-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix ASan handling of WasmOffsetConverter reading on a pthread #14611
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice 👍
'Thread T1 created by T0 here:', | ||
'SUMMARY: AddressSanitizer: heap-use-after-free', | ||
'Shadow bytes around the buggy address:', | ||
'Shadow byte legend (one shadow byte represents 8 application bytes):', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When these tests fail its really hard to know why.. I wonder if we can pipe the stderr back to the server and use the same output comparison methods we use in non-browser tests?
Do you know how common this pattern is in browser tests? Is it just the sanitizer tests?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I've only seen this pattern in the sanitizer tests. Yeah, I agree it's a little inconvenient, +1 for looking into possible improvements.
Following up on the change made in #14611, this change forces the `WasmOffsetConverter` before calling receiveInstantiationResult in both code paths (instantiateArrayBuffer and instantiateAsync). With that done (along with #14755) there are no more valid use cases for to block executation based on the absence of `WasmOffsetConverter`. By the time the instance is recieved it is always defined.
Following up on the change made in #14611, this change forces the `WasmOffsetConverter` before calling receiveInstantiationResult in both code paths (instantiateArrayBuffer and instantiateAsync). With that done (along with #14755) there are no more valid use cases for to block execution based on the absence of `WasmOffsetConverter`. By the time the instance is received it is always defined.
Following up on the change made in #14611, this change forces the `WasmOffsetConverter` before calling receiveInstantiationResult in both code paths (instantiateArrayBuffer and instantiateAsync). With that done (along with #14755) there are no more valid use cases for to block execution based on the absence of `WasmOffsetConverter`. By the time the instance is received it is always defined.
Following up on the change made in #14611, this change forces the `WasmOffsetConverter` before calling receiveInstantiationResult in both code paths (instantiateArrayBuffer and instantiateAsync). With that done (along with #14755) there are no more valid use cases for to block execution based on the absence of `WasmOffsetConverter`. By the time the instance is received it is always defined.
Following up on the change made in #14611, this change forces the `WasmOffsetConverter` before calling receiveInstantiationResult in both code paths (instantiateArrayBuffer and instantiateAsync). With that done (along with #14755) there are no more valid use cases for to block execution based on the absence of `WasmOffsetConverter`. By the time the instance is received it is always defined.
Following up on the change made in #14611, this change forces the `WasmOffsetConverter` before calling receiveInstantiationResult in both code paths (instantiateArrayBuffer and instantiateAsync). With that done (along with #14755) there are no more valid use cases for to block execution based on the absence of `WasmOffsetConverter`. By the time the instance is received it is always defined.
Following up on the change made in #14611, this change forces the `WasmOffsetConverter` before calling `receiveInstantiationResult` in both code paths (instantiateArrayBuffer and instantiateAsync). With that done (along with #14755) there are no more valid use cases for to block execution based on the absence of `WasmOffsetConverter`. By the time the instance is received it is always defined.
If ASan wants to show a stack trace on a pthread (like the trace to get to
an allocation that was later used after free), then it needs access to the
WasmOffsetConverter. We had a race there, where it could postMessage
the WasmOffsetConverter before that object was actually filled with the
data it needs (function offsets). See details in comments.
Fixes #13205