malloc Fails Silently in wasi-sdk

[khordadi]

Description

When running the following C program, different behaviors are observed between wasi-sdk and emscripten. Specifically, wasi-sdk fails to detect unsuccessful memory allocations, leading to an infinite loop.

Reproduction Steps

1. Compile the following program with wasi-sdk and emscripten:

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>

int allocate(const uint64_t size) {
    printf("Allocating %llu Bytes\n", size);
    void *mem = malloc(size);
    if (mem == NULL) return 0;
    free(mem);
    return 1;
}

int main() {
    uint64_t upper_bound = 1;
    while (allocate(upper_bound))
        upper_bound *= 2;
    printf("Failed to allocate %llu Bytes\n", upper_bound);
    return 0;
}

2. Compile and run with wasi-sdk:

/opt/wasi-sdk/bin/clang main.c -o main.wasi-sdk.wasm
wasmtime main.wasi-sdk.wasm

Output (wasi-sdk)

Allocating 1 Bytes
Allocating 2 Bytes
...
Allocating 9223372036854775808 Bytes
Allocating 0 Bytes
Allocating 0 Bytes
Allocating 0 Bytes
... infinite loop ...

3. Compile and run with emscripten:

emcc main.c -o main.emcc.wasm
wasmtime main.emcc.wasm

Output (emscripten)

Allocating 1 Bytes
Allocating 2 Bytes
...
Allocating 33554432 Bytes
Failed to allocate 33554432 Bytes

Expected Behavior

• malloc should return NULL when memory allocation fails.
• The program should terminate gracefully rather than looping indefinitely.

Actual Behavior (wasi-sdk)

• malloc continues returning non-NULL pointers even for unreasonably large allocations.
• This causes an infinite loop instead of terminating when allocation fails.

[alexcrichton]

You're unfortunately running up against the world of integer casts in C. malloc is defined as taking a usize, but you're passing a uint64_t, so it's silently truncating to the 32-bits that wasm32 defines usize to be. That means that the final request that actually allocates bytes is 0x80000000 bytes, and that succeeds because that's a valid request to grow memory that much. This works in Wasmtime because there is by default no limit to memory allocated on the CLI. My guess is that web browsers place more stringent limits by default.

Then you're running into the fact that *= 2 exhibits overflow eventually so the number wraps back around to zero and stays zero.

More-or-less I don't think there's a bug here.

[kripken]

To add to that, the emscripten program stops at 32MB because of the default memory size, and that growth is disabled by default (the defaults are motivated by what is generally best for programs running on the web). But you can allow more, -sALLOW_MEMORY_GROWTH to allow memory to grow, and -sMAXIMUM_MEMORY=4gb to allow 4GB (rather than 2GB). If you build that way, the code executes the same as wasi-sdk (infinite loop due to the integer truncation issue @alexcrichton points out).

[khordadi]

Thank you, @kripken and @alexcrichton. That makes sense.