wasmtime / issue #6640 Cranelift: Wrong result on `tail` ... · git-wasmtime

Stream: git-wasmtime

Topic: wasmtime / issue #6640 Cranelift: Wrong result on `tail` ...

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:51):

afonso360 opened issue #6640:

:wave: Hey,

Fuzzgen found this while I was working on something unrelated, but it reproduces on main.

The testcase passes if stack probing is disabled. Or if we remove the stack slots.

I've also tested on the other backends and they pass this test.

`.clif` Test Case

test interpret
test run
set enable_llvm_abi_extensions=true
set probestack_size_log2=6
set probestack_strategy=inline
set enable_probestack=true
target x86_64
target aarch64
target riscv64gc has_v

function %a(i8, i8, i8, i8, i16x8, i8, i8x16, i64, i16, i32, i16x8, f32, i16x8, i32x4, i16x8, i128) -> i8, i8, i64, i16x8, i32, i128, i128, i128, i8x16, f32, i128, i32x4, i32x4 tail {
    ss0 = explicit_slot 117
    ss1 = explicit_slot 49
    ss2 = explicit_slot 65
    ss3 = explicit_slot 50
    ss4 = explicit_slot 76

block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i16x8, v5: i8, v6: i8x16, v7: i64, v8: i16, v9: i32, v10: i16x8, v11: f32, v12: i16x8, v13: i32x4, v14: i16x8, v15: i128):
    v32 = bmask.i16 v15
    v33 = uextend.i32 v32
    v40 = bitrev v7
    v79 = icmp sge v3, v3
    v84 = bitrev v40
    return v79, v79, v84, v14, v33, v15, v15, v15, v6, v11, v15, v13, v13
}

; run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]

Steps to Reproduce

clif-util test ./the-above.clif

Expected Results

The test to pass.

Actual Results

     Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif`
 ERROR cranelift_filetests::concurrent > FAIL: run
FAIL ./lmao.clif: run

Caused by:
    Failed test: run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c], actual: [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 2583671442118339183427542988162351, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]
1 tests
Error: 1 failure

Versions and Environment

Cranelift version or commit: main (2d34b4657aa5290948da9a07cb31764a12c12994)
Operating system: Linux
Architecture: X86

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:51):

afonso360 assigned issue #6640 to fitzgen.

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:51):

afonso360 labeled issue #6640:

:wave: Hey,

Fuzzgen found this while I was working on something unrelated, but it reproduces on main.

The testcase passes if stack probing is disabled. Or if we remove the stack slots.

I've also tested on the other backends and they pass this test.

`.clif` Test Case

test interpret
test run
set enable_llvm_abi_extensions=true
set probestack_size_log2=6
set probestack_strategy=inline
set enable_probestack=true
target x86_64
target aarch64
target riscv64gc has_v

function %a(i8, i8, i8, i8, i16x8, i8, i8x16, i64, i16, i32, i16x8, f32, i16x8, i32x4, i16x8, i128) -> i8, i8, i64, i16x8, i32, i128, i128, i128, i8x16, f32, i128, i32x4, i32x4 tail {
    ss0 = explicit_slot 117
    ss1 = explicit_slot 49
    ss2 = explicit_slot 65
    ss3 = explicit_slot 50
    ss4 = explicit_slot 76

block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i16x8, v5: i8, v6: i8x16, v7: i64, v8: i16, v9: i32, v10: i16x8, v11: f32, v12: i16x8, v13: i32x4, v14: i16x8, v15: i128):
    v32 = bmask.i16 v15
    v33 = uextend.i32 v32
    v40 = bitrev v7
    v79 = icmp sge v3, v3
    v84 = bitrev v40
    return v79, v79, v84, v14, v33, v15, v15, v15, v6, v11, v15, v13, v13
}

; run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]

Steps to Reproduce

clif-util test ./the-above.clif

Expected Results

The test to pass.

Actual Results

     Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif`
 ERROR cranelift_filetests::concurrent > FAIL: run
FAIL ./lmao.clif: run

Caused by:
    Failed test: run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c], actual: [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 2583671442118339183427542988162351, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]
1 tests
Error: 1 failure

Versions and Environment

Cranelift version or commit: main (2d34b4657aa5290948da9a07cb31764a12c12994)
Operating system: Linux
Architecture: X86

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:51):

afonso360 labeled issue #6640:

:wave: Hey,

Fuzzgen found this while I was working on something unrelated, but it reproduces on main.

