Stream: git-wasmtime

Topic: wasmtime / issue #11133 Cranelift: Segmentation fault on ...

view this post on Zulip Wasmtime GitHub notifications bot (Jun 25 2025 at 13:29):

akldc opened issue #11133:

.clif Test Case

set enable_multi_ret_implicit_sret=true

function u1:0(i64, i64, i8x16) {

    const0 = 0xfeffffffff0200008d0000000a000402

block0(v0: i64, v1: i64, v2: i8x16):
    v7 = vconst.i32x4 const0
    return
}

function %main() -> i8x16 tail {
    sig0 = (i64 , i64, i8x16) tail
    fn0 =  u1:0 sig0
    const1 = 0x60d64ffe6aed3a12b00dbe7bffb2bf3d

block0():
    v0 = iconst.i64 123
    v1 = iconst.i64 234
    v11 = vconst.i8x16 const1
    call fn0(v0, v1, v11)
    return v11
}

;print:%main()

Steps to Reproduce

qemu-riscv64 target/riscv64gc-unknown-linux-gnu/release/clif-util run -v test1.clif

Result

Segmentation fault

Return code: -11

Clearly, the expected result should be:

%main() -> 0x60d64ffe6aed3a12b00dbe7bffb2bf3d

view this post on Zulip Wasmtime GitHub notifications bot (Jun 25 2025 at 13:29):

akldc added the bug label to Issue #11133.

view this post on Zulip Wasmtime GitHub notifications bot (Jun 25 2025 at 13:29):

akldc added the cranelift label to Issue #11133.

view this post on Zulip Wasmtime GitHub notifications bot (Jun 25 2025 at 13:32):

bjorn3 commented on issue #11133:

On the caller side u1:0 is defined with the tail calling convention, but the definition of this function uses the default calling convention (system_v). This is UB.

view this post on Zulip Wasmtime GitHub notifications bot (Jun 25 2025 at 13:59):

alexcrichton closed issue #11133:

.clif Test Case

set enable_multi_ret_implicit_sret=true

function u1:0(i64, i64, i8x16) {

    const0 = 0xfeffffffff0200008d0000000a000402

block0(v0: i64, v1: i64, v2: i8x16):
    v7 = vconst.i32x4 const0
    return
}

function %main() -> i8x16 tail {
    sig0 = (i64 , i64, i8x16) tail
    fn0 =  u1:0 sig0
    const1 = 0x60d64ffe6aed3a12b00dbe7bffb2bf3d

block0():
    v0 = iconst.i64 123
    v1 = iconst.i64 234
    v11 = vconst.i8x16 const1
    call fn0(v0, v1, v11)
    return v11
}

;print:%main()

Steps to Reproduce

qemu-riscv64 target/riscv64gc-unknown-linux-gnu/release/clif-util run -v test1.clif

Result

Segmentation fault

Return code: -11

Clearly, the expected result should be:

%main() -> 0x60d64ffe6aed3a12b00dbe7bffb2bf3d

view this post on Zulip Wasmtime GitHub notifications bot (Jun 25 2025 at 13:59):

alexcrichton commented on issue #11133:

Agreed yes, the calling conventions need to match up

view this post on Zulip Wasmtime GitHub notifications bot (Jun 27 2025 at 12:21):

akldc commented on issue #11133:

@alexcrichton @bjorn3
The case runs correctly on other architectures.

[x86    ] Success
[x86    ] %main() -> 0x60d64ffe6aed3a12b00dbe7bffb2bf3d
return code: 0

[aarch64] Success
[aarch64] %main() -> 0x60d64ffe6aed3a12b00dbe7bffb2bf3d
return code: 0

[riscv64] Error
return code: -11

[s390x  ] Success
[s390x  ] %main() -> 0x60d64ffe6aed3a12b00dbe7bffb2bf3d
return code: 0

view this post on Zulip Wasmtime GitHub notifications bot (Jun 27 2025 at 12:30):

bjorn3 commented on issue #11133:

It likely just works by accident on those architectures.

Last updated: Dec 06 2025 at 06:05 UTC