Stream: git-wasmtime

Topic: wasmtime / issue #10772 Illegal hardware instruction when...

view this post on Zulip Wasmtime GitHub notifications bot (May 12 2025 at 20:00):

willcrichton opened issue #10772:

Test Case

use wasmtime::*;

fn main() -> wasmtime::Result<()> {
  let mut config = Config::new();
  config.wasm_gc(true);
  let engine = Engine::new(&config)?;

    let wat = r#"
(module
  (type $empty (struct))
  (type $tuple-concrete (struct (field (ref $empty))))
  (type $tuple-abstract (struct (field (ref struct))))
  (func (export "abstract") (param $t (ref $tuple-abstract))
    (drop (ref.cast (ref $tuple-concrete) (local.get $t))))
)
"#;

  let module = Module::new(&engine, wat)?;
  let linker = Linker::new(&engine);
  let mut store = Store::new(&engine, ());

  let instance = linker.instantiate(&mut store, &module)?;
  let abstract_ = instance.get_func(&mut store, "abstract").unwrap();
  let empty_pre = StructRefPre::new(&mut store, StructType::new(&engine, [])?);
  let empty_struct = StructRef::new(&mut store, &empty_pre, &[])?;
  let tuple_pre = StructRefPre::new(
    &mut store,
    StructType::new(
      &engine,
      [FieldType::new(
        Mutability::Const,
        StorageType::ValType(ValType::Ref(RefType::new(false, HeapType::Struct))),
      )],
    )?,
  );
  let tuple_struct = StructRef::new(&mut store, &tuple_pre, &[empty_struct.into()])?;
  let tuple_any = Val::from(tuple_struct);
  abstract_.call(store, &[tuple_any], &mut [])?; // issue happens here

  Ok(())
}

Steps to Reproduce

On my Macbook with rustc 1.86.0 and wasmtime 32.0.0:

$ cargo run
[1]    70577 illegal hardware instruction

Versions and Environment

Wasmtime version or commit: 32.0.0

Operating system: MacOS

Architecture: 64-bit ARM

Extra Info

Backtrace from lldb:

(lldb) target create "./target/debug/foo"
Current executable set to '/tmp/subtype-test/target/debug/foo' (arm64).
(lldb) r
Process 62612 launched: '/tmp/subtype-test/target/debug/foo' (arm64)
expected: (ref (concrete struct VMSharedTypeIndex(2)))
Process 62612 stopped
* thread #1, name = 'main', queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=1, subcode=0xc11f)
    frame #0: 0x000000010300c0d4
->  0x10300c0d4: udf    #0xc11f
    0x10300c0d8: udf    #0xc11f
    0x10300c0dc: pacibsp
    0x10300c0e0: stp    x29, x30, [sp, #-0x10]!
Target 0: (foo) stopped.
(lldb) bt
* thread #1, name = 'main', queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=1, subcode=0xc11f)
  * frame #0: 0x000000010300c0d4
    frame #1: 0x000000010300c1a4
    frame #2: 0x00000001001d8a44 foo`wasmtime::runtime::vm::vmcontext::VMFuncRef::array_call_native::hf1a76eb50b063c12(self=0x0000000123205300, caller=NonNull<wasmtime::runtime::vm::vmcontext::VMOpaqueContext> @ 0x000000016fdfc8e0, args_and_results=NonNull<[wasmtime::runtime::vm::vmcontext::ValRaw]> @ 0x000000016fdfc8e8) at vmcontext.rs:883:9
    frame #3: 0x00000001001d89a8 foo`wasmtime::runtime::vm::vmcontext::VMFuncRef::array_call::h259d543535f9bb01(self=0x0000000123205300, (null)=Option<wasmtime::runtime::vm::interpreter_disabled::InterpreterRef> @ 0x000000016fdfc937, caller=NonNull<wasmtime::runtime::vm::vmcontext::VMOpaqueContext> @ 0x000000016fdfc940, args_and_results=NonNull<[wasmtime::runtime::vm::vmcontext::ValRaw]> @ 0x000000016fdfc948) at vmcontext.rs:844:21
    frame #4: 0x0000000100005bd4 foo`wasmtime::runtime::func::Func::call_unchecked_raw::_$u7b$$u7b$closure$u7d$$u7d$::h24bc96fcbb315c78(caller=NonNull<wasmtime::runtime::vm::vmcontext::VMContext> @ 0x000000016fdfc988, (null)=Option<wasmtime::runtime::vm::interpreter_disabled::InterpreterRef> @ 0x000000016fdfc996) at func.rs:1072:13
    frame #5: 0x00000001000208d4 foo`wasmtime::runtime::vm::traphandlers::catch_traps::_$u7b$$u7b$closure$u7d$$u7d$::call_closure::h3b0fb3590f0af9e6(payload=" \xd1\xdfo\U00000001", caller=NonNull<wasmtime::runtime::vm::vmcontext::VMContext> @ 0x000000016fdfc9d8) at traphandlers.rs:399:30
    frame #6: 0x00000001002e7c84 foo`wasmtime_setjmp_32_0_0(buf_storage=0x000000016fdfce68, body=(foo`wasmtime::runtime::vm::traphandlers::catch_traps::_$u7b$$u7b$closure$u7d$$u7d$::call_closure::h3b0fb3590f0af9e6 at traphandlers.rs:395), payload=0x000000016fdfcd20, callee=0x0000600003b380a0) at helpers.c:72:10
    frame #7: 0x00000001000209ac foo`wasmtime::runtime::vm::traphandlers::catch_traps::_$u7b$$u7b$closure$u7d$$u7d$::h219642c9c908f545(cx=0x000000016fdfcdc0) at traphandlers.rs:392:32
    frame #8: 0x0000000100020a80 foo`wasmtime::runtime::vm::traphandlers::_$LT$impl$u20$wasmtime..runtime..vm..traphandlers..call_thread_state..CallThreadState$GT$::with::_$u7b$$u7b$closure$u7d$$u7d$::hc17b0a162e449c95(me=0x000000016fdfcdc0) at traphandlers.rs:562:50
    frame #9: 0x000000010001933c foo`wasmtime::runtime::vm::traphandlers::tls::set::h0ab900a0bb25efcc(state=0x000000016fdfcdc0, closure={closure_env#0}<wasmtime::runtime::vm::traphandlers::catch_traps::{closure_env#0}<(), wasmtime::runtime::func::{impl#1}::call_unchecked_raw::{closure_env#0}<()>>> @ 0x000000016fdfcc10) at traphandlers.rs:979:13
    frame #10: 0x00000001000153e4 foo`wasmtime::runtime::vm::traphandlers::_$LT$impl$u20$wasmtime..runtime..vm..traphandlers..call_thread_state..CallThreadState$GT$::with::hf3e8b67938f3fb47(self=<unavailable>, closure=<unavailable>) at traphandlers.rs:562:25
    frame #11: 0x00000001000206a4 foo`wasmtime::runtime::vm::traphandlers::catch_traps::h5e19638f63e7b335(store=0x000000016fdfd1d0, closure={closure_env#0}<()> @ 0x000000016fdfcd20) at traphandlers.rs:374:18
    frame #12: 0x0000000100004fa8 foo`wasmtime::runtime::func::invoke_wasm_and_catch_traps::h6c487b81a047dadf(store=0x000000016fdfd1d0, closure={closure_env#0}<()> @ 0x000000016fdfd0d0) at func.rs:1605:22
    frame #13: 0x0000000100005b6c foo`wasmtime::runtime::func::Func::call_unchecked_raw::hb1ed6961d36b7362(store=0x000000016fdfd1d0, func_ref=NonNull<wasmtime::runtime::vm::vmcontext::VMFuncRef> @ 0x000000016fdfd120, params_and_returns=NonNull<[wasmtime::runtime::vm::vmcontext::ValRaw]> @ 0x000000016fdfd128) at func.rs:1071:9
    frame #14: 0x0000000100005558 foo`wasmtime::runtime::func::Func::call_unchecked::h6483ae344d176884(self=0x000000016fdfdda8, store=0x000000016fdfd870, params_and_returns=*mut [wasmtime::runtime::vm::vmcontext::ValRaw] @ 0x000000016fdfd1e0) at func.rs:1063:9
    frame #15: 0x00000001000057e0 foo`wasmtime::runtime::func::Func::call_impl_do_call::h3b7972d1a1a27f98(self=0x000000016fdfdda8, store=0x000000016fdfd870, params=(data_ptr = 0x000000016fdfe3b0, length = 1), results=(data_ptr = 0x0000000000000008, length = 0)) at func.rs:1248:13
    frame #16: 0x0000000100006260 foo`wasmtime::runtime::func::Func::call::h9a29cd7eec2a52e1(self=0x000000016fdfdda8, store=Store<()> @ 0x000000016fdfd828, params=(data_ptr = 0x000000016fdfe3b0, length = 1), results=(data_ptr = 0x0000000000000008, length = 0)) at func.rs:1016:18
    frame #17: 0x000000010001b0d0 foo`foo::main::h7b8cdf5e495db82d at main.rs:46:3
    frame #18: 0x00000001000124c8 foo`core::ops::function::FnOnce::call_once::h9a17db475815243b((null)=(foo`foo::main::h7b8cdf5e495db82d at main.rs:3), (null)=<unavailable>) at function.rs:250:5
    frame #19: 0x00000001000169fc foo`std::sys::backtrace::__rust_begin_short_backtrace::h8d40df52d6e8eee0(f=(foo`foo::main::h7b8cdf5e495db82d at main.rs:3)) at backtrace.rs:152:18
    frame #20: 0x0000000100007160 foo`std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::h1e9f85636d64c7a1 at rt.rs:199:18
    frame #21: 0x00000001012b3914 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_once::he7ba0572945420d1 at function.rs:284:13 [opt]
    frame #22: 0x00000001012b390c foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::do_call::hebe393b810f01e71 at panicking.rs:587:40 [opt]
    frame #23: 0x00000001012b3908 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::hb25fce0758ef422c at panicking.rs:550:19 [opt]
    frame #24: 0x00000001012b3908 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panic::catch_unwind::h84fa9d32cc13223f at panic.rs:358:14 [opt]
    frame #25: 0x00000001012b3908 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::rt::lang_start_internal::_$u7b$$u7b$closure$u7d$$u7d$::h303447aa1f5dac68 at rt.rs:168:24 [opt]
    frame #26: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::do_call::h6fee0bd35745e600 at panicking.rs:587:40 [opt]
    frame #27: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::h8a1ab658538ac4f7 at panicking.rs:550:19 [opt]
    frame #28: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panic::catch_unwind::hb51538dca89efd17 at panic.rs:358:14 [opt]
    frame #29: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c at rt.rs:164:5 [opt]
    frame #30: 0x0000000100007138 foo`std::rt::lang_start::had5581d6e1c0f172(main=(foo`foo::main::h7b8cdf5e495db82d at main.rs:3), argc=1, argv=0x000000016fdfe8b8, sigpipe='\0') at rt.rs:198:5
    frame #31: 0x000000010001b284 foo`main + 36
    frame #32: 0x00000001859020e0 dyld`start + 2360

