Wasmtime GitHub notifications bot (Aug 08 2023 at 17:54): Wasmtime GitHub notifications bot (Aug 08 2023 at 17:54):ssunkin-fastly opened PR #6820 from ssunkin-fastly:wasmtime-valgrind-hacking to bytecodealliance:main:
This is a draft PR for Valgrind on Wasm for early review by cfallin and ixi.
Wasmtime GitHub notifications bot (Aug 08 2023 at 17:56):ssunkin-fastly updated PR #6820.
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin submitted PR review:
This is looking really great! I have a whole bunch of minor comments but the overall shape of the code is good and we should be able to refine things fairly quickly, I think.
I know you're working on doc-comments but will note in particular that our CI checks will fail until there's a doc-comment on every public type, enum, function; it might feel a little tedious but it's good practice :-)
It'd be good to file some followup GitHub issues and refer to issue numbers where appropriate in comments as well. Off the top of my head:
- Support for multiple memories
- Support for instrumenting SIMD loads/stores
- Support for handling different memory layouts (assume whole initial memory size is valid, for example)
- Option to print valgrind errors and continue (as the "real Valgrind" does) rather than trap
and anything else on your to-do list you want to capture.
Happy to pair on any of the requests here if unclear!
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin submitted PR review:
This is looking really great! I have a whole bunch of minor comments but the overall shape of the code is good and we should be able to refine things fairly quickly, I think.
I know you're working on doc-comments but will note in particular that our CI checks will fail until there's a doc-comment on every public type, enum, function; it might feel a little tedious but it's good practice :-)
It'd be good to file some followup GitHub issues and refer to issue numbers where appropriate in comments as well. Off the top of my head:
- Support for multiple memories
- Support for instrumenting SIMD loads/stores
- Support for handling different memory layouts (assume whole initial memory size is valid, for example)
- Option to print valgrind errors and continue (as the "real Valgrind" does) rather than trap
and anything else on your to-do list you want to capture.
Happy to pair on any of the requests here if unclear!
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's call this
wasmtime-valgrindfor consistency with the other crates incrates/; also, the version should match the others (11.0.0here but likely13once you merge or rebase to a latestmain).
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
tiny style nit but there's a missing newline at the end of this file (GitHub flags it with a symbol) -- could you add one?
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
stray comment about
Valuecan be removed I think?
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's add a TODO referring to a filed issue to add the load/store hooks for vector operands -- something like
// TODO(#1234): addbefore_load/before_storefor SIMD loads and stores.where1234is a GitHub issue number for a new issue you've filed.
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
stray comment we can remove I think?
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Just making a note here of empty doc-comments to fill in before merge (I know you're working on this at the moment).
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
To make this a bit more robust (someone could define a function named
mallocwith no args), let's check whether there actually is an arg 2. Something like:let func_args = builder.func.dfg.block_params(builder.func.layout.entry_block().unwrap()); let len = if func_args.len() < 3 { return; } else { // If a function named `malloc` has at least one argument, we assume the // first argument is the requested allocation size. func_args[2] };(also comment about the assumption, something like the above, would be good)
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
commented-out println and comment can be removed
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's add a similar early return if
retvalsis empty (someone could definevoid malloc()if they wanted to!) and a comment about the assumption (that the returned value is a pointer to the allocated memory).
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's call this
hook_malloc_exitI think -- it's a little clearer (we're "hooking" or inserting a hook, rather than checking right now at compile time). Likewise below forcheck_free_exit...
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's change this to a
panicand add a helpful message -- "function name not aUserFuncName::Useras expected" or something like that?
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Likewise here: check, early return, comment about assumption.
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Have we tested what happens if we don't have a name section? We should I think handle this case gracefully (I guess by treating it as if no functions match). You can test this by doing
wasm-strip program.wasmand then running (wasm-stripis part of Binaryen I think; happy to help or run this for you if needed).
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
This pattern occurs several times -- can we wrap it in a helper
current_func_name(&self) -> Option<&str>?(The
Optionreturn lets us naturally handle the missing name section too: we can doif self.current_func_name() == Some("malloc") { ... }and we get no-match forNone.)
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
I think we can skip these calls here and below (and then rename the
builderargument to_builderso we don't get warnings about unused variables/args).
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's add a TODO here to support multiple memories; for now we have just one
valgrind_stateand it corresponds to memory 0.
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
likewise here, add newline at end of file
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's add a comment here about the assumption we're making -- that global 0 is the auxiliary stack pointer.
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Can we add an argument here for the memory index (
MemoryIndextype), and insert the below logic only if the grow is on memory 0? In practice we won't hit the case today but it's possible to define a Wasm module that has multiple memories, and a grow of some other memory could confuse this logic otherwise.
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
we can remove this println now I think (also search for printlns elsewhere to be sure)
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's make this a constant (and then uppercase it to keep rustc happy):
let KIB: usize = 1024;
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
I think this is left-over from prior to the import of sources into the main repo -- you should be able to edit
.gitmodulesmanually to remove the stanza?
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's re-enable this -- or is it disabled because of some assumption we're making wrt data location?
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
enormously tiny nitpick but this would read slightly more naturally for me as
... * 64 * KIB
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's update all the metadata here to match the other crates in
crates/-- developers as "The Wasmtime Developers", license, current version, etc (and remove the comment from the starter template below).
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
We can probably remove this TODO?
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
To reduce ambiguity I think this should be called
stack_endor something similar? ("Stack size" makes me think of the actual size, so a stack from 1MiB down to 1MiB - 4KiB is 4KiB large; but the "end" is 1MiB)
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
Let's add a doc-comment at the top of this module like
//! add some docs here //! //! in markdown format, with multiple paragraphs as desired //! //! like thisdocumenting the assumptions about memory layout here.
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
We'll want a much longer doc-comment of course, probably with a pointer to documentation for more details on how to use!
Wasmtime GitHub notifications bot (Aug 08 2023 at 18:54):cfallin created PR review comment:
I'm somewhat surprised this is needed -- could we document the case where it is if so (example addresses or whatnot)?
Wasmtime GitHub notifications bot (Aug 09 2023 at 21:49):ssunkin-fastly submitted PR review.
Wasmtime GitHub notifications bot (Aug 09 2023 at 21:49):ssunkin-fastly created PR review comment:
This was disabled because all memory below the start of the stack is just marked as read-write-ok
Wasmtime GitHub notifications bot (Aug 09 2023 at 23:47):ssunkin-fastly submitted PR review.
Wasmtime GitHub notifications bot (Aug 09 2023 at 23:47):ssunkin-fastly created PR review comment:
ah the reason these were added were to call the builtins so that there wouldn't be unused function warnings
Wasmtime GitHub notifications bot (Aug 10 2023 at 16:33):iximeow submitted PR review.
Wasmtime GitHub notifications bot (Aug 10 2023 at 16:33):iximeow created PR review comment:
fwiw i think the error here is when
state.allocations.len() == 0, if the length is one i expect this would choose the one valid index (0). maybe this comment predates theif state.allocations.is_empty()check above?
Wasmtime GitHub notifications bot (Aug 10 2023 at 16:42):iximeow submitted PR review.
Wasmtime GitHub notifications bot (Aug 10 2023 at 16:42):iximeow created PR review comment:
Chris mentioned a longer doc comment on the CLI flag below, but this also seems to have prior art for linking to bytecodealliance.github.io for docs pages. i'm not sure if it makes sense to basically copy the CLI flag's help text here, or maybe have the flag say something a little shorter like "enables memory checking for wasm programs, see the doc comment over on config for more"...?
suppose that also depends on what you've changed through the first iteration of feedback here. i'll keep an eye out!
Wasmtime GitHub notifications bot (Aug 10 2023 at 18:31):cfallin requested wasmtime-default-reviewers for a review on PR #6820.
Wasmtime GitHub notifications bot (Aug 10 2023 at 18:32):cfallin requested wasmtime-core-reviewers for a review on PR #6820.
Wasmtime GitHub notifications bot (Aug 10 2023 at 18:32):ssunkin-fastly updated PR #6820.
