Stream: git-wasmtime

Topic: wasmtime / issue #10373 aarch64: Panic compiling a combin...

view this post on Zulip Wasmtime GitHub notifications bot (Mar 11 2025 at 19:36):

alexcrichton added the cranelift:area:aarch64 label to Issue #10373.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 11 2025 at 19:36):

alexcrichton added the fuzz-bug label to Issue #10373.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 11 2025 at 19:36):

alexcrichton opened issue #10373:

Given this input:

(module
  (memory (;5;) i64 8104456 13264701562210869 (pagesize 0x1))
  (func (param i64) (result i64)
    (i64.load16_s offset=5909452
      (i64.shl
        local.get 0
        (i64.const -3038287259199220438)))))

This fails with:

$ cargo run --features all-arch compile --target aarch64 ./bar.wat -C cache=n -Wcustom-page-sizes --emit-clif clif -O signals-based-traps=n -O opt-level=0

thread '<unnamed>' panicked at cranelift/codegen/src/isa/aarch64/lower/isle.rs:76:5:
attempt to shift left with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

The buggy shifts are u64_shl here where we need to mask n as here it's much different than the max of 63.

The various wasm features/proposal/flags/etc are just necessary to trigger the right pattern, and the CLIF that reproduces this is much simpler:

function u0:0(i64, i64) -> i64 {
block0(v0: i64, v1: i64):
  v8 = ishl_imm v1, 100
  v9 = iadd v0, v8
  v10 = load.i64 v9
  return v10
}

that panics with the same assertion failure.

view this post on Zulip Wasmtime GitHub notifications bot (Mar 12 2025 at 15:42):

alexcrichton closed issue #10373:

Given this input:

(module
  (memory (;5;) i64 8104456 13264701562210869 (pagesize 0x1))
  (func (param i64) (result i64)
    (i64.load16_s offset=5909452
      (i64.shl
        local.get 0
        (i64.const -3038287259199220438)))))

This fails with:

$ cargo run --features all-arch compile --target aarch64 ./bar.wat -C cache=n -Wcustom-page-sizes --emit-clif clif -O signals-based-traps=n -O opt-level=0

thread '<unnamed>' panicked at cranelift/codegen/src/isa/aarch64/lower/isle.rs:76:5:
attempt to shift left with overflow
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

The buggy shifts are u64_shl here where we need to mask n as here it's much different than the max of 63.

The various wasm features/proposal/flags/etc are just necessary to trigger the right pattern, and the CLIF that reproduces this is much simpler:

function u0:0(i64, i64) -> i64 {
block0(v0: i64, v1: i64):
  v8 = ishl_imm v1, 100
  v9 = iadd v0, v8
  v10 = load.i64 v9
  return v10
}

that panics with the same assertion failure.

Last updated: Apr 18 2025 at 04:04 UTC