view this post on Zulip Wasmtime GitHub notifications bot (May 12 2025 at 20:00):

willcrichton added the bug label to Issue #10772.

view this post on Zulip Wasmtime GitHub notifications bot (May 12 2025 at 20:00):

willcrichton edited issue #10772:

Test Case

use wasmtime::*;

fn main() -> wasmtime::Result<()> {
  let mut config = Config::new();
  config.wasm_gc(true);
  let engine = Engine::new(&config)?;

    let wat = r#"
(module
  (type $empty (struct))
  (type $tuple-concrete (struct (field (ref $empty))))
  (type $tuple-abstract (struct (field (ref struct))))
  (func (export "abstract") (param $t (ref $tuple-abstract))
    (drop (ref.cast (ref $tuple-concrete) (local.get $t))))
)
"#;

  let module = Module::new(&engine, wat)?;
  let linker = Linker::new(&engine);
  let mut store = Store::new(&engine, ());

  let instance = linker.instantiate(&mut store, &module)?;
  let abstract_ = instance.get_func(&mut store, "abstract").unwrap();
  let empty_pre = StructRefPre::new(&mut store, StructType::new(&engine, [])?);
  let empty_struct = StructRef::new(&mut store, &empty_pre, &[])?;
  let tuple_pre = StructRefPre::new(
    &mut store,
    StructType::new(
      &engine,
      [FieldType::new(
        Mutability::Const,
        StorageType::ValType(ValType::Ref(RefType::new(false, HeapType::Struct))),
      )],
    )?,
  );
  let tuple_struct = StructRef::new(&mut store, &tuple_pre, &[empty_struct.into()])?;
  let tuple_any = Val::from(tuple_struct);
  abstract_.call(store, &[tuple_any], &mut [])?; // issue happens here

  Ok(())
}

Steps to Reproduce

$ cargo run
[1]    70577 illegal hardware instruction

Versions and Environment

Wasmtime version or commit: 32.0.0

Operating system: MacOS

Architecture: 64-bit ARM

Extra Info

Backtrace from lldb:

(lldb) target create "./target/debug/foo"
Current executable set to '/tmp/subtype-test/target/debug/foo' (arm64).
(lldb) r
Process 62612 launched: '/tmp/subtype-test/target/debug/foo' (arm64)
expected: (ref (concrete struct VMSharedTypeIndex(2)))
Process 62612 stopped
* thread #1, name = 'main', queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=1, subcode=0xc11f)
    frame #0: 0x000000010300c0d4
->  0x10300c0d4: udf    #0xc11f
    0x10300c0d8: udf    #0xc11f
    0x10300c0dc: pacibsp
    0x10300c0e0: stp    x29, x30, [sp, #-0x10]!
Target 0: (foo) stopped.
(lldb) bt
* thread #1, name = 'main', queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=1, subcode=0xc11f)
  * frame #0: 0x000000010300c0d4
    frame #1: 0x000000010300c1a4
    frame #2: 0x00000001001d8a44 foo`wasmtime::runtime::vm::vmcontext::VMFuncRef::array_call_native::hf1a76eb50b063c12(self=0x0000000123205300, caller=NonNull<wasmtime::runtime::vm::vmcontext::VMOpaqueContext> @ 0x000000016fdfc8e0, args_and_results=NonNull<[wasmtime::runtime::vm::vmcontext::ValRaw]> @ 0x000000016fdfc8e8) at vmcontext.rs:883:9
    frame #3: 0x00000001001d89a8 foo`wasmtime::runtime::vm::vmcontext::VMFuncRef::array_call::h259d543535f9bb01(self=0x0000000123205300, (null)=Option<wasmtime::runtime::vm::interpreter_disabled::InterpreterRef> @ 0x000000016fdfc937, caller=NonNull<wasmtime::runtime::vm::vmcontext::VMOpaqueContext> @ 0x000000016fdfc940, args_and_results=NonNull<[wasmtime::runtime::vm::vmcontext::ValRaw]> @ 0x000000016fdfc948) at vmcontext.rs:844:21
    frame #4: 0x0000000100005bd4 foo`wasmtime::runtime::func::Func::call_unchecked_raw::_$u7b$$u7b$closure$u7d$$u7d$::h24bc96fcbb315c78(caller=NonNull<wasmtime::runtime::vm::vmcontext::VMContext> @ 0x000000016fdfc988, (null)=Option<wasmtime::runtime::vm::interpreter_disabled::InterpreterRef> @ 0x000000016fdfc996) at func.rs:1072:13
    frame #5: 0x00000001000208d4 foo`wasmtime::runtime::vm::traphandlers::catch_traps::_$u7b$$u7b$closure$u7d$$u7d$::call_closure::h3b0fb3590f0af9e6(payload=" \xd1\xdfo\U00000001", caller=NonNull<wasmtime::runtime::vm::vmcontext::VMContext> @ 0x000000016fdfc9d8) at traphandlers.rs:399:30
    frame #6: 0x00000001002e7c84 foo`wasmtime_setjmp_32_0_0(buf_storage=0x000000016fdfce68, body=(foo`wasmtime::runtime::vm::traphandlers::catch_traps::_$u7b$$u7b$closure$u7d$$u7d$::call_closure::h3b0fb3590f0af9e6 at traphandlers.rs:395), payload=0x000000016fdfcd20, callee=0x0000600003b380a0) at helpers.c:72:10
    frame #7: 0x00000001000209ac foo`wasmtime::runtime::vm::traphandlers::catch_traps::_$u7b$$u7b$closure$u7d$$u7d$::h219642c9c908f545(cx=0x000000016fdfcdc0) at traphandlers.rs:392:32
    frame #8: 0x0000000100020a80 foo`wasmtime::runtime::vm::traphandlers::_$LT$impl$u20$wasmtime..runtime..vm..traphandlers..call_thread_state..CallThreadState$GT$::with::_$u7b$$u7b$closure$u7d$$u7d$::hc17b0a162e449c95(me=0x000000016fdfcdc0) at traphandlers.rs:562:50
    frame #9: 0x000000010001933c foo`wasmtime::runtime::vm::traphandlers::tls::set::h0ab900a0bb25efcc(state=0x000000016fdfcdc0, closure={closure_env#0}<wasmtime::runtime::vm::traphandlers::catch_traps::{closure_env#0}<(), wasmtime::runtime::func::{impl#1}::call_unchecked_raw::{closure_env#0}<()>>> @ 0x000000016fdfcc10) at traphandlers.rs:979:13
    frame #10: 0x00000001000153e4 foo`wasmtime::runtime::vm::traphandlers::_$LT$impl$u20$wasmtime..runtime..vm..traphandlers..call_thread_state..CallThreadState$GT$::with::hf3e8b67938f3fb47(self=<unavailable>, closure=<unavailable>) at traphandlers.rs:562:25
