Stream: git-wasmtime

Topic: wasmtime / Issue #1192 Add initial support for EVEX encod...


view this post on Zulip Wasmtime GitHub notifications bot (Mar 05 2020 at 17:57):

fitzgen commented on Issue #1192:

(Sorry for delayed response -- was on vacation)

It looks like a panic was triggered when running our fuzz corpora:

https://github.com/bytecodealliance/wasmtime/pull/1192/checks#step:11:385

thread '<unnamed>' panicked at 'the GPR register class does not contain 0', cranelift/codegen/src/isa/registers.rs:213:9

Unfortunately, we don't have llvm-symbolizer in $PATH on our CI machines so we aren't getting symbolicated stack frames from asan/libfuzzer. I'll file an issue to add that so its easier to debug these failures.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 05 2020 at 17:57):

fitzgen commented on Issue #1192:

We should probably also run with RUST_BACKTRACE=1, which would show a duplicate copy of the stack, but that copy should be symbolicated.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 05 2020 at 18:12):

alexcrichton commented on Issue #1192:

FWIW to reproduce the fuzz failure locally you can make a local checkout of https://github.com/bytecodealliance/wasmtime-libfuzzer-corpus and then run:

$ cargo +nightly fuzz run api_calls ../wasmtime-libfuzzer-corpus/api_calls/0a52a0e6f1a420c3a053e269592798039f4b545d

I also set RUST_LOG=wasmtime_fuzzing=trace to get more info and I have a rust checkout with llvm-symbolizer already built so I use PATH=$PATH:$HOME/code/rust3/build/x86_64-unknown-linux-gnu/llvm/bin too to get:

INFO: Seed: 125775419
INFO: Loaded 1 modules   (994886 inline 8-bit counters): 994886 [0x55f04b2c86e8, 0x55f04b3bb52e),
INFO: Loaded 1 PC tables (994886 PCs): 994886 [0x55f04b3bb530,0x55f04c2e9990),
target/x86_64-unknown-linux-gnu/debug/api_calls: Running 1 inputs 1 time(s) each.
Running: ../wasmtime-libfuzzer-corpus/api_calls/0a52a0e6f1a420c3a053e269592798039f4b545d
[2020-03-05T18:08:33Z TRACE wasmtime_fuzzing::oracles] creating config
[2020-03-05T18:08:33Z TRACE wasmtime_fuzzing::oracles] enabling debuginfo
[2020-03-05T18:08:33Z TRACE wasmtime_fuzzing::oracles] creating engine
[2020-03-05T18:08:33Z TRACE wasmtime_fuzzing::oracles] creating store
[2020-03-05T18:08:33Z DEBUG wasmtime_fuzzing::oracles] creating module: 0
[2020-03-05T18:08:33Z DEBUG wasmtime_fuzzing::oracles] wrote wasm file to `testcase0.wasm`
thread '<unnamed>' panicked at 'the GPR register class does not contain 0', cranelift/codegen/src/isa/registers.rs:213:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==6687== ERROR: libFuzzer: deadly signal
    #0 0x55f041e30ce1 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cc:86:3
    #1 0x55f049baebfb in fuzzer::PrintStackTrace() /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerUtil.cpp:205
    #2 0x55f049b98b34 in fuzzer::Fuzzer::CrashCallback() /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerLoop.cpp:232
    #3 0x55f049b989d5 in fuzzer::Fuzzer::StaticCrashSignalCallback() /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerLoop.cpp:203
    #4 0x55f049b806a8 in fuzzer::CrashHandler(int, siginfo_t*, void*) /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerUtilPosix.cpp:47
    #5 0x7f401fc5188f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)
    #6 0x7f401f674e96 in __libc_signal_restore_set /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/nptl-signals.h:80
    #7 0x7f401f674e96 in raise /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:48
    #8 0x7f401f676800 in abort /build/glibc-OTsEL5/glibc-2.27/stdlib/abort.c:79
    #9 0x55f049d93666 in std::sys::unix::abort_internal::h895efa11fe01a426 /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/sys/unix/mod.rs:165:4
    #10 0x55f049d7b405 in std::process::abort::he3732f7eae1e2491 /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/process.rs:1609:13
    #11 0x55f049b5af88 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::h1c70d7a11b032bd1 /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/src/lib.rs:51:8
    #12 0x55f049d82794 in std::panicking::rust_panic_with_hook::hdaf92dc93c2f09cc /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panicking.rs:474:16
    #13 0x55f049d822aa in rust_begin_unwind /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panicking.rs:378:4
    #14 0x55f049d8221a in std::panicking::begin_panic_fmt::h29f23efc717bb03a /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panicking.rs:332:4
    #15 0x55f0483a32c0 in cranelift_codegen::isa::registers::RegClassData::index_of::h9e21ff2fdf0431a8 /home/alex/code/wasmtime/cranelift/codegen/src/isa/registers.rs:213:8
    #16 0x55f0486a356d in cranelift_codegen::isa::x86::GPR::index_of::h8b4a1950d455eb8a /home/alex/code/wasmtime/cranelift/codegen/src/isa/x86/mod.rs:189:8
    #17 0x55f04347c7ea in wasmtime_debug::transform::expression::map_reg::h0628f2d9c8f33e3d /home/alex/code/wasmtime/crates/debug/src/transform/expression.rs:82:27
    #18 0x55f04347d8b3 in wasmtime_debug::transform::expression::translate_loc::h962be092b5ff7623 /home/alex/code/wasmtime/crates/debug/src/transform/expression.rs:126:30
    #19 0x55f04348800d in wasmtime_debug::transform::expression::CompiledExpression::build_with_locals::h4ea35caa25f2d926 /home/alex/code/wasmtime/crates/debug/src/transform/expression.rs:288:44
    #20 0x55f0436091a4 in wasmtime_debug::transform::simulate::generate_vars::h5322d203171d7d4c /home/alex/code/wasmtime/crates/debug/src/transform/simulate.rs:213:20
    #21 0x55f04360ee36 in wasmtime_debug::transform::simulate::generate_simulated_dwarf::h124920b9e0bbda9a /home/alex/code/wasmtime/crates/debug/src/transform/simulate.rs:358:12
    #22 0x55f0435b01d4 in wasmtime_debug::transform::transform_dwarf::h4a1eb05314081167 /home/alex/code/wasmtime/crates/debug/src/transform/mod.rs:105:4
    #23 0x55f0433380ba in wasmtime_debug::emit_debugsections_image::hd379b2d501e1fdc2 /home/alex/code/wasmtime/crates/debug/src/lib.rs:69:16
    #24 0x55f043129849 in wasmtime_jit::compiler::Compiler::compile::hda8d1c986fa26275 /home/alex/code/wasmtime/crates/jit/src/compiler.rs:176:24
    #25 0x55f04317372a in wasmtime_jit::instantiate::RawCompiledModule::new::h04179f29ce1c6f15 /home/alex/code/wasmtime/crates/jit/src/instantiate.rs:79:90
    #26 0x55f043176d02 in wasmtime_jit::instantiate::CompiledModule::new::h735e01c678eb73b7 /home/alex/code/wasmtime/crates/jit/src/instantiate.rs:162:18
    #27 0x55f0429d5a99 in wasmtime::module::Module::compile::hfa7dde37afdd20a3 /home/alex/code/wasmtime/crates/api/src/module.rs:252:23
    #28 0x55f0429d407b in wasmtime::module::Module::from_binary_unchecked::hcf948dcb3fb20e1d /home/alex/code/wasmtime/crates/api/src/module.rs:221:22
    #29 0x55f0429d3d2e in wasmtime::module::Module::from_binary::hab31da52bc36f929 /home/alex/code/wasmtime/crates/api/src/module.rs:190:17
    #30 0x55f041f24683 in wasmtime::module::Module::new::h8df7e4f1de7f65d9 /home/alex/code/wasmtime/crates/api/src/module.rs:149:8
    #31 0x55f041e74ccc in wasmtime_fuzzing::oracles::make_api_calls::hf11637b684247869 /home/alex/code/wasmtime/crates/fuzzing/src/oracles.rs:326:35
    #32 0x55f041e5ba37 in rust_fuzzer_test_input /home/alex/code/wasmtime/fuzz/fuzz_targets/api_calls.rs:7:4
    #33 0x55f049b5a982 in libfuzzer_sys::test_input_wrap::_$u7b$$u7b$closure$u7d$$u7d$::h72e559da9297cc75 /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/src/lib.rs:27:8
    #34 0x55f049bb0394 in std::panicking::try::do_call::hf95236043b001225 /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panicking.rs:303:39
    #35 0x55f049d94676 in __rust_maybe_catch_panic /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libpanic_unwind/lib.rs:86:7
    #36 0x55f049bafd85 in std::panicking::try::h0aa7bcfa6f779019 /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panicking.rs:281:12
    #37 0x55f049bad22c in std::panic::catch_unwind::h9d5864aa6a94c0d2 /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panic.rs:394:13
    #38 0x55f049b5a2c9 in LLVMFuzzerTestOneInput /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/src/lib.rs:25:21
    #39 0x55f049b9a672 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerLoop.cpp:553
    #40 0x55f049b5d169 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerDriver.cpp:292
    #41 0x55f049b61504 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerDriver.cpp:775
    #42 0x55f049b59fcc in main /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerMain.cpp:19
    #43 0x7f401f657b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #44 0x55f041db04f9 in _start (/home/alex/code/wasmtime/target/x86_64-unknown-linux-gnu/debug/api_calls+0x1bf54f9)

