
+    global.get $g4
+    global.get $g4
+    global.get $g4
+    global.get $g4
+    global.get $g4
+    global.get $g4
+    global.get $g4
+    global.get $g4
+    global.get $g4
+    global.get $g0
+
+    ;; has consumed 30 elements, left 2 elements on stack
+    block
+     block
+        f64.const 3.14
+        ;; RESET current block stack and mark polymorphic
+        unreachable
+        ;; PUSH ANY
+        select
+
+        loop (param i64) (result i32)
+          ;; NOW, unmatched stacks. Enlarge frame_ref stack. Keep frame_offset stack unchanged.
+          global.get $g0
+          i32.eqz
+          ;; OUT-OF-BOUNDS
+          if
+            unreachable
+          end
+          i32.wrap_i64
+        end
+        local.set 0
+      end
+    end 
+    unreachable
+  )
+)

tests/regression/ba-issues/issues/issue-980001/v128.wat

@@ -0,0 +1,13 @@
+(module
+  (type (;0;) (func))
+  (func (;0;) (type 0)
+    i32.const 0
+    i32.const 16
+    v128.load
+    i32.const 32
+    v128.load
+    i64x2.eq
+    v128.store)
+  (memory (;0;) 1 1)
+  (export "mem" (memory 0))
+  (export "main" (func 0)))

tests/regression/ba-issues/running_config.json

@@ -1754,6 +1754,38 @@
                 "stdout content": "",
                 "description": "no sanitizer 'heap-buffer-overflow'"
             }
+        },
+        {
+            "deprecated": false,
+            "ids": [
+                980000
+            ],
+            "runtime": "iwasm-default",
+            "file": "frame_offset_overflow.wasm",
+            "mode": "fast-interp",
+            "options": "-f test",
+            "argument": "",
+            "expected return": {
+                "ret code": 1,
+                "stdout content": "Exception: unreachable",
+                "description": "no 'frame offset overflow'"
+            }
+        },
+        {
+            "deprecated": false,
+            "ids": [
+                980001
+            ],
+            "runtime": "iwasm-llvm-jit",
+            "file": "v128.wasm",
+            "mode": "classic-interp",
+            "options": "-f main",
+            "argument": "",
+            "expected return": {
+                "ret code": 1,
+                "stdout content": "Exception: unsupported opcode",
+                "description": "classic-interp will exit gracefully when meeting simd opcodes"
+            }
         }
     ]
 }

tests/wamr-test-suites/test_wamr.sh

@@ -449,10 +449,10 @@ function spec_test()
         echo "checkout spec from threads proposal"
 
         # check spec test cases for threads
-        git clone -b main --single-branch https://github.com/WebAssembly/threads.git spec
+        git clone -b main-legacy --single-branch https://github.com/WebAssembly/threads.git spec
         pushd spec
 
-        # May 31, 2012 [interpreter] implement atomic.wait and atomic.notify (#194)
+        # May 31, 2023 [interpreter] implement atomic.wait and atomic.notify (#194)
         git reset --hard 09f2831349bf409187abb6f7868482a8079f2264
         git apply --ignore-whitespace ../../spec-test-script/thread_proposal_ignore_cases.patch || exit 1
         git apply --ignore-whitespace ../../spec-test-script/thread_proposal_fix_atomic_case.patch || exit 1