    frame #11: 0x00000001000206a4 foo`wasmtime::runtime::vm::traphandlers::catch_traps::h5e19638f63e7b335(store=0x000000016fdfd1d0, closure={closure_env#0}<()> @ 0x000000016fdfcd20) at traphandlers.rs:374:18
    frame #12: 0x0000000100004fa8 foo`wasmtime::runtime::func::invoke_wasm_and_catch_traps::h6c487b81a047dadf(store=0x000000016fdfd1d0, closure={closure_env#0}<()> @ 0x000000016fdfd0d0) at func.rs:1605:22
    frame #13: 0x0000000100005b6c foo`wasmtime::runtime::func::Func::call_unchecked_raw::hb1ed6961d36b7362(store=0x000000016fdfd1d0, func_ref=NonNull<wasmtime::runtime::vm::vmcontext::VMFuncRef> @ 0x000000016fdfd120, params_and_returns=NonNull<[wasmtime::runtime::vm::vmcontext::ValRaw]> @ 0x000000016fdfd128) at func.rs:1071:9
    frame #14: 0x0000000100005558 foo`wasmtime::runtime::func::Func::call_unchecked::h6483ae344d176884(self=0x000000016fdfdda8, store=0x000000016fdfd870, params_and_returns=*mut [wasmtime::runtime::vm::vmcontext::ValRaw] @ 0x000000016fdfd1e0) at func.rs:1063:9
    frame #15: 0x00000001000057e0 foo`wasmtime::runtime::func::Func::call_impl_do_call::h3b7972d1a1a27f98(self=0x000000016fdfdda8, store=0x000000016fdfd870, params=(data_ptr = 0x000000016fdfe3b0, length = 1), results=(data_ptr = 0x0000000000000008, length = 0)) at func.rs:1248:13
    frame #16: 0x0000000100006260 foo`wasmtime::runtime::func::Func::call::h9a29cd7eec2a52e1(self=0x000000016fdfdda8, store=Store<()> @ 0x000000016fdfd828, params=(data_ptr = 0x000000016fdfe3b0, length = 1), results=(data_ptr = 0x0000000000000008, length = 0)) at func.rs:1016:18
    frame #17: 0x000000010001b0d0 foo`foo::main::h7b8cdf5e495db82d at main.rs:46:3
    frame #18: 0x00000001000124c8 foo`core::ops::function::FnOnce::call_once::h9a17db475815243b((null)=(foo`foo::main::h7b8cdf5e495db82d at main.rs:3), (null)=<unavailable>) at function.rs:250:5
    frame #19: 0x00000001000169fc foo`std::sys::backtrace::__rust_begin_short_backtrace::h8d40df52d6e8eee0(f=(foo`foo::main::h7b8cdf5e495db82d at main.rs:3)) at backtrace.rs:152:18
    frame #20: 0x0000000100007160 foo`std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::h1e9f85636d64c7a1 at rt.rs:199:18
    frame #21: 0x00000001012b3914 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_once::he7ba0572945420d1 at function.rs:284:13 [opt]
    frame #22: 0x00000001012b390c foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::do_call::hebe393b810f01e71 at panicking.rs:587:40 [opt]
    frame #23: 0x00000001012b3908 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::hb25fce0758ef422c at panicking.rs:550:19 [opt]
    frame #24: 0x00000001012b3908 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panic::catch_unwind::h84fa9d32cc13223f at panic.rs:358:14 [opt]
    frame #25: 0x00000001012b3908 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::rt::lang_start_internal::_$u7b$$u7b$closure$u7d$$u7d$::h303447aa1f5dac68 at rt.rs:168:24 [opt]
    frame #26: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::do_call::h6fee0bd35745e600 at panicking.rs:587:40 [opt]
    frame #27: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::h8a1ab658538ac4f7 at panicking.rs:550:19 [opt]
    frame #28: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panic::catch_unwind::hb51538dca89efd17 at panic.rs:358:14 [opt]
    frame #29: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c at rt.rs:164:5 [opt]
    frame #30: 0x0000000100007138 foo`std::rt::lang_start::had5581d6e1c0f172(main=(foo`foo::main::h7b8cdf5e495db82d at main.rs:3), argc=1, argv=0x000000016fdfe8b8, sigpipe='\0') at rt.rs:198:5
    frame #31: 0x000000010001b284 foo`main + 36
    frame #32: 0x00000001859020e0 dyld`start + 2360

