Wasmtime GitHub notifications bot (Feb 15 2023 at 18:27): Wasmtime GitHub notifications bot (Feb 15 2023 at 18:27):afonso360 opened issue #5791:
:wave: Hey,
I was fuzzing an unrelated PR and got this test case from fuzzgen, which also reproduces on the current main branch.
Additionally I tried to minimize this via bugpoint, and it also crashed, but I'll file that as a separate issue.
.clifTest Casetest compile set opt_level=speed set regalloc_checker=true target x86_64 function %a() -> i8 system_v { block0: v58 = f32const -0x1.696968p-22 v59 = f32const -0x1.b16968p50 v60 = f32const 0x0.0001a2p-126 v61 = iconst.i16 81 v62 = f64const 0x0.000000001d800p-1022 v63 = iconst.i8 12 v64 = iconst.i16 -105 v65 = iconst.i64 0x9797_9797_9797_ffff v66 = iconst.i64 0x9797_8797_9797_9797 v67 = iconst.i64 0x2a57_5757_5797_9797 v68 = iconcat v67, v66 ; v67 = 0x2a57_5757_5797_9797, v66 = 0x9797_8797_9797_9797 v69 = iconst.i32 0x4141_4141 v70 = iconst.i8 0 v71 = iconst.i16 0 v72 = iconst.i32 0 v73 = iconst.i64 0 v74 = uextend.i128 v73 ; v73 = 0 jump block1(v64, v62, v65, v62, v63, v65, v69, v68, v60, v68, v68, v68) ; v64 = -105, v62 = 0x0.000000001d800p-1022, v65 = 0x9797_9797_9797_ffff, v62 = 0x0.000000001d800p-1022, v63 = 12, v65 = 0x9797_9797_9797_ffff, v69 = 0x4141_4141, v60 = 0x0.0001a2p-126 block1(v0: i16, v1: f64, v2: i64, v3: f64, v4: i8, v5: i64, v6: i32, v7: i128, v8: f32, v9: i128, v10: i128, v11: i128): brif v4, block2(v3, v3, v0, v3, v5, v3, v4, v5, v6, v11, v8, v11), block4(v11, v3, v0, v4, v8, v5, v6) block2(v12: f64, v13: f64, v14: i16, v15: f64, v16: i64, v17: f64, v18: i8, v19: i64, v20: i32, v21: i128, v22: f32, v23: i128) cold: v76 -> v18 v75 -> v23 brif v18, block3(v19), block8(v23, v17, v14, v19, v18, v20, v22) block3(v24: i64) cold: brif.i8 v76, block4(v75, v17, v14, v76, v22, v24, v20), block7(v75, v17, v14, v24, v76, v20, v22) block4(v25: i128, v77: f64, v78: i16, v79: i8, v90: f32, v94: i64, v99: i32) cold: v80 -> v79 v82 -> v90 brif v79, block5(v77, v77, v77, v78, v77, v25, v77, v77, v77), block12(v25) block5(v26: f64, v27: f64, v28: f64, v29: i16, v30: f64, v31: i128, v32: f64, v33: f64, v34: f64) cold: v81 = ushr.i8 v80, v31 brif v81, block6(v81, v29, v34, v31, v82, v31), block9(v34, v29, v94, v81, v99, v31, v82) block6(v35: i8, v36: i16, v37: f64, v38: i128, v39: f32, v40: i128) cold: brif v35, block7(v40, v37, v36, v94, v35, v99, v39), block7(v40, v37, v36, v94, v35, v99, v39) block7(v41: i128, v91: f64, v93: i16, v96: i64, v98: i8, v101: i32, v103: f32) cold: jump block8(v41, v91, v93, v96, v98, v101, v103) block8(v42: i128, v83: f64, v92: i16, v95: i64, v97: i8, v100: i32, v102: f32) cold: jump block9(v83, v92, v95, v97, v100, v42, v102) block9(v43: f64, v84: i16, v85: i64, v86: i8, v87: i32, v88: i128, v89: f32) cold: jump block10(v84, v43, v85, v43, v86, v85, v87, v88, v89, v88, v88, v88) block10(v44: i16, v45: f64, v46: i64, v47: f64, v48: i8, v49: i64, v50: i32, v51: i128, v52: f32, v53: i128, v54: i128, v55: i128): jump block11(v55) block11(v56: i128) cold: jump block12(v56) block12(v57: i128) cold: v111 = iconst.i8 0 return v111 }Steps to Reproduce
clif-util test ./the-above.clifExpected Results
The test to pass
Actual Results
Regalloc checker error:
afonso@DESKTOP-VSTS4BC:~/git/wasmtime/cranelift$ cargo run -- test ./lmao.clif Finished dev [unoptimized + debuginfo] target(s) in 0.18s Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif` ERROR cranelift_codegen::machinst::compile > Register allocation checker errors: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } for vcode: VCode { Entry block: 0 v128 := v157 v129 := v156 v130 := v155 v131 := v152 v132 := v151 v133 := v150 v134 := v149 v135 := v133 v136 := v134 v137 := v148 v142 := v143 Block 0: (original IR block: block0) (successor: Block 1) (instruction range: 0 .. 1) Inst 0: jmp label1 Block 1: (original IR block: block1) (successor: Block 2) (successor: Block 7) (instruction range: 1 .. 4) Inst 1: movl $12, %v157l Inst 2: testb %v128b, %v128b Inst 3: jnz label2; j label7 Block 2: (original IR block: block2) (successor: Block 3) (successor: Block 6) (instruction range: 4 .. 7) Inst 4: movl $12, %v156l Inst 5: testb %v129b, %v129b Inst 6: jnz label3; j label6 Block 3: (original IR block: block3) (successor: Block 4) (successor: Block 5) (instruction range: 7 .. 10) Inst 7: movl $12, %v155l Inst 8: testb %v130b, %v130b Inst 9: jnz label4; j label5 Block 4: (successor: Block 8) (instruction range: 10 .. 11) Inst 10: jmp label8 Block 5: (successor: Block 13) (instruction range: 11 .. 12) Inst 11: jmp label13 Block 6: (successor: Block 14) (instruction range: 12 .. 13) Inst 12: jmp label14 Block 7: (successor: Block 8) (instruction range: 13 .. 14) Inst 13: jmp label8 Block 8: (original IR block: block4) (successor: Block 9) (successor: Block 19) (instruction range: 14 .. 17) Inst 14: movl $12, %v152l Inst 15: testb %v131b, %v131b Inst 16: jnz label9; j label19 Block 9: (original IR block: block5) (successor: Block 10) (successor: Block 15) (instruction range: 17 .. 24) Inst 17: movl $12, %v151l Inst 18: movabsq $3051003305210124183, %v150 Inst 19: movabsq $-7523395567346018409, %v149 Inst 20: andq %v135, $7, %v147 Inst 21: shrb %v147b, %v132b, %v148b Inst 22: testb %v137b, %v137b Inst 23: jnz label10; j label15 Block 10: (original IR block: block6) (successor: Block 11) (successor: Block 12) (instruction range: 24 .. 26) Inst 24: testb %v137b, %v137b Inst 25: jnz label11; j label12 Block 11: (successor: Block 13) (instruction range: 26 .. 27) Inst 26: jmp label13 Block 12: (successor: Block 13) (instruction range: 27 .. 28) Inst 27: jmp label13 Block 13: (original IR block: block7) (successor: Block 14) (instruction range: 28 .. 29) Inst 28: jmp label14 Block 14: (original IR block: block8) (successor: Block 16) (instruction range: 29 .. 30) Inst 29: jmp label16 Block 15: (successor: Block 16) (instruction range: 30 .. 31) Inst 30: jmp label16 Block 16: (original IR block: block9) (successor: Block 17) (instruction range: 31 .. 32) Inst 31: jmp label17 Block 17: (original IR block: block10) (successor: Block 18) (instruction range: 32 .. 33) Inst 32: jmp label18 Block 18: (original IR block: block11) (successor: Block 20) (instruction range: 33 .. 34) Inst 33: jmp label20 Block 19: (successor: Block 20) (instruction range: 34 .. 35) Inst 34: jmp label20 Block 20: (original IR block: block12) (instruction range: 35 .. 37) Inst 35: xorl %v143l, %v143l, %v143l Inst 36: ret %v142=%rax } thread 'worker #0' panicked at 'register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] }', cranelift/codegen/src/machinst/compile.rs:85:14 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ERROR cranelift_filetests::concurrent > FAIL: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } FAIL ./lmao.clif: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } 1 tests Error: 1 failureVersions and Environment
Cranelift version or commit: e10094dcd6d0354628255a6f2e69c1e4c327d6e7 (current main)
Operating system: Linux
Architecture: x86_64
Wasmtime GitHub notifications bot (Feb 15 2023 at 18:27):afonso360 labeled issue #5791:
:wave: Hey,
I was fuzzing an unrelated PR and got this test case from fuzzgen, which also reproduces on the current main branch.
Additionally I tried to minimize this via bugpoint, and it also crashed, but I'll file that as a separate issue.
