That's one way they could do it, not quite free since they'd have to mask off the high address bits at each load/store, but that's probably cheaper than adding a full branch at every load/store.
I think the wasm spec would have to be amended for that to be legal though, currently out-of-bounds memory accesses must throw an exception one way or another, and silently dropping the high bits of addresses may turn an out-of-bounds access into an in-bounds access that doesn't throw.
Not sure why. They could just guarantee the allocator never hands out invalid addresses no? If you’re trying to access outside the valid range that’s an out of bounds access because the memory range isn’t mapped. I’m sure I’m missing some nuance though.
The allocator never hands out invalid addresses, but the wasm code can then try to access out of the bounds of the allocated memory (eg huge array index).
The wasm runtime and other browser code runs in the same address space but must stay out of reach of the wasm code.
I think the wasm spec would have to be amended for that to be legal though, currently out-of-bounds memory accesses must throw an exception one way or another, and silently dropping the high bits of addresses may turn an out-of-bounds access into an in-bounds access that doesn't throw.