Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

validation: Detect stack underflow #244

Merged
merged 4 commits into from
Apr 8, 2020
Merged

validation: Detect stack underflow #244

merged 4 commits into from
Apr 8, 2020

Conversation

chfast
Copy link
Collaborator

@chfast chfast commented Mar 26, 2020
edited
Loading

Can have false positives for calls as callee type information is not available during parsing yet (see single DISABLED test).

Based on https://webassembly.github.io/spec/core/appendix/algorithm.html.

Requires #254.

@chfast chfast requested review from axic and gumb0 March 26, 2020 21:32
@codecov-io
Copy link

codecov-io commented Mar 27, 2020
edited
Loading

Codecov Report

Merging #244 into master will decrease coverage by 0.08%.
The diff coverage is 97.04%.

@@            Coverage Diff             @@
##           master     #244      +/-   ##
==========================================
- Coverage   97.33%   97.25%   -0.09%     
==========================================
  Files          32       34       +2     
  Lines       10073    10198     +125     
==========================================
+ Hits         9805     9918     +113     
- Misses        268      280      +12

gumb0
gumb0 reviewed Mar 27, 2020
View reviewed changes
lib/fizzy/instructions.hpp Outdated Show resolved Hide resolved
test/unittests/parser_expr_test.cpp Outdated Show resolved Hide resolved
gumb0
gumb0 reviewed Mar 27, 2020
View reviewed changes
lib/fizzy/instructions.cpp Outdated Show resolved Hide resolved
gumb0
gumb0 reviewed Mar 31, 2020
View reviewed changes
lib/fizzy/parser_expr.cpp Outdated Show resolved Hide resolved
gumb0
gumb0 reviewed Mar 31, 2020
View reviewed changes
lib/fizzy/types.hpp Outdated Show resolved Hide resolved
@chfast chfast force-pushed the stack_check branch 2 times, most recently from 2ce6d62 to f990a8c Compare March 31, 2020 12:38
@gumb0
Copy link
Collaborator

gumb0 commented Mar 31, 2020

Please rebase, to get validation_error handling in spectests

@chfast
Copy link
Collaborator Author

chfast commented Mar 31, 2020

Please rebase, to get validation_error handling in spectests

It's not merged yet: #241.

@chfast
Copy link
Collaborator Author

chfast commented Mar 31, 2020

Spectests failures are due to false positive stack underflow failures. We may want to fix the issue first.

@chfast chfast mentioned this pull request Apr 2, 2020
Merged
gumb0
gumb0 reviewed Apr 2, 2020
View reviewed changes
lib/fizzy/parser_expr.cpp Outdated Show resolved Hide resolved
@chfast chfast mentioned this pull request Apr 2, 2020
Merged
@chfast chfast requested a review from gumb0 April 2, 2020 21:11
axic
axic reviewed Apr 8, 2020
View reviewed changes
lib/fizzy/parser_expr.cpp Outdated
@@ -294,6 +326,8 @@ parser_result<Code> parse_expr(const uint8_t* pos, const uint8_t* end, bool have
{
if (frame.instruction != Instr::if_)
throw parser_error{"unexpected else instruction (if instruction missing)"};
frame.stack_height = 0; // Reset stack height after if.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this reset?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After passing if block, it reuses the same frame (control_stack.top()) for the else block - it has the same instruction and immediates_offset, but stack_height could have been changed in if block.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually I think unreachable also has to be reset here?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it should. In the Validation Algorithm it pops the control frame and then pushes new one with the same types.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to add a test with br inside if

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

The if-else is poorly tested as there is big number of possible combinations.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice to add a test with br inside if

Added one with unreachable, but I will add one with br too. Also br_table is followed by unreachable...

@chfast
Copy link
Collaborator Author

chfast commented Apr 8, 2020

@axic Final word here?

axic
axic approved these changes Apr 8, 2020
View reviewed changes
Copy link
Member

@axic axic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One comment, but otherwise looks good.

@chfast chfast merged commit 47b4e8f into master Apr 8, 2020
@chfast chfast deleted the stack_check branch April 8, 2020 18:47
@axic axic mentioned this pull request Apr 23, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gumb0 gumb0 gumb0 approved these changes

@axic axic axic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@chfast @codecov-io @gumb0 @axic