Browse Source
* attempt at inserting things where i think they might belong + questions * entry hook + questions * commented out all changes, doc comment errors * fix doc comment * libcalls build now!!!! * initial check_malloc_exit setup * WIP: load/store hooks * hooks added + building * added valgrind library * made wasm-valgrind accessible in wasmtime * check_malloc filled in... * move valgrind_state to an appropriate part of instance it works!!!!! * yay it's working! (?) i think?? * stack tracing in progress * errors + num bytes displayed * initial valgrind configuration * valgrind conditional some warnings fixed * conditional compilation + CLI flag finished * panic!() changed to bail!() * started adding doc comments * added memory grow hook + fixed access size handling * removed test.wasm * removed malloc_twice.wat * doc comments in spec.rs * pr feedback addressed * ran cargo fmt * addressing more feedback * Remove fuzz crate from wmemcheck. * Review feedback and test fix. * add wasmtime-wmemcheck crate to publish allowlist. * fix build without compiler features * reorder crates in publish list * Add trampolines for libcalls on s390x. * Make wasmtime-wmemcheck dep an exact version requirement. --------- Co-authored-by: iximeow <awortman@fastly.com> Co-authored-by: Chris Fallin <chris@cfallin.org> Co-authored-by: iximeow <git@iximeow.net>pull/6134/merge
ssunkin-fastly
1 year ago
committed by
GitHub
GitHub
30 changed files with 1002 additions and 31 deletions
@ -0,0 +1,11 @@ |
|||
[package] |
|||
name = "wasmtime-wmemcheck" |
|||
version.workspace = true |
|||
authors.workspace = true |
|||
description = "Memcheck implementation for Wasmtime" |
|||
license = "Apache-2.0 WITH LLVM-exception" |
|||
repository = "https://github.com/bytecodealliance/wasmtime" |
|||
documentation = "https://docs.rs/wasmtime-cranelift/" |
|||
edition.workspace = true |
|||
|
|||
[dependencies] |
|||
@ -0,0 +1,404 @@ |
|||
use std::cmp::*; |
|||
use std::collections::HashMap; |
|||
|
|||
/// Memory checker for wasm guest.
|
|||
pub struct Wmemcheck { |
|||
metadata: Vec<MemState>, |
|||
mallocs: HashMap<usize, usize>, |
|||
pub stack_pointer: usize, |
|||
max_stack_size: usize, |
|||
pub flag: bool, |
|||
} |
|||
|
|||
/// Error types for memory checker.
|
|||
#[derive(Debug, PartialEq)] |
|||
pub enum AccessError { |
|||
/// Malloc over already malloc'd memory.
|
|||
DoubleMalloc { addr: usize, len: usize }, |
|||
/// Read from uninitialized or undefined memory.
|
|||
InvalidRead { addr: usize, len: usize }, |
|||
/// Write to uninitialized memory.
|
|||
InvalidWrite { addr: usize, len: usize }, |
|||
/// Free of non-malloc'd pointer.
|
|||
InvalidFree { addr: usize }, |
|||
/// Access out of bounds of heap or stack.
|
|||
OutOfBounds { addr: usize, len: usize }, |
|||
} |
|||
|
|||
/// Memory state for memory checker.
|
|||
#[derive(Debug, Clone, PartialEq)] |
|||
pub enum MemState { |
|||
/// Unallocated memory.
|
|||
Unallocated, |
|||
/// Initialized but undefined memory.
|
|||
ValidToWrite, |
|||
/// Initialized and defined memory.
|
|||
ValidToReadWrite, |
|||
} |
|||
|
|||
impl Wmemcheck { |
|||
/// Initializes memory checker instance.
|
|||
pub fn new(mem_size: usize) -> Wmemcheck { |
|||
let metadata = vec![MemState::Unallocated; mem_size]; |
|||
let mallocs = HashMap::new(); |
|||
Wmemcheck { |
|||
metadata, |
|||
mallocs, |
|||
stack_pointer: 0, |
|||
max_stack_size: 0, |
|||
flag: true, |
|||
} |
|||
} |
|||
|
|||
/// Updates memory checker memory state metadata when malloc is called.
