jameysharp commented on issue #6254:
Would you mind pulling the
lb_to_bindex
change out to a separate PR? I'd like to review and benchmark that on its own.
remlse commented on issue #6254:
@jameysharp sure thing: #6255
remlse commented on issue #6254:
Hi @fitzgen , I'm still getting errors from cargo vet. I merged the main branch where the wildcard audit was added. Do I need to do something else to make the audit work? I think we'd also need a wildcard audit for
derive_arbitrary
, right?Run cargo vet --locked Vetting Failed! 2 unvetted dependencies: arbitrary:1.3.0 missing ["safe-to-deploy"] derive_arbitrary:1.3.0 missing ["safe-to-deploy"]
fitzgen commented on issue #6254:
I think we'd also need a wildcard audit for
derive_arbitrary
, right?Added in https://github.com/bytecodealliance/wasmtime/pull/6294
remlse commented on issue #6254:
Alright, I think this should be ready to review @cfallin
cfallin commented on issue #6254:
@remlse would you mind looking into the CI failure in the merge queue?
remlse commented on issue #6254:
Will do. I'm having trouble reproducing locally, but I'll get there.
remlse commented on issue #6254:
Well, this was quite the rabbit whole.
I can reproduce now, compiling the fuzz target
component_api
causes some kind of infinite loop / memory leak during compilation. RAM consumption of rustc slowly crawls up to 100% (30GB), at which point my PC freezes. The trigger seems to be the update to (derive_)arbitrary 1.3.With
git bisect
, I narrowed it down to the diff of this commit range in the arbitrary repo: 7ebc6c8...15c340e. (Given the rest of this story, I don't think the problem is in the arbitrary crate. There's nothing crazy going on in this diff.)The build script of
wasmtime-fuzz
generates some code, which is included in thecomponent_api
target withinclude!(concat!(env!("OUT_DIR"), "/static_component_api.rs"));
Compiling these 15 MB of generated code no longer terminates with higher versions of arbitrary. I reduced the number of generated test cases from 100 to 1 to make it easier to inspect the generated code. That actually fixed the problem, though, building the fuzz targets now succeeded.
So I started bisecting the number of test cases. But I soon noticed that not even compiling 2 test cases works. At least with 2 test cases, my memory was enough to get me to a compiler crash.
error: the compiler unexpectedly panicked. this is a bug.
Lovely. I'll attach the full output for future reference: rustc_panic.txt. And I made a branch with (hopefully) all the necessary changes to reproduce here. The command I used is
WASMTIME_FUZZ_SEED=1234 cargo fuzz build --no-default-features --dev -s none
I'll have to call it a day. I guess the next debugging step for me would be to try to understand the code generated in the build script - and how it could confuse the compiler.
remlse edited a comment on issue #6254:
Well, this was quite the rabbit hole.
I can reproduce now, compiling the fuzz target
component_api
causes some kind of infinite loop / memory leak during compilation. RAM consumption of rustc slowly crawls up to 100% (30GB), at which point my PC freezes. The trigger seems to be the update to (derive_)arbitrary 1.3.With
git bisect
, I narrowed it down to the diff of this commit range in the arbitrary repo: 7ebc6c8...15c340e. (Given the rest of this story, I don't think the problem is in the arbitrary crate. There's nothing crazy going on in this diff.)The build script of
wasmtime-fuzz
generates some code, which is included in thecomponent_api
target withinclude!(concat!(env!("OUT_DIR"), "/static_component_api.rs"));
Compiling these 15 MB of generated code no longer terminates with higher versions of arbitrary. I reduced the number of generated test cases from 100 to 1 to make it easier to inspect the generated code. That actually fixed the problem, though, building the fuzz targets now succeeded.
So I started bisecting the number of test cases. But I soon noticed that not even compiling 2 test cases works. At least with 2 test cases, my memory was enough to get me to a compiler crash.
error: the compiler unexpectedly panicked. this is a bug.
Lovely. I'll attach the full output for future reference: rustc_panic.txt. And I made a branch with (hopefully) all the necessary changes to reproduce here. The command I used is
WASMTIME_FUZZ_SEED=1234 cargo fuzz build --no-default-features --dev -s none
I'll have to call it a day. I guess the next debugging step for me would be to try to understand the code generated in the build script - and how it could confuse the compiler.
alexcrichton commented on issue #6254:
Oh dear if that script is building a 15M source file that's way too big, let me see if the limits should be trimmed on that.
alexcrichton commented on issue #6254:
Ok I've pushed up https://github.com/bytecodealliance/wasmtime/pull/6315 which, when testing locally, gets the size of the generated test file to be a more reasonable 200K instead of 15M
alexcrichton commented on issue #6254:
Ok let's try again and fingers crossed on this one. Thanks again @remlse for taking the time to investigate the failure!
alexcrichton commented on issue #6254:
Oh actually I think this'll need to be rebased, but it should be able to merge afterwards.
remlse commented on issue #6254:
@alexcrichton Thank you for the fix! :heart:
cfallin commented on issue #6254:
@remlse we've just seen a possible issue on this while discussing in a meeting; more from @elliottt in a bit...
elliottt commented on issue #6254:
I think we're reliant on seeing uses before defs for the management of the
value_lowered_uses
field of theLower
struct. If we put the blocks in a random order, we may see the definition first, and as a result decide that the instruction isn't needed in the final program: https://github.com/bytecodealliance/wasmtime/blob/3b7274fa94c39b9e3984fa207994b60ec827a31b/cranelift/codegen/src/machinst/lower.rs#L708-L709
In the snippet above,is_any_inst_result_needed
queries thevalue_lowered_uses
vector for any result value with a number of uses that's greater than zero, and the entry in that vector is only incremented when processing uses of that value.
remlse commented on issue #6254:
I see, then we can't merge this. Is there some other order we could randomize to salvage some of the work? :joy:
cfallin commented on issue #6254:
Yes, sorry @remlse, I had forgotten about this ordering invariant. (I have no excuse, I wrote this code ~3 years ago!)
Offline Trevor suggested a nice approach to still reorder to an allowed degree, namely: pick some permutation that still respects defs-before-uses. In particular, this loop I think can iterate successors for a block in any order and still generate valid RPO.
remlse commented on issue #6254:
Out of curiosity, have you fuzzed with this (and verified that no issues arise)?
I did a short sanity check yesterday, and a longer (30min) run today without panics. Is there something else I should do to verify there aren't any issues?
cfallin commented on issue #6254:
Nope, that sounds great -- let's merge, thanks!
Last updated: Dec 23 2024 at 12:05 UTC