search

lambdaclass / cairo_native

A compiler to convert Cairo's intermediate representation "Sierra" code to MLIR.
https://lambdaclass.github.io/cairo_native/cairo_native
Apache License 2.0
110 stars 41 forks source link

Segmentation fault in tx 0x56b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4 #711

Closed pefontana closed 2 days ago

pefontana commented 5 days ago

To replicate it, run cargo run tx 0x56b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4 mainnet 653012 in the starknet replay crate in a computer with x86 architecture. it should return Segmentation fault

https://starkscan.co/tx/0x056b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4

Here is another tx with the same error 

tx hash: 0x1be76b60066a058349b1a8cc4da0f472022dcf5e720a213f990030b3e6060cc
Block number: 646356
Chain: mainnet

https://starkscan.co/tx/0x056b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4

The TX should revert with:

Error in the called contract (0x04505a9f06f2bd639b6601f37a4dc0908bb70e8e0e0c34b1220827d64f4fc066):
Execution failed. Failure reason: 0x434c4541525f41545f4c454153545f4d494e494d554d ('CLEAR_AT_LEAST_MINIMUM')

So, I think the error come from this contract https://github.com/EkuboProtocol/abis/blob/cccac030c7e66e0cb986fab9989d98e59c3a7436/src/components/clear.cairo#L32

edg-l commented 4 days ago

Managed to get somewhat a backtrace, lib/lib.tmpxcG5le.so is the contract

gef➤  bt
#0  0x00007fffdc78486d in f21 () from lib/lib.tmpxcG5le.so
#1  0x00007fffdc785fc9 in f24 () from lib/lib.tmpxcG5le.so
#2  0x00007fffdc7804d1 in f15 () from lib/lib.tmpxcG5le.so
#3  0x00007fffdc77092e in f0 () from lib/lib.tmpxcG5le.so
#4  0x00007fffdc770ca7 in _mlir_ciface_f0 () from lib/lib.tmpxcG5le.so
#5  0x00005555582a2db1 in _invoke_trampoline ()
#6  0x0000000000000000 in ?? ()
$rax   : 0x000055555ebf0a60  →  0x0000555034c3ad60
$rbx   : 0x000055555df7e240  →  0x0000000000000002
$rcx   : 0x3fcaffffc0      
$rdx   : 0x3fcaffffc0      
$rsp   : 0x00007ffffffd0fc0  →  0x0020202000000000
$rbp   : 0x18              
$rsi   : 0xff2c0000        
$rdi   : 0x13              
$rip   : 0x00007fffdc78486d  →  <f21+381> vmovups zmm0, ZMMWORD PTR [rdx]
$r8    : 0x0               
$r9    : 0xff2bffff        
$r10   : 0x18              
$r11   : 0x0               
$r12   : 0x0               
$r13   : 0xf               
$r14   : 0x253d8264e       
$r15   : 0x65              
$eflags: [zero carry PARITY adjust sign trap INTERRUPT direction overflow RESUME virtualx86 identification]
$cs: 0x33 $ss: 0x2b $ds: 0x00 $es: 0x00 $fs: 0x00 $gs: 0x00 
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
0x00007ffffffd0fc0│+0x0000: 0x0020202000000000   ← $rsp
0x00007ffffffd0fc8│+0x0008: 0x0000000000000000
0x00007ffffffd0fd0│+0x0010: 0xff2c000020202020 ("    "?)
0x00007ffffffd0fd8│+0x0018: 0x2020202020202000
0x00007ffffffd0fe0│+0x0020: 0x000055555ebf0a60  →  0x0000555034c3ad60
0x00007ffffffd0fe8│+0x0028: 0x0000000000000001
0x00007ffffffd0ff0│+0x0030: 0x0000000000000000
0x00007ffffffd0ff8│+0x0038: 0x0000000000000001
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
   0x7fffdc784864 <f21+372>        inc    esi
   0x7fffdc784866 <f21+374>        add    rdx, rcx
   0x7fffdc784869 <f21+377>        mov    DWORD PTR [rsp+0x14], esi
 → 0x7fffdc78486d <f21+381>        vmovups zmm0, ZMMWORD PTR [rdx]
   0x7fffdc784873 <f21+387>        vmovups ZMMWORD PTR [rax], zmm0
   0x7fffdc784879 <f21+393>        mov    QWORD PTR [rsp+0x20], rax
   0x7fffdc78487e <f21+398>        mov    BYTE PTR [rsp+0x18], 0x0
   0x7fffdc784883 <f21+403>        movzx  ecx, BYTE PTR [rsp+0x27]
   0x7fffdc784888 <f21+408>        movzx  edx, BYTE PTR [rsp+0x26]
edg-l commented 3 days ago

The previous comment what with the AOT runner, with JIT it seems to work:

  2024-07-03T11:39:11.045848Z  INFO replay: execution finished successfully, transaction_hash: "0x56b7a03200641d480abb3e314922e3adfa368d8b85a4dbf69e31845cf1ef1e4", chain: "mainnet", execution_status: "REVERTED", rpc_execution_status: "REVERTED", execution_error_message: "Transaction execution has failed:\n0: Error in the called contract (contract address: 0x019de0995020b7fea7d7776754f2a62e1fd69b6977b19c78e8c19bbb5436c6e4, class hash: 0x029927c8af6bccf3f6fda035981e765a7bdbf18a2dc0d630494f8758aa908e2b, selector: 0x015d40a3d6ca2ac30f4031e42be28da9b056fef9bb7357ac5e85627ee876e5ad):\nNative execution error: argent/multicall-failed\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\u{2}Native execution error: CLEAR_AT_LEAST_MINIMUM\n"