view this post on Zulip Wasmtime GitHub notifications bot (May 13 2025 at 04:36):

alexcrichton assigned fitzgen to issue #10772.

view this post on Zulip Wasmtime GitHub notifications bot (May 13 2025 at 04:36):

alexcrichton added the wasm-proposal:gc label to Issue #10772.

view this post on Zulip Wasmtime GitHub notifications bot (May 13 2025 at 17:29):

fitzgen commented on issue #10772:

Thanks for filing an issue!

This doesn't repro on main, and I suspect it was fixed in the flurry of GC bug fixes we had a month or two ago. Probably works in the 33 release as well. Working on bisecting right now.

view this post on Zulip Wasmtime GitHub notifications bot (May 13 2025 at 18:24):

fitzgen commented on issue #10772:

Looks like it was fixed in 

commit c22b3cb9690a98b648d3c84eb0950aab854d3794
Author: Nick Fitzgerald <fitzgen@gmail.com>
Date:   Fri Apr 11 14:15:55 2025 -0700

    Reuse Wasm linear memories code for GC heaps (#10503)

and is part of the upcoming 33 release.

That said, I am a little surprised that that was the commit that fixed this issue. I'll add a regression test, since that commit doesn't have one for this bug.

Also fyi @willcrichton, that cast will always fail since $tuple-concrete is not declared as a subtype of $tuple-abstract.

Also, I'm curious what you're doing with Wasm GC, how your experience with Wasm GC and Wasmtime is so far, and what if anything we can do to help things work smoothly!

view this post on Zulip Wasmtime GitHub notifications bot (May 13 2025 at 18:39):

willcrichton commented on issue #10772:

Thanks, yes I expected this to fail, but I was surprised when it faulted :-)

I am teaching a course on program analysis in the fall, including dynamic analysis as used by JIT compilers. I'm experimenting with a simple GC'd language which has an interpreter in Rust that can JIT compile to Wasm via Wasmtime. I'm defining the value type in the interpreter as wasmtime::Val so I can easily pass interpreter values into Wasm. It's also handy to use Wasm structs to represent stuff like closures without needing my own allocator in Wasm's linear memory.

So far Wasmtime has worked great. The hardest part has been learning about the Wasm GC proposal, since documentation is sparse. The biggest uncertainty is how to properly manage my stores. Right now I have a single global store that everything gets allocated in to, which presumably means all my allocations are never GC'd, so I need to figure that out. I haven't started seriously benchmarking things yet, so I might have more questions about various overheads or inefficiencies once I embark on that part of the project. There's a few smaller things (why does Val have identical any_ref() and anyref() methods?) but those aren't blockers.

view this post on Zulip Wasmtime GitHub notifications bot (May 13 2025 at 18:41):

willcrichton commented on issue #10772:

Also it's been helpful to pester @alexcrichton when I have stupid questions :D

view this post on Zulip Wasmtime GitHub notifications bot (May 14 2025 at 07:48):

fitzgen closed issue #10772:

Test Case

use wasmtime::*;

fn main() -> wasmtime::Result<()> {
  let mut config = Config::new();
  config.wasm_gc(true);
  let engine = Engine::new(&config)?;

    let wat = r#"
(module
  (type $empty (struct))
  (type $tuple-concrete (struct (field (ref $empty))))
  (type $tuple-abstract (struct (field (ref struct))))
  (func (export "abstract") (param $t (ref $tuple-abstract))
    (drop (ref.cast (ref $tuple-concrete) (local.get $t))))
)
"#;

  let module = Module::new(&engine, wat)?;
  let linker = Linker::new(&engine);
  let mut store = Store::new(&engine, ());

  let instance = linker.instantiate(&mut store, &module)?;
  let abstract_ = instance.get_func(&mut store, "abstract").unwrap();
  let empty_pre = StructRefPre::new(&mut store, StructType::new(&engine, [])?);
  let empty_struct = StructRef::new(&mut store, &empty_pre, &[])?;
  let tuple_pre = StructRefPre::new(
    &mut store,
    StructType::new(
      &engine,
      [FieldType::new(
        Mutability::Const,
        StorageType::ValType(ValType::Ref(RefType::new(false, HeapType::Struct))),
      )],
    )?,
  );
  let tuple_struct = StructRef::new(&mut store, &tuple_pre, &[empty_struct.into()])?;
  let tuple_any = Val::from(tuple_struct);
  abstract_.call(store, &[tuple_any], &mut [])?; // issue happens here

  Ok(())
}

Steps to Reproduce

$ cargo run
[1]    70577 illegal hardware instruction

Versions and Environment

Wasmtime version or commit: 32.0.0

Operating system: MacOS

Architecture: 64-bit ARM

Extra Info

Backtrace from lldb:

(lldb) target create "./target/debug/foo"
Current executable set to '/tmp/subtype-test/target/debug/foo' (arm64).
(lldb) r
Process 62612 launched: '/tmp/subtype-test/target/debug/foo' (arm64)
expected: (ref (concrete struct VMSharedTypeIndex(2)))
Process 62612 stopped
* thread #1, name = 'main', queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=1, subcode=0xc11f)
    frame #0: 0x000000010300c0d4
->  0x10300c0d4: udf    #0xc11f
    0x10300c0d8: udf    #0xc11f
    0x10300c0dc: pacibsp
    0x10300c0e0: stp    x29, x30, [sp, #-0x10]!
Target 0: (foo) stopped.
(lldb) bt
* thread #1, name = 'main', queue = 'com.apple.main-thread', stop reason = EXC_BAD_INSTRUCTION (code=1, subcode=0xc11f)
  * frame #0: 0x000000010300c0d4
    frame #1: 0x000000010300c1a4
    frame #2: 0x00000001001d8a44 foo`wasmtime::runtime::vm::vmcontext::VMFuncRef::array_call_native::hf1a76eb50b063c12(self=0x0000000123205300, caller=NonNull<wasmtime::runtime::vm::vmcontext::VMOpaqueContext> @ 0x000000016fdfc8e0, args_and_results=NonNull<[wasmtime::runtime::vm::vmcontext::ValRaw]> @ 0x000000016fdfc8e8) at vmcontext.rs:883:9
    frame #3: 0x00000001001d89a8 foo`wasmtime::runtime::vm::vmcontext::VMFuncRef::array_call::h259d543535f9bb01(self=0x0000000123205300, (null)=Option<wasmtime::runtime::vm::interpreter_disabled::InterpreterRef> @ 0x000000016fdfc937, caller=NonNull<wasmtime::runtime::vm::vmcontext::VMOpaqueContext> @ 0x000000016fdfc940, args_and_results=NonNull<[wasmtime::runtime::vm::vmcontext::ValRaw]> @ 0x000000016fdfc948) at vmcontext.rs:844:21
    frame #4: 0x0000000100005bd4 foo`wasmtime::runtime::func::Func::call_unchecked_raw::_$u7b$$u7b$closure$u7d$$u7d$::h24bc96fcbb315c78(caller=NonNull<wasmtime::runtime::vm::vmcontext::VMContext> @ 0x000000016fdfc988, (null)=Option<wasmtime::runtime::vm::interpreter_disabled::InterpreterRef> @ 0x000000016fdfc996) at func.rs:1072:13
    frame #5: 0x00000001000208d4 foo`wasmtime::runtime::vm::traphandlers::catch_traps::_$u7b$$u7b$closure$u7d$$u7d$::call_closure::h3b0fb3590f0af9e6(payload=" \xd1\xdfo\U00000001", caller=NonNull<wasmtime::runtime::vm::vmcontext::VMContext> @ 0x000000016fdfc9d8) at traphandlers.rs:399:30
    frame #6: 0x00000001002e7c84 foo`wasmtime_setjmp_32_0_0(buf_storage=0x000000016fdfce68, body=(foo`wasmtime::runtime::vm::traphandlers::catch_traps::_$u7b$$u7b$closure$u7d$$u7d$::call_closure::h3b0fb3590f0af9e6 at traphandlers.rs:395), payload=0x000000016fdfcd20, callee=0x0000600003b380a0) at helpers.c:72:10
    frame #7: 0x00000001000209ac foo`wasmtime::runtime::vm::traphandlers::catch_traps::_$u7b$$u7b$closure$u7d$$u7d$::h219642c9c908f545(cx=0x000000016fdfcdc0) at traphandlers.rs:392:32
    frame #8: 0x0000000100020a80 foo`wasmtime::runtime::vm::traphandlers::_$LT$impl$u20$wasmtime..runtime..vm..traphandlers..call_thread_state..CallThreadState$GT$::with::_$u7b$$u7b$closure$u7d$$u7d$::hc17b0a162e449c95(me=0x000000016fdfcdc0) at traphandlers.rs:562:50
    frame #9: 0x000000010001933c foo`wasmtime::runtime::vm::traphandlers::tls::set::h0ab900a0bb25efcc(state=0x000000016fdfcdc0, closure={closure_env#0}<wasmtime::runtime::vm::traphandlers::catch_traps::{closure_env#0}<(), wasmtime::runtime::func::{impl#1}::call_unchecked_raw::{closure_env#0}<()>>> @ 0x000000016fdfcc10) at traphandlers.rs:979:13
    frame #10: 0x00000001000153e4 foo`wasmtime::runtime::vm::traphandlers::_$LT$impl$u20$wasmtime..runtime..vm..traphandlers..call_thread_state..CallThreadState$GT$::with::hf3e8b67938f3fb47(self=<unavailable>, closure=<unavailable>) at traphandlers.rs:562:25
    frame #11: 0x00000001000206a4 foo`wasmtime::runtime::vm::traphandlers::catch_traps::h5e19638f63e7b335(store=0x000000016fdfd1d0, closure={closure_env#0}<()> @ 0x000000016fdfcd20) at traphandlers.rs:374:18