.clifTest Casetest compile set opt_level=speed set regalloc_checker=true target x86_64 function %a() -> i8 system_v { block0: v58 = f32const -0x1.696968p-22 v59 = f32const -0x1.b16968p50 v60 = f32const 0x0.0001a2p-126 v61 = iconst.i16 81 v62 = f64const 0x0.000000001d800p-1022 v63 = iconst.i8 12 v64 = iconst.i16 -105 v65 = iconst.i64 0x9797_9797_9797_ffff v66 = iconst.i64 0x9797_8797_9797_9797 v67 = iconst.i64 0x2a57_5757_5797_9797 v68 = iconcat v67, v66 ; v67 = 0x2a57_5757_5797_9797, v66 = 0x9797_8797_9797_9797 v69 = iconst.i32 0x4141_4141 v70 = iconst.i8 0 v71 = iconst.i16 0 v72 = iconst.i32 0 v73 = iconst.i64 0 v74 = uextend.i128 v73 ; v73 = 0 jump block1(v64, v62, v65, v62, v63, v65, v69, v68, v60, v68, v68, v68) ; v64 = -105, v62 = 0x0.000000001d800p-1022, v65 = 0x9797_9797_9797_ffff, v62 = 0x0.000000001d800p-1022, v63 = 12, v65 = 0x9797_9797_9797_ffff, v69 = 0x4141_4141, v60 = 0x0.0001a2p-126 block1(v0: i16, v1: f64, v2: i64, v3: f64, v4: i8, v5: i64, v6: i32, v7: i128, v8: f32, v9: i128, v10: i128, v11: i128): brif v4, block2(v3, v3, v0, v3, v5, v3, v4, v5, v6, v11, v8, v11), block4(v11, v3, v0, v4, v8, v5, v6) block2(v12: f64, v13: f64, v14: i16, v15: f64, v16: i64, v17: f64, v18: i8, v19: i64, v20: i32, v21: i128, v22: f32, v23: i128) cold: v76 -> v18 v75 -> v23 brif v18, block3(v19), block8(v23, v17, v14, v19, v18, v20, v22) block3(v24: i64) cold: brif.i8 v76, block4(v75, v17, v14, v76, v22, v24, v20), block7(v75, v17, v14, v24, v76, v20, v22) block4(v25: i128, v77: f64, v78: i16, v79: i8, v90: f32, v94: i64, v99: i32) cold: v80 -> v79 v82 -> v90 brif v79, block5(v77, v77, v77, v78, v77, v25, v77, v77, v77), block12(v25) block5(v26: f64, v27: f64, v28: f64, v29: i16, v30: f64, v31: i128, v32: f64, v33: f64, v34: f64) cold: v81 = ushr.i8 v80, v31 brif v81, block6(v81, v29, v34, v31, v82, v31), block9(v34, v29, v94, v81, v99, v31, v82) block6(v35: i8, v36: i16, v37: f64, v38: i128, v39: f32, v40: i128) cold: brif v35, block7(v40, v37, v36, v94, v35, v99, v39), block7(v40, v37, v36, v94, v35, v99, v39) block7(v41: i128, v91: f64, v93: i16, v96: i64, v98: i8, v101: i32, v103: f32) cold: jump block8(v41, v91, v93, v96, v98, v101, v103) block8(v42: i128, v83: f64, v92: i16, v95: i64, v97: i8, v100: i32, v102: f32) cold: jump block9(v83, v92, v95, v97, v100, v42, v102) block9(v43: f64, v84: i16, v85: i64, v86: i8, v87: i32, v88: i128, v89: f32) cold: jump block10(v84, v43, v85, v43, v86, v85, v87, v88, v89, v88, v88, v88) block10(v44: i16, v45: f64, v46: i64, v47: f64, v48: i8, v49: i64, v50: i32, v51: i128, v52: f32, v53: i128, v54: i128, v55: i128): jump block11(v55) block11(v56: i128) cold: jump block12(v56) block12(v57: i128) cold: v111 = iconst.i8 0 return v111 }Steps to Reproduce
clif-util test ./the-above.clifExpected Results
The test to pass
Actual Results
Regalloc checker error:
afonso@DESKTOP-VSTS4BC:~/git/wasmtime/cranelift$ cargo run -- test ./lmao.clif Finished dev [unoptimized + debuginfo] target(s) in 0.18s Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif` ERROR cranelift_codegen::machinst::compile > Register allocation checker errors: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } for vcode: VCode { Entry block: 0 v128 := v157 v129 := v156 v130 := v155 v131 := v152 v132 := v151 v133 := v150 v134 := v149 v135 := v133 v136 := v134 v137 := v148 v142 := v143 Block 0: (original IR block: block0) (successor: Block 1) (instruction range: 0 .. 1) Inst 0: jmp label1 Block 1: (original IR block: block1) (successor: Block 2) (successor: Block 7) (instruction range: 1 .. 4) Inst 1: movl $12, %v157l Inst 2: testb %v128b, %v128b Inst 3: jnz label2; j label7 Block 2: (original IR block: block2) (successor: Block 3) (successor: Block 6) (instruction range: 4 .. 7) Inst 4: movl $12, %v156l Inst 5: testb %v129b, %v129b Inst 6: jnz label3; j label6 Block 3: (original IR block: block3) (successor: Block 4) (successor: Block 5) (instruction range: 7 .. 10) Inst 7: movl $12, %v155l Inst 8: testb %v130b, %v130b Inst 9: jnz label4; j label5 Block 4: (successor: Block 8) (instruction range: 10 .. 11) Inst 10: jmp label8 Block 5: (successor: Block 13) (instruction range: 11 .. 12) Inst 11: jmp label13 Block 6: (successor: Block 14) (instruction range: 12 .. 13) Inst 12: jmp label14 Block 7: (successor: Block 8) (instruction range: 13 .. 14) Inst 13: jmp label8 Block 8: (original IR block: block4) (successor: Block 9) (successor: Block 19) (instruction range: 14 .. 17) Inst 14: movl $12, %v152l Inst 15: testb %v131b, %v131b Inst 16: jnz label9; j label19 Block 9: (original IR block: block5) (successor: Block 10) (successor: Block 15) (instruction range: 17 .. 24) Inst 17: movl $12, %v151l Inst 18: movabsq $3051003305210124183, %v150 Inst 19: movabsq $-7523395567346018409, %v149 Inst 20: andq %v135, $7, %v147 Inst 21: shrb %v147b, %v132b, %v148b Inst 22: testb %v137b, %v137b Inst 23: jnz label10; j label15 Block 10: (original IR block: block6) (successor: Block 11) (successor: Block 12) (instruction range: 24 .. 26) Inst 24: testb %v137b, %v137b Inst 25: jnz label11; j label12 Block 11: (successor: Block 13) (instruction range: 26 .. 27) Inst 26: jmp label13 Block 12: (successor: Block 13) (instruction range: 27 .. 28) Inst 27: jmp label13 Block 13: (original IR block: block7) (successor: Block 14) (instruction range: 28 .. 29) Inst 28: jmp label14 Block 14: (original IR block: block8) (successor: Block 16) (instruction range: 29 .. 30) Inst 29: jmp label16 Block 15: (successor: Block 16) (instruction range: 30 .. 31) Inst 30: jmp label16 Block 16: (original IR block: block9) (successor: Block 17) (instruction range: 31 .. 32) Inst 31: jmp label17 Block 17: (original IR block: block10) (successor: Block 18) (instruction range: 32 .. 33) Inst 32: jmp label18 Block 18: (original IR block: block11) (successor: Block 20) (instruction range: 33 .. 34) Inst 33: jmp label20 Block 19: (successor: Block 20) (instruction range: 34 .. 35) Inst 34: jmp label20 Block 20: (original IR block: block12) (instruction range: 35 .. 37) Inst 35: xorl %v143l, %v143l, %v143l Inst 36: ret %v142=%rax } thread 'worker #0' panicked at 'register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] }', cranelift/codegen/src/machinst/compile.rs:85:14 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ERROR cranelift_filetests::concurrent > FAIL: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } FAIL ./lmao.clif: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } 1 tests Error: 1 failureVersions and Environment
Cranelift version or commit: e10094dcd6d0354628255a6f2e69c1e4c327d6e7 (current main)
Operating system: Linux
Architecture: x86_64
Wasmtime GitHub notifications bot (Feb 15 2023 at 18:27):afonso360 labeled issue #5791:
:wave: Hey,
I was fuzzing an unrelated PR and got this test case from fuzzgen, which also reproduces on the current main branch.
Additionally I tried to minimize this via bugpoint, and it also crashed, but I'll file that as a separate issue.