|
|||
pub fn malloc(&mut self, addr: usize, len: usize) -> Result<(), AccessError> { |
|||
if !self.is_in_bounds_heap(addr, len) { |
|||
return Err(AccessError::OutOfBounds { |
|||
addr: addr, |
|||
len: len, |
|||
}); |
|||
} |
|||
for i in addr..addr + len { |
|||
match self.metadata[i] { |
|||
MemState::ValidToWrite => { |
|||
return Err(AccessError::DoubleMalloc { |
|||
addr: addr, |
|||
len: len, |
|||
}); |
|||
} |
|||
MemState::ValidToReadWrite => { |
|||
return Err(AccessError::DoubleMalloc { |
|||
addr: addr, |
|||
len: len, |
|||
}); |
|||
} |
|||
_ => {} |
|||
} |
|||
} |
|||
for i in addr..addr + len { |
|||
self.metadata[i] = MemState::ValidToWrite; |
|||
} |
|||
self.mallocs.insert(addr, len); |
|||
Ok(()) |
|||
} |
|||
|
|||
/// Updates memory checker memory state metadata when a load occurs.
|
|||
pub fn read(&mut self, addr: usize, len: usize) -> Result<(), AccessError> { |
|||
if !self.flag { |
|||
return Ok(()); |
|||
} |
|||
if !(self.is_in_bounds_stack(addr, len) || self.is_in_bounds_heap(addr, len)) { |
|||
return Err(AccessError::OutOfBounds { |
|||
addr: addr, |
|||
len: len, |
|||
}); |
|||
} |
|||
for i in addr..addr + len { |
|||
match self.metadata[i] { |
|||
MemState::Unallocated => { |
|||
return Err(AccessError::InvalidRead { |
|||
addr: addr, |
|||
len: len, |
|||
}); |
|||
} |
|||
MemState::ValidToWrite => { |
|||
return Err(AccessError::InvalidRead { |
|||
addr: addr, |
|||
len: len, |
|||
}); |
|||
} |
|||
_ => {} |
|||
} |
|||
} |
|||
Ok(()) |
|||
} |
|||
|
|||
/// Updates memory checker memory state metadata when a store occurs.
|
|||
pub fn write(&mut self, addr: usize, len: usize) -> Result<(), AccessError> { |
|||
if !self.flag { |
|||
return Ok(()); |
|||
} |
|||
if !(self.is_in_bounds_stack(addr, len) || self.is_in_bounds_heap(addr, len)) { |
|||
return Err(AccessError::OutOfBounds { |
|||
addr: addr, |
|||
len: len, |
|||
}); |
|||
} |
|||
for i in addr..addr + len { |
|||
if let MemState::Unallocated = self.metadata[i] { |
|||
return Err(AccessError::InvalidWrite { |
|||
addr: addr, |
|||
len: len, |
|||
}); |
|||
} |
|||
} |
|||
for i in addr..addr + len { |
|||
self.metadata[i] = MemState::ValidToReadWrite; |
|||
} |
|||
Ok(()) |
|||
} |
|||
|
|||
/// Updates memory checker memory state metadata when free is called.
|
|||
pub fn free(&mut self, addr: usize) -> Result<(), AccessError> { |
|||
if !self.mallocs.contains_key(&addr) { |
|||
return Err(AccessError::InvalidFree { addr: addr }); |
|||
} |
|||
let len = self.mallocs[&addr]; |
|||
for i in addr..addr + len { |
|||
if let MemState::Unallocated = self.metadata[i] { |
|||
return Err(AccessError::InvalidFree { addr: addr }); |
|||
} |
|||
} |
|||
self.mallocs.remove(&addr); |
|||
for i in addr..addr + len { |
|||
self.metadata[i] = MemState::Unallocated; |
|||
} |
|||
Ok(()) |
|||
} |
|||
|
|||
fn is_in_bounds_heap(&self, addr: usize, len: usize) -> bool { |
|||
self.max_stack_size <= addr && addr + len <= self.metadata.len() |
|||
} |
|||
|
|||
fn is_in_bounds_stack(&self, addr: usize, len: usize) -> bool { |
|||
self.stack_pointer <= addr && addr + len < self.max_stack_size |
|||
} |
|||
|
|||
/// Updates memory checker metadata when stack pointer is updated.
|
|||
pub fn update_stack_pointer(&mut self, new_sp: usize) -> Result<(), AccessError> { |
|||
if new_sp > self.max_stack_size { |
|||
return Err(AccessError::OutOfBounds { |
|||
addr: self.stack_pointer, |
|||
len: new_sp - self.stack_pointer, |
|||
}); |
|||
} else if new_sp < self.stack_pointer { |
|||
for i in new_sp..self.stack_pointer + 1 { |
|||
self.metadata[i] = MemState::ValidToReadWrite; |
|||
} |
|||
} else { |
|||
for i in self.stack_pointer..new_sp { |
|||
self.metadata[i] = MemState::Unallocated; |
|||
} |
|||
} |
|||
self.stack_pointer = new_sp; |
|||
Ok(()) |
|||
} |
|||
|
|||
/// Turns memory checking on.
