Wasmtime GitHub notifications bot (Mar 17 2020 at 00:06): Wasmtime GitHub notifications bot (Mar 17 2020 at 00:06):fitzgen edited Issue #1331:
This test case, produced by
wasm-opt -ttf, produces different results for function 5 when compiled with speed-and-size optimizations vs without any optimizations:<details><summary>WAT test case</summary>
(module (type (;0;) (func)) (type (;1;) (func (param i32))) (type (;2;) (func (param i64))) (type (;3;) (func (param f32))) (type (;4;) (func (param f64))) (type (;5;) (func (result i32))) (type (;6;) (func (param f64 i64 i32 i64 f32) (result f64))) (import "fuzzing-support" "log-i32" (func (;0;) (type 1))) (import "fuzzing-support" "log-i64" (func (;1;) (type 2))) (import "fuzzing-support" "log-f32" (func (;2;) (type 3))) (import "fuzzing-support" "log-f64" (func (;3;) (type 4))) (func (;4;) (type 5) (result i32) (local i32) i32.const 5381 local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=1 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=2 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=3 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=4 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=5 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=6 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=7 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=8 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=9 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=10 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=11 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=12 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=13 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=14 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=15 i32.xor local.set 0 local.get 0) (func (;5;) (type 6) (param f64 i64 i32 i64 f32) (result f64) (local i32 i64 i64 f32 f64 f64) block ;; label = @1 global.get 4 i32.eqz if ;; label = @2 f64.const 0x1.00000002p+31 (;=2147483649;) return end global.get 4 i32.const 1 i32.sub global.set 4 end block ;; label = @1 loop ;; label = @2 block ;; label = @3 global.get 4 i32.eqz if ;; label = @4 f64.const 0x1.dcp+6 (;=119;) return end global.get 4 i32.const 1 i32.sub global.set 4 end block ;; label = @3 block ;; label = @4 loop ;; label = @5 block ;; label = @6 global.get 4 i32.eqz if ;; label = @7 local.get 9 return end global.get 4 i32.const 1 i32.sub global.set 4 end block ;; label = @6 block ;; label = @7 local.get 5 local.tee 2 local.tee 2 local.tee 5 local.tee 2 local.tee 5 local.tee 5 local.tee 2 local.tee 2 local.set 5 loop (result f32) ;; label = @8 block ;; label = @9 global.get 4 i32.eqz if ;; label = @10 f64.const -nan:0xfffffffffcf41 (;=NaN;) return end global.get 4 i32.const 1 i32.sub global.set 4 end block (result f32) ;; label = @9 block ;; label = @10 loop (result f32) ;; label = @11 block ;; label = @12 global.get 4 i32.eqz if ;; label = @13 local.get 0 return end global.get 4 i32.const 1 i32.sub global.set 4 end block (result f32) ;; label = @12 block ;; label = @13 local.get 2 i32.const 15 i32.and local.get 7 i64.store offset=22 align=2 i64.const -2 local.set 6 end loop (result i32) ;; label = @13 block ;; label = @14 global.get 4 i32.eqz if ;; label = @15 f64.const 0x1.060606060606p+519 (;=1756580577739303000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000;) return end global.get 4 i32.const 1 i32.sub global.set 4 end block (result i32) ;; label = @14 local.get 5 i32.const 141 local.tee 5 br_if 0 (;@14;) if (result i32) ;; label = @15 local.get 5 else i32.const 2097152 end if ;; label = @15 i32.const 2048 i32.eqz if ;; label = @16 local.get 0 local.set 0 else f64.const 0x1p+41 (;=2199023255552;) local.set 10 end local.get 8 local.set 4 else i32.const 1381126738 local.set 2 local.get 1 local.set 6 end loop (result i32) ;; label = @15 block ;; label = @16 global.get 4 i32 [message truncated]
Wasmtime GitHub notifications bot (Mar 17 2020 at 00:07):fitzgen edited Issue #1331:
<details><summary><code>test-case.wat</code></summary>
