Stream: git-wasmtime

Topic: wasmtime / issue #6185 Regresion in `i32.le_u` against -1

view this post on Zulip Wasmtime GitHub notifications bot (Apr 09 2023 at 00:10):

alexcrichton opened issue #6185:

Fuzzing has found that this module:

(module
  (func $f (param i32) (result i32)
    (local i64)
    local.get 0
    i32.const -1
    i32.le_u
  )
  (func $s
    (call $f (i32.const 0))
    if
      return
    end
    unreachable
  )

  (start $s)
)

behaves different on the current 7.0.0 release of Wasmtime and main. Specifically this is testing 0_u32 <= (-1_i32 as u32) which should return 1 causing this program to not trap. On main, however, this program traps:

$ wasmtime --version
wasmtime-cli 7.0.0
$ wasmtime run testcase0.wat
$ ./target/debug/wasmtime run testcase0.wat
Error: failed to run main module `testcase0.wat`

Caused by:
    0: failed to instantiate "testcase0.wat"
    1: error while executing at wasm backtrace:
           0:   0x32 - <unknown>!short
    2: wasm trap: wasm `unreachable` instruction executed

Bisection reveals that this was introduced in #6130 (cc @Kmeakin) so no current releases are affected, but we'll want to fix this for the upcoming 8.0.0 release.

view this post on Zulip Wasmtime GitHub notifications bot (Apr 09 2023 at 19:59):

cfallin commented on issue #6185:

@Kmeakin would you mind creating two PRs, to revert #6130 both on main and on release-8.0.0? Once we've gotten back to a baseline of correctness, we can re-examine the PR and try to re-land it with a fix on main. (And we should -- the PR was a good change overall!)

view this post on Zulip Wasmtime GitHub notifications bot (Apr 10 2023 at 18:26):

cfallin commented on issue #6185:

@Kmeakin would you mind creating two PRs, to revert #6130 both on main and on release-8.0.0? Once we've gotten back to a baseline of correctness, we can re-examine the PR and try to re-land it with a fix on main. (And we should -- the PR was a good change overall!)

I went ahead and created two PRs (#6193 and #6194) for this. We can revert the revert (#6193) once we resolve the original bug.

view this post on Zulip Wasmtime GitHub notifications bot (Apr 10 2023 at 19:20):

cfallin closed issue #6185:

Fuzzing has found that this module:

(module
  (func $f (param i32) (result i32)
    (local i64)
    local.get 0
    i32.const -1
    i32.le_u
  )
  (func $s
    (call $f (i32.const 0))
    if
      return
    end
    unreachable
  )

  (start $s)
)

behaves different on the current 7.0.0 release of Wasmtime and main. Specifically this is testing 0_u32 <= (-1_i32 as u32) which should return 1 causing this program to not trap. On main, however, this program traps:

$ wasmtime --version
wasmtime-cli 7.0.0
$ wasmtime run testcase0.wat
$ ./target/debug/wasmtime run testcase0.wat
Error: failed to run main module `testcase0.wat`

Caused by:
    0: failed to instantiate "testcase0.wat"
    1: error while executing at wasm backtrace:
           0:   0x32 - <unknown>!short
    2: wasm trap: wasm `unreachable` instruction executed

Bisection reveals that this was introduced in #6130 (cc @Kmeakin) so no current releases are affected, but we'll want to fix this for the upcoming 8.0.0 release.

Last updated: Nov 22 2024 at 17:03 UTC