How much nondeterminism do we expect from wasm / in cranelift with regards to floating point numbers? I know there is some, but I'm not actually familiar with where it comes from. https://webassembly.org/docs/nondeterminism/ suggests that this should just be the sign bit of NaNs.
Asking because the fuzzers have found a Wasm test case that returns different floating point values when compiled with and without optimizations, and I'd like to know whether to investigate further or to disable differential fuzzing on wasm that contains floating point numbers. Or just ignore NaNs? FWIW, for this test case, neither returned value is a NaN.
+cc @Dan Gohman
We expect floating-point numeric results to be fully deterministic.
I'd be very interested in a case where disabling optimization changes a numeric (non-NaN) result.
FWIW, Cranelift also has a canonicalize_nans
flag which causes it to generate fully deterministic NaNs too, which may be useful for fuzzing.
Filed https://github.com/bytecodealliance/wasmtime/issues/1331 for the differential fuzzing issue. Still working on reducing the test case further.
And filed https://github.com/bytecodealliance/wasmtime/issues/1332 for canonicalizing NaNs when fuzzing
When I run the .wat file manually with wasmtime --invoke func_5, in a build with debug-assertions enabled, I get a cranelift IR verifier error, in what looks like a regalloc problem
tracked down why the fuzz targets weren't failing in the verifier: https://github.com/bytecodealliance/wasmtime/pull/1333
care to review that @Dan Gohman ?
r+
Dan Gohman said:
I'd be very interested in a case where disabling optimization changes a numeric (non-NaN) result.
I assume this means wasm spec disallows opts like gcc does with fast-math (eg a*b+c to fma(a, b, c)) and so they’re not (and will not) be implemented
Last updated: Dec 23 2024 at 12:05 UTC