The testcase passes if stack probing is disabled. Or if we remove the stack slots.

I've also tested on the other backends and they pass this test.

`.clif` Test Case

test interpret
test run
set enable_llvm_abi_extensions=true
set probestack_size_log2=6
set probestack_strategy=inline
set enable_probestack=true
target x86_64
target aarch64
target riscv64gc has_v

function %a(i8, i8, i8, i8, i16x8, i8, i8x16, i64, i16, i32, i16x8, f32, i16x8, i32x4, i16x8, i128) -> i8, i8, i64, i16x8, i32, i128, i128, i128, i8x16, f32, i128, i32x4, i32x4 tail {
    ss0 = explicit_slot 117
    ss1 = explicit_slot 49
    ss2 = explicit_slot 65
    ss3 = explicit_slot 50
    ss4 = explicit_slot 76

block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i16x8, v5: i8, v6: i8x16, v7: i64, v8: i16, v9: i32, v10: i16x8, v11: f32, v12: i16x8, v13: i32x4, v14: i16x8, v15: i128):
    v32 = bmask.i16 v15
    v33 = uextend.i32 v32
    v40 = bitrev v7
    v79 = icmp sge v3, v3
    v84 = bitrev v40
    return v79, v79, v84, v14, v33, v15, v15, v15, v6, v11, v15, v13, v13
}

; run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]

Steps to Reproduce

clif-util test ./the-above.clif

Expected Results

The test to pass.

Actual Results

     Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif`
 ERROR cranelift_filetests::concurrent > FAIL: run
FAIL ./lmao.clif: run

Caused by:
    Failed test: run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c], actual: [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 2583671442118339183427542988162351, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]
1 tests
Error: 1 failure

Versions and Environment

Cranelift version or commit: main (2d34b4657aa5290948da9a07cb31764a12c12994)
Operating system: Linux
Architecture: X86

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:52):

afonso360 edited issue #6640:

:wave: Hey,

Fuzzgen found this while I was working on something unrelated, but it reproduces on main.

The testcase passes if stack probing is disabled or if we remove the stack slots. Setting probestack_size_log2=7 also makes the test pass, but any value below that makes it fail.

I've also tested on the other backends and they pass this test.

`.clif` Test Case

test interpret
test run
set enable_llvm_abi_extensions=true
set probestack_size_log2=6
set probestack_strategy=inline
set enable_probestack=true
target x86_64
target aarch64
target riscv64gc has_v

function %a(i8, i8, i8, i8, i16x8, i8, i8x16, i64, i16, i32, i16x8, f32, i16x8, i32x4, i16x8, i128) -> i8, i8, i64, i16x8, i32, i128, i128, i128, i8x16, f32, i128, i32x4, i32x4 tail {
    ss0 = explicit_slot 117
    ss1 = explicit_slot 49
    ss2 = explicit_slot 65
    ss3 = explicit_slot 50
    ss4 = explicit_slot 76

block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i16x8, v5: i8, v6: i8x16, v7: i64, v8: i16, v9: i32, v10: i16x8, v11: f32, v12: i16x8, v13: i32x4, v14: i16x8, v15: i128):
    v32 = bmask.i16 v15
    v33 = uextend.i32 v32
    v40 = bitrev v7
    v79 = icmp sge v3, v3
    v84 = bitrev v40
    return v79, v79, v84, v14, v33, v15, v15, v15, v6, v11, v15, v13, v13
}

; run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]

Steps to Reproduce

clif-util test ./the-above.clif

Expected Results

The test to pass.

Actual Results

     Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif`
 ERROR cranelift_filetests::concurrent > FAIL: run
FAIL ./lmao.clif: run

Caused by:
    Failed test: run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c], actual: [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 2583671442118339183427542988162351, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]
1 tests
Error: 1 failure

Versions and Environment

Cranelift version or commit: main (2d34b4657aa5290948da9a07cb31764a12c12994)
Operating system: Linux
Architecture: X86

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:58):

afonso360 labeled issue #6640:

:wave: Hey,

Fuzzgen found this while I was working on something unrelated, but it reproduces on main.

The testcase passes if stack probing is disabled or if we remove the stack slots. Setting probestack_size_log2=7 also makes the test pass, but any value below that makes it fail.

I've also tested on the other backends and they pass this test.

`.clif` Test Case

test interpret
test run
set enable_llvm_abi_extensions=true
set probestack_size_log2=6
set probestack_strategy=inline
set enable_probestack=true
target x86_64
target aarch64
target riscv64gc has_v

function %a(i8, i8, i8, i8, i16x8, i8, i8x16, i64, i16, i32, i16x8, f32, i16x8, i32x4, i16x8, i128) -> i8, i8, i64, i16x8, i32, i128, i128, i128, i8x16, f32, i128, i32x4, i32x4 tail {
    ss0 = explicit_slot 117
    ss1 = explicit_slot 49
    ss2 = explicit_slot 65
    ss3 = explicit_slot 50
    ss4 = explicit_slot 76

block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i16x8, v5: i8, v6: i8x16, v7: i64, v8: i16, v9: i32, v10: i16x8, v11: f32, v12: i16x8, v13: i32x4, v14: i16x8, v15: i128):
    v32 = bmask.i16 v15
    v33 = uextend.i32 v32
    v40 = bitrev v7
    v79 = icmp sge v3, v3
    v84 = bitrev v40
    return v79, v79, v84, v14, v33, v15, v15, v15, v6, v11, v15, v13, v13
}

; run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]

Steps to Reproduce

clif-util test ./the-above.clif

Expected Results

The test to pass.

Actual Results

     Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif`
 ERROR cranelift_filetests::concurrent > FAIL: run
FAIL ./lmao.clif: run

Caused by:
    Failed test: run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c], actual: [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 2583671442118339183427542988162351, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]
1 tests
Error: 1 failure

Versions and Environment

Cranelift version or commit: main (2d34b4657aa5290948da9a07cb31764a12c12994)
Operating system: Linux
Architecture: X86

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:59):

afonso360 edited issue #6640:

:wave: Hey,

Fuzzgen found this while I was working on something unrelated, but it reproduces on main.

The testcase passes if stack probing is disabled or if we remove the stack slots. Setting probestack_size_log2=7 also makes the test pass, but any value below that makes it fail.

I've also tested on the other backends and they pass this test.

`.clif` Test Case

test interpret
test run
set enable_llvm_abi_extensions=true
set probestack_size_log2=6
set probestack_strategy=inline
set enable_probestack=true
target x86_64
target aarch64
target riscv64gc has_v

function %a(i8, i8, i8, i8, i16x8, i8, i8x16, i64, i16, i32, i16x8, f32, i16x8, i32x4, i16x8, i128) -> i8, i8, i64, i16x8, i32, i128, i128, i128, i8x16, f32, i128, i32x4, i32x4 tail {
    ss0 = explicit_slot 117
    ss1 = explicit_slot 49
    ss2 = explicit_slot 65
    ss3 = explicit_slot 50
    ss4 = explicit_slot 76

block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i16x8, v5: i8, v6: i8x16, v7: i64, v8: i16, v9: i32, v10: i16x8, v11: f32, v12: i16x8, v13: i32x4, v14: i16x8, v15: i128):
    v32 = bmask.i16 v15
    v33 = uextend.i32 v32
    v40 = bitrev v7
    v79 = icmp sge v3, v3
    v84 = bitrev v40
    return v79, v79, v84, v14, v33, v15, v15, v15, v6, v11, v15, v13, v13
}

; run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]

Steps to Reproduce

clif-util test ./the-above.clif

Expected Results

The test to pass.

