New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wasm2c hangs on certain inputs and cannot finish execution for a while. #2180
Comments
|
I can't replicate the segfault or infinite loop (on GNU/Linux with default ulimit); the wasm2c command runs for 28 seconds, grows its heap to 4.3 GiB, and then spits out: What OS, compiler, and standard C++ library are you running/compiling this with, and with what stack and memory limits? I do get similar results (the very long execution) from I think the root cause here is that:
We could probably make this faster with the knowledge that generated names will only conflict with pre-existing names (not other generated names), but not sure if it's worth it. We're still going to be throwing all those names into a BindingHash in the end. We could also make wasm2c check module validity before running GenerateNames, which at least would improve treatment of these invalid modules. Still would be a lot of RAM consumption for a module that happens to be valid and also has millions of locals in a function. OTOH, if the problem is just RAM consumption exceeding a limit, I would expect to get a more graceful failure than a segfault. |
|
Thank you for the comment, Professor. Initially, I was thinking it is because wasm2c tries to access unpermitted memory region. Because Ack: Initial title that includes "infinite loop" was not right. The execution finishes after some time. Best, |
|
Thanks for checking further! Are you able to reproduce the segfault? I would love to understand where that comes from but wasn't able to replicate it locally. |
|
Yes, Professor. I checked segfault multiple times and it gave it every time.
That is one of the reasons, I thought it was memory-related issue. |
|
Thanks -- unfortunately I haven't been able to replicate the segfault (with GCC 12 on Ubuntu 22.10) so I'm a little stuck. Are you able to provide a little more information?
Thanks much! |
Describe the bug
Certain
hang.wasmcauseswasm2can infinite loop.wasm2ctries to access a memory that is not permitted instead of providingtype mismatcherror for a while.wasm2c --version: 1.0.32 (git~1.0.32-46-g47a589a1)Content of the file that causes the issue:
vim hang.wasm:cat hang.wasm:Steps to reproduce:
Here is the file for the bug:
hang.wasm.txt (Remove .txt extension and save as .wasm)
wasm2c hang.wasmwasm2ccannot finish the execution.wasm-validate hang.wasmoutput:Segmentation faultgdb wasm-validateand subsequentrun hang.wasmoutput:Expected Behavior:
The expected output should be an error like other related tools would provide as below. To cite an example, run
wasm2waton the test file:wasm2wat hang.wasm:The output will be:
Additional information
A combination of afl-fuzz++4.03a and Wasmlike, an Xsmith-based random program generator produced the snippet of code that caused the crash. https://www.flux.utah.edu/project/xsmith
The text was updated successfully, but these errors were encountered: