Wasmtime GitHub notifications bot (Aug 31 2023 at 11:59): Wasmtime GitHub notifications bot (Aug 31 2023 at 11:59):luxinyi0105 opened issue #6940:
Test Case
The given testcase was simply mutated a wasm file, which was obtained by compiling C program generated with
CsmithusingEmscripten Compiler(Emcc).The original C program is
c_file.c, the compilation results with Emscripten iswasm_file.wasm, and its wat format iswat_file.wat.We mutated the wat file to change its
i32.subin line 11762 withi32.mul. The result after mutation ismutated_file.wat, and its wasm format ismutated_file.wasm.Expected Results
$ wasmtime mutated_file.wasmOutput nothing.
Actual Results
$ wasmedge mutated_file.wasm Error: failed to run main module `mutated_file.wasm` Caused by: 0: failed to invoke command default 1: error while executing at wasm backtrace: 0: 0x75ba - <unknown>!<wasm function 41> 1: 0x7bd0 - <unknown>!<wasm function 58> 2: 0x870c - <unknown>!<wasm function 61> 3: 0x7e70 - <unknown>!<wasm function 60> 4: 0x7d09 - <unknown>!<wasm function 59> 5: 0x8b39 - <unknown>!<wasm function 68> 6: 0x7544 - <unknown>!<wasm function 40> 7: 0x56a7 - <unknown>!<wasm function 12> 8: 0x3f65 - <unknown>!<wasm function 7> 9: 0x72d9 - <unknown>!<wasm function 34> 10: 0x7253 - <unknown>!<wasm function 33> 2: Pointer out of bounds: Region { start: 78792, len: 1914709016 }Versions and Environment
Wasmtime version or commit: wasmtime-cli 13.0.0
Operating system: Ubuntu 22.04.1
Architecture: x86_64Extra Info
I tried to use some other wasm runtimes, such as wasmer, wasmedge and wasmi to execute the same testcase, they terminate normally and do not output anything(do not trigger errors).
Maybe there is something wrong with the “exception handling module”, or other tools do not follow certain specifications or perform certain condition checks. Due to a lack of knowledge of WebAssembly, the detail still need you to confirm. Thanks a lot!
Wasmtime GitHub notifications bot (Aug 31 2023 at 11:59):luxinyi0105 added the bug label to Issue #6940.
Wasmtime GitHub notifications bot (Aug 31 2023 at 12:45):bjorn3 commented on issue #6940:
That error seems to be emitted when calling a wasi function with an out-of-bounds pointer. Given that the memory is only 256 bytes big (
(memory (;0;) 256 256)), address 78792 is out of bounds. I believe several other wasi implementations return ERRNO_FAULT when handed an out-of-bounds pointer, while Wasmtime emits a wasm traps and thus aborts execution.
Wasmtime GitHub notifications bot (Aug 31 2023 at 13:35):alexcrichton commented on issue #6940:
Oh note that the 256 there is 256 wasm pages, which is a memory that's 16777216 bytes large. Nevertheless @bjorn3 is still correct because the length of the pointer, 1914709016, is out of bounds, so Wasmtime is the spec-compliant runtime here.
Wasmtime GitHub notifications bot (Aug 31 2023 at 13:35):alexcrichton closed issue #6940:
Test Case
The given testcase was simply mutated a wasm file, which was obtained by compiling C program generated with
CsmithusingEmscripten Compiler(Emcc).The original C program is
c_file.c, the compilation results with Emscripten iswasm_file.wasm, and its wat format iswat_file.wat.We mutated the wat file to change its
i32.subin line 11762 withi32.mul. The result after mutation ismutated_file.wat, and its wasm format ismutated_file.wasm.Expected Results
$ wasmtime mutated_file.wasmOutput nothing.
Actual Results
$ wasmedge mutated_file.wasm Error: failed to run main module `mutated_file.wasm` Caused by: 0: failed to invoke command default 1: error while executing at wasm backtrace: 0: 0x75ba - <unknown>!<wasm function 41> 1: 0x7bd0 - <unknown>!<wasm function 58> 2: 0x870c - <unknown>!<wasm function 61> 3: 0x7e70 - <unknown>!<wasm function 60> 4: 0x7d09 - <unknown>!<wasm function 59> 5: 0x8b39 - <unknown>!<wasm function 68> 6: 0x7544 - <unknown>!<wasm function 40> 7: 0x56a7 - <unknown>!<wasm function 12> 8: 0x3f65 - <unknown>!<wasm function 7> 9: 0x72d9 - <unknown>!<wasm function 34> 10: 0x7253 - <unknown>!<wasm function 33> 2: Pointer out of bounds: Region { start: 78792, len: 1914709016 }Versions and Environment
Wasmtime version or commit: wasmtime-cli 13.0.0
Operating system: Ubuntu 22.04.1
Architecture: x86_64Extra Info
I tried to use some other wasm runtimes, such as wasmer, wasmedge and wasmi to execute the same testcase, they terminate normally and do not output anything(do not trigger errors).
Maybe there is something wrong with the “exception handling module”, or other tools do not follow certain specifications or perform certain condition checks. Due to a lack of knowledge of WebAssembly, the detail still need you to confirm. Thanks a lot!
Wasmtime GitHub notifications bot (Sep 25 2023 at 12:08):luxinyi0105 edited issue #6940:
Test Case
The given testcase was simply mutated a wasm file, which was obtained by compiling C program generated with
CsmithusingEmscripten Compiler(Emcc).The original C program is
c_file.c, the compilation results with Emscripten iswasm_file.wasm, and its wat format iswat_file.wat.We mutated the wat file to change its
i32.subin line 11762 withi32.mul. The result after mutation ismutated_file.wat, and its wasm format ismutated_file.wasm.Expected Results
$ wasmtime mutated_file.wasmOutput nothing.
Actual Results
$ wasmtime mutated_file.wasm Error: failed to run main module `mutated_file.wasm` Caused by: 0: failed to invoke command default 1: error while executing at wasm backtrace: 0: 0x75ba - <unknown>!<wasm function 41> 1: 0x7bd0 - <unknown>!<wasm function 58> 2: 0x870c - <unknown>!<wasm function 61> 3: 0x7e70 - <unknown>!<wasm function 60> 4: 0x7d09 - <unknown>!<wasm function 59> 5: 0x8b39 - <unknown>!<wasm function 68> 6: 0x7544 - <unknown>!<wasm function 40> 7: 0x56a7 - <unknown>!<wasm function 12> 8: 0x3f65 - <unknown>!<wasm function 7> 9: 0x72d9 - <unknown>!<wasm function 34> 10: 0x7253 - <unknown>!<wasm function 33> 2: Pointer out of bounds: Region { start: 78792, len: 1914709016 }Versions and Environment
Wasmtime version or commit: wasmtime-cli 13.0.0
Operating system: Ubuntu 22.04.1
Architecture: x86_64Extra Info
I tried to use some other wasm runtimes, such as wasmer, wasmedge and wasmi to execute the same testcase, they terminate normally and do not output anything(do not trigger errors).
Maybe there is something wrong with the “exception handling module”, or other tools do not follow certain specifications or perform certain condition checks. Due to a lack of knowledge of WebAssembly, the detail still need you to confirm. Thanks a lot!
Wasmtime GitHub notifications bot (Oct 06 2024 at 22:43):Robbepop commented on issue #6940:
@alexcrichton I just triaged the issue for Wasmi and found that Wasmtime no longer traps here but instead happily returns the checksum: https://github.com/wasmi-labs/wasmi/issues/757#issuecomment-2395612799
Wasmtime GitHub notifications bot (Oct 06 2024 at 22:43):Robbepop edited a comment on issue #6940:
@alexcrichton I just triaged the issue for Wasmi and found that Wasmtime no longer traps here but instead happily returns the checksum: https://github.com/wasmi-labs/wasmi/issues/757#issuecomment-2395612799
% wasmtime --version wasmtime 25.0.1
Wasmtime GitHub notifications bot (Oct 06 2024 at 23:28):alexcrichton commented on issue #6940:
In https://github.com/wasmi-labs/wasmi/issues/757 where did you get
06-mutated.watfrom? The*.zipfiles in this issue and the wasmi issue are different, andmutated_file.wasmis different, so it may be expected that one passes and one doesn't. I can reproduce the file from https://github.com/wasmi-labs/wasmi/issues/757 succeeding, but the one attached to this issue still fails with the same error.
