Open fitzgen opened 4 years ago
Just pulled master and tried again with commit 7168130594a226b6a48186a7c1dd68987f2007cf and got this different abort and stacktrace:
The failing assertion:
https://github.com/WebAssembly/binaryen/blob/7168130/src/tools/wasm-reduce.cpp#L1267
Hmm, binaryen and wabt don't seem to recognize the input wasm file as valid. I think --force
is skipping over that error, and then it breaks down later.
Is this perhaps using multivalue or something else not yet supported in binaryen and wabt?
Correct. This is both using multi-value, and it is not a valid wasm file. That said, it is almost a valid wasm file, and I'd expect that wasm-reduce
would be able to reduce such inputs. Is this not a supported use case?
(See also https://github.com/WebAssembly/wabt/issues/1331 for the disassembly)
Oh, no, sorry - wasm-reduce depends on the ability of binaryen to read the wasm and use its structure in order to reduce it. If it can't read it, it can't do anything. I updated the docs on https://github.com/WebAssembly/binaryen/wiki/Fuzzing now.
Ah okay, thanks for the explanation! Should we close this issue then, or did you want to keep it open for tracking work to exit gracefully (potentially with an error message) rather than abort?
I think the abort is only reached if -f
is passed, so I don't think it's a high priority to fix, and I'm not sure offhand how to do it, so I suspect it's not worth it. I think maybe the docs I updated are good enough here. Closing. Thanks again for reporting!
Steps to Reproduce
multi-val-overflow.wasm
is this file: https://github.com/bytecodealliance/wasmparser/files/4171056/foo.wasm.2.gzHere is
Note that this scripte requires a rust toolchain and check out of https://github.com/bytecodealliance/wasmparser/ ```sh #!/usr/bin/env bash set -eux cargo run \ --manifest-path ~/wasmparser/Cargo.toml \ --example validate \ ~/scratch/multi-val-overflow.test.wasm \ 2>&1 | grep -q 'attempt to subtract with overflow' ```predicate.sh
Full Logs and Stacktrace