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
────────────────────────────────────────────────────────────────────────────────

Error: Fuzz target exited with exit code: 77

That spit out testcase0.wasm which yields:

$ cargo run -- -g testcase0.wasm
    Finished dev [unoptimized + debuginfo] target(s) in 0.08s
     Running `target/debug/wasmtime -g testcase0.wasm`
thread 'main' panicked at 'the GPR register class does not contain 0', cranelift/codegen/src/isa/registers.rs:213:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

which may help with debugging further?

view this post on Zulip Wasmtime GitHub notifications bot (Mar 05 2020 at 18:14):

alexcrichton edited a comment on Issue #1192:

FWIW to reproduce the fuzz failure locally you can make a local checkout of https://github.com/bytecodealliance/wasmtime-libfuzzer-corpus and then run:

$ cargo +nightly fuzz run api_calls ../wasmtime-libfuzzer-corpus/api_calls/0a52a0e6f1a420c3a053e269592798039f4b545d

I also set RUST_LOG=wasmtime_fuzzing=trace to get more info and I have a rust checkout with llvm-symbolizer already built so I use PATH=$PATH:$HOME/code/rust3/build/x86_64-unknown-linux-gnu/llvm/bin too to get:

<details>

INFO: Seed: 125775419
INFO: Loaded 1 modules   (994886 inline 8-bit counters): 994886 [0x55f04b2c86e8, 0x55f04b3bb52e),
INFO: Loaded 1 PC tables (994886 PCs): 994886 [0x55f04b3bb530,0x55f04c2e9990),
target/x86_64-unknown-linux-gnu/debug/api_calls: Running 1 inputs 1 time(s) each.
Running: ../wasmtime-libfuzzer-corpus/api_calls/0a52a0e6f1a420c3a053e269592798039f4b545d
[2020-03-05T18:08:33Z TRACE wasmtime_fuzzing::oracles] creating config
[2020-03-05T18:08:33Z TRACE wasmtime_fuzzing::oracles] enabling debuginfo
[2020-03-05T18:08:33Z TRACE wasmtime_fuzzing::oracles] creating engine
[2020-03-05T18:08:33Z TRACE wasmtime_fuzzing::oracles] creating store
[2020-03-05T18:08:33Z DEBUG wasmtime_fuzzing::oracles] creating module: 0
[2020-03-05T18:08:33Z DEBUG wasmtime_fuzzing::oracles] wrote wasm file to `testcase0.wasm`
thread '<unnamed>' panicked at 'the GPR register class does not contain 0', cranelift/codegen/src/isa/registers.rs:213:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==6687== ERROR: libFuzzer: deadly signal
    #0 0x55f041e30ce1 in __sanitizer_print_stack_trace /rustc/llvm/src/llvm-project/compiler-rt/lib/asan/asan_stack.cc:86:3
    #1 0x55f049baebfb in fuzzer::PrintStackTrace() /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerUtil.cpp:205
    #2 0x55f049b98b34 in fuzzer::Fuzzer::CrashCallback() /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerLoop.cpp:232
    #3 0x55f049b989d5 in fuzzer::Fuzzer::StaticCrashSignalCallback() /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerLoop.cpp:203
    #4 0x55f049b806a8 in fuzzer::CrashHandler(int, siginfo_t*, void*) /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerUtilPosix.cpp:47
    #5 0x7f401fc5188f  (/lib/x86_64-linux-gnu/libpthread.so.0+0x1288f)
    #6 0x7f401f674e96 in __libc_signal_restore_set /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/nptl-signals.h:80
    #7 0x7f401f674e96 in raise /build/glibc-OTsEL5/glibc-2.27/signal/../sysdeps/unix/sysv/linux/raise.c:48
    #8 0x7f401f676800 in abort /build/glibc-OTsEL5/glibc-2.27/stdlib/abort.c:79
    #9 0x55f049d93666 in std::sys::unix::abort_internal::h895efa11fe01a426 /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/sys/unix/mod.rs:165:4
    #10 0x55f049d7b405 in std::process::abort::he3732f7eae1e2491 /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/process.rs:1609:13
    #11 0x55f049b5af88 in libfuzzer_sys::initialize::_$u7b$$u7b$closure$u7d$$u7d$::h1c70d7a11b032bd1 /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/src/lib.rs:51:8
    #12 0x55f049d82794 in std::panicking::rust_panic_with_hook::hdaf92dc93c2f09cc /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panicking.rs:474:16
    #13 0x55f049d822aa in rust_begin_unwind /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panicking.rs:378:4
    #14 0x55f049d8221a in std::panicking::begin_panic_fmt::h29f23efc717bb03a /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panicking.rs:332:4
