nivkner opened issue #5018:
this is a miscompilation of rust code, compiled with rustc cranelift backend.
i identified the cause to be commit 05cbd667c7e89828a45ebc5760787a6160c55c8d. before the commit the same code runs as expected and afterwards there is a segfault
.clif
Test Casei tried to produce a
.clif
file but because the problem is not a crash during compilation,clif-util bugpoint
cant be used,
tried using--emit llvm-ir
to get theclif
generated by rustc, but i couldn't produce a binary from them to see if it causes a segfault.@bjorn3 if you know how to get a usable
.clif
file from the backend for this scenario, please let me knowSteps to Reproduce
git clone https://github.com/bytecodealliance/wasmtime
so that the backend can use a local copygit clone "https://github.com/bjorn3/rustc_codegen_cranelift"
cd rustc_codegen_cranelift
git checkout a53b4458166c142e6b7ca42983436995ca6f929d
this is the version the code was tested on- appy the following patch using
git apply filename.patch
diff --git a/Cargo.toml b/Cargo.toml index 09cf5b4..d20efb2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,12 +8,12 @@ crate-type = ["dylib"] [dependencies] # These have to be in sync with each other -cranelift-codegen = { version = "0.88.1", features = ["unwind", "all-arch"] } -cranelift-frontend = "0.88.1" -cranelift-module = "0.88.1" -cranelift-native = "0.88.1" -cranelift-jit = { version = "0.88.1", optional = true } -cranelift-object = "0.88.1" +cranelift-codegen = { version = "0.89.0", features = ["unwind", "all-arch"] } +cranelift-frontend = "0.89.0" +cranelift-module = "0.89.0" +cranelift-native = "0.89.0" +cranelift-jit = { version = "0.89.0", optional = true } +cranelift-object = "0.89.0" target-lexicon = "0.12.0" gimli = { version = "0.26.0", default-features = false, features = ["write"]} object = { version = "0.29.0", default-features = false, features = ["std", "read_core", "write", "archive", "coff", "elf", "macho", "pe"] } @@ -26,12 +26,12 @@ smallvec = "1.8.1" [patch.crates-io] # Uncomment to use local checkout of cranelift -#cranelift-codegen = { path = "../wasmtime/cranelift/codegen" } -#cranelift-frontend = { path = "../wasmtime/cranelift/frontend" } -#cranelift-module = { path = "../wasmtime/cranelift/module" } -#cranelift-native = { path = "../wasmtime/cranelift/native" } -#cranelift-jit = { path = "../wasmtime/cranelift/jit" } -#cranelift-object = { path = "../wasmtime/cranelift/object" } +cranelift-codegen = { path = "../wasmtime/cranelift/codegen" } +cranelift-frontend = { path = "../wasmtime/cranelift/frontend" } +cranelift-module = { path = "../wasmtime/cranelift/module" } +cranelift-native = { path = "../wasmtime/cranelift/native" } +cranelift-jit = { path = "../wasmtime/cranelift/jit" } +cranelift-object = { path = "../wasmtime/cranelift/object" } #gimli = { path = "../" }
./y.rs prepare && ./y.rs build
- compile the following code using
./build/rustc-clif filename.rs
fn main() { std::env::args().collect::<Vec<_>>(); }
./filename
Expected Results
the binary executes successfully
Actual Results
Segmentation fault (core dumped)
Versions and Environment
Cranelift version or commit: e63771f2d921cdce440620dbf38bd3e186747b1e (latest commit on which the bug is reproduced) 05cbd667c7e89828a45ebc5760787a6160c55c8d (earliest commit on which the bug is reproduced)
Operating system: arch linux, kernel version
5.19.12-arch1-1
Architecture: x86_64
nivkner labeled issue #5018:
this is a miscompilation of rust code, compiled with rustc cranelift backend.
i identified the cause to be commit 05cbd667c7e89828a45ebc5760787a6160c55c8d. before the commit the same code runs as expected and afterwards there is a segfault
.clif
Test Casei tried to produce a
.clif
file but because the problem is not a crash during compilation,clif-util bugpoint
cant be used,
tried using--emit llvm-ir
to get theclif
generated by rustc, but i couldn't produce a binary from them to see if it causes a segfault.@bjorn3 if you know how to get a usable
.clif
file from the backend for this scenario, please let me knowSteps to Reproduce
git clone https://github.com/bytecodealliance/wasmtime
so that the backend can use a local copygit clone "https://github.com/bjorn3/rustc_codegen_cranelift"
cd rustc_codegen_cranelift
git checkout a53b4458166c142e6b7ca42983436995ca6f929d
this is the version the code was tested on- appy the following patch using
git apply filename.patch
diff --git a/Cargo.toml b/Cargo.toml index 09cf5b4..d20efb2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,12 +8,12 @@ crate-type = ["dylib"] [dependencies] # These have to be in sync with each other -cranelift-codegen = { version = "0.88.1", features = ["unwind", "all-arch"] } -cranelift-frontend = "0.88.1" -cranelift-module = "0.88.1" -cranelift-native = "0.88.1" -cranelift-jit = { version = "0.88.1", optional = true } -cranelift-object = "0.88.1" +cranelift-codegen = { version = "0.89.0", features = ["unwind", "all-arch"] } +cranelift-frontend = "0.89.0" +cranelift-module = "0.89.0" +cranelift-native = "0.89.0" +cranelift-jit = { version = "0.89.0", optional = true } +cranelift-object = "0.89.0" target-lexicon = "0.12.0" gimli = { version = "0.26.0", default-features = false, features = ["write"]} object = { version = "0.29.0", default-features = false, features = ["std", "read_core", "write", "archive", "coff", "elf", "macho", "pe"] } @@ -26,12 +26,12 @@ smallvec = "1.8.1" [patch.crates-io] # Uncomment to use local checkout of cranelift -#cranelift-codegen = { path = "../wasmtime/cranelift/codegen" } -#cranelift-frontend = { path = "../wasmtime/cranelift/frontend" } -#cranelift-module = { path = "../wasmtime/cranelift/module" } -#cranelift-native = { path = "../wasmtime/cranelift/native" } -#cranelift-jit = { path = "../wasmtime/cranelift/jit" } -#cranelift-object = { path = "../wasmtime/cranelift/object" } +cranelift-codegen = { path = "../wasmtime/cranelift/codegen" } +cranelift-frontend = { path = "../wasmtime/cranelift/frontend" } +cranelift-module = { path = "../wasmtime/cranelift/module" } +cranelift-native = { path = "../wasmtime/cranelift/native" } +cranelift-jit = { path = "../wasmtime/cranelift/jit" } +cranelift-object = { path = "../wasmtime/cranelift/object" } #gimli = { path = "../" }
./y.rs prepare && ./y.rs build
- compile the following code using
./build/rustc-clif filename.rs
fn main() { std::env::args().collect::<Vec<_>>(); }
./filename
Expected Results
the binary executes successfully
Actual Results
Segmentation fault (core dumped)
Versions and Environment
Cranelift version or commit: e63771f2d921cdce440620dbf38bd3e186747b1e (latest commit on which the bug is reproduced) 05cbd667c7e89828a45ebc5760787a6160c55c8d (earliest commit on which the bug is reproduced)
Operating system: arch linux, kernel version
5.19.12-arch1-1
Architecture: x86_64
nivkner labeled issue #5018:
this is a miscompilation of rust code, compiled with rustc cranelift backend.
i identified the cause to be commit 05cbd667c7e89828a45ebc5760787a6160c55c8d. before the commit the same code runs as expected and afterwards there is a segfault
.clif
Test Casei tried to produce a
.clif
file but because the problem is not a crash during compilation,clif-util bugpoint
cant be used,
tried using--emit llvm-ir
to get theclif
generated by rustc, but i couldn't produce a binary from them to see if it causes a segfault.@bjorn3 if you know how to get a usable
.clif
file from the backend for this scenario, please let me knowSteps to Reproduce
git clone https://github.com/bytecodealliance/wasmtime
so that the backend can use a local copygit clone "https://github.com/bjorn3/rustc_codegen_cranelift"
cd rustc_codegen_cranelift
git checkout a53b4458166c142e6b7ca42983436995ca6f929d
this is the version the code was tested on- appy the following patch using
git apply filename.patch
diff --git a/Cargo.toml b/Cargo.toml index 09cf5b4..d20efb2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,12 +8,12 @@ crate-type = ["dylib"] [dependencies] # These have to be in sync with each other -cranelift-codegen = { version = "0.88.1", features = ["unwind", "all-arch"] } -cranelift-frontend = "0.88.1" -cranelift-module = "0.88.1" -cranelift-native = "0.88.1" -cranelift-jit = { version = "0.88.1", optional = true } -cranelift-object = "0.88.1" +cranelift-codegen = { version = "0.89.0", features = ["unwind", "all-arch"] } +cranelift-frontend = "0.89.0" +cranelift-module = "0.89.0" +cranelift-native = "0.89.0" +cranelift-jit = { version = "0.89.0", optional = true } +cranelift-object = "0.89.0" target-lexicon = "0.12.0" gimli = { version = "0.26.0", default-features = false, features = ["write"]} object = { version = "0.29.0", default-features = false, features = ["std", "read_core", "write", "archive", "coff", "elf", "macho", "pe"] } @@ -26,12 +26,12 @@ smallvec = "1.8.1" [patch.crates-io] # Uncomment to use local checkout of cranelift -#cranelift-codegen = { path = "../wasmtime/cranelift/codegen" } -#cranelift-frontend = { path = "../wasmtime/cranelift/frontend" } -#cranelift-module = { path = "../wasmtime/cranelift/module" } -#cranelift-native = { path = "../wasmtime/cranelift/native" } -#cranelift-jit = { path = "../wasmtime/cranelift/jit" } -#cranelift-object = { path = "../wasmtime/cranelift/object" } +cranelift-codegen = { path = "../wasmtime/cranelift/codegen" } +cranelift-frontend = { path = "../wasmtime/cranelift/frontend" } +cranelift-module = { path = "../wasmtime/cranelift/module" } +cranelift-native = { path = "../wasmtime/cranelift/native" } +cranelift-jit = { path = "../wasmtime/cranelift/jit" } +cranelift-object = { path = "../wasmtime/cranelift/object" } #gimli = { path = "../" }
./y.rs prepare && ./y.rs build
- compile the following code using
./build/rustc-clif filename.rs
fn main() { std::env::args().collect::<Vec<_>>(); }
./filename
Expected Results
the binary executes successfully
Actual Results
Segmentation fault (core dumped)
Versions and Environment
Cranelift version or commit: e63771f2d921cdce440620dbf38bd3e186747b1e (latest commit on which the bug is reproduced) 05cbd667c7e89828a45ebc5760787a6160c55c8d (earliest commit on which the bug is reproduced)
Operating system: arch linux, kernel version
5.19.12-arch1-1
Architecture: x86_64
bjorn3 commented on issue #5018:
Yeah, found this issue already and told @cfallin about it. We haven't been able to find the problem yet. I have been able to reduce it to
<details>
#![feature(foo, allocator_api, new_uninit)] use std::alloc::Global; use std::collections::btree_map::{ marker, DormantMutRef, Found, GoDown, Handle, Internal, Leaf, LeafNode, NodeRef, SearchResult::{self, *}, VacantEntry, }; use std::collections::BTreeMap; use std::marker::PhantomData; use std::mem::{ManuallyDrop, MaybeUninit}; use std::ptr::NonNull; fn insert_entry(map: &mut BTreeMap<u32, u32>) { let node = NonNull::from(Box::leak({ Box::new(LeafNode { parent: None, parent_idx: MaybeUninit::zeroed(), len: 1, keys: [MaybeUninit::zeroed(); 11], vals: [MaybeUninit::zeroed(); 11], }) })); let _ = NodeRef::<marker::Mut, u32, u32, marker::Leaf> { height: 0, node, _marker: PhantomData } .node .as_ptr(); map.root = Some(NodeRef { height: 0, node, _marker: PhantomData }); map.length = 1; } fn search_tree<'a>( root: NodeRef<marker::Mut<'a>, u32, u32, marker::LeafOrInternal>, key: &'a u32, ) -> SearchResult<marker::Mut<'a>, u32, u32, marker::LeafOrInternal, marker::Leaf> { root.search_tree(&0xf00fbaabu32) } fn search_and_match(root: NodeRef<marker::Mut, u32, u32, marker::LeafOrInternal>) { match search_tree(root, &0xf00fbaabu32) { Found(_handle) => panic!(), GoDown(_handle) => panic!(), } } fn main() { println!("running"); let mut btree_map = BTreeMap { root: None, length: 0, alloc: ManuallyDrop::new(Global), _marker: PhantomData }; insert_entry(&mut btree_map); search_and_match(btree_map.root.as_mut().unwrap().borrow_mut()); println!("success!"); }
</details>
with the crash happening at
match search_tree(root, &0xf00fbaabu32) {
after making several things in liballoc public. I've also been able to bisect it to the part of https://github.com/bytecodealliance/wasmtime/commit/05cbd667c7e89828a45ebc5760787a6160c55c8d that starts to actually use register constraints instead of pinned registers. By the way this huge reproducer is based on inlining several layers deep infn main() { let mut map = std::collections::BTreeMap::new(); map.insert("a", "b"); map.insert("c", "d"); }
and removing dead code.
bjorn3 commented on issue #5018:
I found the issue as cg_clif's CI tests with cranelift main every day. Most of the time it breaks because of api changes requiring changes to cg_clif, but sometimes it breaks due to a genuine bug like this one. In any case thanks for taking the time to test cg_clif.
cfallin closed issue #5018:
this is a miscompilation of rust code, compiled with rustc cranelift backend.
i identified the cause to be commit 05cbd667c7e89828a45ebc5760787a6160c55c8d. before the commit the same code runs as expected and afterwards there is a segfault
.clif
Test Casei tried to produce a
.clif
file but because the problem is not a crash during compilation,clif-util bugpoint
cant be used,
tried using--emit llvm-ir
to get theclif
generated by rustc, but i couldn't produce a binary from them to see if it causes a segfault.@bjorn3 if you know how to get a usable
.clif
file from the backend for this scenario, please let me knowSteps to Reproduce
git clone https://github.com/bytecodealliance/wasmtime
so that the backend can use a local copygit clone "https://github.com/bjorn3/rustc_codegen_cranelift"
cd rustc_codegen_cranelift
git checkout a53b4458166c142e6b7ca42983436995ca6f929d
this is the version the code was tested on- appy the following patch using
git apply filename.patch
diff --git a/Cargo.toml b/Cargo.toml index 09cf5b4..d20efb2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,12 +8,12 @@ crate-type = ["dylib"] [dependencies] # These have to be in sync with each other -cranelift-codegen = { version = "0.88.1", features = ["unwind", "all-arch"] } -cranelift-frontend = "0.88.1" -cranelift-module = "0.88.1" -cranelift-native = "0.88.1" -cranelift-jit = { version = "0.88.1", optional = true } -cranelift-object = "0.88.1" +cranelift-codegen = { version = "0.89.0", features = ["unwind", "all-arch"] } +cranelift-frontend = "0.89.0" +cranelift-module = "0.89.0" +cranelift-native = "0.89.0" +cranelift-jit = { version = "0.89.0", optional = true } +cranelift-object = "0.89.0" target-lexicon = "0.12.0" gimli = { version = "0.26.0", default-features = false, features = ["write"]} object = { version = "0.29.0", default-features = false, features = ["std", "read_core", "write", "archive", "coff", "elf", "macho", "pe"] } @@ -26,12 +26,12 @@ smallvec = "1.8.1" [patch.crates-io] # Uncomment to use local checkout of cranelift -#cranelift-codegen = { path = "../wasmtime/cranelift/codegen" } -#cranelift-frontend = { path = "../wasmtime/cranelift/frontend" } -#cranelift-module = { path = "../wasmtime/cranelift/module" } -#cranelift-native = { path = "../wasmtime/cranelift/native" } -#cranelift-jit = { path = "../wasmtime/cranelift/jit" } -#cranelift-object = { path = "../wasmtime/cranelift/object" } +cranelift-codegen = { path = "../wasmtime/cranelift/codegen" } +cranelift-frontend = { path = "../wasmtime/cranelift/frontend" } +cranelift-module = { path = "../wasmtime/cranelift/module" } +cranelift-native = { path = "../wasmtime/cranelift/native" } +cranelift-jit = { path = "../wasmtime/cranelift/jit" } +cranelift-object = { path = "../wasmtime/cranelift/object" } #gimli = { path = "../" }
./y.rs prepare && ./y.rs build
- compile the following code using
./build/rustc-clif filename.rs
fn main() { std::env::args().collect::<Vec<_>>(); }
./filename
Expected Results
the binary executes successfully
Actual Results
Segmentation fault (core dumped)
Versions and Environment
Cranelift version or commit: e63771f2d921cdce440620dbf38bd3e186747b1e (latest commit on which the bug is reproduced) 05cbd667c7e89828a45ebc5760787a6160c55c8d (earliest commit on which the bug is reproduced)
Operating system: arch linux, kernel version
5.19.12-arch1-1
Architecture: x86_64
Last updated: Dec 23 2024 at 13:07 UTC