Stream: git-wasmtime

Topic: wasmtime / issue #2903 Cranelift: Infinite loop in cranel...

view this post on Zulip Wasmtime GitHub notifications bot (May 12 2021 at 13:29):

Mrmaxmeier labeled issue #2903:

I'm experimenting with some cranelift codegen and I'm seeing a hang/OOM related to the variable ssa resolver.

Here's a minimal reproducer (for cranelift/frontend/src/frontend.rs):

#[test]
fn ssa_state_machine_hang() {
    let sig = Signature::new(CallConv::SystemV);

    let mut fn_ctx = FunctionBuilderContext::new();
    let mut func = Function::with_name_signature(ExternalName::testcase("sample"), sig);
    {
        let mut builder = FunctionBuilder::new(&mut func, &mut fn_ctx);

        let a = Variable::new(0);
        builder.declare_var(a, I32);

        let entry = builder.create_block();
        let block1 = builder.create_block();
        let use_block = builder.create_block();

        // fill entry block
        builder.switch_to_block(entry);
        use cranelift_codegen::ir::TrapCode;
        builder.ins().trap(TrapCode::User(0));

        // fill block1 with back edge
        builder.switch_to_block(block1);
        let cond = builder.ins().iconst(I32, 0);
        builder.ins().brnz(cond, block1, &[]);
        builder.ins().jump(use_block, &[]);

        // use variable in use_block
        builder.switch_to_block(use_block);
        let _ = builder.use_var(a);
        builder.ins().return_(&[]);

        println!("sealing blocks...");
        builder.seal_all_blocks(); // hangs
        builder.finalize();
    }
    println!("{}", func.display(None).to_string());
}

It hangs in seal_all_blocks -> run_state_machine with a huge/growing self.calls vec.

Versions and Environment

Cranelift version or commit: v0.73.0 and current main

view this post on Zulip Wasmtime GitHub notifications bot (May 12 2021 at 13:29):

Mrmaxmeier labeled issue #2903:

I'm experimenting with some cranelift codegen and I'm seeing a hang/OOM related to the variable ssa resolver.

Here's a minimal reproducer (for cranelift/frontend/src/frontend.rs):

#[test]
fn ssa_state_machine_hang() {
    let sig = Signature::new(CallConv::SystemV);

    let mut fn_ctx = FunctionBuilderContext::new();
    let mut func = Function::with_name_signature(ExternalName::testcase("sample"), sig);
    {
        let mut builder = FunctionBuilder::new(&mut func, &mut fn_ctx);

        let a = Variable::new(0);
        builder.declare_var(a, I32);

        let entry = builder.create_block();
        let block1 = builder.create_block();
        let use_block = builder.create_block();

        // fill entry block
        builder.switch_to_block(entry);
        use cranelift_codegen::ir::TrapCode;
        builder.ins().trap(TrapCode::User(0));

        // fill block1 with back edge
        builder.switch_to_block(block1);
        let cond = builder.ins().iconst(I32, 0);
        builder.ins().brnz(cond, block1, &[]);
        builder.ins().jump(use_block, &[]);

        // use variable in use_block
        builder.switch_to_block(use_block);
        let _ = builder.use_var(a);
        builder.ins().return_(&[]);

        println!("sealing blocks...");
        builder.seal_all_blocks(); // hangs
        builder.finalize();
    }
    println!("{}", func.display(None).to_string());
}

It hangs in seal_all_blocks -> run_state_machine with a huge/growing self.calls vec.

Versions and Environment

Cranelift version or commit: v0.73.0 and current main

view this post on Zulip Wasmtime GitHub notifications bot (May 12 2021 at 13:29):

Mrmaxmeier opened issue #2903:

I'm experimenting with some cranelift codegen and I'm seeing a hang/OOM related to the variable ssa resolver.

Here's a minimal reproducer (for cranelift/frontend/src/frontend.rs):

#[test]
fn ssa_state_machine_hang() {
    let sig = Signature::new(CallConv::SystemV);

    let mut fn_ctx = FunctionBuilderContext::new();
    let mut func = Function::with_name_signature(ExternalName::testcase("sample"), sig);
    {
        let mut builder = FunctionBuilder::new(&mut func, &mut fn_ctx);

        let a = Variable::new(0);
        builder.declare_var(a, I32);

        let entry = builder.create_block();
        let block1 = builder.create_block();
        let use_block = builder.create_block();

        // fill entry block
        builder.switch_to_block(entry);
        use cranelift_codegen::ir::TrapCode;
        builder.ins().trap(TrapCode::User(0));

        // fill block1 with back edge
        builder.switch_to_block(block1);
        let cond = builder.ins().iconst(I32, 0);
        builder.ins().brnz(cond, block1, &[]);
        builder.ins().jump(use_block, &[]);

        // use variable in use_block
        builder.switch_to_block(use_block);
        let _ = builder.use_var(a);
        builder.ins().return_(&[]);

        println!("sealing blocks...");
        builder.seal_all_blocks(); // hangs
        builder.finalize();
    }
    println!("{}", func.display(None).to_string());
}

It hangs in seal_all_blocks -> run_state_machine with a huge/growing self.calls vec.

Versions and Environment

Cranelift version or commit: v0.73.0 and current main

view this post on Zulip Wasmtime GitHub notifications bot (May 12 2021 at 16:44):

bjorn3 commented on issue #2903:

I think the problem here is that block1 has a single predecessor (itself) and it tries to handle this single predecessor first

view this post on Zulip Wasmtime GitHub notifications bot (Sep 08 2021 at 10:32):

Mrmaxmeier commented on issue #2903:

It looks like this was also discovered in #3094 and fixed in 6a9378e.

view this post on Zulip Wasmtime GitHub notifications bot (Sep 08 2021 at 10:32):

Mrmaxmeier closed issue #2903:

I'm experimenting with some cranelift codegen and I'm seeing a hang/OOM related to the variable ssa resolver.

Here's a minimal reproducer (for cranelift/frontend/src/frontend.rs):

#[test]
fn ssa_state_machine_hang() {
    let sig = Signature::new(CallConv::SystemV);

    let mut fn_ctx = FunctionBuilderContext::new();
    let mut func = Function::with_name_signature(ExternalName::testcase("sample"), sig);
    {
        let mut builder = FunctionBuilder::new(&mut func, &mut fn_ctx);

        let a = Variable::new(0);
        builder.declare_var(a, I32);

        let entry = builder.create_block();
        let block1 = builder.create_block();
        let use_block = builder.create_block();

        // fill entry block
        builder.switch_to_block(entry);
        use cranelift_codegen::ir::TrapCode;
        builder.ins().trap(TrapCode::User(0));

        // fill block1 with back edge
        builder.switch_to_block(block1);
        let cond = builder.ins().iconst(I32, 0);
        builder.ins().brnz(cond, block1, &[]);
        builder.ins().jump(use_block, &[]);

        // use variable in use_block
        builder.switch_to_block(use_block);
        let _ = builder.use_var(a);
        builder.ins().return_(&[]);

        println!("sealing blocks...");
        builder.seal_all_blocks(); // hangs
        builder.finalize();
    }
    println!("{}", func.display(None).to_string());
}

It hangs in seal_all_blocks -> run_state_machine with a huge/growing self.calls vec.

Versions and Environment

Cranelift version or commit: v0.73.0 and current main

Last updated: Nov 22 2024 at 17:03 UTC