Skip to content

cranelift: Prevent infinite loops in ssa frontend with unreachable code. #3258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 1, 2021
Merged

cranelift: Prevent infinite loops in ssa frontend with unreachable code. #3258

merged 1 commit into from
Sep 1, 2021

Conversation

@afonso360
Copy link
Contributor

@afonso360 afonso360 commented Aug 27, 2021
edited
Loading

This issue was found by the CLIF fuzzer in #3094. There is a better description in this comment

It looks like all we need to do is not special case the single predecessor if the predecessor is itself. The normal path includes the operandless param, which is enough to stop the infinite looping.

bjorn3
bjorn3 reviewed Aug 27, 2021
View reviewed changes
@github-actions github-actions bot added the cranelift Issues related to the Cranelift code generator label Aug 27, 2021
@sunfishcode
Copy link
Member

sunfishcode commented Aug 27, 2021

This fixes the case of a block branching back to itself, but this code will still infinite loop if it walks into a cycle containing multiple blocks and the entire cycle is unreachable from the entry block.

@afonso360
cranelift: Prevent infinite loops in ssa frontend with unreachable code.
6a9378e 
Perform a search over block predecessors trying to find loops of
unreachable predecessors. We do this by iterating on predecessors and
marking them as visited, stopping if we find a previously visited block
or if we find a block with multiple predecessors.

This issue was found by the CLIF fuzzer in bytecodealliance#3094.
@afonso360
Copy link
Contributor Author

afonso360 commented Sep 1, 2021
edited
Loading

That's true! And running the fuzzer again with this fix found a example of the situation that you were mentioning.

I've change the approach somewhat, we now do a sort of graph search over predecessors. It is not a full search over all blocks, because we stop searching once we find a block with multiple predecessors. This avoids the situation where we have to visit all blocks in the function for every non local var lookup, which should help a lot with performance.

The original algorithm can deal with these cases where we have multiple predecessors somewhere down the line of predecessors.

I've run the fuzzer on this for the last 2 hours, and it seems to be working as intended. (The other examples were usually found within 5 min)

cfallin
cfallin approved these changes Sep 1, 2021
View reviewed changes
Copy link
Member

@cfallin cfallin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM; thanks for this fix!

@cfallin cfallin merged commit 2a63979 into bytecodealliance:main Sep 1, 2021
@afonso360 afonso360 deleted the ssa-dce branch September 2, 2021 13:27
@afonso360 afonso360 mentioned this pull request Sep 3, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfallin cfallin cfallin approved these changes

+1 more reviewer

@bjorn3 bjorn3 bjorn3 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cranelift Issues related to the Cranelift code generator

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@afonso360 @sunfishcode @cfallin @bjorn3