Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[lightbeam] add overflow in debug mode (backend:pick:325) #746

Closed
pventuzelo opened this issue Dec 23, 2019 · 1 comment
Closed

[lightbeam] add overflow in debug mode (backend:pick:325) #746

pventuzelo opened this issue Dec 23, 2019 · 1 comment
Labels
fuzz-bug Bugs found by a fuzzer lightbeam Issues related to the Lightbeam compiler

Comments

@pventuzelo
Copy link
Contributor

Issue description

An addition with overflow make lightbeam to panic when compiled in debug mode.

$ ./target/debug/debug_lightbeam add_overflow_mark_used_backend_min.wasm 
thread 'main' panicked at 'attempt to add with overflow', XXX/wasmtime/crates/lightbeam/src/backend.rs:325:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

This issue is related to the function mark_used called by function pick.

Backtrace:

  11: lightbeam::backend::Registers::mark_used
             at XXX/wasmtime/crates/lightbeam/src/backend.rs:325
  12: lightbeam::backend::Context<M>::pick
             at XXX/wasmtime/crates/lightbeam/src/backend.rs:5368
  13: lightbeam::function_body::translate
             at XXX/wasmtime/crates/lightbeam/src/function_body.rs:577
  14: lightbeam::function_body::translate_wasm
             at XXX/wasmtime/crates/lightbeam/src/function_body.rs:82

wasmtime/crates/lightbeam/src/backend.rs

Lines 322 to 326 in a582389

pub fn mark_used(&mut self, gpr: GPR) {
let (gpr, scratch_counts) = self.scratch_counts_mut(gpr);
scratch_counts.0.mark_used(gpr);
scratch_counts.1[gpr as usize] += 1;
}

wasmtime/crates/lightbeam/src/backend.rs

Lines 5364 to 5371 in a582389

pub fn pick(&mut self, depth: u32) {
let idx = self.block_state.stack.len() - 1 - depth as usize;
let v = self.block_state.stack[idx];
if let ValueLocation::Reg(r) = v {
self.block_state.regs.mark_used(r);
}
self.block_state.stack.push(v);
}

Reproduction

Download:
add_overflow_mark_used_backend_min.zip

or wasm2wat add_overflow_mark_used_backend_min.wasm :

(module
  (type (;0;) (func))
  (func (;0;) (type 0)
    (local i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64 i64)
    i32.const 0
    i64.load offset=0 align=1
    local.set 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    local.get 32
    unreachable)
  (memory (;0;) 1)
  (export "_start" (func 0)))

Testing program (need to be compiled in debug mode i.e. RUSTFLAGS=-g cargo build):

use std::env;
use std::fs::{File};
use std::io;
use std::io::Read;
use std::path::PathBuf;

use wasmtime_fuzzing::oracles;
use wasmtime_jit::CompilationStrategy;
use lightbeam;

/// Read the contents of a file
fn read_contents(path: &PathBuf) -> Result<Vec<u8>, io::Error> {
    let mut buffer: Vec<u8> = Vec::new();
    let mut file = File::open(path)?;
    file.read_to_end(&mut buffer)?;
    drop(file);
    Ok(buffer)
}

fn main() {
	let args: Vec<String> = env::args().collect();
	let wasm_path = std::path::PathBuf::from(&args[1]);
	let wasm_binary: Vec<u8> = read_contents(&wasm_path).unwrap();

    let _res_compile = oracles::compile(&wasm_binary[..], CompilationStrategy::Lightbeam);
    let _res_instantiate = oracles::instantiate(&wasm_binary[..], CompilationStrategy::Lightbeam);
    let _res_translate = lightbeam::translate(&wasm_binary[..]);
}

wasmtime commit: a582389

Result when executed by wasmtime

$ ../target/release/wasmtime add_overflow_mark_used_backend_min.wasm
Error: failed to process main module `add_overflow_mark_used_backend_min.wasm`

Caused by:
    0: failed to invoke `_start`
    1: trapped: Ref(Trap { message: "wasm trap: unreachable, source location: @0233" })

$ ../target/release/wasmtime --lightbeam add_overflow_mark_used_backend_min.wasm
Error: failed to process main module `add_overflow_mark_used_backend_min.wasm`

Caused by:
    0: failed to invoke `_start`
    1: trapped: Ref(Trap { message: "wasm trap: call stack exhausted, source location: @-" })

Please note that lightbeam error should be the same than using cranelift backend i.e. unreachable trap reached.
@pepyakin pepyakin added lightbeam Issues related to the Lightbeam compiler fuzz-bug Bugs found by a fuzzer labels Jan 6, 2020
@pventuzelo pventuzelo changed the title [lightbeam] add overflow in debug mode (backend:pick) [lightbeam] add overflow in debug mode (backend:pick:325) Jan 17, 2020
@alexcrichton
Copy link
Member

Lightbeam was removed in #3390 as explained in RFC 14, so I'm going to close this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fuzz-bug Bugs found by a fuzzer lightbeam Issues related to the Lightbeam compiler
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexcrichton @pepyakin @pventuzelo