fpcast emulation tracing and removing

[joemarshall]

We currently build with function pointer cast emulation. It is really hard to remove this because it is hard to know where bad function calls are being made (i.e. where an indirect call is made where the call arguments don't match the target function arguments).

I would suggest that what is needed is some kind of fpcast_emulation with tracing build, then run the full test suite on that, hopefully it would hit the majority of the function pointer casting shenanigans. In theory this was fixed in python in 3.8, so we should be good with core python, but we do bundle some other stuff for images and fonts etc. that might cause issues. The patches to scipy/numpy removed most issues there too, but there may be some that I missed.

I suspect the easiest way to do this is to make a build which in emscripten replaces indirect calls to a call to a python indirect call trampoline, so that rather than call to fpcast versions, it calls to something in imports which is javascript and does the actual call. I think that side of things would need a change to visitCallIndirect in the binaryen pass to just make it call the javascript trampoline with the signature of the indirect call as a parameter. Then the fpcast trampoline could check that against the signature of what it was calling (using the same , and chuck out a log message if they didn't match. This would be way more efficient if webassembly type reflection was enabled otherwise some manual type reflection cunningness would be needed to get the type of the target. Type reflection is behind a flag in chromium (enable experimental webassembly features).

I imagine it would be slow as a slow thing, but for testing it would do the job I imagine.

I would suggest it isn't much work to update binaryen to call the trampoline, then creating a build that works in chromium with webassembly reflection enabled. It might be that if one can get pyodide itself loading in chromium and run the test suite, that is enough to exercise the code enough to find out what is the cause of the naughty pointer calls and sort it.

I won't have time to do anything till teaching and marking ends (i.e. june/july at earliest), but if anyone wants to do it, I'm happy to input.

[rth]

Thanks for opening this issue with a detailed plan @joemarshall !

Personally I also won't have much availability to look into this in the near future, but I very much look forward to getting rid of fpcast emulation. It should also help for Python performance #1120 as far as I understand.

[joemarshall]

I had a tiny fiddle with this - interestingly pyodide itself now loads, I can run code in the JS console before the python console.html loads, but I can't run anything in the console without hitting a failure somewhere in jsproxy.

Latest chrome canary plus webassembly debugging however means that
a) you get the exception about null pointer or wrong pointer type
b) you actually can get the code lines and stuff that is failing in the C code now.

Something is broken in python waiting for js promises. I'll have a peek at how that works.

Good news is that it is now debuggable without having to do the logging thing...

[joemarshall]

Aha, python core seems to mostly work nowadays, but in jsproxy / asyncio it breaks, calling asyncio.ensure_future on a javascript promise doesn't work and causes a crash that I will describe below:

Firstly, a fail case - if I stick this in javascript console, I can reproduce it without having to step through shed loads of console stuff. Just load console.html as normal, then run this in the js console before you type anything in the web page. I think something in jsproxy has the wrong function signature.

p=Promise.resolve('Great')
pyodide.runPython('import js,asyncio\nprint(js.p)\nasyncio.ensure_future(js.p)\n')

Uncaught RuntimeError: null function or function signature mismatch
    at wrap_unaryfunc (typeobject.c:5661)
    at wrapperdescr_raw_call (descrobject.c:483)
    at wrapper_call (descrobject.c:1303)
    at _PyObject_MakeTpCall (call.c:159)
    at _PyObject_Vectorcall (abstract.h:125)
    at call_function (ceval.c:4999)
    at _PyEval_EvalFrameDefault (ceval.c:3475)
    at PyEval_EvalFrameEx (ceval.c:741)
    at gen_send_ex (genobject.c:222)
    at _PyGen_Send (genobject.c:292)

Running a python trace (see below), it is hitting the failure within the python code here:
https://github.com/python/cpython/blob/v3.8.2/Lib/asyncio/tasks.py#L684

pyodide.runPython("import sys\ndef tf(a,b,c):\n  print(a,b,c)\n  return tf\nsys.settrace(tf)\n")

