Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Crash and Assertion failed in wasm2js #2288

Closed
gaintcome opened this issue Aug 7, 2019 · 1 comment

Comments

@gaintcome
Copy link

commented Aug 7, 2019

Hi,

I observed two crash and assertion failed in wasm2js (based on commit 7773426). The poc files are attached.

How to reproduce:

 wasm2js poc 

poc.zip

Report of backtrace in gdb

Assertaion failed

#0  0x00007ffff6f78428 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff6f7a02a in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007ffff6f70bd7 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007ffff6f70c82 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#4  0x0000000000f1bad3 in wasm::asmangle (name=<incomplete type>) at binaryen/src/asmjs/asmangle.cpp:26
#5  0x0000000000a982ee in wasm::Wasm2JSBuilder::fromName (this=0x7fffffffc718, name=..., scope=wasm::NameScope::Top)
    at binaryen/src/wasm2js.h:207
#6  0x0000000000a72a0c in wasm::Wasm2JSBuilder::processWasm (this=0x7fffffffc718, wasm=0x7fffffffd450, funcName=...)
    at binaryen/src/wasm2js.h:384
#7  0x0000000000a7ac9f in (anonymous namespace)::emitWasm (wasm=..., output=..., flags=..., options=..., name=...)
    at binaryen/src/tools/wasm2js.cpp:502
#8  0x0000000000a79bc2 in main (argc=0x2, argv=0x7fffffffdcb8) at binaryen/src/tools/wasm2js.cpp:925
#9  0x00007ffff6f63830 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#10 0x0000000000a71219 in _start ()

Crash

Stopped reason: SIGSEGV

#0  0x0000000000e561b4 in wasm::LocalSet::finalize (this=0x1486b40) at binaryen/src/wasm/wasm.cpp:465
#1  0x0000000000b13832 in wasm::Builder::makeLocalSet (this=0x7fffffffac78, index=0x0, value=0x0) at binaryen/src/wasm-builder.h:244
#2  0x0000000000f2dbe9 in wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier::visitLocalSet(wasm::LocalSet*) (this=0x7fffffffac50, curr=0x7ffff0000b10) at binaryen/src/ir/ExpressionManipulator.cpp:96
#3  0x0000000000f2d25b in wasm::Visitor<wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier, wasm::Expression*>::visit(wasm::Expression*) (this=0x7fffffffac50, curr=0x7ffff0000b10) at binaryen/src/wasm-traversal.h:112
#4  0x0000000000f2cfb0 in wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier::copy(wasm::Expression*) (this=0x7fffffffac50, curr=0x7ffff0000b10) at binaryen/src/ir/ExpressionManipulator.cpp:44
#5  0x0000000000f2d63f in wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier::visitBlock(wasm::Block*) (this=0x7fffffffac50, curr=0x7ffff0000b48) at binaryen/src/ir/ExpressionManipulator.cpp:50
#6  0x0000000000f2d17b in wasm::Visitor<wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier, wasm::Expression*>::visit(wasm::Expression*) (this=0x7fffffffac50, curr=0x7ffff0000b48) at binaryen/src/wasm-traversal.h:96
#7  0x0000000000f2cfb0 in wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>)::Copier::copy(wasm::Expression*) (this=0x7fffffffac50, curr=0x7ffff0000b48) at binaryen/src/ir/ExpressionManipulator.cpp:44
#8  0x0000000000f2ce73 in wasm::ExpressionManipulator::flexibleCopy(wasm::Expression*, wasm::Module&, std::function<wasm::Expression* (wasm::Expression*)>) (original=0x7ffff0000b48, 
    wasm=..., custom=...) at binaryen/src/ir/ExpressionManipulator.cpp:229
#9  0x0000000000c34fbd in wasm::ExpressionManipulator::copy (original=0x7ffff0000b48, wasm=...) at binaryen/src/ir/manipulation.h:62
#10 0x0000000000c34cc1 in wasm::ModuleUtils::copyFunction (func=0x14673e0, out=...) at binaryen/src/ir/module-utils.h:99
#11 0x0000000000c3475d in wasm::I64ToI32Lowering::doWalkFunction (this=0x1469ca0, func=0x14673e0)
    at binaryen/src/passes/I64ToI32Lowering.cpp:176
#12 0x0000000000c21ae3 in wasm::Walker<wasm::I64ToI32Lowering, wasm::Visitor<wasm::I64ToI32Lowering, void> >::walkFunction (this=0x1469cc8, func=0x14673e0)
    at binaryen/src/wasm-traversal.h:504
#13 0x0000000000c210ac in wasm::Walker<wasm::I64ToI32Lowering, wasm::Visitor<wasm::I64ToI32Lowering, void> >::doWalkModule (this=0x1469cc8, module=0x7fffffffd460)
    at binaryen/src/wasm-traversal.h:569
#14 0x0000000000c20bfe in wasm::I64ToI32Lowering::doWalkModule (this=0x1469ca0, module=0x7fffffffd460)
    at binaryen/src/passes/I64ToI32Lowering.cpp:147
#15 0x0000000000c206a3 in wasm::Walker<wasm::I64ToI32Lowering, wasm::Visitor<wasm::I64ToI32Lowering, void> >::walkModule (this=0x1469cc8, module=0x7fffffffd460)
    at binaryen/src/wasm-traversal.h:543
#16 0x0000000000c1c75f in wasm::WalkerPass<wasm::PostWalker<wasm::I64ToI32Lowering, wasm::Visitor<wasm::I64ToI32Lowering, void> > >::run (this=0x1469ca0, runner=0x7fffffffc4a8, 
    module=0x7fffffffd460) at binaryen/src/pass.h:331
#17 0x0000000000b062a8 in wasm::PassRunner::runPass (this=0x7fffffffc4a8, pass=0x1469ca0) at binaryen/src/passes/pass.cpp:685
#18 0x0000000000b05cc0 in wasm::PassRunner::run (this=0x7fffffffc4a8) at binaryen/src/passes/pass.cpp:563
#19 0x0000000000a722bf in wasm::Wasm2JSBuilder::processWasm (this=0x7fffffffc728, wasm=0x7fffffffd460, funcName=...)
    at binaryen/src/wasm2js.h:332
#20 0x0000000000a7ac9f in (anonymous namespace)::emitWasm (wasm=..., output=..., flags=..., options=..., name=...)
    at binaryen/src/tools/wasm2js.cpp:502
#21 0x0000000000a79bc2 in main (argc=0x2, argv=0x7fffffffdcc8) at binaryen/src/tools/wasm2js.cpp:925
#22 0x00007ffff6f63830 in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#23 0x0000000000a71219 in _start ()

@kripken

This comment has been minimized.

Copy link
Member

commented Aug 8, 2019

Thanks @gaintcome! Fixes in #2289 #2290

kripken added a commit that referenced this issue Aug 8, 2019
We didn't have an OverriddenVisitor in the copying code, and sadly unimplemented visitors just return null. That explains the crash in #2288

The missing visitors were push and pop.
@gaintcome gaintcome closed this Aug 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.