Wasmtime GitHub notifications bot (Aug 10 2023 at 18:32):cfallin has marked PR #6820 as ready for review.
Wasmtime GitHub notifications bot (Aug 10 2023 at 18:35):cfallin requested wasmtime-compiler-reviewers for a review on PR #6820.
Wasmtime GitHub notifications bot (Aug 10 2023 at 18:37):cfallin requested fitzgen for a review on PR #6820.
Wasmtime GitHub notifications bot (Aug 10 2023 at 18:43):cfallin created PR review comment:
Let's add a brief note that wmemcheck requires a non-stripped wasm (with a name section) so that it can recognize the malloc and free functions, and doesn't work with custom allocators yet.
Also, can we add a reference to Valgrind? Something like "wmemcheck is inspired by, and replicates the basic functionality of, Valgrind's memcheck tool."
Wasmtime GitHub notifications bot (Aug 10 2023 at 18:45):cfallin submitted PR review:
Very close now!
Wasmtime GitHub notifications bot (Aug 10 2023 at 18:45):cfallin created PR review comment:
Let's write these from the generic perspective of Cranelift, without knowledge of wasmtime or wmemcheck (here we're defining the interface/tools that the higher abstraction layer uses). So something like "Insert code before a function return."
Likewise below: before loads/stores/global updates/memory growths.
Wasmtime GitHub notifications bot (Aug 10 2023 at 18:47):cfallin created PR review comment:
No need to refer to the implementation ("including wmemcheck_state") here -- the relevant bit for the CLI user is just that it does memory-usage error checking.
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:00):cfallin submitted PR review.
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:05):cfallin submitted PR review:
Very close now!
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:05):cfallin has enabled auto merge for PR #6820.
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:08):cfallin submitted PR review:
LGTM, thanks so much!
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:10):alexcrichton submitted PR review.
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:10):alexcrichton created PR review comment:
Could this perhaps cause an error to get returned during
Engine::newifwmemcheckwasn't enabled at compile time?
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:10):cfallin created PR review comment:
Let's rename this to
wasmtime-wmemcheck, to stick with the convention that everything incrates/is named with that prefix.
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:11):ssunkin-fastly updated PR #6820.
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:14):alexcrichton submitted PR review.
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:14):alexcrichton created PR review comment:
Could this be added to the overall workspace in this repository? (there's a few other examples of crates that have their own fuzzers which are also part of the main workspace)
Wasmtime GitHub notifications bot (Aug 10 2023 at 19:52):alexcrichton created PR review comment:
Instead of making this
pubcan access to the underlying index go through.as_u32()?
Wasmtime GitHub notifications bot (Aug 10 2023 at 21:47):cfallin updated PR #6820.
Wasmtime GitHub notifications bot (Aug 10 2023 at 21:47):cfallin submitted PR review.
Wasmtime GitHub notifications bot (Aug 10 2023 at 21:47):cfallin created PR review comment:
Yup, added a check to
Config::validate()!
Wasmtime GitHub notifications bot (Aug 10 2023 at 21:48):cfallin submitted PR review.
Wasmtime GitHub notifications bot (Aug 10 2023 at 21:48):cfallin created PR review comment:
I've gone ahead and deleted the
fuzzcrate -- I think we had talked about this earlier but missed it, as the fuzz targets are out-of-date anyway.
Wasmtime GitHub notifications bot (Aug 10 2023 at 21:48):cfallin submitted PR review.
Wasmtime GitHub notifications bot (Aug 10 2023 at 21:48):cfallin created PR review comment:
Fixed.
Wasmtime GitHub notifications bot (Aug 10 2023 at 21:50):cfallin edited PR #6820:
This PR introduces
wmemcheck, a memory checker for a Wasm guest running inside Wasmtime.
wmemcheckoperates by recognizing calls to malloc and free inside the Wasm module, and tracking which bytes are valid. It then instruments loads and stores and flags errors when accesses are invalid. This is inspired by thememchecktool in Valgrind, hence the name.The functionality is off by default and is enabled with
wasmtime run --wmemcheck.
Last updated: Nov 22 2024 at 16:03 UTC