Actual Results

The value that is wrong here is v15

     Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif`
 ERROR cranelift_filetests::concurrent > FAIL: run
FAIL ./lmao.clif: run

Caused by:
    Failed test: run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c], actual: [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 2583671442118339183427542988162351, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]
1 tests
Error: 1 failure

Versions and Environment

Cranelift version or commit: main (2d34b4657aa5290948da9a07cb31764a12c12994)
Operating system: Linux
Architecture: X86

Wasmtime GitHub notifications bot (Jun 26 2023 at 21:49):

fitzgen commented on issue #6640:

Reduced a bit more:

test interpret
test run
set enable_llvm_abi_extensions=true
set probestack_size_log2=6
set probestack_strategy=inline
set enable_probestack=true
target x86_64
target aarch64
target riscv64gc has_v

function %a(i8, i8, i8, i8, i16x8, i8, i8x16, i64, i16, i32, i16x8, f32, i16x8, i32x4, i16x8, i128) -> i8, i8, i64, i16x8, i32, i128, i128, i128, i8x16, f32, i128, i32x4, i32x4 tail {
    ss0 = explicit_slot 321

block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i16x8, v5: i8, v6: i8x16, v7: i64, v8: i16, v9: i32, v10: i16x8, v11: f32, v12: i16x8, v13: i32x4, v14: i16x8, v15: i128):
    return v3, v3, v7, v14, v9, v15, v15, v15, v6, v11, v15, v13, v13
}

; run: %a(-95, -95, -95, -95, 0xa1, -95, 0xa1, -6, -2, -1, 0x7b, 0x1.0, 0x4c, 0xb0, 0xe2, -42) == [-95, -95, -6, 0xe2, -1, -42, -42, -42, 0xa1, 0x1.0, -42, 0xb0, 0xb0]

If I change the explicit stack slot size to 320 then the test passes.

Wasmtime GitHub notifications bot (Jun 26 2023 at 22:16):

fitzgen commented on issue #6640:

Further reduced:

test interpret
test run
set enable_llvm_abi_extensions=true
set probestack_size_log2=6
set probestack_strategy=inline
set enable_probestack=true
target x86_64
target aarch64
target riscv64gc has_v

function %a(i8, i8, i8, i8, i8, i64, i8, i8, i128) -> i128 tail {
    ss0 = explicit_slot 321

block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i8, v5: i64, v6: i8, v7: i8, v8: i128):
    return v8
}

; run: %a(0, 1, 2, 3, 4, 5, 6, 7, 8) == 8

Wasmtime GitHub notifications bot (Jun 27 2023 at 17:39):

fitzgen commented on issue #6640:

The bug is that the probestack code is somehow using a register that is an argument and overwriting the argument:

;;; Prologue.
0:  55                      pushq   %rbp
1:  48 89 e5                movq    %rsp, %rbp

;;; Begin inline probe stack.
4:  49 89 e3                movq    %rsp, %r11
    ;; r11 = rsp - 0x180
    ;;
    ;; THIS CLOBBERS AN ARGUMENT
7:  49 81 eb 80 01 00 00    subq    $0x180, %r11
    ;; do { rsp -= 0x40; *rsp = esp; } while (r11 != rsp);
e:  48 83 ec 40             subq    $0x40, %rsp
12: 89 24 24                movl    %esp, (%rsp)
15: 49 39 e3                cmpq    %rsp, %r11
18: 0f 85 f0 ff ff ff       jne 0xe
    ;; restore rsp to original value.
1e: 48 81 c4 80 01 00 00    addq    $0x180, %rsp
;;; End inline probe stack.

;;; Allocate stack frame.
25: 48 81 ec 50 01 00 00    subq    $0x150, %rsp
;;; Move arguments (r10, r11) into their return value place.
2c: 4c 89 d0                movq    %r10, %rax
2f: 4c 89 d9                movq    %r11, %rcx
;;; Deallocate stack frame.
32: 48 81 c4 50 01 00 00    addq    $0x150, %rsp
;;; Epilogue.
39: 48 89 ec                movq    %rbp, %rsp
3c: 5d                      popq    %rbp
3d: c3                      retq

Wasmtime GitHub notifications bot (Jun 27 2023 at 20:14):

fitzgen closed issue #6640:

:wave: Hey,

Fuzzgen found this while I was working on something unrelated, but it reproduces on main.

The testcase passes if stack probing is disabled or if we remove the stack slots. Setting probestack_size_log2=7 also makes the test pass, but any value below that makes it fail.

I've also tested on the other backends and they pass this test.

