Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Index out of bounds and misaligned addresses #11544

Closed
arasouli91 opened this issue Jul 5, 2020 · 8 comments
Closed

Index out of bounds and misaligned addresses #11544

arasouli91 opened this issue Jul 5, 2020 · 8 comments

Comments

@arasouli91
Copy link
Contributor

arasouli91 commented Jul 5, 2020

I have a game that was working just fine several months ago. I rebuilt it and now it is broken.

I am getting this in web console:

exception thrown: RuntimeError: index out of bounds,@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[1497]:0xba3a5
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[2234]:0xdeceb
createExportWrapper/<@https://grafflifetest.herokuapp.com/index.js:1:108778
invoke_iii@https://grafflifetest.herokuapp.com/index.js:1:320621
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[297]:0x4630
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[384]:0xcd46
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[342]:0xab8f
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[295]:0x408a
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[2224]:0xdec41
createExportWrapper/<@https://grafflifetest.herokuapp.com/index.js:1:108778
browserIterationFunc@https://grafflifetest.herokuapp.com/index.js:1:121118
runIter@https://grafflifetest.herokuapp.com/index.js:1:124193
Browser_mainLoop_runner@https://grafflifetest.herokuapp.com/index.js:1:122657

So, I added this to my makefile:
-s SAFE_HEAP=1 -s WARN_UNALIGNED=1 -fsanitize=undefined

Now, I am getting errors like this for various objects:

ECS.h:159:19: runtime error: constructor call on misaligned address 0x005e1278 for type 'Entity', which requires 16 byte alignment 
0x005e1278: note: pointer points here
 a3 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 
              ^ 
2dGameEngine.cpp:67:13: runtime error: constructor call on misaligned address 0x005e1738 for type 'Game', which requires 16 byte alignment
0x005e1738: note: pointer points here 
 43 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^ 

Since these objects fail to get instantiated, I then get seg fault when the main loop runs:

segmentation fault
exception thrown: RuntimeError: abort(segmentation fault) at jsStackTrace@https://grafflifetest.herokuapp.com/index.js:1:146580
stackTrace@https://grafflifetest.herokuapp.com/index.js:1:146748
abort@https://grafflifetest.herokuapp.com/index.js:1:111330
segfault@https://grafflifetest.herokuapp.com/index.js:1:99819
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[3201]:0x139313
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[2111]:0x106e1b
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[3131]:0x138ae7
createExportWrapper/<@https://grafflifetest.herokuapp.com/index.js:1:112215
invoke_iii@https://grafflifetest.herokuapp.com/index.js:1:342423
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[318]:0x4c78
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[797]:0x29eae
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[468]:0x1342b
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[467]:0x12f2a
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[316]:0x47e0
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[3120]:0x138a2b
createExportWrapper/<@https://grafflifetest.herokuapp.com/index.js:1:112215
browserIterationFunc@https://grafflifetest.herokuapp.com/index.js:1:127377
runIter@https://grafflifetest.herokuapp.com/index.js:1:130452
Browser_mainLoop_runner@https://grafflifetest.herokuapp.com/index.js:1:128916
,abort@https://grafflifetest.herokuapp.com/index.js:1:111361
segfault@https://grafflifetest.herokuapp.com/index.js:1:99819
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[3201]:0x139313
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[2111]:0x106e1b
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[3131]:0x138ae7
createExportWrapper/<@https://grafflifetest.herokuapp.com/index.js:1:112215
invoke_iii@https://grafflifetest.herokuapp.com/index.js:1:342423
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[318]:0x4c78
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[797]:0x29eae
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[468]:0x1342b
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[467]:0x12f2a
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[316]:0x47e0
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[3120]:0x138a2b
createExportWrapper/<@https://grafflifetest.herokuapp.com/index.js:1:112215
browserIterationFunc@https://grafflifetest.herokuapp.com/index.js:1:127377
runIter@https://grafflifetest.herokuapp.com/index.js:1:130452
Browser_mainLoop_runner@https://grafflifetest.herokuapp.com/index.js:1:128916