|
|||
pub fn memcheck_on(&mut self) { |
|||
self.flag = true; |
|||
} |
|||
|
|||
/// Turns memory checking off.
|
|||
pub fn memcheck_off(&mut self) { |
|||
self.flag = false; |
|||
} |
|||
|
|||
/// Initializes stack and stack pointer in memory checker metadata.
|
|||
pub fn set_stack_size(&mut self, stack_size: usize) { |
|||
self.max_stack_size = stack_size + 1; |
|||
// TODO: temporary solution to initialize the entire stack
|
|||
// while keeping stack tracing plumbing in place
|
|||
self.stack_pointer = stack_size; |
|||
let _ = self.update_stack_pointer(0); |
|||
} |
|||
|
|||
/// Updates memory checker metadata size when memory.grow is called.
|
|||
pub fn update_mem_size(&mut self, num_bytes: usize) { |
|||
let to_append = vec![MemState::Unallocated; num_bytes]; |
|||
self.metadata.extend(to_append); |
|||
} |
|||
} |
|||
|
|||
#[test] |
|||
fn basic_wmemcheck() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
wmemcheck_state.set_stack_size(1024); |
|||
assert!(wmemcheck_state.malloc(0x1000, 32).is_ok()); |
|||
assert!(wmemcheck_state.write(0x1000, 4).is_ok()); |
|||
assert!(wmemcheck_state.read(0x1000, 4).is_ok()); |
|||
assert_eq!(wmemcheck_state.mallocs, HashMap::from([(0x1000, 32)])); |
|||
assert!(wmemcheck_state.free(0x1000).is_ok()); |
|||
assert!(wmemcheck_state.mallocs.is_empty()); |
|||
} |
|||
|
|||
#[test] |
|||
fn read_before_initializing() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
assert!(wmemcheck_state.malloc(0x1000, 32).is_ok()); |
|||
assert_eq!( |
|||
wmemcheck_state.read(0x1000, 4), |
|||
Err(AccessError::InvalidRead { |
|||
addr: 0x1000, |
|||
len: 4 |
|||
}) |
|||
); |
|||
assert!(wmemcheck_state.write(0x1000, 4).is_ok()); |
|||
assert!(wmemcheck_state.free(0x1000).is_ok()); |
|||
} |
|||
|
|||
#[test] |
|||
fn use_after_free() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
assert!(wmemcheck_state.malloc(0x1000, 32).is_ok()); |
|||
assert!(wmemcheck_state.write(0x1000, 4).is_ok()); |
|||
assert!(wmemcheck_state.write(0x1000, 4).is_ok()); |
|||
assert!(wmemcheck_state.free(0x1000).is_ok()); |
|||
assert_eq!( |
|||
wmemcheck_state.write(0x1000, 4), |
|||
Err(AccessError::InvalidWrite { |
|||
addr: 0x1000, |
|||
len: 4 |
|||
}) |
|||
); |
|||
} |
|||
|
|||
#[test] |
|||
fn double_free() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
assert!(wmemcheck_state.malloc(0x1000, 32).is_ok()); |
|||
assert!(wmemcheck_state.write(0x1000, 4).is_ok()); |
|||
assert!(wmemcheck_state.free(0x1000).is_ok()); |
|||
assert_eq!( |
|||
wmemcheck_state.free(0x1000), |
|||
Err(AccessError::InvalidFree { addr: 0x1000 }) |
|||
); |
|||
} |
|||
|
|||
#[test] |
|||
fn out_of_bounds_malloc() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
assert_eq!( |
|||
wmemcheck_state.malloc(640 * 1024, 1), |
|||
Err(AccessError::OutOfBounds { |
|||
addr: 640 * 1024, |
|||
len: 1 |
|||
}) |
|||
); |
|||
assert_eq!( |
|||
wmemcheck_state.malloc(640 * 1024 - 10, 15), |
|||
Err(AccessError::OutOfBounds { |
|||
addr: 640 * 1024 - 10, |
|||
len: 15 |
|||
}) |
|||
); |
|||
assert!(wmemcheck_state.mallocs.is_empty()); |
|||
} |
|||
|
|||
#[test] |
|||
fn out_of_bounds_read() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
assert!(wmemcheck_state.malloc(640 * 1024 - 24, 24).is_ok()); |
|||
assert_eq!( |
|||
wmemcheck_state.read(640 * 1024 - 24, 25), |
|||
