From 1552e2962f5e6d17c3d3daa6c85ba141069ac52b Mon Sep 17 00:00:00 2001
From: Yi LIU <yi@quantstamp.com>
Date: Mon, 16 Feb 2026 23:42:54 +0800
Subject: [PATCH] Fix missing implicitTrap for ArrayRMW and ArrayCmpxchg

ArrayRMW and ArrayCmpxchg only set implicitTrap when the array reference
is nullable, but they should set it unconditionally because an out-of-bounds
index also traps. All other indexed array operations (ArrayGet, ArraySet,
ArrayCopy, ArrayFill, ArrayInitData, ArrayInitElem) correctly set
implicitTrap unconditionally for OOB.
---
 src/ir/effects.h | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/ir/effects.h b/src/ir/effects.h
index b9e07a87bf8..1a7f4af616b 100644
--- a/src/ir/effects.h
+++ b/src/ir/effects.h
@@ -1027,9 +1027,8 @@ class EffectAnalyzer {
       }
       parent.readsArray = true;
       parent.writesArray = true;
-      if (curr->ref->type.isNullable()) {
-        parent.implicitTrap = true;
-      }
+      // traps when the arg is null or the index out of bounds
+      parent.implicitTrap = true;
       assert(curr->order != MemoryOrder::Unordered);
       parent.isAtomic = true;
     }
@@ -1040,9 +1039,8 @@ class EffectAnalyzer {
       }
       parent.readsArray = true;
       parent.writesArray = true;
-      if (curr->ref->type.isNullable()) {
-        parent.implicitTrap = true;
-      }
+      // traps when the arg is null or the index out of bounds
+      parent.implicitTrap = true;
       assert(curr->order != MemoryOrder::Unordered);
       parent.isAtomic = true;
     }