Stream: git-wasmtime

Topic: wasmtime / PR #9641 wmemcheck support for additional allo...


view this post on Zulip Wasmtime GitHub notifications bot (Nov 20 2024 at 23:52):

cobbal opened PR #9641 from cobbal:cobbal/wmemcheck-updates to bytecodealliance:main:

I was recently tracking down a memory corruption bug in swift and found the wmemcheck tool to be very helpful. Since the runtime of swift is fairly large, it required some extra features to remove false positives. I was able to modify wmemcheck to be useful enough for the job.

I'd like to contribute the changes, many of which overlap with parts of issue https://github.com/bytecodealliance/wasmtime/issues/7037 . In particular, I needed to add the following:

The last 2 possibly should be hidden behind options, but I'm not familiar enough with the code base or how others use this tool to know what the right approach would be.

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 00:00):

cfallin requested cfallin for a review on PR #9641.

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 03:10):

cobbal updated PR #9641.

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 22:51):

cfallin submitted PR review:

Thanks very much for this! Some initial thoughts below.

I'm really happy wmemcheck was actually useful for you, and I think most of this can be upstreamed with no problem. Just a few thoughts below.

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 22:51):

cfallin created PR review comment:

Can we add a comment here noting where the __wrap_* variants come from? That's useful both for its own sake (readers' understanding) but also so that if things change in the future with the external thing causing this need, we can re-evaluate.

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 22:51):

cfallin created PR review comment:

can we be more specific than "stuff" here?

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 22:51):

cfallin created PR review comment:

Is this a correct implementation of malloc_usable_size's semantics? The man page on my system says that it returns the size of a memory block; unclear to me whether we need a hook for that, even, to track alloc'd/free state?

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 22:51):

cfallin created PR review comment:

This looks like code that could be useful for debugging, but as above with the posix_memalign out-pointer fetch, the memory accesses are unsafe, and also dumping the contents of previously allocated blocks might be too verbose. I think I'd prefer to omit this code for now; ultimately the right answer for any problem that needs examination of memory state like this is probably using a debugger (we have better support planned!) possibly with breakpoints on allocation events or trap-to-debugger on wmemcheck errors.

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 22:51):

cfallin created PR review comment:

Good find! Can we add a comment here noting the implemented semantics (free of a null pointer is a no-op)?

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 22:51):

cfallin created PR review comment:

Can we add a note here that since we aren't tracking undefined-ness, we don't have to care about the other semantic difference between calloc and malloc, namely that memory is zeroed?

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 22:51):

cfallin created PR review comment:

We definitely need to do a bounds-check here -- could you use the safe APIs for the memory to access the out-pointer?

This is also little-endian-specific code; we'll want to get a [u8; 4] and do an explicit conversion with u32::from_le_bytes. (Wasmtime supports one big-endian architecture, s390x!)

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 22:51):

cfallin created PR review comment:

Can we put this under an option? Perhaps "wmemcheck granularity" or similar?

view this post on Zulip Wasmtime GitHub notifications bot (Nov 21 2024 at 22:51):

cfallin created PR review comment:

Why is this commented out? (If the checks were causing issues, could we put the exclusion under an appropriately named and documented option?)


Last updated: Dec 23 2024 at 12:05 UTC