.clifTest Casetest compile set opt_level=speed set regalloc_checker=true target x86_64 function %a() -> i8 system_v { block0: v58 = f32const -0x1.696968p-22 v59 = f32const -0x1.b16968p50 v60 = f32const 0x0.0001a2p-126 v61 = iconst.i16 81 v62 = f64const 0x0.000000001d800p-1022 v63 = iconst.i8 12 v64 = iconst.i16 -105 v65 = iconst.i64 0x9797_9797_9797_ffff v66 = iconst.i64 0x9797_8797_9797_9797 v67 = iconst.i64 0x2a57_5757_5797_9797 v68 = iconcat v67, v66 ; v67 = 0x2a57_5757_5797_9797, v66 = 0x9797_8797_9797_9797 v69 = iconst.i32 0x4141_4141 v70 = iconst.i8 0 v71 = iconst.i16 0 v72 = iconst.i32 0 v73 = iconst.i64 0 v74 = uextend.i128 v73 ; v73 = 0 jump block1(v64, v62, v65, v62, v63, v65, v69, v68, v60, v68, v68, v68) ; v64 = -105, v62 = 0x0.000000001d800p-1022, v65 = 0x9797_9797_9797_ffff, v62 = 0x0.000000001d800p-1022, v63 = 12, v65 = 0x9797_9797_9797_ffff, v69 = 0x4141_4141, v60 = 0x0.0001a2p-126 block1(v0: i16, v1: f64, v2: i64, v3: f64, v4: i8, v5: i64, v6: i32, v7: i128, v8: f32, v9: i128, v10: i128, v11: i128): brif v4, block2(v3, v3, v0, v3, v5, v3, v4, v5, v6, v11, v8, v11), block4(v11, v3, v0, v4, v8, v5, v6) block2(v12: f64, v13: f64, v14: i16, v15: f64, v16: i64, v17: f64, v18: i8, v19: i64, v20: i32, v21: i128, v22: f32, v23: i128) cold: v76 -> v18 v75 -> v23 brif v18, block3(v19), block8(v23, v17, v14, v19, v18, v20, v22) block3(v24: i64) cold: brif.i8 v76, block4(v75, v17, v14, v76, v22, v24, v20), block7(v75, v17, v14, v24, v76, v20, v22) block4(v25: i128, v77: f64, v78: i16, v79: i8, v90: f32, v94: i64, v99: i32) cold: v80 -> v79 v82 -> v90 brif v79, block5(v77, v77, v77, v78, v77, v25, v77, v77, v77), block12(v25) block5(v26: f64, v27: f64, v28: f64, v29: i16, v30: f64, v31: i128, v32: f64, v33: f64, v34: f64) cold: v81 = ushr.i8 v80, v31 brif v81, block6(v81, v29, v34, v31, v82, v31), block9(v34, v29, v94, v81, v99, v31, v82) block6(v35: i8, v36: i16, v37: f64, v38: i128, v39: f32, v40: i128) cold: brif v35, block7(v40, v37, v36, v94, v35, v99, v39), block7(v40, v37, v36, v94, v35, v99, v39) block7(v41: i128, v91: f64, v93: i16, v96: i64, v98: i8, v101: i32, v103: f32) cold: jump block8(v41, v91, v93, v96, v98, v101, v103) block8(v42: i128, v83: f64, v92: i16, v95: i64, v97: i8, v100: i32, v102: f32) cold: jump block9(v83, v92, v95, v97, v100, v42, v102) block9(v43: f64, v84: i16, v85: i64, v86: i8, v87: i32, v88: i128, v89: f32) cold: jump block10(v84, v43, v85, v43, v86, v85, v87, v88, v89, v88, v88, v88) block10(v44: i16, v45: f64, v46: i64, v47: f64, v48: i8, v49: i64, v50: i32, v51: i128, v52: f32, v53: i128, v54: i128, v55: i128): jump block11(v55) block11(v56: i128) cold: jump block12(v56) block12(v57: i128) cold: v111 = iconst.i8 0 return v111 }Steps to Reproduce
clif-util test ./the-above.clifExpected Results
The test to pass
Actual Results
Regalloc checker error:
afonso@DESKTOP-VSTS4BC:~/git/wasmtime/cranelift$ cargo run -- test ./lmao.clif Finished dev [unoptimized + debuginfo] target(s) in 0.18s Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif` ERROR cranelift_codegen::machinst::compile > Register allocation checker errors: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } for vcode: VCode { Entry block: 0 v128 := v157 v129 := v156 v130 := v155 v131 := v152 v132 := v151 v133 := v150 v134 := v149 v135 := v133 v136 := v134 v137 := v148 v142 := v143 Block 0: (original IR block: block0) (successor: Block 1) (instruction range: 0 .. 1) Inst 0: jmp label1 Block 1: (original IR block: block1) (successor: Block 2) (successor: Block 7) (instruction range: 1 .. 4) Inst 1: movl $12, %v157l Inst 2: testb %v128b, %v128b Inst 3: jnz label2; j label7 Block 2: (original IR block: block2) (successor: Block 3) (successor: Block 6) (instruction range: 4 .. 7) Inst 4: movl $12, %v156l Inst 5: testb %v129b, %v129b Inst 6: jnz label3; j label6 Block 3: (original IR block: block3) (successor: Block 4) (successor: Block 5) (instruction range: 7 .. 10) Inst 7: movl $12, %v155l Inst 8: testb %v130b, %v130b Inst 9: jnz label4; j label5 Block 4: (successor: Block 8) (instruction range: 10 .. 11) Inst 10: jmp label8 Block 5: (successor: Block 13) (instruction range: 11 .. 12) Inst 11: jmp label13 Block 6: (successor: Block 14) (instruction range: 12 .. 13) Inst 12: jmp label14 Block 7: (successor: Block 8) (instruction range: 13 .. 14) Inst 13: jmp label8 Block 8: (original IR block: block4) (successor: Block 9) (successor: Block 19) (instruction range: 14 .. 17) Inst 14: movl $12, %v152l Inst 15: testb %v131b, %v131b Inst 16: jnz label9; j label19 Block 9: (original IR block: block5) (successor: Block 10) (successor: Block 15) (instruction range: 17 .. 24) Inst 17: movl $12, %v151l Inst 18: movabsq $3051003305210124183, %v150 Inst 19: movabsq $-7523395567346018409, %v149 Inst 20: andq %v135, $7, %v147 Inst 21: shrb %v147b, %v132b, %v148b Inst 22: testb %v137b, %v137b Inst 23: jnz label10; j label15 Block 10: (original IR block: block6) (successor: Block 11) (successor: Block 12) (instruction range: 24 .. 26) Inst 24: testb %v137b, %v137b Inst 25: jnz label11; j label12 Block 11: (successor: Block 13) (instruction range: 26 .. 27) Inst 26: jmp label13 Block 12: (successor: Block 13) (instruction range: 27 .. 28) Inst 27: jmp label13 Block 13: (original IR block: block7) (successor: Block 14) (instruction range: 28 .. 29) Inst 28: jmp label14 Block 14: (original IR block: block8) (successor: Block 16) (instruction range: 29 .. 30) Inst 29: jmp label16 Block 15: (successor: Block 16) (instruction range: 30 .. 31) Inst 30: jmp label16 Block 16: (original IR block: block9) (successor: Block 17) (instruction range: 31 .. 32) Inst 31: jmp label17 Block 17: (original IR block: block10) (successor: Block 18) (instruction range: 32 .. 33) Inst 32: jmp label18 Block 18: (original IR block: block11) (successor: Block 20) (instruction range: 33 .. 34) Inst 33: jmp label20 Block 19: (successor: Block 20) (instruction range: 34 .. 35) Inst 34: jmp label20 Block 20: (original IR block: block12) (instruction range: 35 .. 37) Inst 35: xorl %v143l, %v143l, %v143l Inst 36: ret %v142=%rax } thread 'worker #0' panicked at 'register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] }', cranelift/codegen/src/machinst/compile.rs:85:14 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ERROR cranelift_filetests::concurrent > FAIL: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } FAIL ./lmao.clif: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } 1 tests Error: 1 failureVersions and Environment
Cranelift version or commit: e10094dcd6d0354628255a6f2e69c1e4c327d6e7 (current main)
Operating system: Linux
Architecture: x86_64
Wasmtime GitHub notifications bot (Feb 15 2023 at 18:29):afonso360 labeled issue #5791:
:wave: Hey,
I was fuzzing an unrelated PR and got this test case from fuzzgen, which also reproduces on the current main branch.
Additionally I tried to minimize this via bugpoint, and it also crashed, but I'll file that as a separate issue.
.clifTest Casetest compile set opt_level=speed set regalloc_checker=true target x86_64 function %a() -> i8 system_v { block0: v58 = f32const -0x1.696968p-22 v59 = f32const -0x1.b16968p50 v60 = f32const 0x0.0001a2p-126 v61 = iconst.i16 81 v62 = f64const 0x0.000000001d800p-1022 v63 = iconst.i8 12 v64 = iconst.i16 -105 v65 = iconst.i64 0x9797_9797_9797_ffff v66 = iconst.i64 0x9797_8797_9797_9797 v67 = iconst.i64 0x2a57_5757_5797_9797 v68 = iconcat v67, v66 ; v67 = 0x2a57_5757_5797_9797, v66 = 0x9797_8797_9797_9797 v69 = iconst.i32 0x4141_4141 v70 = iconst.i8 0 v71 = iconst.i16 0 v72 = iconst.i32 0 v73 = iconst.i64 0 v74 = uextend.i128 v73 ; v73 = 0 jump block1(v64, v62, v65, v62, v63, v65, v69, v68, v60, v68, v68, v68) ; v64 = -105, v62 = 0x0.000000001d800p-1022, v65 = 0x9797_9797_9797_ffff, v62 = 0x0.000000001d800p-1022, v63 = 12, v65 = 0x9797_9797_9797_ffff, v69 = 0x4141_4141, v60 = 0x0.0001a2p-126 block1(v0: i16, v1: f64, v2: i64, v3: f64, v4: i8, v5: i64, v6: i32, v7: i128, v8: f32, v9: i128, v10: i128, v11: i128): brif v4, block2(v3, v3, v0, v3, v5, v3, v4, v5, v6, v11, v8, v11), block4(v11, v3, v0, v4, v8, v5, v6) block2(v12: f64, v13: f64, v14: i16, v15: f64, v16: i64, v17: f64, v18: i8, v19: i64, v20: i32, v21: i128, v22: f32, v23: i128) cold: v76 -> v18 v75 -> v23 brif v18, block3(v19), block8(v23, v17, v14, v19, v18, v20, v22) block3(v24: i64) cold: brif.i8 v76, block4(v75, v17, v14, v76, v22, v24, v20), block7(v75, v17, v14, v24, v76, v20, v22) block4(v25: i128, v77: f64, v78: i16, v79: i8, v90: f32, v94: i64, v99: i32) cold: v80 -> v79 v82 -> v90 brif v79, block5(v77, v77, v77, v78, v77, v25, v77, v77, v77), block12(v25) block5(v26: f64, v27: f64, v28: f64, v29: i16, v30: f64, v31: i128, v32: f64, v33: f64, v34: f64) cold: v81 = ushr.i8 v80, v31 brif v81, block6(v81, v29, v34, v31, v82, v31), block9(v34, v29, v94, v81, v99, v31, v82) block6(v35: i8, v36: i16, v37: f64, v38: i128, v39: f32, v40: i128) cold: brif v35, block7(v40, v37, v36, v94, v35, v99, v39), block7(v40, v37, v36, v94, v35, v99, v39) block7(v41: i128, v91: f64, v93: i16, v96: i64, v98: i8, v101: i32, v103: f32) cold: jump block8(v41, v91, v93, v96, v98, v101, v103) block8(v42: i128, v83: f64, v92: i16, v95: i64, v97: i8, v100: i32, v102: f32) cold: jump block9(v83, v92, v95, v97, v100, v42, v102) block9(v43: f64, v84: i16, v85: i64, v86: i8, v87: i32, v88: i128, v89: f32) cold: jump block10(v84, v43, v85, v43, v86, v85, v87, v88, v89, v88, v88, v88) block10(v44: i16, v45: f64, v46: i64, v47: f64, v48: i8, v49: i64, v50: i32, v51: i128, v52: f32, v53: i128, v54: i128, v55: i128): jump block11(v55) block11(v56: i128) cold: jump block12(v56) block12(v57: i128) cold: v111 = iconst.i8 0 return v111 }Steps to Reproduce
clif-util test ./the-above.clifExpected Results
The test to pass
Actual Results
Regalloc checker error:
afonso@DESKTOP-VSTS4BC:~/git/wasmtime/cranelift$ cargo run -- test ./lmao.clif Finished dev [unoptimized + debuginfo] target(s) in 0.18s Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif` ERROR cranelift_codegen::machinst::compile > Register allocation checker errors: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } for vcode: VCode { Entry block: 0 v128 := v157 v129 := v156 v130 := v155 v131 := v152 v132 := v151 v133 := v150 v134 := v149 v135 := v133 v136 := v134 v137 := v148 v142 := v143 Block 0: (original IR block: block0) (successor: Block 1) (instruction range: 0 .. 1) Inst 0: jmp label1 Block 1: (original IR block: block1) (successor: Block 2) (successor: Block 7) (instruction range: 1 .. 4) Inst 1: movl $12, %v157l Inst 2: testb %v128b, %v128b Inst 3: jnz label2; j label7 Block 2: (original IR block: block2) (successor: Block 3) (successor: Block 6) (instruction range: 4 .. 7) Inst 4: movl $12, %v156l Inst 5: testb %v129b, %v129b Inst 6: jnz label3; j label6 Block 3: (original IR block: block3) (successor: Block 4) (successor: Block 5) (instruction range: 7 .. 10) Inst 7: movl $12, %v155l Inst 8: testb %v130b, %v130b Inst 9: jnz label4; j label5 Block 4: (successor: Block 8) (instruction range: 10 .. 11) Inst 10: jmp label8 Block 5: (successor: Block 13) (instruction range: 11 .. 12) Inst 11: jmp label13 Block 6: (successor: Block 14) (instruction range: 12 .. 13) Inst 12: jmp label14 Block 7: (successor: Block 8) (instruction range: 13 .. 14) Inst 13: jmp label8 Block 8: (original IR block: block4) (successor: Block 9) (successor: Block 19) (instruction range: 14 .. 17) Inst 14: movl $12, %v152l Inst 15: testb %v131b, %v131b Inst 16: jnz label9; j label19 Block 9: (original IR block: block5) (successor: Block 10) (successor: Block 15) (instruction range: 17 .. 24) Inst 17: movl $12, %v151l Inst 18: movabsq $3051003305210124183, %v150 Inst 19: movabsq $-7523395567346018409, %v149 Inst 20: andq %v135, $7, %v147 Inst 21: shrb %v147b, %v132b, %v148b Inst 22: testb %v137b, %v137b Inst 23: jnz label10; j label15 Block 10: (original IR block: block6) (successor: Block 11) (successor: Block 12) (instruction range: 24 .. 26) Inst 24: testb %v137b, %v137b Inst 25: jnz label11; j label12 Block 11: (successor: Block 13) (instruction range: 26 .. 27) Inst 26: jmp label13 Block 12: (successor: Block 13) (instruction range: 27 .. 28) Inst 27: jmp label13 Block 13: (original IR block: block7) (successor: Block 14) (instruction range: 28 .. 29) Inst 28: jmp label14 Block 14: (original IR block: block8) (successor: Block 16) (instruction range: 29 .. 30) Inst 29: jmp label16 Block 15: (successor: Block 16) (instruction range: 30 .. 31) Inst 30: jmp label16 Block 16: (original IR block: block9) (successor: Block 17) (instruction range: 31 .. 32) Inst 31: jmp label17 Block 17: (original IR block: block10) (successor: Block 18) (instruction range: 32 .. 33) Inst 32: jmp label18 Block 18: (original IR block: block11) (successor: Block 20) (instruction range: 33 .. 34) Inst 33: jmp label20 Block 19: (successor: Block 20) (instruction range: 34 .. 35) Inst 34: jmp label20 Block 20: (original IR block: block12) (instruction range: 35 .. 37) Inst 35: xorl %v143l, %v143l, %v143l Inst 36: ret %v142=%rax } thread 'worker #0' panicked at 'register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] }', cranelift/codegen/src/machinst/compile.rs:85:14 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ERROR cranelift_filetests::concurrent > FAIL: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } FAIL ./lmao.clif: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } 1 tests Error: 1 failureVersions and Environment
Cranelift version or commit: e10094dcd6d0354628255a6f2e69c1e4c327d6e7 (current main)
Operating system: Linux
Architecture: x86_64
Wasmtime GitHub notifications bot (Feb 15 2023 at 20:55):afonso360 commented on issue #5791:
Minimized testcase after the fix provided by @elliottt in #5794 (Thanks!).
test compile set opt_level=speed set regalloc_checker=true target x86_64 function %a() -> i8 system_v { block0: v4 = iconst.i8 0 v120 = iconst.i64 0 v31 = uextend.i128 v120 v81 = ushr v4, v31 jump block5 block5: brif.i8 v81, block6(v81), block12 block6(v35: i8): brif v35, block12, block12 block12: return v4 }
git bisectpoints the offending commit at 116e5a665f6d8069c894f966e424ad1aae6558fa
Wasmtime GitHub notifications bot (Feb 15 2023 at 21:01):cfallin commented on issue #5791:
Taking a look...
Wasmtime GitHub notifications bot (Feb 15 2023 at 22:23):cfallin commented on issue #5791:
This appears to be a weird checker edge-case. The VCode has an empty-body block at block0 with nothing but a jump to block5; the egraph global-code motion sinks all of the ops in block0 out of the block. The checker runs an abstract interpretation of the VCode with regalloc assignments in a fixpoint workqueue; it processes block0, with a starting state of
Topand (because there are no body instructions) an ending state ofTopas well. It meets this into the one successor's (block5's) input state, which started atTopand remainsTop. This is not a change, so the successor is not pushed onto the workqueue, and the analysis ends there. Then there are missing symbolic contents of all registers in all other blocks, and we falsely flag checker errors. The fix is to ensure we visit every block at least once (or I guess to define a separate lattice element belowTopthat indicates we've visited the block; I'll play with both).So tl;dr: no codegen bug, but rather checker stopping prematurely because of empty block.
Wasmtime GitHub notifications bot (Feb 16 2023 at 00:47):cfallin commented on issue #5791:
Fixed in bytecodealliance/regalloc2#113; once that merges I'll make a release and pull it in here.
Wasmtime GitHub notifications bot (Feb 16 2023 at 01:42):cfallin closed issue #5791:
:wave: Hey,
I was fuzzing an unrelated PR and got this test case from fuzzgen, which also reproduces on the current main branch.
Additionally I tried to minimize this via bugpoint, and it also crashed, but I'll file that as a separate issue.
.clifTest Casetest compile set opt_level=speed set regalloc_checker=true target x86_64 function %a() -> i8 system_v { block0: v58 = f32const -0x1.696968p-22 v59 = f32const -0x1.b16968p50 v60 = f32const 0x0.0001a2p-126 v61 = iconst.i16 81 v62 = f64const 0x0.000000001d800p-1022 v63 = iconst.i8 12 v64 = iconst.i16 -105 v65 = iconst.i64 0x9797_9797_9797_ffff v66 = iconst.i64 0x9797_8797_9797_9797 v67 = iconst.i64 0x2a57_5757_5797_9797 v68 = iconcat v67, v66 ; v67 = 0x2a57_5757_5797_9797, v66 = 0x9797_8797_9797_9797 v69 = iconst.i32 0x4141_4141 v70 = iconst.i8 0 v71 = iconst.i16 0 v72 = iconst.i32 0 v73 = iconst.i64 0 v74 = uextend.i128 v73 ; v73 = 0 jump block1(v64, v62, v65, v62, v63, v65, v69, v68, v60, v68, v68, v68) ; v64 = -105, v62 = 0x0.000000001d800p-1022, v65 = 0x9797_9797_9797_ffff, v62 = 0x0.000000001d800p-1022, v63 = 12, v65 = 0x9797_9797_9797_ffff, v69 = 0x4141_4141, v60 = 0x0.0001a2p-126 block1(v0: i16, v1: f64, v2: i64, v3: f64, v4: i8, v5: i64, v6: i32, v7: i128, v8: f32, v9: i128, v10: i128, v11: i128): brif v4, block2(v3, v3, v0, v3, v5, v3, v4, v5, v6, v11, v8, v11), block4(v11, v3, v0, v4, v8, v5, v6) block2(v12: f64, v13: f64, v14: i16, v15: f64, v16: i64, v17: f64, v18: i8, v19: i64, v20: i32, v21: i128, v22: f32, v23: i128) cold: v76 -> v18 v75 -> v23 brif v18, block3(v19), block8(v23, v17, v14, v19, v18, v20, v22) block3(v24: i64) cold: brif.i8 v76, block4(v75, v17, v14, v76, v22, v24, v20), block7(v75, v17, v14, v24, v76, v20, v22) block4(v25: i128, v77: f64, v78: i16, v79: i8, v90: f32, v94: i64, v99: i32) cold: v80 -> v79 v82 -> v90 brif v79, block5(v77, v77, v77, v78, v77, v25, v77, v77, v77), block12(v25) block5(v26: f64, v27: f64, v28: f64, v29: i16, v30: f64, v31: i128, v32: f64, v33: f64, v34: f64) cold: v81 = ushr.i8 v80, v31 brif v81, block6(v81, v29, v34, v31, v82, v31), block9(v34, v29, v94, v81, v99, v31, v82) block6(v35: i8, v36: i16, v37: f64, v38: i128, v39: f32, v40: i128) cold: brif v35, block7(v40, v37, v36, v94, v35, v99, v39), block7(v40, v37, v36, v94, v35, v99, v39) block7(v41: i128, v91: f64, v93: i16, v96: i64, v98: i8, v101: i32, v103: f32) cold: jump block8(v41, v91, v93, v96, v98, v101, v103) block8(v42: i128, v83: f64, v92: i16, v95: i64, v97: i8, v100: i32, v102: f32) cold: jump block9(v83, v92, v95, v97, v100, v42, v102) block9(v43: f64, v84: i16, v85: i64, v86: i8, v87: i32, v88: i128, v89: f32) cold: jump block10(v84, v43, v85, v43, v86, v85, v87, v88, v89, v88, v88, v88) block10(v44: i16, v45: f64, v46: i64, v47: f64, v48: i8, v49: i64, v50: i32, v51: i128, v52: f32, v53: i128, v54: i128, v55: i128): jump block11(v55) block11(v56: i128) cold: jump block12(v56) block12(v57: i128) cold: v111 = iconst.i8 0 return v111 }Steps to Reproduce
