Wasmtime GitHub notifications bot (Jul 21 2022 at 19:55): Wasmtime GitHub notifications bot (Jul 21 2022 at 19:55):bjorn3 commented on issue #4502:
As author of this api, I'm curious if it will be able to find any issues.
Wasmtime GitHub notifications bot (Jul 21 2022 at 21:40):afonso360 commented on issue #4502:
We got a crash!
test interpret function %a(i32, i16, i32) -> i8 system_v { jt0 = jump_table [block1, block1, block1, block1, block1, block1, block1, block1] jt1 = jump_table [] block0(v0: i32, v1: i16, v2: i32): v3 = iconst.i32 256 v4 = iconst.i8 1 v24 -> v4 v5 = bconst.b1 false v6 = bconst.b1 false v7 = bconst.b1 false v8 = bconst.b1 false v9 = bconst.b1 false v10 = bconst.b1 false v11 = bconst.b1 false v12 = bconst.b1 false v13 = bconst.b1 false v14 = bconst.b1 false v15 = bconst.b1 false v16 = bconst.b1 false v17 = bconst.b1 false v18 = iconst.i64 0 v19 = iconst.i32 0 v20 = iconst.i16 0 v21 = iconst.i8 0 v22 = uextend.i32 v4 v23 = icmp_imm eq v22, 0x4100_0000_00bf_d470 brnz v23, block1 jump block1 block1: br_icmp.i8 eq v24, v24, block1 jump block1 } ; run: %a(0, 0, 167773184) == 1Fails with:
unexpected trap: StepError(ValueError(InvalidInteger(TryFromIntError(()))))This is probably because the imm field is too large for an
i32
Wasmtime GitHub notifications bot (Jul 21 2022 at 21:53):afonso360 edited a comment on issue #4502:
We got a crash!
test interpret function %a(i32, i16, i32) -> i8 system_v { jt0 = jump_table [block1, block1, block1, block1, block1, block1, block1, block1] jt1 = jump_table [] block0(v0: i32, v1: i16, v2: i32): v3 = iconst.i32 256 v4 = iconst.i8 1 v24 -> v4 v5 = bconst.b1 false v6 = bconst.b1 false v7 = bconst.b1 false v8 = bconst.b1 false v9 = bconst.b1 false v10 = bconst.b1 false v11 = bconst.b1 false v12 = bconst.b1 false v13 = bconst.b1 false v14 = bconst.b1 false v15 = bconst.b1 false v16 = bconst.b1 false v17 = bconst.b1 false v18 = iconst.i64 0 v19 = iconst.i32 0 v20 = iconst.i16 0 v21 = iconst.i8 0 v22 = uextend.i32 v4 v23 = icmp_imm eq v22, 0x4100_0000_00bf_d470 brnz v23, block1 jump block1 block1: br_icmp.i8 eq v24, v24, block1 jump block1 } ; run: %a(0, 0, 167773184) == 1Fails with:
unexpected trap: StepError(ValueError(InvalidInteger(TryFromIntError(()))))This is probably because the imm field is too large for an
i32Edit: Switch Entries are:
entries: { 4683743612477887600: block1, }
Wasmtime GitHub notifications bot (Jul 21 2022 at 22:15):afonso360 edited a comment on issue #4502:
We got a crash!
test interpret function %a(i32, i16, i32) -> i8 system_v { jt0 = jump_table [block1, block1, block1, block1, block1, block1, block1, block1] jt1 = jump_table [] block0(v0: i32, v1: i16, v2: i32): v3 = iconst.i32 256 v4 = iconst.i8 1 v24 -> v4 v5 = bconst.b1 false v6 = bconst.b1 false v7 = bconst.b1 false v8 = bconst.b1 false v9 = bconst.b1 false v10 = bconst.b1 false v11 = bconst.b1 false v12 = bconst.b1 false v13 = bconst.b1 false v14 = bconst.b1 false v15 = bconst.b1 false v16 = bconst.b1 false v17 = bconst.b1 false v18 = iconst.i64 0 v19 = iconst.i32 0 v20 = iconst.i16 0 v21 = iconst.i8 0 v22 = uextend.i32 v4 v23 = icmp_imm eq v22, 0x4100_0000_00bf_d470 brnz v23, block1 jump block1 block1: br_icmp.i8 eq v24, v24, block1 jump block1 } ; run: %a(0, 0, 167773184) == 1Fails with:
unexpected trap: StepError(ValueError(InvalidInteger(TryFromIntError(()))))This is probably because the imm field is too large for an
i32Edit: Switch Entries are:
entries: { 4683743612477887600: block1, }I'll submit a PR tomorrow to fix this.
Wasmtime GitHub notifications bot (Jul 22 2022 at 10:30):afonso360 edited a comment on issue #4502:
We got a crash!
test interpret function %a(i32, i16, i32) -> i8 system_v { jt0 = jump_table [block1, block1, block1, block1, block1, block1, block1, block1] jt1 = jump_table [] block0(v0: i32, v1: i16, v2: i32): v3 = iconst.i32 256 v4 = iconst.i8 1 v24 -> v4 v5 = bconst.b1 false v6 = bconst.b1 false v7 = bconst.b1 false v8 = bconst.b1 false v9 = bconst.b1 false v10 = bconst.b1 false v11 = bconst.b1 false v12 = bconst.b1 false v13 = bconst.b1 false v14 = bconst.b1 false v15 = bconst.b1 false v16 = bconst.b1 false v17 = bconst.b1 false v18 = iconst.i64 0 v19 = iconst.i32 0 v20 = iconst.i16 0 v21 = iconst.i8 0 v22 = uextend.i32 v4 v23 = icmp_imm eq v22, 0x4100_0000_00bf_d470 brnz v23, block1 jump block1 block1: br_icmp.i8 eq v24, v24, block1 jump block1 } ; run: %a(0, 0, 167773184) == 1Fails with:
unexpected trap: StepError(ValueError(InvalidInteger(TryFromIntError(()))))This is probably because the imm field is too large for an
i32Edit: Switch Entries are:
entries: { 4683743612477887600: block1, }I'll submit a PR tomorrow to fix this.
Related Issue: #3059
Wasmtime GitHub notifications bot (Jul 23 2022 at 08:57):afonso360 commented on issue #4502:
With https://github.com/bytecodealliance/wasmtime/pull/4510 merged the Switch API should now work for all widths, right?
Yeah, We shouldn't need any changes here.
Ill rebase this and leave it fuzzing over the weekend to see if anything else comes up
Wasmtime GitHub notifications bot (Jul 23 2022 at 09:25):afonso360 edited a comment on issue #4502:
With https://github.com/bytecodealliance/wasmtime/pull/4510 merged the Switch API should now work for all widths, right?
Yes.
Are there any remaining bugs you know about? I
We still need to fix this so that it doesn't emit the switch entries larger than the index type (the case that we made illegal with #4507). But otherwise no.
Ill push those changes and leave this fuzzing over the weekend to see if anything else comes up.
Wasmtime GitHub notifications bot (Jul 25 2022 at 08:26):afonso360 commented on issue #4502:
Fuzzer found nothing new over the weekend with these new changes. Should be ready to merge! Lets see if oss-fuzz finds something else.
Last updated: Nov 22 2024 at 16:03 UTC