Err(AccessError::OutOfBounds { |
|||
addr: 640 * 1024 - 24, |
|||
len: 25 |
|||
}) |
|||
); |
|||
} |
|||
|
|||
#[test] |
|||
fn double_malloc() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
assert!(wmemcheck_state.malloc(0x1000, 32).is_ok()); |
|||
assert_eq!( |
|||
wmemcheck_state.malloc(0x1000, 32), |
|||
Err(AccessError::DoubleMalloc { |
|||
addr: 0x1000, |
|||
len: 32 |
|||
}) |
|||
); |
|||
assert_eq!( |
|||
wmemcheck_state.malloc(0x1002, 32), |
|||
Err(AccessError::DoubleMalloc { |
|||
addr: 0x1002, |
|||
len: 32 |
|||
}) |
|||
); |
|||
assert!(wmemcheck_state.free(0x1000).is_ok()); |
|||
} |
|||
|
|||
#[test] |
|||
fn error_type() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
assert!(wmemcheck_state.malloc(0x1000, 32).is_ok()); |
|||
assert_eq!( |
|||
wmemcheck_state.malloc(0x1000, 32), |
|||
Err(AccessError::DoubleMalloc { |
|||
addr: 0x1000, |
|||
len: 32 |
|||
}) |
|||
); |
|||
assert_eq!( |
|||
wmemcheck_state.malloc(640 * 1024, 32), |
|||
Err(AccessError::OutOfBounds { |
|||
addr: 640 * 1024, |
|||
len: 32 |
|||
}) |
|||
); |
|||
assert!(wmemcheck_state.free(0x1000).is_ok()); |
|||
} |
|||
|
|||
#[test] |
|||
fn update_sp_no_error() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
wmemcheck_state.set_stack_size(1024); |
|||
assert!(wmemcheck_state.update_stack_pointer(768).is_ok()); |
|||
assert_eq!(wmemcheck_state.stack_pointer, 768); |
|||
assert!(wmemcheck_state.malloc(1024 * 2, 32).is_ok()); |
|||
assert!(wmemcheck_state.free(1024 * 2).is_ok()); |
|||
assert!(wmemcheck_state.update_stack_pointer(896).is_ok()); |
|||
assert_eq!(wmemcheck_state.stack_pointer, 896); |
|||
assert!(wmemcheck_state.update_stack_pointer(1024).is_ok()); |
|||
} |
|||
|
|||
#[test] |
|||
fn bad_stack_malloc() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
wmemcheck_state.set_stack_size(1024); |
|||
|
|||
assert!(wmemcheck_state.update_stack_pointer(0).is_ok()); |
|||
assert_eq!(wmemcheck_state.stack_pointer, 0); |
|||
assert_eq!( |
|||
wmemcheck_state.malloc(512, 32), |
|||
Err(AccessError::OutOfBounds { addr: 512, len: 32 }) |
|||
); |
|||
assert_eq!( |
|||
wmemcheck_state.malloc(1022, 32), |
|||
Err(AccessError::OutOfBounds { |
|||
addr: 1022, |
|||
len: 32 |
|||
}) |
|||
); |
|||
} |
|||
|
|||
#[test] |
|||
fn stack_full_empty() { |
|||
let mut wmemcheck_state = Wmemcheck::new(640 * 1024); |
|||
|
|||
wmemcheck_state.set_stack_size(1024); |
|||
|
|||
assert!(wmemcheck_state.update_stack_pointer(0).is_ok()); |
|||
assert_eq!(wmemcheck_state.stack_pointer, 0); |
|||
assert!(wmemcheck_state.update_stack_pointer(1024).is_ok()); |
|||
assert_eq!(wmemcheck_state.stack_pointer, 1024) |
|||
} |
|||
|
|||
#[test] |
|||
fn from_test_program() { |
|||
let mut wmemcheck_state = Wmemcheck::new(1024 * 1024 * 128); |
|||
wmemcheck_state.set_stack_size(70864); |
|||
assert!(wmemcheck_state.write(70832, 1).is_ok()); |
|||
assert!(wmemcheck_state.read(1138, 1).is_ok()); |
|||
} |
|||
@ -0,0 +1,8 @@ |
|||
|
|||
Wmemcheck provides debug output for invalid mallocs, reads, and writes. |
|||
|
|||
How to use: |
|||
1. When building Wasmtime, add the CLI flag "--features wmemcheck" to compile with wmemcheck configured. |
|||
> cargo build --features wmemcheck |
|||
2. When running your wasm module, add the CLI flag "--wmemcheck". |
|||
> wasmtime run --wmemcheck test.wasm |
|||
Loading…
Reference in new issue