Stream: git-wasmtime

Topic: wasmtime / Issue #2147 [AArch64] Index out of bounds in p...


view this post on Zulip Wasmtime GitHub notifications bot (Aug 19 2020 at 16:59):

bjorn3 edited Issue #2147:

test compile
target aarch64

function u0:0() -> i8 system_v {

block0:
    v0 = iconst.i16 0xddcc
    v1 = icmp.i16 ne v0, v0
    v2 = bint.i8 v1
    return v2
}
thread 'worker #2' panicked at 'index out of bounds: the len is 0 but the index is 0', cranelift/codegen/src/machinst/lower.rs:942:19
stack backtrace:
[...]
  13: core::panicking::panic_bounds_check
             at src/libcore/panicking.rs:69
  14: <cranelift_codegen::machinst::lower::Lower<I> as cranelift_codegen::machinst::lower::LowerCtx>::input_ty
             at cranelift/codegen/src/machinst/lower.rs:942
  15: cranelift_codegen::isa::aarch64::lower::put_input_in_reg
             at cranelift/codegen/src/isa/aarch64/lower.rs:209
  16: cranelift_codegen::isa::aarch64::lower::put_input_in_rse
             at cranelift/codegen/src/isa/aarch64/lower.rs:358
  17: cranelift_codegen::isa::aarch64::lower::put_input_in_rse_imm12
             at cranelift/codegen/src/isa/aarch64/lower.rs:422
  18: cranelift_codegen::isa::aarch64::lower_inst::lower_insn_to_regs
             at cranelift/codegen/src/isa/aarch64/lower_inst.rs:1597
  19: cranelift_codegen::isa::aarch64::lower::<impl cranelift_codegen::machinst::lower::LowerBackend for cranelift_codegen::isa::aarch64::AArch64Backend>::lower
             at cranelift/codegen/src/isa/aarch64/lower.rs:1191
  20: cranelift_codegen::machinst::lower::Lower<I>::lower_clif_block
             at cranelift/codegen/src/machinst/lower.rs:599
  21: cranelift_codegen::machinst::lower::Lower<I>::lower
             at cranelift/codegen/src/machinst/lower.rs:761
  22: cranelift_codegen::machinst::compile::compile
             at cranelift/codegen/src/machinst/compile.rs:28
  23: cranelift_codegen::isa::aarch64::AArch64Backend::compile_vcode
             at cranelift/codegen/src/isa/aarch64/mod.rs:51
  24: <cranelift_codegen::isa::aarch64::AArch64Backend as cranelift_codegen::machinst::MachBackend>::compile_function
             at cranelift/codegen/src/isa/aarch64/mod.rs:62
  25: cranelift_codegen::context::Context::compile
             at cranelift/codegen/src/context.rs:192
[...]

ac6539abd7f7f033332a5d3e479c968fa0ffdedd

What happens is that during codegen of the icmp, put_input_in_rse tries to load the input of icmp (v0) into the first input register of the instruction producing it (iconst), which doesn't have any input registers. This would likely result in a miscompilation if the producing instruction did have input registers.

view this post on Zulip Wasmtime GitHub notifications bot (Aug 19 2020 at 18:18):

cfallin commented on Issue #2147:

Thanks! Left a review over in your PR.

As a note w.r.t. Wasm stability: this should not affect any Wasm use-cases, as we see only 32/64-bit types there. Certainly is important for other uses (rustc backend, etc.) though!

view this post on Zulip Wasmtime GitHub notifications bot (Aug 20 2020 at 18:41):

cfallin closed Issue #2147:

test compile
target aarch64

function u0:0() -> i8 system_v {

block0:
    v0 = iconst.i16 0xddcc
    v1 = icmp.i16 ne v0, v0
    v2 = bint.i8 v1
    return v2
}
thread 'worker #2' panicked at 'index out of bounds: the len is 0 but the index is 0', cranelift/codegen/src/machinst/lower.rs:942:19
stack backtrace:
[...]
  13: core::panicking::panic_bounds_check
             at src/libcore/panicking.rs:69
  14: <cranelift_codegen::machinst::lower::Lower<I> as cranelift_codegen::machinst::lower::LowerCtx>::input_ty
             at cranelift/codegen/src/machinst/lower.rs:942
  15: cranelift_codegen::isa::aarch64::lower::put_input_in_reg
             at cranelift/codegen/src/isa/aarch64/lower.rs:209
  16: cranelift_codegen::isa::aarch64::lower::put_input_in_rse
             at cranelift/codegen/src/isa/aarch64/lower.rs:358
  17: cranelift_codegen::isa::aarch64::lower::put_input_in_rse_imm12
             at cranelift/codegen/src/isa/aarch64/lower.rs:422
  18: cranelift_codegen::isa::aarch64::lower_inst::lower_insn_to_regs
             at cranelift/codegen/src/isa/aarch64/lower_inst.rs:1597
  19: cranelift_codegen::isa::aarch64::lower::<impl cranelift_codegen::machinst::lower::LowerBackend for cranelift_codegen::isa::aarch64::AArch64Backend>::lower
             at cranelift/codegen/src/isa/aarch64/lower.rs:1191
  20: cranelift_codegen::machinst::lower::Lower<I>::lower_clif_block
             at cranelift/codegen/src/machinst/lower.rs:599
  21: cranelift_codegen::machinst::lower::Lower<I>::lower
             at cranelift/codegen/src/machinst/lower.rs:761
  22: cranelift_codegen::machinst::compile::compile
             at cranelift/codegen/src/machinst/compile.rs:28
  23: cranelift_codegen::isa::aarch64::AArch64Backend::compile_vcode
             at cranelift/codegen/src/isa/aarch64/mod.rs:51
  24: <cranelift_codegen::isa::aarch64::AArch64Backend as cranelift_codegen::machinst::MachBackend>::compile_function
             at cranelift/codegen/src/isa/aarch64/mod.rs:62
  25: cranelift_codegen::context::Context::compile
             at cranelift/codegen/src/context.rs:192
[...]

ac6539abd7f7f033332a5d3e479c968fa0ffdedd

What happens is that during codegen of the icmp, put_input_in_rse tries to load the input of icmp (v0) into the first input register of the instruction producing it (iconst), which doesn't have any input registers. This would likely result in a miscompilation if the producing instruction did have input registers.


Last updated: Jan 24 2025 at 00:11 UTC