    #15 0x55f0483a32c0 in cranelift_codegen::isa::registers::RegClassData::index_of::h9e21ff2fdf0431a8 /home/alex/code/wasmtime/cranelift/codegen/src/isa/registers.rs:213:8
    #16 0x55f0486a356d in cranelift_codegen::isa::x86::GPR::index_of::h8b4a1950d455eb8a /home/alex/code/wasmtime/cranelift/codegen/src/isa/x86/mod.rs:189:8
    #17 0x55f04347c7ea in wasmtime_debug::transform::expression::map_reg::h0628f2d9c8f33e3d /home/alex/code/wasmtime/crates/debug/src/transform/expression.rs:82:27
    #18 0x55f04347d8b3 in wasmtime_debug::transform::expression::translate_loc::h962be092b5ff7623 /home/alex/code/wasmtime/crates/debug/src/transform/expression.rs:126:30
    #19 0x55f04348800d in wasmtime_debug::transform::expression::CompiledExpression::build_with_locals::h4ea35caa25f2d926 /home/alex/code/wasmtime/crates/debug/src/transform/expression.rs:288:44
    #20 0x55f0436091a4 in wasmtime_debug::transform::simulate::generate_vars::h5322d203171d7d4c /home/alex/code/wasmtime/crates/debug/src/transform/simulate.rs:213:20
    #21 0x55f04360ee36 in wasmtime_debug::transform::simulate::generate_simulated_dwarf::h124920b9e0bbda9a /home/alex/code/wasmtime/crates/debug/src/transform/simulate.rs:358:12
    #22 0x55f0435b01d4 in wasmtime_debug::transform::transform_dwarf::h4a1eb05314081167 /home/alex/code/wasmtime/crates/debug/src/transform/mod.rs:105:4
    #23 0x55f0433380ba in wasmtime_debug::emit_debugsections_image::hd379b2d501e1fdc2 /home/alex/code/wasmtime/crates/debug/src/lib.rs:69:16
    #24 0x55f043129849 in wasmtime_jit::compiler::Compiler::compile::hda8d1c986fa26275 /home/alex/code/wasmtime/crates/jit/src/compiler.rs:176:24
    #25 0x55f04317372a in wasmtime_jit::instantiate::RawCompiledModule::new::h04179f29ce1c6f15 /home/alex/code/wasmtime/crates/jit/src/instantiate.rs:79:90
    #26 0x55f043176d02 in wasmtime_jit::instantiate::CompiledModule::new::h735e01c678eb73b7 /home/alex/code/wasmtime/crates/jit/src/instantiate.rs:162:18
    #27 0x55f0429d5a99 in wasmtime::module::Module::compile::hfa7dde37afdd20a3 /home/alex/code/wasmtime/crates/api/src/module.rs:252:23
    #28 0x55f0429d407b in wasmtime::module::Module::from_binary_unchecked::hcf948dcb3fb20e1d /home/alex/code/wasmtime/crates/api/src/module.rs:221:22
    #29 0x55f0429d3d2e in wasmtime::module::Module::from_binary::hab31da52bc36f929 /home/alex/code/wasmtime/crates/api/src/module.rs:190:17
    #30 0x55f041f24683 in wasmtime::module::Module::new::h8df7e4f1de7f65d9 /home/alex/code/wasmtime/crates/api/src/module.rs:149:8
    #31 0x55f041e74ccc in wasmtime_fuzzing::oracles::make_api_calls::hf11637b684247869 /home/alex/code/wasmtime/crates/fuzzing/src/oracles.rs:326:35
    #32 0x55f041e5ba37 in rust_fuzzer_test_input /home/alex/code/wasmtime/fuzz/fuzz_targets/api_calls.rs:7:4
    #33 0x55f049b5a982 in libfuzzer_sys::test_input_wrap::_$u7b$$u7b$closure$u7d$$u7d$::h72e559da9297cc75 /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/src/lib.rs:27:8
    #34 0x55f049bb0394 in std::panicking::try::do_call::hf95236043b001225 /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panicking.rs:303:39
    #35 0x55f049d94676 in __rust_maybe_catch_panic /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libpanic_unwind/lib.rs:86:7
    #36 0x55f049bafd85 in std::panicking::try::h0aa7bcfa6f779019 /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panicking.rs:281:12
    #37 0x55f049bad22c in std::panic::catch_unwind::h9d5864aa6a94c0d2 /rustc/75cf41afb468152611212271bae026948cd3ba46/src/libstd/panic.rs:394:13
    #38 0x55f049b5a2c9 in LLVMFuzzerTestOneInput /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/src/lib.rs:25:21
    #39 0x55f049b9a672 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerLoop.cpp:553
    #40 0x55f049b5d169 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerDriver.cpp:292
    #41 0x55f049b61504 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerDriver.cpp:775
    #42 0x55f049b59fcc in main /home/alex/.cargo/registry/src/github.com-1ecc6299db9ec823/libfuzzer-sys-0.3.1/libfuzzer/FuzzerMain.cpp:19
    #43 0x7f401f657b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #44 0x55f041db04f9 in _start (/home/alex/code/wasmtime/target/x86_64-unknown-linux-gnu/debug/api_calls+0x1bf54f9)

NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
────────────────────────────────────────────────────────────────────────────────

Error: Fuzz target exited with exit code: 77

</details>

That spit out testcase0.wasm which yields:

$ cargo run -- -g testcase0.wasm
    Finished dev [unoptimized + debuginfo] target(s) in 0.08s
     Running `target/debug/wasmtime -g testcase0.wasm`
thread 'main' panicked at 'the GPR register class does not contain 0', cranelift/codegen/src/isa/registers.rs:213:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace.

which may help with debugging further?

view this post on Zulip Wasmtime GitHub notifications bot (Mar 05 2020 at 21:12):

abrown commented on Issue #1192:

@fitzgen, @alexcrichton, thanks for helping with the fuzzing stuff. I tried to follow your steps to reproduce locally but I get:

-fsanitize-coverage=trace-pc-guard is no longer supported by libFuzzer.
Please either migrate to a compiler that supports -fsanitize=fuzzer
or use an older version of libFuzzer

@yurydelendik, @iximeow, in any case, a9ca420 fixes the problem by threading a TargetIsa all through the debug crate and then duplicating the map_reg code that was in cranelift-codegen's fde.rs. I didn't really want to duplicate this but I also didn't really want to add a dependency to cranelift-codegen with all of the associated pub necessary.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 05 2020 at 21:12):

abrown edited a comment on Issue #1192:

@fitzgen, @alexcrichton, thanks for helping with the fuzzing stuff. I tried to follow your steps to reproduce locally but I get:

-fsanitize-coverage=trace-pc-guard is no longer supported by libFuzzer.
Please either migrate to a compiler that supports -fsanitize=fuzzer
or use an older version of libFuzzer

@yurydelendik, @iximeow, in any case, a9ca40 fixes the problem by threading a TargetIsa all through the debug crate and then duplicating the map_reg code that was in cranelift-codegen's fde.rs. I didn't really want to duplicate this but I also didn't really want to add a dependency to cranelift-codegen with all of the associated pub necessary.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 05 2020 at 21:13):

abrown edited a comment on Issue #1192:

@fitzgen, @alexcrichton, thanks for helping with the fuzzing stuff. I tried to follow your steps to reproduce locally but I get:

-fsanitize-coverage=trace-pc-guard is no longer supported by libFuzzer.
Please either migrate to a compiler that supports -fsanitize=fuzzer
or use an older version of libFuzzer

@yurydelendik, @iximeow, in any case, a9ca4c0 fixes the problem by threading a TargetIsa all through the debug crate and then duplicating the map_reg code that was in cranelift-codegen's fde.rs. I didn't really want to duplicate this but I also didn't really want to add a dependency to cranelift-codegen with all of the associated pub necessary.


Last updated: Dec 23 2024 at 12:05 UTC