Stream: git-wasmtime

Topic: wasmtime / issue #5496 Cranelift: Segfault with `br_table...

view this post on Zulip Wasmtime GitHub notifications bot (Dec 29 2022 at 00:17):

afonso360 opened issue #5496:

:wave: Hey,

I'm starting to run fuzzgen on riscv64 and it found an interesting case. This segfaults, removing either the br_table or the cold block annotation make it pass.

.clif Test Case

test interpret
test run
target riscv64

function %a(i32) -> i8 system_v {
    jt0 = jump_table []

block0(v4: i32):
    jump block1

block1 cold:
    br_table v4, block2, jt0

block2:
    v99 = iconst.i8 0
    return v99
}

; run: %a(0) == 0

Steps to Reproduce

It is reproducible under QEMU

Expected Results

The test to pass

Actual Results

Segfault

Versions and Environment

Cranelift version or commit: main
Operating system: Linux
Architecture: riscv64

view this post on Zulip Wasmtime GitHub notifications bot (Dec 29 2022 at 00:17):

afonso360 labeled issue #5496:

:wave: Hey,

I'm starting to run fuzzgen on riscv64 and it found an interesting case. This segfaults, removing either the br_table or the cold block annotation make it pass.

.clif Test Case

test interpret
test run
target riscv64

function %a(i32) -> i8 system_v {
    jt0 = jump_table []

block0(v4: i32):
    jump block1

block1 cold:
    br_table v4, block2, jt0

block2:
    v99 = iconst.i8 0
    return v99
}

; run: %a(0) == 0

Steps to Reproduce

It is reproducible under QEMU

Expected Results

The test to pass

Actual Results

Segfault

Versions and Environment

Cranelift version or commit: main
Operating system: Linux
Architecture: riscv64

view this post on Zulip Wasmtime GitHub notifications bot (Dec 29 2022 at 00:17):

afonso360 labeled issue #5496:

:wave: Hey,

I'm starting to run fuzzgen on riscv64 and it found an interesting case. This segfaults, removing either the br_table or the cold block annotation make it pass.

.clif Test Case

test interpret
test run
target riscv64

function %a(i32) -> i8 system_v {
    jt0 = jump_table []

block0(v4: i32):
    jump block1

block1 cold:
    br_table v4, block2, jt0

block2:
    v99 = iconst.i8 0
    return v99
}

; run: %a(0) == 0

Steps to Reproduce

It is reproducible under QEMU

Expected Results

The test to pass

Actual Results

Segfault

Versions and Environment

Cranelift version or commit: main
Operating system: Linux
Architecture: riscv64

view this post on Zulip Wasmtime GitHub notifications bot (Jan 03 2023 at 18:22):

elliottt closed issue #5496:

:wave: Hey,

I'm starting to run fuzzgen on riscv64 and it found an interesting case. This segfaults, removing either the br_table or the cold block annotation make it pass.

.clif Test Case

test interpret
test run
target riscv64

function %a(i32) -> i8 system_v {
    jt0 = jump_table []

block0(v4: i32):
    jump block1

block1 cold:
    br_table v4, block2, jt0

block2:
    v99 = iconst.i8 0
    return v99
}

; run: %a(0) == 0

Steps to Reproduce

It is reproducible under QEMU

Expected Results

The test to pass

Actual Results

Segfault

Versions and Environment

Cranelift version or commit: main
Operating system: Linux
Architecture: riscv64

Last updated: Oct 23 2024 at 20:03 UTC