Wasmtime GitHub notifications bot (Oct 07 2024 at 07:52):Robbepop commented on issue #6940:
Hi @alexcrichton , sorry about the confusion with the Wasm file names. Yesterday I did a triage of many Wasmi issues and thus I renamed the Wasm files from the issues (which were often named the same).
Indeed the Wasm blobs in both issues are different. I probably got confused by the initial Wasmi issue post:
https://github.com/wasmi-labs/wasmi/issues/757#issue-1887832399According to the issue I submitted in wasmtime: https://github.com/bytecodealliance/wasmtime/issues/6940, the length of the pointer, 952683808, is out of bounds. Wasmtime emits a wasm traps when handed an out-of-bounds pointer, while other runtime tools maybe return ERRNO_FAULT.
Maybe the link to the Wasmtime issue is wrong there. But this link lead me to re-reporting the issue here.
Wasmtime GitHub notifications bot (Oct 07 2024 at 14:47):alexcrichton commented on issue #6940:
No worries! I wanted to try to dig in further to see what's going on. Do you still have a module on-hand that's exhibiting different behavior in two runtimes?
Wasmtime GitHub notifications bot (Oct 07 2024 at 15:38):Robbepop commented on issue #6940:
Well, the only Wasm blob I currently know where Wasmi and Wasmtime diverge is the one I was reporting above:
mutated_file.wasmormutated_file.watin this Zip file.Wasmi
% wasmi_cli mutated_file.wasm Error: failed during execution of _start: Pointer out of bounds: Region { start: 816071770, len: 952683808 }Wasmtime
% wasmtime mutated_file.wasm checksum = 72658C22
Wasmtime GitHub notifications bot (Oct 07 2024 at 15:39):Robbepop edited a comment on issue #6940:
Well, the only Wasm blob I currently know where Wasmi and Wasmtime diverge is the one I was reporting above:
mutated_file.wasmormutated_file.watin this Zip file.And I just re-checked and it indeed diverges in both.
Wasmi v0.38.0
% wasmi_cli mutated_file.wasm Error: failed during execution of _start: Pointer out of bounds: Region { start: 816071770, len: 952683808 }Wasmtime v25.0.1
% wasmtime mutated_file.wasm checksum = 72658C22
Wasmtime GitHub notifications bot (Oct 07 2024 at 15:39):Robbepop edited a comment on issue #6940:
Well, the only Wasm blob I currently know where Wasmi and Wasmtime diverge is the one I was reporting above:
mutated_file.wasmormutated_file.watin this Zip file.And I just re-checked (because it was very late yesterday) and it indeed diverges in both.
Wasmi v0.38.0
% wasmi_cli mutated_file.wasm Error: failed during execution of _start: Pointer out of bounds: Region { start: 816071770, len: 952683808 }Wasmtime v25.0.1
% wasmtime mutated_file.wasm checksum = 72658C22
Wasmtime GitHub notifications bot (Oct 07 2024 at 19:27):alexcrichton commented on issue #6940:
Digging in to this it looks like the issue is that beforehand
fd_writewas given 2 entries in its ciovec array. The mutation gives it instead 3 entries. Wasmtime however only look at the first non-empty entry and doesn't validate the others. Given the under-specification offd_writeand wasip1 functions in general I think this is probably fine, but that may explain the difference here.
Wasmtime GitHub notifications bot (Oct 07 2024 at 19:45):Robbepop commented on issue #6940:
Digging in to this it looks like the issue is that beforehand
fd_writewas given 2 entries in its ciovec array. The mutation gives it instead 3 entries. Wasmtime however only look at the first non-empty entry and doesn't validate the others. Given the under-specification offd_writeand wasip1 functions in general I think this is probably fine, but that may explain the difference here.Ah okay, very good to know. Thanks a lot for the clarification here!
Last updated: Nov 22 2024 at 17:03 UTC