clif-util test ./the-above.clifExpected Results
The test to pass
Actual Results
Regalloc checker error:
afonso@DESKTOP-VSTS4BC:~/git/wasmtime/cranelift$ cargo run -- test ./lmao.clif Finished dev [unoptimized + debuginfo] target(s) in 0.18s Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif` ERROR cranelift_codegen::machinst::compile > Register allocation checker errors: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } for vcode: VCode { Entry block: 0 v128 := v157 v129 := v156 v130 := v155 v131 := v152 v132 := v151 v133 := v150 v134 := v149 v135 := v133 v136 := v134 v137 := v148 v142 := v143 Block 0: (original IR block: block0) (successor: Block 1) (instruction range: 0 .. 1) Inst 0: jmp label1 Block 1: (original IR block: block1) (successor: Block 2) (successor: Block 7) (instruction range: 1 .. 4) Inst 1: movl $12, %v157l Inst 2: testb %v128b, %v128b Inst 3: jnz label2; j label7 Block 2: (original IR block: block2) (successor: Block 3) (successor: Block 6) (instruction range: 4 .. 7) Inst 4: movl $12, %v156l Inst 5: testb %v129b, %v129b Inst 6: jnz label3; j label6 Block 3: (original IR block: block3) (successor: Block 4) (successor: Block 5) (instruction range: 7 .. 10) Inst 7: movl $12, %v155l Inst 8: testb %v130b, %v130b Inst 9: jnz label4; j label5 Block 4: (successor: Block 8) (instruction range: 10 .. 11) Inst 10: jmp label8 Block 5: (successor: Block 13) (instruction range: 11 .. 12) Inst 11: jmp label13 Block 6: (successor: Block 14) (instruction range: 12 .. 13) Inst 12: jmp label14 Block 7: (successor: Block 8) (instruction range: 13 .. 14) Inst 13: jmp label8 Block 8: (original IR block: block4) (successor: Block 9) (successor: Block 19) (instruction range: 14 .. 17) Inst 14: movl $12, %v152l Inst 15: testb %v131b, %v131b Inst 16: jnz label9; j label19 Block 9: (original IR block: block5) (successor: Block 10) (successor: Block 15) (instruction range: 17 .. 24) Inst 17: movl $12, %v151l Inst 18: movabsq $3051003305210124183, %v150 Inst 19: movabsq $-7523395567346018409, %v149 Inst 20: andq %v135, $7, %v147 Inst 21: shrb %v147b, %v132b, %v148b Inst 22: testb %v137b, %v137b Inst 23: jnz label10; j label15 Block 10: (original IR block: block6) (successor: Block 11) (successor: Block 12) (instruction range: 24 .. 26) Inst 24: testb %v137b, %v137b Inst 25: jnz label11; j label12 Block 11: (successor: Block 13) (instruction range: 26 .. 27) Inst 26: jmp label13 Block 12: (successor: Block 13) (instruction range: 27 .. 28) Inst 27: jmp label13 Block 13: (original IR block: block7) (successor: Block 14) (instruction range: 28 .. 29) Inst 28: jmp label14 Block 14: (original IR block: block8) (successor: Block 16) (instruction range: 29 .. 30) Inst 29: jmp label16 Block 15: (successor: Block 16) (instruction range: 30 .. 31) Inst 30: jmp label16 Block 16: (original IR block: block9) (successor: Block 17) (instruction range: 31 .. 32) Inst 31: jmp label17 Block 17: (original IR block: block10) (successor: Block 18) (instruction range: 32 .. 33) Inst 32: jmp label18 Block 18: (original IR block: block11) (successor: Block 20) (instruction range: 33 .. 34) Inst 33: jmp label20 Block 19: (successor: Block 20) (instruction range: 34 .. 35) Inst 34: jmp label20 Block 20: (original IR block: block12) (instruction range: 35 .. 37) Inst 35: xorl %v143l, %v143l, %v143l Inst 36: ret %v142=%rax } thread 'worker #0' panicked at 'register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] }', cranelift/codegen/src/machinst/compile.rs:85:14 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ERROR cranelift_filetests::concurrent > FAIL: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } FAIL ./lmao.clif: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } 1 tests Error: 1 failureVersions and Environment
Cranelift version or commit: e10094dcd6d0354628255a6f2e69c1e4c327d6e7 (current main)
Operating system: Linux
Architecture: x86_64
Wasmtime GitHub notifications bot (Feb 16 2023 at 01:44):cfallin commented on issue #5791:
Err, re-opening; the regalloc2 PR fixes the issue but it's not fixed here until we pull in the new version.
Wasmtime GitHub notifications bot (Feb 16 2023 at 01:44):cfallin reopened issue #5791:
:wave: Hey,
I was fuzzing an unrelated PR and got this test case from fuzzgen, which also reproduces on the current main branch.
Additionally I tried to minimize this via bugpoint, and it also crashed, but I'll file that as a separate issue.
.clifTest Casetest compile set opt_level=speed set regalloc_checker=true target x86_64 function %a() -> i8 system_v { block0: v58 = f32const -0x1.696968p-22 v59 = f32const -0x1.b16968p50 v60 = f32const 0x0.0001a2p-126 v61 = iconst.i16 81 v62 = f64const 0x0.000000001d800p-1022 v63 = iconst.i8 12 v64 = iconst.i16 -105 v65 = iconst.i64 0x9797_9797_9797_ffff v66 = iconst.i64 0x9797_8797_9797_9797 v67 = iconst.i64 0x2a57_5757_5797_9797 v68 = iconcat v67, v66 ; v67 = 0x2a57_5757_5797_9797, v66 = 0x9797_8797_9797_9797 v69 = iconst.i32 0x4141_4141 v70 = iconst.i8 0 v71 = iconst.i16 0 v72 = iconst.i32 0 v73 = iconst.i64 0 v74 = uextend.i128 v73 ; v73 = 0 jump block1(v64, v62, v65, v62, v63, v65, v69, v68, v60, v68, v68, v68) ; v64 = -105, v62 = 0x0.000000001d800p-1022, v65 = 0x9797_9797_9797_ffff, v62 = 0x0.000000001d800p-1022, v63 = 12, v65 = 0x9797_9797_9797_ffff, v69 = 0x4141_4141, v60 = 0x0.0001a2p-126 block1(v0: i16, v1: f64, v2: i64, v3: f64, v4: i8, v5: i64, v6: i32, v7: i128, v8: f32, v9: i128, v10: i128, v11: i128): brif v4, block2(v3, v3, v0, v3, v5, v3, v4, v5, v6, v11, v8, v11), block4(v11, v3, v0, v4, v8, v5, v6) block2(v12: f64, v13: f64, v14: i16, v15: f64, v16: i64, v17: f64, v18: i8, v19: i64, v20: i32, v21: i128, v22: f32, v23: i128) cold: v76 -> v18 v75 -> v23 brif v18, block3(v19), block8(v23, v17, v14, v19, v18, v20, v22) block3(v24: i64) cold: brif.i8 v76, block4(v75, v17, v14, v76, v22, v24, v20), block7(v75, v17, v14, v24, v76, v20, v22) block4(v25: i128, v77: f64, v78: i16, v79: i8, v90: f32, v94: i64, v99: i32) cold: v80 -> v79 v82 -> v90 brif v79, block5(v77, v77, v77, v78, v77, v25, v77, v77, v77), block12(v25) block5(v26: f64, v27: f64, v28: f64, v29: i16, v30: f64, v31: i128, v32: f64, v33: f64, v34: f64) cold: v81 = ushr.i8 v80, v31 brif v81, block6(v81, v29, v34, v31, v82, v31), block9(v34, v29, v94, v81, v99, v31, v82) block6(v35: i8, v36: i16, v37: f64, v38: i128, v39: f32, v40: i128) cold: brif v35, block7(v40, v37, v36, v94, v35, v99, v39), block7(v40, v37, v36, v94, v35, v99, v39) block7(v41: i128, v91: f64, v93: i16, v96: i64, v98: i8, v101: i32, v103: f32) cold: jump block8(v41, v91, v93, v96, v98, v101, v103) block8(v42: i128, v83: f64, v92: i16, v95: i64, v97: i8, v100: i32, v102: f32) cold: jump block9(v83, v92, v95, v97, v100, v42, v102) block9(v43: f64, v84: i16, v85: i64, v86: i8, v87: i32, v88: i128, v89: f32) cold: jump block10(v84, v43, v85, v43, v86, v85, v87, v88, v89, v88, v88, v88) block10(v44: i16, v45: f64, v46: i64, v47: f64, v48: i8, v49: i64, v50: i32, v51: i128, v52: f32, v53: i128, v54: i128, v55: i128): jump block11(v55) block11(v56: i128) cold: jump block12(v56) block12(v57: i128) cold: v111 = iconst.i8 0 return v111 }Steps to Reproduce
clif-util test ./the-above.clifExpected Results
The test to pass
Actual Results
Regalloc checker error:
afonso@DESKTOP-VSTS4BC:~/git/wasmtime/cranelift$ cargo run -- test ./lmao.clif Finished dev [unoptimized + debuginfo] target(s) in 0.18s Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif` ERROR cranelift_codegen::machinst::compile > Register allocation checker errors: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } for vcode: VCode { Entry block: 0 v128 := v157 v129 := v156 v130 := v155 v131 := v152 v132 := v151 v133 := v150 v134 := v149 v135 := v133 v136 := v134 v137 := v148 v142 := v143 Block 0: (original IR block: block0) (successor: Block 1) (instruction range: 0 .. 1) Inst 0: jmp label1 Block 1: (original IR block: block1) (successor: Block 2) (successor: Block 7) (instruction range: 1 .. 4) Inst 1: movl $12, %v157l Inst 2: testb %v128b, %v128b Inst 3: jnz label2; j label7 Block 2: (original IR block: block2) (successor: Block 3) (successor: Block 6) (instruction range: 4 .. 7) Inst 4: movl $12, %v156l Inst 5: testb %v129b, %v129b Inst 6: jnz label3; j label6 Block 3: (original IR block: block3) (successor: Block 4) (successor: Block 5) (instruction range: 7 .. 10) Inst 7: movl $12, %v155l Inst 8: testb %v130b, %v130b Inst 9: jnz label4; j label5 Block 4: (successor: Block 8) (instruction range: 10 .. 11) Inst 10: jmp label8 Block 5: (successor: Block 13) (instruction range: 11 .. 12) Inst 11: jmp label13 Block 6: (successor: Block 14) (instruction range: 12 .. 13) Inst 12: jmp label14 Block 7: (successor: Block 8) (instruction range: 13 .. 14) Inst 13: jmp label8 Block 8: (original IR block: block4) (successor: Block 9) (successor: Block 19) (instruction range: 14 .. 17) Inst 14: movl $12, %v152l Inst 15: testb %v131b, %v131b Inst 16: jnz label9; j label19 Block 9: (original IR block: block5) (successor: Block 10) (successor: Block 15) (instruction range: 17 .. 24) Inst 17: movl $12, %v151l Inst 18: movabsq $3051003305210124183, %v150 Inst 19: movabsq $-7523395567346018409, %v149 Inst 20: andq %v135, $7, %v147 Inst 21: shrb %v147b, %v132b, %v148b Inst 22: testb %v137b, %v137b Inst 23: jnz label10; j label15 Block 10: (original IR block: block6) (successor: Block 11) (successor: Block 12) (instruction range: 24 .. 26) Inst 24: testb %v137b, %v137b Inst 25: jnz label11; j label12 Block 11: (successor: Block 13) (instruction range: 26 .. 27) Inst 26: jmp label13 Block 12: (successor: Block 13) (instruction range: 27 .. 28) Inst 27: jmp label13 Block 13: (original IR block: block7) (successor: Block 14) (instruction range: 28 .. 29) Inst 28: jmp label14 Block 14: (original IR block: block8) (successor: Block 16) (instruction range: 29 .. 30) Inst 29: jmp label16 Block 15: (successor: Block 16) (instruction range: 30 .. 31) Inst 30: jmp label16 Block 16: (original IR block: block9) (successor: Block 17) (instruction range: 31 .. 32) Inst 31: jmp label17 Block 17: (original IR block: block10) (successor: Block 18) (instruction range: 32 .. 33) Inst 32: jmp label18 Block 18: (original IR block: block11) (successor: Block 20) (instruction range: 33 .. 34) Inst 33: jmp label20 Block 19: (successor: Block 20) (instruction range: 34 .. 35) Inst 34: jmp label20 Block 20: (original IR block: block12) (instruction range: 35 .. 37) Inst 35: xorl %v143l, %v143l, %v143l Inst 36: ret %v142=%rax } thread 'worker #0' panicked at 'register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] }', cranelift/codegen/src/machinst/compile.rs:85:14 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ERROR cranelift_filetests::concurrent > FAIL: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } FAIL ./lmao.clif: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } 1 tests Error: 1 failureVersions and Environment
Cranelift version or commit: e10094dcd6d0354628255a6f2e69c1e4c327d6e7 (current main)
Operating system: Linux
Architecture: x86_64
Wasmtime GitHub notifications bot (Feb 16 2023 at 02:03):cfallin closed issue #5791:
:wave: Hey,
I was fuzzing an unrelated PR and got this test case from fuzzgen, which also reproduces on the current main branch.
Additionally I tried to minimize this via bugpoint, and it also crashed, but I'll file that as a separate issue.
.clifTest Casetest compile set opt_level=speed set regalloc_checker=true target x86_64 function %a() -> i8 system_v { block0: v58 = f32const -0x1.696968p-22 v59 = f32const -0x1.b16968p50 v60 = f32const 0x0.0001a2p-126 v61 = iconst.i16 81 v62 = f64const 0x0.000000001d800p-1022 v63 = iconst.i8 12 v64 = iconst.i16 -105 v65 = iconst.i64 0x9797_9797_9797_ffff v66 = iconst.i64 0x9797_8797_9797_9797 v67 = iconst.i64 0x2a57_5757_5797_9797 v68 = iconcat v67, v66 ; v67 = 0x2a57_5757_5797_9797, v66 = 0x9797_8797_9797_9797 v69 = iconst.i32 0x4141_4141 v70 = iconst.i8 0 v71 = iconst.i16 0 v72 = iconst.i32 0 v73 = iconst.i64 0 v74 = uextend.i128 v73 ; v73 = 0 jump block1(v64, v62, v65, v62, v63, v65, v69, v68, v60, v68, v68, v68) ; v64 = -105, v62 = 0x0.000000001d800p-1022, v65 = 0x9797_9797_9797_ffff, v62 = 0x0.000000001d800p-1022, v63 = 12, v65 = 0x9797_9797_9797_ffff, v69 = 0x4141_4141, v60 = 0x0.0001a2p-126 block1(v0: i16, v1: f64, v2: i64, v3: f64, v4: i8, v5: i64, v6: i32, v7: i128, v8: f32, v9: i128, v10: i128, v11: i128): brif v4, block2(v3, v3, v0, v3, v5, v3, v4, v5, v6, v11, v8, v11), block4(v11, v3, v0, v4, v8, v5, v6) block2(v12: f64, v13: f64, v14: i16, v15: f64, v16: i64, v17: f64, v18: i8, v19: i64, v20: i32, v21: i128, v22: f32, v23: i128) cold: v76 -> v18 v75 -> v23 brif v18, block3(v19), block8(v23, v17, v14, v19, v18, v20, v22) block3(v24: i64) cold: brif.i8 v76, block4(v75, v17, v14, v76, v22, v24, v20), block7(v75, v17, v14, v24, v76, v20, v22) block4(v25: i128, v77: f64, v78: i16, v79: i8, v90: f32, v94: i64, v99: i32) cold: v80 -> v79 v82 -> v90 brif v79, block5(v77, v77, v77, v78, v77, v25, v77, v77, v77), block12(v25) block5(v26: f64, v27: f64, v28: f64, v29: i16, v30: f64, v31: i128, v32: f64, v33: f64, v34: f64) cold: v81 = ushr.i8 v80, v31 brif v81, block6(v81, v29, v34, v31, v82, v31), block9(v34, v29, v94, v81, v99, v31, v82) block6(v35: i8, v36: i16, v37: f64, v38: i128, v39: f32, v40: i128) cold: brif v35, block7(v40, v37, v36, v94, v35, v99, v39), block7(v40, v37, v36, v94, v35, v99, v39) block7(v41: i128, v91: f64, v93: i16, v96: i64, v98: i8, v101: i32, v103: f32) cold: jump block8(v41, v91, v93, v96, v98, v101, v103) block8(v42: i128, v83: f64, v92: i16, v95: i64, v97: i8, v100: i32, v102: f32) cold: jump block9(v83, v92, v95, v97, v100, v42, v102) block9(v43: f64, v84: i16, v85: i64, v86: i8, v87: i32, v88: i128, v89: f32) cold: jump block10(v84, v43, v85, v43, v86, v85, v87, v88, v89, v88, v88, v88) block10(v44: i16, v45: f64, v46: i64, v47: f64, v48: i8, v49: i64, v50: i32, v51: i128, v52: f32, v53: i128, v54: i128, v55: i128): jump block11(v55) block11(v56: i128) cold: jump block12(v56) block12(v57: i128) cold: v111 = iconst.i8 0 return v111 }Steps to Reproduce
clif-util test ./the-above.clifExpected Results
The test to pass
Actual Results
Regalloc checker error:
afonso@DESKTOP-VSTS4BC:~/git/wasmtime/cranelift$ cargo run -- test ./lmao.clif Finished dev [unoptimized + debuginfo] target(s) in 0.18s Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif` ERROR cranelift_codegen::machinst::compile > Register allocation checker errors: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } for vcode: VCode { Entry block: 0 v128 := v157 v129 := v156 v130 := v155 v131 := v152 v132 := v151 v133 := v150 v134 := v149 v135 := v133 v136 := v134 v137 := v148 v142 := v143 Block 0: (original IR block: block0) (successor: Block 1) (instruction range: 0 .. 1) Inst 0: jmp label1 Block 1: (original IR block: block1) (successor: Block 2) (successor: Block 7) (instruction range: 1 .. 4) Inst 1: movl $12, %v157l Inst 2: testb %v128b, %v128b Inst 3: jnz label2; j label7 Block 2: (original IR block: block2) (successor: Block 3) (successor: Block 6) (instruction range: 4 .. 7) Inst 4: movl $12, %v156l Inst 5: testb %v129b, %v129b Inst 6: jnz label3; j label6 Block 3: (original IR block: block3) (successor: Block 4) (successor: Block 5) (instruction range: 7 .. 10) Inst 7: movl $12, %v155l Inst 8: testb %v130b, %v130b Inst 9: jnz label4; j label5 Block 4: (successor: Block 8) (instruction range: 10 .. 11) Inst 10: jmp label8 Block 5: (successor: Block 13) (instruction range: 11 .. 12) Inst 11: jmp label13 Block 6: (successor: Block 14) (instruction range: 12 .. 13) Inst 12: jmp label14 Block 7: (successor: Block 8) (instruction range: 13 .. 14) Inst 13: jmp label8 Block 8: (original IR block: block4) (successor: Block 9) (successor: Block 19) (instruction range: 14 .. 17) Inst 14: movl $12, %v152l Inst 15: testb %v131b, %v131b Inst 16: jnz label9; j label19 Block 9: (original IR block: block5) (successor: Block 10) (successor: Block 15) (instruction range: 17 .. 24) Inst 17: movl $12, %v151l Inst 18: movabsq $3051003305210124183, %v150 Inst 19: movabsq $-7523395567346018409, %v149 Inst 20: andq %v135, $7, %v147 Inst 21: shrb %v147b, %v132b, %v148b Inst 22: testb %v137b, %v137b Inst 23: jnz label10; j label15 Block 10: (original IR block: block6) (successor: Block 11) (successor: Block 12) (instruction range: 24 .. 26) Inst 24: testb %v137b, %v137b Inst 25: jnz label11; j label12 Block 11: (successor: Block 13) (instruction range: 26 .. 27) Inst 26: jmp label13 Block 12: (successor: Block 13) (instruction range: 27 .. 28) Inst 27: jmp label13 Block 13: (original IR block: block7) (successor: Block 14) (instruction range: 28 .. 29) Inst 28: jmp label14 Block 14: (original IR block: block8) (successor: Block 16) (instruction range: 29 .. 30) Inst 29: jmp label16 Block 15: (successor: Block 16) (instruction range: 30 .. 31) Inst 30: jmp label16 Block 16: (original IR block: block9) (successor: Block 17) (instruction range: 31 .. 32) Inst 31: jmp label17 Block 17: (original IR block: block10) (successor: Block 18) (instruction range: 32 .. 33) Inst 32: jmp label18 Block 18: (original IR block: block11) (successor: Block 20) (instruction range: 33 .. 34) Inst 33: jmp label20 Block 19: (successor: Block 20) (instruction range: 34 .. 35) Inst 34: jmp label20 Block 20: (original IR block: block12) (instruction range: 35 .. 37) Inst 35: xorl %v143l, %v143l, %v143l Inst 36: ret %v142=%rax } thread 'worker #0' panicked at 'register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] }', cranelift/codegen/src/machinst/compile.rs:85:14 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ERROR cranelift_filetests::concurrent > FAIL: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } FAIL ./lmao.clif: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } 1 tests Error: 1 failureVersions and Environment
Cranelift version or commit: e10094dcd6d0354628255a6f2e69c1e4c327d6e7 (current main)
Operating system: Linux
Architecture: x86_64
Wasmtime GitHub notifications bot (Feb 16 2023 at 02:04):cfallin commented on issue #5791:
GitHub really likes to auto-close issues, doesn't it?
Wasmtime GitHub notifications bot (Feb 16 2023 at 02:04):cfallin reopened issue #5791:
:wave: Hey,
I was fuzzing an unrelated PR and got this test case from fuzzgen, which also reproduces on the current main branch.
Additionally I tried to minimize this via bugpoint, and it also crashed, but I'll file that as a separate issue.
.clifTest Casetest compile set opt_level=speed set regalloc_checker=true target x86_64 function %a() -> i8 system_v { block0: v58 = f32const -0x1.696968p-22 v59 = f32const -0x1.b16968p50 v60 = f32const 0x0.0001a2p-126 v61 = iconst.i16 81 v62 = f64const 0x0.000000001d800p-1022 v63 = iconst.i8 12 v64 = iconst.i16 -105 v65 = iconst.i64 0x9797_9797_9797_ffff v66 = iconst.i64 0x9797_8797_9797_9797 v67 = iconst.i64 0x2a57_5757_5797_9797 v68 = iconcat v67, v66 ; v67 = 0x2a57_5757_5797_9797, v66 = 0x9797_8797_9797_9797 v69 = iconst.i32 0x4141_4141 v70 = iconst.i8 0 v71 = iconst.i16 0 v72 = iconst.i32 0 v73 = iconst.i64 0 v74 = uextend.i128 v73 ; v73 = 0 jump block1(v64, v62, v65, v62, v63, v65, v69, v68, v60, v68, v68, v68) ; v64 = -105, v62 = 0x0.000000001d800p-1022, v65 = 0x9797_9797_9797_ffff, v62 = 0x0.000000001d800p-1022, v63 = 12, v65 = 0x9797_9797_9797_ffff, v69 = 0x4141_4141, v60 = 0x0.0001a2p-126 block1(v0: i16, v1: f64, v2: i64, v3: f64, v4: i8, v5: i64, v6: i32, v7: i128, v8: f32, v9: i128, v10: i128, v11: i128): brif v4, block2(v3, v3, v0, v3, v5, v3, v4, v5, v6, v11, v8, v11), block4(v11, v3, v0, v4, v8, v5, v6) block2(v12: f64, v13: f64, v14: i16, v15: f64, v16: i64, v17: f64, v18: i8, v19: i64, v20: i32, v21: i128, v22: f32, v23: i128) cold: v76 -> v18 v75 -> v23 brif v18, block3(v19), block8(v23, v17, v14, v19, v18, v20, v22) block3(v24: i64) cold: brif.i8 v76, block4(v75, v17, v14, v76, v22, v24, v20), block7(v75, v17, v14, v24, v76, v20, v22) block4(v25: i128, v77: f64, v78: i16, v79: i8, v90: f32, v94: i64, v99: i32) cold: v80 -> v79 v82 -> v90 brif v79, block5(v77, v77, v77, v78, v77, v25, v77, v77, v77), block12(v25) block5(v26: f64, v27: f64, v28: f64, v29: i16, v30: f64, v31: i128, v32: f64, v33: f64, v34: f64) cold: v81 = ushr.i8 v80, v31 brif v81, block6(v81, v29, v34, v31, v82, v31), block9(v34, v29, v94, v81, v99, v31, v82) block6(v35: i8, v36: i16, v37: f64, v38: i128, v39: f32, v40: i128) cold: brif v35, block7(v40, v37, v36, v94, v35, v99, v39), block7(v40, v37, v36, v94, v35, v99, v39) block7(v41: i128, v91: f64, v93: i16, v96: i64, v98: i8, v101: i32, v103: f32) cold: jump block8(v41, v91, v93, v96, v98, v101, v103) block8(v42: i128, v83: f64, v92: i16, v95: i64, v97: i8, v100: i32, v102: f32) cold: jump block9(v83, v92, v95, v97, v100, v42, v102) block9(v43: f64, v84: i16, v85: i64, v86: i8, v87: i32, v88: i128, v89: f32) cold: jump block10(v84, v43, v85, v43, v86, v85, v87, v88, v89, v88, v88, v88) block10(v44: i16, v45: f64, v46: i64, v47: f64, v48: i8, v49: i64, v50: i32, v51: i128, v52: f32, v53: i128, v54: i128, v55: i128): jump block11(v55) block11(v56: i128) cold: jump block12(v56) block12(v57: i128) cold: v111 = iconst.i8 0 return v111 }Steps to Reproduce
clif-util test ./the-above.clifExpected Results
The test to pass
Actual Results
Regalloc checker error:
afonso@DESKTOP-VSTS4BC:~/git/wasmtime/cranelift$ cargo run -- test ./lmao.clif Finished dev [unoptimized + debuginfo] target(s) in 0.18s Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif` ERROR cranelift_codegen::machinst::compile > Register allocation checker errors: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } for vcode: VCode { Entry block: 0 v128 := v157 v129 := v156 v130 := v155 v131 := v152 v132 := v151 v133 := v150 v134 := v149 v135 := v133 v136 := v134 v137 := v148 v142 := v143 Block 0: (original IR block: block0) (successor: Block 1) (instruction range: 0 .. 1) Inst 0: jmp label1 Block 1: (original IR block: block1) (successor: Block 2) (successor: Block 7) (instruction range: 1 .. 4) Inst 1: movl $12, %v157l Inst 2: testb %v128b, %v128b Inst 3: jnz label2; j label7 Block 2: (original IR block: block2) (successor: Block 3) (successor: Block 6) (instruction range: 4 .. 7) Inst 4: movl $12, %v156l Inst 5: testb %v129b, %v129b Inst 6: jnz label3; j label6 Block 3: (original IR block: block3) (successor: Block 4) (successor: Block 5) (instruction range: 7 .. 10) Inst 7: movl $12, %v155l Inst 8: testb %v130b, %v130b Inst 9: jnz label4; j label5 Block 4: (successor: Block 8) (instruction range: 10 .. 11) Inst 10: jmp label8 Block 5: (successor: Block 13) (instruction range: 11 .. 12) Inst 11: jmp label13 Block 6: (successor: Block 14) (instruction range: 12 .. 13) Inst 12: jmp label14 Block 7: (successor: Block 8) (instruction range: 13 .. 14) Inst 13: jmp label8 Block 8: (original IR block: block4) (successor: Block 9) (successor: Block 19) (instruction range: 14 .. 17) Inst 14: movl $12, %v152l Inst 15: testb %v131b, %v131b Inst 16: jnz label9; j label19 Block 9: (original IR block: block5) (successor: Block 10) (successor: Block 15) (instruction range: 17 .. 24) Inst 17: movl $12, %v151l Inst 18: movabsq $3051003305210124183, %v150 Inst 19: movabsq $-7523395567346018409, %v149 Inst 20: andq %v135, $7, %v147 Inst 21: shrb %v147b, %v132b, %v148b Inst 22: testb %v137b, %v137b Inst 23: jnz label10; j label15 Block 10: (original IR block: block6) (successor: Block 11) (successor: Block 12) (instruction range: 24 .. 26) Inst 24: testb %v137b, %v137b Inst 25: jnz label11; j label12 Block 11: (successor: Block 13) (instruction range: 26 .. 27) Inst 26: jmp label13 Block 12: (successor: Block 13) (instruction range: 27 .. 28) Inst 27: jmp label13 Block 13: (original IR block: block7) (successor: Block 14) (instruction range: 28 .. 29) Inst 28: jmp label14 Block 14: (original IR block: block8) (successor: Block 16) (instruction range: 29 .. 30) Inst 29: jmp label16 Block 15: (successor: Block 16) (instruction range: 30 .. 31) Inst 30: jmp label16 Block 16: (original IR block: block9) (successor: Block 17) (instruction range: 31 .. 32) Inst 31: jmp label17 Block 17: (original IR block: block10) (successor: Block 18) (instruction range: 32 .. 33) Inst 32: jmp label18 Block 18: (original IR block: block11) (successor: Block 20) (instruction range: 33 .. 34) Inst 33: jmp label20 Block 19: (successor: Block 20) (instruction range: 34 .. 35) Inst 34: jmp label20 Block 20: (original IR block: block12) (instruction range: 35 .. 37) Inst 35: xorl %v143l, %v143l, %v143l Inst 36: ret %v142=%rax } thread 'worker #0' panicked at 'register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] }', cranelift/codegen/src/machinst/compile.rs:85:14 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ERROR cranelift_filetests::concurrent > FAIL: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } FAIL ./lmao.clif: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } 1 tests Error: 1 failureVersions and Environment
Cranelift version or commit: e10094dcd6d0354628255a6f2e69c1e4c327d6e7 (current main)
Operating system: Linux
Architecture: x86_64
Wasmtime GitHub notifications bot (Feb 16 2023 at 03:23):cfallin closed issue #5791:
:wave: Hey,
I was fuzzing an unrelated PR and got this test case from fuzzgen, which also reproduces on the current main branch.
Additionally I tried to minimize this via bugpoint, and it also crashed, but I'll file that as a separate issue.
.clifTest Casetest compile set opt_level=speed set regalloc_checker=true target x86_64 function %a() -> i8 system_v { block0: v58 = f32const -0x1.696968p-22 v59 = f32const -0x1.b16968p50 v60 = f32const 0x0.0001a2p-126 v61 = iconst.i16 81 v62 = f64const 0x0.000000001d800p-1022 v63 = iconst.i8 12 v64 = iconst.i16 -105 v65 = iconst.i64 0x9797_9797_9797_ffff v66 = iconst.i64 0x9797_8797_9797_9797 v67 = iconst.i64 0x2a57_5757_5797_9797 v68 = iconcat v67, v66 ; v67 = 0x2a57_5757_5797_9797, v66 = 0x9797_8797_9797_9797 v69 = iconst.i32 0x4141_4141 v70 = iconst.i8 0 v71 = iconst.i16 0 v72 = iconst.i32 0 v73 = iconst.i64 0 v74 = uextend.i128 v73 ; v73 = 0 jump block1(v64, v62, v65, v62, v63, v65, v69, v68, v60, v68, v68, v68) ; v64 = -105, v62 = 0x0.000000001d800p-1022, v65 = 0x9797_9797_9797_ffff, v62 = 0x0.000000001d800p-1022, v63 = 12, v65 = 0x9797_9797_9797_ffff, v69 = 0x4141_4141, v60 = 0x0.0001a2p-126 block1(v0: i16, v1: f64, v2: i64, v3: f64, v4: i8, v5: i64, v6: i32, v7: i128, v8: f32, v9: i128, v10: i128, v11: i128): brif v4, block2(v3, v3, v0, v3, v5, v3, v4, v5, v6, v11, v8, v11), block4(v11, v3, v0, v4, v8, v5, v6) block2(v12: f64, v13: f64, v14: i16, v15: f64, v16: i64, v17: f64, v18: i8, v19: i64, v20: i32, v21: i128, v22: f32, v23: i128) cold: v76 -> v18 v75 -> v23 brif v18, block3(v19), block8(v23, v17, v14, v19, v18, v20, v22) block3(v24: i64) cold: brif.i8 v76, block4(v75, v17, v14, v76, v22, v24, v20), block7(v75, v17, v14, v24, v76, v20, v22) block4(v25: i128, v77: f64, v78: i16, v79: i8, v90: f32, v94: i64, v99: i32) cold: v80 -> v79 v82 -> v90 brif v79, block5(v77, v77, v77, v78, v77, v25, v77, v77, v77), block12(v25) block5(v26: f64, v27: f64, v28: f64, v29: i16, v30: f64, v31: i128, v32: f64, v33: f64, v34: f64) cold: v81 = ushr.i8 v80, v31 brif v81, block6(v81, v29, v34, v31, v82, v31), block9(v34, v29, v94, v81, v99, v31, v82) block6(v35: i8, v36: i16, v37: f64, v38: i128, v39: f32, v40: i128) cold: brif v35, block7(v40, v37, v36, v94, v35, v99, v39), block7(v40, v37, v36, v94, v35, v99, v39) block7(v41: i128, v91: f64, v93: i16, v96: i64, v98: i8, v101: i32, v103: f32) cold: jump block8(v41, v91, v93, v96, v98, v101, v103) block8(v42: i128, v83: f64, v92: i16, v95: i64, v97: i8, v100: i32, v102: f32) cold: jump block9(v83, v92, v95, v97, v100, v42, v102) block9(v43: f64, v84: i16, v85: i64, v86: i8, v87: i32, v88: i128, v89: f32) cold: jump block10(v84, v43, v85, v43, v86, v85, v87, v88, v89, v88, v88, v88) block10(v44: i16, v45: f64, v46: i64, v47: f64, v48: i8, v49: i64, v50: i32, v51: i128, v52: f32, v53: i128, v54: i128, v55: i128): jump block11(v55) block11(v56: i128) cold: jump block12(v56) block12(v57: i128) cold: v111 = iconst.i8 0 return v111 }Steps to Reproduce
clif-util test ./the-above.clifExpected Results
The test to pass
Actual Results
Regalloc checker error:
afonso@DESKTOP-VSTS4BC:~/git/wasmtime/cranelift$ cargo run -- test ./lmao.clif Finished dev [unoptimized + debuginfo] target(s) in 0.18s Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif` ERROR cranelift_codegen::machinst::compile > Register allocation checker errors: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } for vcode: VCode { Entry block: 0 v128 := v157 v129 := v156 v130 := v155 v131 := v152 v132 := v151 v133 := v150 v134 := v149 v135 := v133 v136 := v134 v137 := v148 v142 := v143 Block 0: (original IR block: block0) (successor: Block 1) (instruction range: 0 .. 1) Inst 0: jmp label1 Block 1: (original IR block: block1) (successor: Block 2) (successor: Block 7) (instruction range: 1 .. 4) Inst 1: movl $12, %v157l Inst 2: testb %v128b, %v128b Inst 3: jnz label2; j label7 Block 2: (original IR block: block2) (successor: Block 3) (successor: Block 6) (instruction range: 4 .. 7) Inst 4: movl $12, %v156l Inst 5: testb %v129b, %v129b Inst 6: jnz label3; j label6 Block 3: (original IR block: block3) (successor: Block 4) (successor: Block 5) (instruction range: 7 .. 10) Inst 7: movl $12, %v155l Inst 8: testb %v130b, %v130b Inst 9: jnz label4; j label5 Block 4: (successor: Block 8) (instruction range: 10 .. 11) Inst 10: jmp label8 Block 5: (successor: Block 13) (instruction range: 11 .. 12) Inst 11: jmp label13 Block 6: (successor: Block 14) (instruction range: 12 .. 13) Inst 12: jmp label14 Block 7: (successor: Block 8) (instruction range: 13 .. 14) Inst 13: jmp label8 Block 8: (original IR block: block4) (successor: Block 9) (successor: Block 19) (instruction range: 14 .. 17) Inst 14: movl $12, %v152l Inst 15: testb %v131b, %v131b Inst 16: jnz label9; j label19 Block 9: (original IR block: block5) (successor: Block 10) (successor: Block 15) (instruction range: 17 .. 24) Inst 17: movl $12, %v151l Inst 18: movabsq $3051003305210124183, %v150 Inst 19: movabsq $-7523395567346018409, %v149 Inst 20: andq %v135, $7, %v147 Inst 21: shrb %v147b, %v132b, %v148b Inst 22: testb %v137b, %v137b Inst 23: jnz label10; j label15 Block 10: (original IR block: block6) (successor: Block 11) (successor: Block 12) (instruction range: 24 .. 26) Inst 24: testb %v137b, %v137b Inst 25: jnz label11; j label12 Block 11: (successor: Block 13) (instruction range: 26 .. 27) Inst 26: jmp label13 Block 12: (successor: Block 13) (instruction range: 27 .. 28) Inst 27: jmp label13 Block 13: (original IR block: block7) (successor: Block 14) (instruction range: 28 .. 29) Inst 28: jmp label14 Block 14: (original IR block: block8) (successor: Block 16) (instruction range: 29 .. 30) Inst 29: jmp label16 Block 15: (successor: Block 16) (instruction range: 30 .. 31) Inst 30: jmp label16 Block 16: (original IR block: block9) (successor: Block 17) (instruction range: 31 .. 32) Inst 31: jmp label17 Block 17: (original IR block: block10) (successor: Block 18) (instruction range: 32 .. 33) Inst 32: jmp label18 Block 18: (original IR block: block11) (successor: Block 20) (instruction range: 33 .. 34) Inst 33: jmp label20 Block 19: (successor: Block 20) (instruction range: 34 .. 35) Inst 34: jmp label20 Block 20: (original IR block: block12) (instruction range: 35 .. 37) Inst 35: xorl %v143l, %v143l, %v143l Inst 36: ret %v142=%rax } thread 'worker #0' panicked at 'register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] }', cranelift/codegen/src/machinst/compile.rs:85:14 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ERROR cranelift_filetests::concurrent > FAIL: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } FAIL ./lmao.clif: panicked in worker #0: register allocation checker: CheckerErrors { errors: [UnknownValueInAllocation { inst: Inst(24), op: Use: v148i reg, alloc: p10i }] } 1 tests Error: 1 failureVersions and Environment
Cranelift version or commit: e10094dcd6d0354628255a6f2e69c1e4c327d6e7 (current main)
Operating system: Linux
Architecture: x86_64
Last updated: Nov 22 2024 at 16:03 UTC