<frame at 0xc75100, file '/lib/python3.8/asyncio/events.py', line 79, code _run> call None
pyodide.asm.js:3708 <frame at 0xc75100, file '/lib/python3.8/asyncio/events.py', line 80, code _run> line None
pyodide.asm.js:3708 <frame at 0xc75100, file '/lib/python3.8/asyncio/events.py', line 81, code _run> line None
pyodide.asm.js:3708 <frame at 0xc9f3e8, file '/lib/python3.8/asyncio/tasks.py', line 263, code __step> call None
pyodide.asm.js:3708 <frame at 0xc9f3e8, file '/lib/python3.8/asyncio/tasks.py', line 264, code __step> line None
pyodide.asm.js:3708 <frame at 0xca00f0, file '/lib/python3.8/asyncio/futures.py', line 157, code done> call None
pyodide.asm.js:3708 <frame at 0xca00f0, file '/lib/python3.8/asyncio/futures.py', line 163, code done> line None
pyodide.asm.js:3708 <frame at 0xca00f0, file '/lib/python3.8/asyncio/futures.py', line 163, code done> return False
pyodide.asm.js:3708 <frame at 0xc9f3e8, file '/lib/python3.8/asyncio/tasks.py', line 267, code __step> line None
pyodide.asm.js:3708 <frame at 0xc9f3e8, file '/lib/python3.8/asyncio/tasks.py', line 271, code __step> line None
pyodide.asm.js:3708 <frame at 0xc9f3e8, file '/lib/python3.8/asyncio/tasks.py', line 272, code __step> line None
pyodide.asm.js:3708 <frame at 0xc9f3e8, file '/lib/python3.8/asyncio/tasks.py', line 274, code __step> line None
pyodide.asm.js:3708 <frame at 0xc75280, file '/lib/python3.8/asyncio/tasks.py', line 929, code _enter_task> call None
pyodide.asm.js:3708 <frame at 0xc75280, file '/lib/python3.8/asyncio/tasks.py', line 930, code _enter_task> line None
pyodide.asm.js:3708 <frame at 0xc75280, file '/lib/python3.8/asyncio/tasks.py', line 931, code _enter_task> line None
pyodide.asm.js:3708 <frame at 0xc75280, file '/lib/python3.8/asyncio/tasks.py', line 934, code _enter_task> line None
pyodide.asm.js:3708 <frame at 0xc75280, file '/lib/python3.8/asyncio/tasks.py', line 934, code _enter_task> return None
pyodide.asm.js:3708 <frame at 0xc9f3e8, file '/lib/python3.8/asyncio/tasks.py', line 276, code __step> line None
pyodide.asm.js:3708 <frame at 0xc9f3e8, file '/lib/python3.8/asyncio/tasks.py', line 277, code __step> line None
pyodide.asm.js:3708 <frame at 0xc9f3e8, file '/lib/python3.8/asyncio/tasks.py', line 280, code __step> line None
pyodide.asm.js:3708 <frame at 0x89f358, file '/lib/python3.8/asyncio/tasks.py', line 677, code _wrap_awaitable> call None
pyodide.asm.js:3708 <frame at 0x89f358, file '/lib/python3.8/asyncio/tasks.py', line 684, code _wrap_awaitable> line None

[joemarshall]

Aha,

slots[cur_slot++] =
      (PyType_Slot){ .slot = Py_am_await, .pfunc = (void*)JsProxy_Await };

but JsProxy_Await needs to be a unaryfunction to go in the Py_am_await typeslot

https://docs.python.org/3/c-api/typeobj.html#c.unaryfunc

It doesn't use args, so maybe just a typo.

[joemarshall]

oh yeah, core python works (or at least the console appears to run okay) if I fix that, even with fpcast turned off! That's cool.

[rth]

That great news! cc @hoodmane regarding the JsProxy_Await function signature.

Does it mean that we could be build CPython at least without EMULATE_FUNCTION_POINTER_CASTS or do we need to build all either with or without?

[joemarshall]

We need to build everything with or without. Bad things will happen otherwise.

There's also a patch needed in cpython with dictionaries which makes the tests fail right now. Can't reverse the items or values in a dictionary, there are casts in dictobject between for a function taking one parameter to a pycfunction which should take two args and ignore the last. It is fixed for reversing the dict keys, but not for the items. Needs fixing in upstream python too.

[rth]

Needs fixing in upstream python too.

Hmm, this might be a good occasion to migrate to Python 3.9 as well #978.

[hoodmane]

It doesn't use args, so maybe just a typo.

I got confused because METH_NOARGS functions are supposed to take an argument that they ignore.

[joemarshall]

Yeah, that's the same issue in cpython dict. I've pushed that fix to python core (https://bugs.python.org/issue44114), and it is going to be backported to 3.9 but not 3.8, so will still need a patch in pyodide until it works with 3.9. Tests for core python pass with this patch.

Still crashes on import of quite a few packages though. There are a bunch of similar errors in some of the C packages. They're quite easy to find, but it is going to be a bit whack-a-mole to find them all. Numpy for example has some multiarray getters which ignore extra void* parameters.

Incidentally, I think there would be value in trying to get cpython maintainers to add CI for webassembly into core cpython testing, so that core python at least doesn't rely on undefined c behaviour. I don't know how one does that though, I only know how to push little patches to python.

[rth]

They're quite easy to find, but it is going to be a bit whack-a-mole to find them all.
[..]
Incidentally, I think there would be value in trying to get cpython maintainers to add CI for webassembly into core cpython testing, so that core python at least doesn't rely on undefined c behaviour

GCC has an option to warn on invalid function casts -Wcast-function-type, wouldn't that be sufficient for this issue? That's how they detected the issue initially in CPython https://bugs.python.org/issue33012

Asking to compile with -Werror=cast-function-type would be much easier than setting up a WASM build, particularly for all other packages. For instance numpy built with CFLAGS="-Werror=cast-function-type" python setup.py install allows to detect some of those errors I think.

We need to build everything with or without. Bad things will happen otherwise.

Could you elaborate on why? We can fix CPython and the core packages, but my concern is how to make sure things won't break if users compile some third party package themselves. So if anything could be done to improve this situation in emscripten it would likely be easier than trying to fix the whole Python ecosystem.