wasmtime / issue #6185 Regression in `i32.le_u` against -1 · git-wasmtime

Stream: git-wasmtime

Topic: wasmtime / issue #6185 Regression in `i32.le_u` against -1

Wasmtime GitHub notifications bot (Apr 10 2023 at 20:15):

Fuzzing has found that this module:
(module
  (func $f (param i32) (result i32)
    (local i64)
    local.get 0
    i32.const -1
    i32.le_u
  )
  (func $s
    (call $f (i32.const 0))
    if
      return
    end
    unreachable
  )

  (start $s)
)
behaves different on the current 7.0.0 release of Wasmtime and main. Specifically this is testing 0_u32 <= (-1_i32 as u32) which should return 1 causing this program to not trap. On main, however, this program traps:
$ wasmtime --version
wasmtime-cli 7.0.0
$ wasmtime run testcase0.wat
$ ./target/debug/wasmtime run testcase0.wat
Error: failed to run main module `testcase0.wat`

Caused by:
    0: failed to instantiate "testcase0.wat"
    1: error while executing at wasm backtrace:
           0:   0x32 - <unknown>!short
    2: wasm trap: wasm `unreachable` instruction executed
Bisection reveals that this was introduced in #6130 (cc @Kmeakin) so no current releases are affected, but we'll want to fix this for the upcoming 8.0.0 release.

Last updated: Nov 22 2024 at 16:03 UTC