segmentation fault storing 8 bytes to address -993835496 
[post-exception status] Exception thrown, see JavaScript console 
RuntimeError: abort(segmentation fault storing 8 bytes to address -993835480) at jsStackTrace@https://grafflifetest.herokuapp.com/index.js:1:146580
stackTrace@https://grafflifetest.herokuapp.com/index.js:1:146748
abort@https://grafflifetest.herokuapp.com/index.js:1:111330
SAFE_HEAP_STORE@https://grafflifetest.herokuapp.com/index.js:1:98409
SAFE_HEAP_STORE_D@https://grafflifetest.herokuapp.com/index.js:1:98992
_emscripten_get_element_css_size@https://grafflifetest.herokuapp.com/index.js:1:241495
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[1698]:0xdd75a
@https://grafflifetest.herokuapp.com/index.js line 1 > WebAssembly.instantiate:wasm-function[3132]:0x138b23
createExportWrapper/<@https://grafflifetest.herokuapp.com/index.js:1:112215
mouseEventHandlerFunc@https://grafflifetest.herokuapp.com/index.js:1:290225
jsEventHandler@https://grafflifetest.herokuapp.com/index.js:1:232712

Here is what my makefile looks like:

CC = em++
all: *.cpp *.h
	$(CC) *.cpp -O3 -s TOTAL_MEMORY=134217728 -lwebsocket.js \
	-s DISABLE_DEPRECATED_FIND_EVENT_TARGET_BEHAVIOR=1 -s ALLOW_MEMORY_GROWTH=1 -s WASM=1 -s DISABLE_EXCEPTION_CATCHING=0 \
	-s EXPORTED_FUNCTIONS='["_main"]' -s 'EXTRA_EXPORTED_RUNTIME_METHODS=["ccall", "cwrap"]' \
	-s ASSERTIONS=1 -std=c++11 -s USE_SDL=2 -s USE_SDL_IMAGE=2 -s FORCE_FILESYSTEM=1 -s SDL2_IMAGE_FORMATS='["png"]' \
	-s SAFE_HEAP=1 -s WARN_UNALIGNED=1 -fsanitize=undefined -Wcast-align -Wover-aligned\
	 -s STB_IMAGE=1 --preload-file assets --use-preload-plugins --embed-file walkSheet.png -o index.html

You can see all the errors in the console here:
https://grafflifetest.herokuapp.com/

I don't understand how this is suddenly happening when it was working fine before.
I am really not doing anything special other than instantiating objects to pointer variables.
Any help would be greatly appreciated.

@kripken
Copy link
Member

kripken commented Jul 6, 2020

Some things that might be an issue:

  • Newer LLVM does new optimizations for undefined behavior. Using ASan in addition to UBSan might help investigate it.
  • If you build some object files with an older version, some ABI change might affect things. A full rebuild on the new version might help.

If those don't help, I'd try to reduce the problem to a standalone testcase. The problem may become obvious when doing so, and if not, you may end up with a testcase showing a bug in LLVM that we need to fix.

@VirtualTim
Copy link
Collaborator

VirtualTim commented Jul 7, 2020

Unaligned access can be tricky. Code can compile and run fine one day, but crash the next.
I found compiling with -Wcast-align -Wover-aligned helps highlight problems, and -s WARN_UNALIGNED=1 is good too.

It already looks like fsanitize is picking up some problematic areas for you.

@arasouli91
Copy link
Contributor Author

@kripken I've boiled it down to a minimal example. I have no clue why it is still giving the same errors. Please take a look, I have the minimal example in this repo:
https://github.com/arasouli91/gameEngineMinimalExample

It is also hosted here:
https://grafflifetest.herokuapp.com/

@VirtualTim
Copy link
Collaborator

I think I have a suspicion on what's going wrong. I think when you're constructing e in addEntity it's aligned to pointer alignment. But as Entity is a non-trivial object it probably requires a different alignment.

I think you could get around this be either changing addEntity to not create a new Entity*, but instead create an Entity, or by specifying alignas on the Entity class.

@kripken
Copy link
Member

kripken commented Jul 13, 2020

Hmm, I think this is fixed by #10110 - our malloc alignment is just 8, but should be 16. This testcase hits a situation where clang assumes malloc is 16-byte aligned, I believe.

It's possible a recent clang change caused it to care about it when it didn't before, which is why it wasn't noticed earlier.

Hopefully we can land that PR soon.

@arasouli91
Copy link
Contributor Author

Perfect, thanks!

@emaxx-google
Copy link

Hello, is there any update on this issue? I'm trying "sanitize=undefined" on my program and getting many of these "constructor call on misaligned address" errors (caused by 16-byte-aligned objects being allocated by operator new at non-16-byte-aligned addresses). It looks like the PR #10110 stalled; is there any other workaround for this issue?

@kripken
Copy link
Member

kripken commented Feb 4, 2022

This has been fixed on the LLVM side, see #14456 (comment)

@kripken kripken closed this as completed Feb 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants