search

bytecodealliance / wasm-micro-runtime

WebAssembly Micro Runtime (WAMR)
Apache License 2.0
4.66k stars 577 forks source link

Enabling GC and AOT in multi-module sample causes IOT Instruction crash #3545

Closed XeniaLu closed 1 week ago

XeniaLu commented 2 weeks ago

When enabling GC and AOT compilation in the multi-module sample, the program crashes with an IOT instruction (core dumped) error.

Steps to reproduce

  1. Apply the following changes to samples/multi-module/CMakeLists.txt:
diff --git a/samples/multi-module/CMakeLists.txt b/samples/multi-module/CMakeLists.txt
index 7b3fdb85..ca06fd3d 100644
--- a/samples/multi-module/CMakeLists.txt
+++ b/samples/multi-module/CMakeLists.txt
@@ -44,7 +44,7 @@ endif ()

 set(WAMR_BUILD_INTERP 1)
 if (NOT DEFINED WAMR_BUILD_AOT)
-  set(WAMR_BUILD_AOT 0)
+  set(WAMR_BUILD_AOT 1)
 endif ()
 if (NOT DEFINED WAMR_BUILD_JIT)
   set(WAMR_BUILD_JIT 0)
@@ -54,6 +54,7 @@ set(WAMR_BUILD_REF_TYPES 1)
 set(WAMR_BUILD_LIBC_BUILTIN 1)
 set(WAMR_BUILD_LIBC_WASI 1)
 set(WAMR_BUILD_MULTI_MODULE 1)
+set(WAMR_BUILD_GC 1)

 # compiling and linking flags
 if (NOT (CMAKE_C_COMPILER MATCHES ".*clang.*" OR CMAKE_C_COMPILER_ID MATCHES ".*Clang"))
@@ -178,11 +179,11 @@ if (WAMR_BUILD_AOT EQUAL 1)
     DEPENDS
     WASM_MODULE ${WAMR_COMPILER}
     COMMAND
-    ${WAMR_COMPILER} -o mA.aot ./mA.wasm
+    ${WAMR_COMPILER} --enable-gc -o mA.aot ./mA.wasm
     COMMAND
-    ${WAMR_COMPILER} -o mB.aot ./mB.wasm
+    ${WAMR_COMPILER} --enable-gc -o mB.aot ./mB.wasm
     COMMAND
-    ${WAMR_COMPILER} -o mC.aot ./mC.wasm
+    ${WAMR_COMPILER} --enable-gc -o mC.aot ./mC.wasm
     WORKING_DIRECTORY
     ${CMAKE_BINARY_DIR}
   )
  1. Build and run ./multi_module mC.aot

Expected behavior

$./multi_module mC.aot
- wasm_runtime_full_init
- wasm_runtime_set_module_reader
- wasm_runtime_load
- wasm_runtime_instantiate

----------------------------------------
call "C1", it will return 0x1f:i32, ===> 0x1f:i32
call "C2", it will call B1() of mB and return 0x15:i32, ===> 0x15:i32
call "C3", it will call A1() of mA and return 0xb:i32, ===> 0xb:i32
call "C4", it will call B2() of mB and call A1() of mA and return 0xb:i32, ===> 0xb:i32
call "C5", it will be failed since it is a export function, ===> - wasm_runtime_deinstantiate
- wasm_runtime_unload
- wasm_runtime_destroy

Actual behavior

$./multi_module mC.aot
- wasm_runtime_full_init
- wasm_runtime_set_module_reader
- wasm_runtime_load
- wasm_runtime_instantiate

----------------------------------------
call "C1", it will return 0x1f:i32, ===> 0x1f:i32
call "C2", it will call B1() of mB and return 0x15:i32, ===> 0x15:i32
call "C3", it will call A1() of mA and return 0xb:i32, ===> 0xb:i32
call "C4", it will call B2() of mB and call A1() of mA and return 0xb:i32, ===> unhandled SIGSEGV, si_addr: 0x38
IOT instruction (core dumped)  ./multi_module mC.aot

Extra Info

The backtrace from the core dump:

(gdb) bt
#0  0x000073a2a5c79e44 in ?? () from /usr/lib/libc.so.6
#1  0x000073a2a5c21a30 in raise () from /usr/lib/libc.so.6
#2  0x000073a2a5c094c3 in abort () from /usr/lib/libc.so.6
#3  0x00005a19f133fc62 in signal_callback (sig_num=11, sig_info=0x73a2a5ee05b0, sig_ucontext=0x73a2a5ee0480) at core/shared/platform/common/posix/posix_thread.c:642
#4  <signal handler called>
#5  0x00000000418e20e9 in ?? ()
#6  0x00005a19f13bcaf0 in sandbox_memory_space ()
#7  0x00005a19f13c1798 in sandbox_memory_space ()
#8  0x00005a19f13bd790 in sandbox_memory_space ()
#9  0x00005a19f131dcec in push_args_end () at core/iwasm/common/arch/invokeNative_em64_simd.s:61
#10 0x00007ffc6614fd10 in ?? ()
#11 0x00005a19f131c028 in wasm_runtime_invoke_native (exec_env=0x73a2a5c3cc40 <printf>, func_ptr=0x73a2a5bf9950, func_type=0x0, signature=0x1 <error: Cannot access memory at address 0x1>, attachment=0x73a2a5ef1b7d, argv=0x7ffc6614f9f0, argc=4047028056, argv_ret=0x5a19f139bdb8)
    at core/iwasm/common/wasm_runtime_common.c:5619
Backtrace stopped: frame did not save the PC