Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The function DefaultReferenceValue() returns undefined as a default value for two different types. According to the wasm-gc specification, only null values can be used for reference types. So, why does this violation of the specification matter?

There are invariants in these complicated programs. For instance, only these X amount of types will be seen here or a value in the range of X..Y will be there. These constraints are then used throughout the codebase. So, once one of these invariants in violated, it causes major havoc.

The only allowed value for nullexternref is a JS null, but this has been broken. Optimizing compilers are now likely to optimize code incorrectly. Additionally, kNoExtern as undefined may be confused with other types. Using point 2, they were able to craft a string with an invalid length to cause a crash.

Neat bug! Reading the specification is helpful when multiple things rely on it.