Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crucible-wasm's handling of data segments is likely broken #1231

Open
RyanGlScott opened this issue Aug 1, 2024 · 0 comments
Open

crucible-wasm's handling of data segments is likely broken #1231

RyanGlScott opened this issue Aug 1, 2024 · 0 comments
Labels
bug crucible wasm

Comments

@RyanGlScott
Copy link
Contributor

I attempted to run crucible-wasm on this test case, which is distilled from a similar test case in the official WebAssembly spec:

;; Test the data section

;; Syntax

(module
  (memory $m 1)
  (data (i32.const 0))
  (data (i32.const 1) "a" "" "bcd")
  (data (offset (i32.const 0)))
  (data (offset (i32.const 0)) "" "a" "bc" "")
  (data 0 (i32.const 0))
  (data 0x0 (i32.const 1) "a" "" "bcd")
  (data 0x000 (offset (i32.const 0)))
  (data 0 (offset (i32.const 0)) "" "a" "bc" "")
  (data $m (i32.const 0))
  (data $m (i32.const 1) "a" "" "bcd")
  (data $m (offset (i32.const 0)))
  (data $m (offset (i32.const 0)) "" "a" "bc" "")
)

;; Basic use

(module
  (memory 1)
  (data (i32.const 0) "a")
)

(module
  (memory 1)
  (data (i32.const 0) "a")
  (data (i32.const 3) "b")
  (data (i32.const 100) "cde")
  (data (i32.const 5) "x")
  (data (i32.const 3) "c")
)

;; Use of internal globals in constant expressions is not allowed in MVP.
;; (module (memory 1) (data (global.get 0) "a") (global i32 (i32.const 0)))
;; (module (memory 1) (data (global.get $g) "a") (global $g i32 (i32.const 0)))

;; Corner cases

(module
  (memory 1)
  (data (i32.const 0) "a")
  (data (i32.const 0xffff) "b")
)

(module
  (memory 2)
  (data (i32.const 0x1_ffff) "a")
)

(module
  (memory 0)
  (data (i32.const 0))
)

(module
  (memory 0 0)
  (data (i32.const 0))
)

(module
  (memory 1)
  (data (i32.const 0x1_0000) "")
)

(module
  (memory 0)
  (data (i32.const 0) "" "")
)

(module
  (memory 0 0)
  (data (i32.const 0) "" "")
)

This results in several assertion failures:

$ cabal run exe:crucible-wasm -- data.wast 
[(Wasm Memory 0,0,""),(Wasm Memory 0,1,"abcd"),(Wasm Memory 0,0,""),(Wasm Memory 0,0,"abc"),(Wasm Memory 0,0,""),(Wasm Memory 0,1,"abcd"),(Wasm Memory 0,0,""),(Wasm Memory 0,0,"abc"),(Wasm Memory 0,0,""),(Wasm Memory 0,1,"abcd"),(Wasm Memory 0,0,""),(Wasm Memory 0,0,"abc")]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := "abc"
              *(1, 0x0:[32]) := ""
              *(1, 0x1:[32]) := "abcd"
              *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
[(Wasm Memory 1,0,"a")]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := "a"
              *(1, 0x0:[32]) := constArray 0x0:[8]
[(Wasm Memory 2,0,"a"),(Wasm Memory 2,3,"b"),(Wasm Memory 2,100,"cde"),(Wasm Memory 2,5,"x"),(Wasm Memory 2,3,"c")]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := "a"
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x3:[32]) := "b"
              *(1, 0x0:[32]) := "a"
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x64:[32]) := "cde"
              *(1, 0x3:[32]) := "b"
              *(1, 0x0:[32]) := "a"
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x5:[32]) := "x"
              *(1, 0x64:[32]) := "cde"
              *(1, 0x3:[32]) := "b"
              *(1, 0x0:[32]) := "a"
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x3:[32]) := "c"
              *(1, 0x5:[32]) := "x"
              *(1, 0x64:[32]) := "cde"
              *(1, 0x3:[32]) := "b"
              *(1, 0x0:[32]) := "a"
              *(1, 0x0:[32]) := constArray 0x0:[8]
[(Wasm Memory 3,0,"a"),(Wasm Memory 3,65535,"b")]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := "a"
              *(1, 0x0:[32]) := constArray 0x0:[8]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0xffff:[32]) := "b"
              *(1, 0x0:[32]) := "a"
              *(1, 0x0:[32]) := constArray 0x0:[8]
[(Wasm Memory 4,131071,"a")]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x1ffff:[32]) := "a"
              *(1, 0x0:[32]) := constArray 0x0:[8]
[(Wasm Memory 5,0,"")]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
[(Wasm Memory 6,0,"")]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
[(Wasm Memory 7,65536,"")]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x10000:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
[(Wasm Memory 8,0,"")]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
[(Wasm Memory 9,0,"")]
Base memory
  Allocations:
    GlobalAlloc 1  Mutable 1-byte-aligned 
  Writes:
    Indexed chunk:
      1 |->   *(1, 0x0:[32]) := ""
              *(1, 0x0:[32]) := constArray 0x0:[8]
[Crux] Attempting to prove verification conditions.
[Crux] Found counterexample for verification goal
[Crux]   :1:0: error: in _start
[Crux]   pointer out of bounds
[Crux] Found counterexample for verification goal
[Crux]   :1:0: error: in _start
[Crux]   pointer out of bounds
[Crux] Found counterexample for verification goal
[Crux]   :1:0: error: in _start
[Crux]   pointer out of bounds
[Crux] Found counterexample for verification goal
[Crux]   :1:0: error: in _start
[Crux]   pointer out of bounds
[Crux] Found counterexample for verification goal
[Crux]   :1:0: error: in _start
[Crux]   pointer out of bounds
[Crux] Goal status:
[Crux]   Total: 5
[Crux]   Proved: 0
[Crux]   Disproved: 5
[Crux]   Incomplete: 0
[Crux]   Unknown: 0
[Crux] Overall status: Invalid.

Given that the WebAssembly reference interpreter passes this test, this likely indicates a bug in crucible-wasm's treatment of data segments.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug crucible wasm
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@RyanGlScott