    frame #12: 0x0000000100004fa8 foo`wasmtime::runtime::func::invoke_wasm_and_catch_traps::h6c487b81a047dadf(store=0x000000016fdfd1d0, closure={closure_env#0}<()> @ 0x000000016fdfd0d0) at func.rs:1605:22
    frame #13: 0x0000000100005b6c foo`wasmtime::runtime::func::Func::call_unchecked_raw::hb1ed6961d36b7362(store=0x000000016fdfd1d0, func_ref=NonNull<wasmtime::runtime::vm::vmcontext::VMFuncRef> @ 0x000000016fdfd120, params_and_returns=NonNull<[wasmtime::runtime::vm::vmcontext::ValRaw]> @ 0x000000016fdfd128) at func.rs:1071:9
    frame #14: 0x0000000100005558 foo`wasmtime::runtime::func::Func::call_unchecked::h6483ae344d176884(self=0x000000016fdfdda8, store=0x000000016fdfd870, params_and_returns=*mut [wasmtime::runtime::vm::vmcontext::ValRaw] @ 0x000000016fdfd1e0) at func.rs:1063:9
    frame #15: 0x00000001000057e0 foo`wasmtime::runtime::func::Func::call_impl_do_call::h3b7972d1a1a27f98(self=0x000000016fdfdda8, store=0x000000016fdfd870, params=(data_ptr = 0x000000016fdfe3b0, length = 1), results=(data_ptr = 0x0000000000000008, length = 0)) at func.rs:1248:13
    frame #16: 0x0000000100006260 foo`wasmtime::runtime::func::Func::call::h9a29cd7eec2a52e1(self=0x000000016fdfdda8, store=Store<()> @ 0x000000016fdfd828, params=(data_ptr = 0x000000016fdfe3b0, length = 1), results=(data_ptr = 0x0000000000000008, length = 0)) at func.rs:1016:18
    frame #17: 0x000000010001b0d0 foo`foo::main::h7b8cdf5e495db82d at main.rs:46:3
    frame #18: 0x00000001000124c8 foo`core::ops::function::FnOnce::call_once::h9a17db475815243b((null)=(foo`foo::main::h7b8cdf5e495db82d at main.rs:3), (null)=<unavailable>) at function.rs:250:5
    frame #19: 0x00000001000169fc foo`std::sys::backtrace::__rust_begin_short_backtrace::h8d40df52d6e8eee0(f=(foo`foo::main::h7b8cdf5e495db82d at main.rs:3)) at backtrace.rs:152:18
    frame #20: 0x0000000100007160 foo`std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::h1e9f85636d64c7a1 at rt.rs:199:18
    frame #21: 0x00000001012b3914 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] core::ops::function::impls::_$LT$impl$u20$core..ops..function..FnOnce$LT$A$GT$$u20$for$u20$$RF$F$GT$::call_once::he7ba0572945420d1 at function.rs:284:13 [opt]
    frame #22: 0x00000001012b390c foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::do_call::hebe393b810f01e71 at panicking.rs:587:40 [opt]
    frame #23: 0x00000001012b3908 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::hb25fce0758ef422c at panicking.rs:550:19 [opt]
    frame #24: 0x00000001012b3908 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panic::catch_unwind::h84fa9d32cc13223f at panic.rs:358:14 [opt]
    frame #25: 0x00000001012b3908 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::rt::lang_start_internal::_$u7b$$u7b$closure$u7d$$u7d$::h303447aa1f5dac68 at rt.rs:168:24 [opt]
    frame #26: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::do_call::h6fee0bd35745e600 at panicking.rs:587:40 [opt]
    frame #27: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panicking::try::h8a1ab658538ac4f7 at panicking.rs:550:19 [opt]
    frame #28: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c [inlined] std::panic::catch_unwind::hb51538dca89efd17 at panic.rs:358:14 [opt]
    frame #29: 0x00000001012b35c4 foo`std::rt::lang_start_internal::h95cf27b851151b9c at rt.rs:164:5 [opt]
    frame #30: 0x0000000100007138 foo`std::rt::lang_start::had5581d6e1c0f172(main=(foo`foo::main::h7b8cdf5e495db82d at main.rs:3), argc=1, argv=0x000000016fdfe8b8, sigpipe='\0') at rt.rs:198:5
    frame #31: 0x000000010001b284 foo`main + 36
    frame #32: 0x00000001859020e0 dyld`start + 2360

Last updated: Dec 06 2025 at 06:05 UTC