Wasmtime GitHub notifications bot (Aug 21 2025 at 23:27): Wasmtime GitHub notifications bot (Aug 21 2025 at 23:27):alexcrichton opened issue #11505:
This input:
(module (type (;0;) (func)) (tag (;0;) (type 0)) (global (;0;) (mut i32) i32.const 1000) (export "" (func 0)) (func (;0;) (type 0) global.get 0 i32.eqz if ;; label = @1 unreachable end global.get 0 i32.const 1 i32.sub global.set 0 loop (type 0) ;; label = @1 global.get 0 i32.eqz if ;; label = @2 unreachable end global.get 0 i32.const 1 i32.sub global.set 0 return_call 0 try_table ;; label = @2 try_table (type 0) (catch_all 0 (;@2;)) (catch_all 0 (;@2;)) (catch_all 0 (;@2;)) ;; label = @3 end end end ) )panics with:
$ cargo run compile testcase0.wat -W exceptions Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.10s Running `target/x86_64-unknown-linux-gnu/debug/wasmtime compile testcase0.wat -W exceptions` thread '<unnamed>' panicked at crates/cranelift/src/translate/code_translator.rs:3162:45: called `Option::unwrap()` on a `None` value note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace@cfallin I was curious to see what would happen since wasm-smith has support for exceptions. I don't think the support is too useful from a runtime perspective but it's likely interesting from a compile-time perspective (similar with most of our other wasm-smith-generated modules). If you're curious this is the diff I used to get
differentialrunning and it took a few seconds to find the above case:<details>
diff --git a/crates/fuzzing/src/generators/config.rs b/crates/fuzzing/src/generators/config.rs index 553bbea530..72b9c0fc46 100644 --- a/crates/fuzzing/src/generators/config.rs +++ b/crates/fuzzing/src/generators/config.rs @@ -662,6 +662,7 @@ impl WasmtimeConfig { config.config.gc_enabled = false; config.config.tail_call_enabled = false; config.config.reference_types_enabled = false; + config.config.exceptions_enabled = false; config.function_references_enabled = false; // Winch's SIMD implementations require AVX and AVX2. diff --git a/crates/fuzzing/src/generators/module.rs b/crates/fuzzing/src/generators/module.rs index 97078890b8..7b65c92c4c 100644 --- a/crates/fuzzing/src/generators/module.rs +++ b/crates/fuzzing/src/generators/module.rs @@ -48,7 +48,7 @@ impl<'a> Arbitrary<'a> for ModuleConfig { let _ = config.tail_call_enabled; let _ = config.extended_const_enabled; let _ = config.gc_enabled; - config.exceptions_enabled = false; + let _ = config.exceptions_enabled; config.custom_page_sizes_enabled = u.arbitrary()?; config.wide_arithmetic_enabled = u.arbitrary()?; config.memory64_enabled = u.ratio(1, 20)?; diff --git a/crates/fuzzing/src/oracles.rs b/crates/fuzzing/src/oracles.rs index 39e6a948fc..1e717ccd44 100644 --- a/crates/fuzzing/src/oracles.rs +++ b/crates/fuzzing/src/oracles.rs @@ -1417,7 +1417,8 @@ mod tests { | WasmFeatures::GC | WasmFeatures::GC_TYPES | WasmFeatures::CUSTOM_PAGE_SIZES - | WasmFeatures::EXTENDED_CONST; + | WasmFeatures::EXTENDED_CONST + | WasmFeatures::EXCEPTIONS; // All other features that wasmparser supports, which is presumably a // superset of the features that wasm-smith supports, are listed here as diff --git a/crates/fuzzing/src/oracles/diff_spec.rs b/crates/fuzzing/src/oracles/diff_spec.rs index 643e9cb3b4..c5b9edbafc 100644 --- a/crates/fuzzing/src/oracles/diff_spec.rs +++ b/crates/fuzzing/src/oracles/diff_spec.rs @@ -28,6 +28,7 @@ impl SpecInterpreter { config.custom_page_sizes_enabled = false; config.wide_arithmetic_enabled = false; config.extended_const_enabled = false; + config.exceptions_enabled = false; Self }</details>
Wasmtime GitHub notifications bot (Aug 21 2025 at 23:27):alexcrichton added the fuzz-bug label to Issue #11505.
Wasmtime GitHub notifications bot (Aug 21 2025 at 23:27):alexcrichton added the wasm-proposal:exceptions label to Issue #11505.
