MemoryPacking: Removing empty segments can remove a trap

Question

MemoryPacking: Removing empty segments can remove a trap

kripken opened this issue 5 months ago · comments

(module
 (memory $0 16 17)
 (data $0 (i32.const -1) "")
)

$ bin/wasm-opt a.wat --memory-packing --print
(module
 (memory $0 16 17)
)

Before the optimization this module traps during startup, as the segment offset is out of bounds.

We should probably make MemoryPacking not remove such segments unless TrapsNeverHappen is set, but perhaps there is a better idea?

Alon Zakai · Answer 1 · Tue Jan 23 2024 01:29:38 GMT+0800 (China Standard Time)

This is also an issue in remove-unused-module-elements:

(module
 (import "fuzzing-support" "log-i32" (func $fimport$0 (param i32)))

 (memory $0 16 17 shared)
 (data $1 (i32.const -1) "")

 (export "func_13_invoker" (func $0))

 (func $0
  (call $fimport$0
   (i32.const 0)
  )
 )
)

$ bin/wasm-opt a.wat -all --fuzz-exec --remove-unused-module-elements
[trap out of bounds memory access in memory.init]
[fuzz-exec] calling func_13_invoker
[LoggingExternalInterface logging 0]
logging counts not identical!
[fuzz-exec] optimization passes changed results