WasmKit icon indicating copy to clipboard operation
WasmKit copied to clipboard

Published 20 hours ago verified publisher icon swiftwasm

Make `InstructionTranslator` non-copyable

Open MaxDesiatov opened this issue 1 month ago • 3 comments

This avoids unintentional possible ARC traffic if InstructionTranslator is accidentally copied, as it stores references to classes like ISeqAllocator.

MaxDesiatov avatar Oct 20 '25 13:10 MaxDesiatov

Only builds with main snapshots are failing due to an assertion:

SIL memory lifetime failure in @$s7WasmKit21InstructionTranslatorV9allocator19engineConfiguration16funcTypeInterner6module4type6locals13functionIndex8codeSize14isIntercepting0R9DebuggingAcA13ISeqAllocatorC_AA06EngineG0VAA0J0Cy0A5Types08FunctionI0VGAA12EntityHandleVyAA08InstanceZ0VGAVSayAT05ValueI0OGs6UInt32VSiS2btKcfC: memory is not initialized, but should be
memory location:   %25 = struct_element_addr %24 : $*InstructionTranslator, #InstructionTranslator.allocator // user: %26
at instruction:   destroy_addr %171 : $*ISeqAllocator             // id: %172

Abort: function reportError at MemoryLifetimeVerifier.cpp:268
in function:
// InstructionTranslator.init(allocator:engineConfiguration:funcTypeInterner:module:type:locals:functionIndex:codeSize:isIntercepting:isDebugging:)

MaxDesiatov avatar Oct 20 '25 19:10 MaxDesiatov

Very concerning that the ASan fuzz detected invalid memory access 🤔 https://github.com/swiftwasm/WasmKit/actions/runs/18654651206/job/53180660404?pr=209

kateinoigakukun avatar Oct 20 '25 23:10 kateinoigakukun

If I'm not mistaken, it seems like the SIL code tries to destroy struct members twice when an Error is thrown during the translator init.

// %155                                           // user: %184
bb2(%155 : @owned $any Error):                    // Preds: bb0
  %156 = struct_element_addr %11, #InstructionTranslator.allocator // user: %161
  %157 = struct_element_addr %11, #InstructionTranslator.funcTypeInterner // user: %162
  %158 = struct_element_addr %11, #InstructionTranslator.iseqBuilder // user: %163
  %159 = struct_element_addr %11, #InstructionTranslator.controlStack // user: %164
  %160 = struct_element_addr %11, #InstructionTranslator.type // user: %165
  destroy_addr %156                               // id: %161
  destroy_addr %157                               // id: %162
  destroy_addr %158                               // id: %163
  destroy_addr %159                               // id: %164
  destroy_addr %160                               // id: %165
  debug_value undef : $*InstructionTranslator, var, name "self" // id: %166
  destroy_value %5                                // id: %167
  destroy_value %4                                // id: %168
  destroy_value %2                                // id: %169
  destroy_value %0                                // id: %170
  %171 = struct_element_addr %11, #InstructionTranslator.allocator // user: %172
  destroy_addr %171                               // id: %172
  %173 = struct_element_addr %11, #InstructionTranslator.funcTypeInterner // user: %174
  destroy_addr %173                               // id: %174
  %175 = struct_element_addr %11, #InstructionTranslator.module // user: %176
  destroy_addr %175                               // id: %176
  %177 = struct_element_addr %11, #InstructionTranslator.iseqBuilder // user: %178
  destroy_addr %177                               // id: %178
  %179 = struct_element_addr %11, #InstructionTranslator.controlStack // user: %180
  destroy_addr %179                               // id: %180
  %181 = struct_element_addr %11, #InstructionTranslator.type // user: %182
  destroy_addr %181                               // id: %182
  dealloc_stack %11                               // id: %183
  throw %155                                      // id: %184
} // end sil function

kateinoigakukun avatar Oct 20 '25 23:10 kateinoigakukun