(module (type (;0;) (func)) (type (;1;) (func (param i32))) (type (;2;) (func (param i64))) (type (;3;) (func (param f32))) (type (;4;) (func (param f64))) (type (;5;) (func (result i32))) (type (;6;) (func (param f64 i64 i32 i64 f32) (result f64))) (import "fuzzing-support" "log-i32" (func (;0;) (type 1))) (import "fuzzing-support" "log-i64" (func (;1;) (type 2))) (import "fuzzing-support" "log-f32" (func (;2;) (type 3))) (import "fuzzing-support" "log-f64" (func (;3;) (type 4))) (func (;4;) (type 5) (result i32) (local i32) i32.const 5381 local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=1 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=2 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=3 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=4 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=5 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=6 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=7 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=8 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=9 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=10 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=11 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=12 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=13 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=14 i32.xor local.set 0 local.get 0 i32.const 5 i32.shl local.get 0 i32.add i32.const 0 i32.load8_u offset=15 i32.xor local.set 0 local.get 0) (func (;5;) (type 6) (param f64 i64 i32 i64 f32) (result f64) (local i32 i64 i64 f32 f64 f64) block ;; label = @1 global.get 4 i32.eqz if ;; label = @2 f64.const 0x1.00000002p+31 (;=2147483649;) return end global.get 4 i32.const 1 i32.sub global.set 4 end block ;; label = @1 loop ;; label = @2 block ;; label = @3 global.get 4 i32.eqz if ;; label = @4 f64.const 0x1.dcp+6 (;=119;) return end global.get 4 i32.const 1 i32.sub global.set 4 end block ;; label = @3 block ;; label = @4 loop ;; label = @5 block ;; label = @6 global.get 4 i32.eqz if ;; label = @7 local.get 9 return end global.get 4 i32.const 1 i32.sub global.set 4 end block ;; label = @6 block ;; label = @7 local.get 5 local.tee 2 local.tee 2 local.tee 5 local.tee 2 local.tee 5 local.tee 5 local.tee 2 local.tee 2 local.set 5 loop (result f32) ;; label = @8 block ;; label = @9 global.get 4 i32.eqz if ;; label = @10 f64.const -nan:0xfffffffffcf41 (;=NaN;) return end global.get 4 i32.const 1 i32.sub global.set 4 end block (result f32) ;; label = @9 block ;; label = @10 loop (result f32) ;; label = @11 block ;; label = @12 global.get 4 i32.eqz if ;; label = @13 local.get 0 return end global.get 4 i32.const 1 i32.sub global.set 4 end block (result f32) ;; label = @12 block ;; label = @13 local.get 2 i32.const 15 i32.and local.get 7 i64.store offset=22 align=2 i64.const -2 local.set 6 end loop (result i32) ;; label = @13 block ;; label = @14 global.get 4 i32.eqz if ;; label = @15 f64.const 0x1.060606060606p+519 (;=1756580577739303000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000;) return end global.get 4 i32.const 1 i32.sub global.set 4 end block (result i32) ;; label = @14 local.get 5 i32.const 141 local.tee 5 br_if 0 (;@14;) if (result i32) ;; label = @15 local.get 5 else i32.const 2097152 end if ;; label = @15 i32.const 2048 i32.eqz if ;; label = @16 local.get 0 local.set 0 else f64.const 0x1p+41 (;=2199023255552;) local.set 10 end local.get 8 local.set 4 else i32.const 1381126738 local.set 2 local.get 1 local.set 6 end loop (result i32) ;; label = @15 block ;; label = @16 global.get 4 i32.eqz if ;; label = @17 f64.const -nan:0xfffffffffffab (;=NaN;) [message truncated]
Wasmtime GitHub notifications bot (Mar 17 2020 at 03:28):fitzgen commented on Issue #1331:
This is as small as
creducecould get it:<details><summary><code>test-case.wat</code></summary>