`.clif` Test Case

test interpret
test run
set enable_llvm_abi_extensions=true
set probestack_size_log2=6
set probestack_strategy=inline
set enable_probestack=true
target x86_64
target aarch64
target riscv64gc has_v

function %a(i8, i8, i8, i8, i16x8, i8, i8x16, i64, i16, i32, i16x8, f32, i16x8, i32x4, i16x8, i128) -> i8, i8, i64, i16x8, i32, i128, i128, i128, i8x16, f32, i128, i32x4, i32x4 tail {
    ss0 = explicit_slot 117
    ss1 = explicit_slot 49
    ss2 = explicit_slot 65
    ss3 = explicit_slot 50
    ss4 = explicit_slot 76

block0(v0: i8, v1: i8, v2: i8, v3: i8, v4: i16x8, v5: i8, v6: i8x16, v7: i64, v8: i16, v9: i32, v10: i16x8, v11: f32, v12: i16x8, v13: i32x4, v14: i16x8, v15: i128):
    v32 = bmask.i16 v15
    v33 = uextend.i32 v32
    v40 = bitrev v7
    v79 = icmp sge v3, v3
    v84 = bitrev v40
    return v79, v79, v84, v14, v33, v15, v15, v15, v6, v11, v15, v13, v13
}

; run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]

Steps to Reproduce

clif-util test ./the-above.clif

Expected Results

The test to pass.

Actual Results

The value that is wrong here is v15

     Running `/home/afonso/git/wasmtime/target/debug/clif-util test ./lmao.clif`
 ERROR cranelift_filetests::concurrent > FAIL: run
FAIL ./lmao.clif: run

Caused by:
    Failed test: run: %a(-95, -95, -95, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -95, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, -6799976246779207263, -24159, -1583242847, 0x7b7b7ba1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 0x4c4c7b7b7b7b7b7b7b7b7b7b7b7b7b7b, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, -113427455621981599237913610941852744401) == [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, -113427455621981599237913610941852744401, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, -113427455621981599237913610941852744401, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c], actual: [1, 1, -6799976246779207263, 0xe2a240000000b0b0b0b0b0b0b0b0b0b0, 65535, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 2583671442118339183427542988162351, 0xa1a1a1a1a1a1a1a1a1a1a1a1a1a1a1a1, 0x1.f6f6f6p119, 2583671442118339183427542988162351, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c, 0xb0b06e00f1244c4c4c4c4c4c4c4c4c4c]
1 tests
Error: 1 failure

Versions and Environment

Cranelift version or commit: main (2d34b4657aa5290948da9a07cb31764a12c12994)
Operating system: Linux
Architecture: X86

Last updated: Nov 22 2024 at 16:03 UTC

Stream: git-wasmtime

Topic: wasmtime / issue #6640 Cranelift: Wrong result on `tail` ...

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:51):

.clif Test Case

Steps to Reproduce

Expected Results

Actual Results

Versions and Environment

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:51):

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:51):

.clif Test Case

Steps to Reproduce

Expected Results

Actual Results

Versions and Environment

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:51):

.clif Test Case

Steps to Reproduce

Expected Results

Actual Results

Versions and Environment

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:52):

.clif Test Case

Steps to Reproduce

Expected Results

Actual Results

Versions and Environment

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:58):

.clif Test Case

Steps to Reproduce

Expected Results

Actual Results

Versions and Environment

Wasmtime GitHub notifications bot (Jun 24 2023 at 11:59):

.clif Test Case

Steps to Reproduce

Expected Results

Actual Results

Versions and Environment

Wasmtime GitHub notifications bot (Jun 26 2023 at 21:49):

Wasmtime GitHub notifications bot (Jun 26 2023 at 22:16):

Wasmtime GitHub notifications bot (Jun 27 2023 at 17:39):

Wasmtime GitHub notifications bot (Jun 27 2023 at 20:14):

.clif Test Case

Steps to Reproduce

Expected Results

Actual Results

Versions and Environment

`.clif` Test Case

`.clif` Test Case

`.clif` Test Case

`.clif` Test Case

`.clif` Test Case

`.clif` Test Case

`.clif` Test Case