Wasmtime GitHub notifications bot (Aug 21 2025 at 23:56):cfallin commented on issue #11505:
Thanks; taking a look!
Wasmtime GitHub notifications bot (Aug 22 2025 at 01:19):cfallin commented on issue #11505:
Minimizes to
(module (func (unreachable) (try_table)))and happens because I missed adding a control-stack entry in the unreachable-code handler in the translator for a
try_block, so we underflow the control stack. PR incoming.
Wasmtime GitHub notifications bot (Aug 22 2025 at 03:42):alexcrichton closed issue #11505:
This input:
(module (type (;0;) (func)) (tag (;0;) (type 0)) (global (;0;) (mut i32) i32.const 1000) (export "" (func 0)) (func (;0;) (type 0) global.get 0 i32.eqz if ;; label = @1 unreachable end global.get 0 i32.const 1 i32.sub global.set 0 loop (type 0) ;; label = @1 global.get 0 i32.eqz if ;; label = @2 unreachable end global.get 0 i32.const 1 i32.sub global.set 0 return_call 0 try_table ;; label = @2 try_table (type 0) (catch_all 0 (;@2;)) (catch_all 0 (;@2;)) (catch_all 0 (;@2;)) ;; label = @3 end end end ) )panics with:
$ cargo run compile testcase0.wat -W exceptions Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.10s Running `target/x86_64-unknown-linux-gnu/debug/wasmtime compile testcase0.wat -W exceptions` thread '<unnamed>' panicked at crates/cranelift/src/translate/code_translator.rs:3162:45: called `Option::unwrap()` on a `None` value note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace@cfallin I was curious to see what would happen since wasm-smith has support for exceptions. I don't think the support is too useful from a runtime perspective but it's likely interesting from a compile-time perspective (similar with most of our other wasm-smith-generated modules). If you're curious this is the diff I used to get
differentialrunning and it took a few seconds to find the above case:<details>
diff --git a/crates/fuzzing/src/generators/config.rs b/crates/fuzzing/src/generators/config.rs index 553bbea530..72b9c0fc46 100644 --- a/crates/fuzzing/src/generators/config.rs +++ b/crates/fuzzing/src/generators/config.rs @@ -662,6 +662,7 @@ impl WasmtimeConfig { config.config.gc_enabled = false; config.config.tail_call_enabled = false; config.config.reference_types_enabled = false; + config.config.exceptions_enabled = false; config.function_references_enabled = false; // Winch's SIMD implementations require AVX and AVX2. diff --git a/crates/fuzzing/src/generators/module.rs b/crates/fuzzing/src/generators/module.rs index 97078890b8..7b65c92c4c 100644 --- a/crates/fuzzing/src/generators/module.rs +++ b/crates/fuzzing/src/generators/module.rs @@ -48,7 +48,7 @@ impl<'a> Arbitrary<'a> for ModuleConfig { let _ = config.tail_call_enabled; let _ = config.extended_const_enabled; let _ = config.gc_enabled; - config.exceptions_enabled = false; + let _ = config.exceptions_enabled; config.custom_page_sizes_enabled = u.arbitrary()?; config.wide_arithmetic_enabled = u.arbitrary()?; config.memory64_enabled = u.ratio(1, 20)?; diff --git a/crates/fuzzing/src/oracles.rs b/crates/fuzzing/src/oracles.rs index 39e6a948fc..1e717ccd44 100644 --- a/crates/fuzzing/src/oracles.rs +++ b/crates/fuzzing/src/oracles.rs @@ -1417,7 +1417,8 @@ mod tests { | WasmFeatures::GC | WasmFeatures::GC_TYPES | WasmFeatures::CUSTOM_PAGE_SIZES - | WasmFeatures::EXTENDED_CONST; + | WasmFeatures::EXTENDED_CONST + | WasmFeatures::EXCEPTIONS; // All other features that wasmparser supports, which is presumably a // superset of the features that wasm-smith supports, are listed here as diff --git a/crates/fuzzing/src/oracles/diff_spec.rs b/crates/fuzzing/src/oracles/diff_spec.rs index 643e9cb3b4..c5b9edbafc 100644 --- a/crates/fuzzing/src/oracles/diff_spec.rs +++ b/crates/fuzzing/src/oracles/diff_spec.rs @@ -28,6 +28,7 @@ impl SpecInterpreter { config.custom_page_sizes_enabled = false; config.wide_arithmetic_enabled = false; config.extended_const_enabled = false; + config.exceptions_enabled = false; Self }</details>
Last updated: Dec 06 2025 at 06:05 UTC