(module (type (;0;) (func (param f64 i64 i32 i64 f32))) (func (;0;) (type 0) (param f64 i64 i32 i64 f32) (local i32 i64 i64 f32 f64 f64) block ;; label = @1 loop ;; label = @2 block ;; label = @3 global.get 4 if ;; label = @4 loop ;; label = @5 block ;; label = @6 global.get 4 if ;; label = @7 local.get 9 return end block ;; label = @7 loop (result f32) ;; label = @8 block (result f32) ;; label = @9 block ;; label = @10 loop (result f32) ;; label = @11 block (result f32) ;; label = @12 block (result i32) ;; label = @13 block (result i32) ;; label = @14 local.get 5 if ;; label = @15 i32.const 8 if ;; label = @16 f64.const 0x1p+0 (;=1;) local.set 0 end end loop (result i32) ;; label = @15 local.get 2 end end end br_if 1 (;@11;) local.get 4 end end local.set 4 end local.get 8 end end global.set 0 end i32.const 6 if (result i32) ;; label = @7 local.get 2 else loop (result i32) ;; label = @8 block (result i32) ;; label = @9 block ;; label = @10 f64.const 0x1.8p+2 (;=6;) local.set 0 end i32.const 6 end end end if (result i32) ;; label = @7 block (result i32) ;; label = @8 block ;; label = @9 loop (result i32) ;; label = @10 block (result i32) ;; label = @11 block ;; label = @12 f32.const 0x1p+0 (;=1;) local.set 8 end local.get 5 end end local.set 5 loop ;; label = @10 block ;; label = @11 global.get 4 if ;; label = @12 i32.const 4 if ;; label = @13 f64.const 0x0p+0 (;=0;) local.set 0 end end end end end i32.const 7 if (result i32) ;; label = @9 return else block (result i32) ;; label = @10 local.get 5 end end end else block (result i32) ;; label = @8 loop (result i32) ;; label = @9 block (result i32) ;; label = @10 i32.const 2 if (result i32) ;; label = @11 br 9 (;@2;) else loop (result i32) ;; label = @12 local.get 5 end end if (result i32) ;; label = @11 block (result i32) ;; label = @12 loop (result i64) ;; label = @13 block (result i64) ;; label = @14 local.get 7 end end local.set 3 local.get 2 end else i32.const 1 end loop (result i32) ;; label = @11 block (result i32) ;; label = @12 i32.const 4 end end i64.load local.set 6 end block (result i32) ;; label = @10 loop (result i32) ;; label = @11 i32.const 4 end end br_if 1 (;@8;) block ;; label = @10 f32.const 0x1.8p+2 (;=6;) local.set 4 end end end end if (result i32) ;; label = @7 local.get 2 else loop (result i32) ;; label = @8 block (result i32) ;; label = @9 block ;; label = @10 local.get 0 local.set 9 i32.const 4 if (result f64) ;; label = @11 loop (result i32) ;; label = @12 block (result i32) ;; label = @13 block ;; label = @14 i32.const 2 if ;; label = @15 f64.const 0x1.ap+4 (;=26;) local.set 0 end end i32.const 4 end end f64.load else local.get 10 local.tee 0 end local.set 10 end loop (result i32) ;; label = @10 block (result i32) ;; label = @11 block ;; label = @12 loop ;; label = @13 block ;; label = @14 i32.const 6 if (result f64) ;; label = @15 local.get 9 else f64.const 0x1p+2 (;=4;) end local.set 10 f32.const 0x0p+0 (;=0;) local.set 8 end end br 7 (;@5;) end unreachable end end end end end if ;; label = @7 f64.const 0x1p+6 (;=64;) local.set 0 end end end end local.get 5 br_if 1 (;@2;) end end end) (memory (;0;) 1) (global (;0;) (mut f32) (f32.const 0x1p+0 (;=1;))) (global (;1;) f32 (f32.const 0x1p+0 (;=1;))) (global (;2;) f64 (f64.const 0x1p+0 (;=1;))) (global (;3;) f64 (f64.const 0x1p+0 (;=1;))) (global (;4;) i32 (i32.const 0)))</details>
Wasmtime GitHub notifications bot (Feb 03 2021 at 20:42):bjorn3 commented on Issue #1331:
The new backend framework uses a different register allocator.
Wasmtime GitHub notifications bot (Feb 03 2021 at 20:50):cfallin commented on Issue #1331:
@fitzgen was this ever actually resolved? If it's still an open bug, we can leave this open until we switch over the wasmtime default to the new backend, I think.
Wasmtime GitHub notifications bot (Feb 03 2021 at 21:02):fitzgen commented on Issue #1331:
@fitzgen was this ever actually resolved?
Not as far as I know
Wasmtime GitHub notifications bot (Feb 03 2021 at 21:03):fitzgen commented on Issue #1331:
I believe we just stopped running the IR verifier in the fuzzers because it was too slow, so we don't see these kinds of bugs anymore
Last updated: Nov 22 2024 at 16:03 UTC