wasmtime / issue #8131 Cranelift: riscv64 showing wrong r... · git-wasmtime

Stream: git-wasmtime

Topic: wasmtime / issue #8131 Cranelift: riscv64 showing wrong r...

Wasmtime GitHub notifications bot (Mar 14 2024 at 13:11):

candymate added the cranelift label to Issue #8131.

Wasmtime GitHub notifications bot (Mar 14 2024 at 13:11):

candymate added the bug label to Issue #8131.

Wasmtime GitHub notifications bot (Mar 14 2024 at 13:11):

candymate opened issue #8131:

Test Case

// main.rs
use wasmtime::*;

fn main() -> Result<()> {
    let mut config = Config::default();
    config.strategy(Strategy::Cranelift);
    config.cranelift_opt_level(OptLevel::None);

    let engine = Engine::new(&config)?;
    let wat = r#"
    (module
        (type (;0;) (func (param v128) (result v128)))
        (import "mem" "mem" (memory (;0;) 1))
        (func (;0;) (type 0) (param v128) (result v128)
          local.get 0
          v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000
          local.get 0
          local.get 0
          f64x2.eq
          v128.bitselect)
        (export "main" (func 0)))
    "#;
    let module = Module::new(&engine, wat)?;
    let mut store = Store::new(&engine, ());

    let memory_ty = MemoryType::new(1, None);
    let memory = Memory::new(&mut store, memory_ty.clone())?;

    let instance = Instance::new(&mut store, &module, &[memory.into()])?;
    let main = instance.get_func(&mut store, "main")
        .expect("`main` was not an exported function");
    let params = vec![
        Val::V128(0x80808080808080808080808080808080.into()),
    ];
    let mut results = vec![Val::V128(0.into())];
    println!("Opt level None: {:?}", main.call(
        &mut store,
        &params,
        &mut results
    ));
    println!("{:?}", results);

    Ok(())
}

[package]
name = "wasmtime-wrapper"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
# wasmtime = "18.0.3"
wasmtime = { path = "../wasmtime/crates/wasmtime" } # commit: 5a342c8b8610dfda97810ad0e9ec4f481aeb908a (current latest, Date:   Wed Mar 13 16:59:43 2024 -0700)

Steps to reproduce

Compare the following executions:

cargo run --release
cargo run --release --target=riscv64gc-unknown-linux-gnu

QEMU run options (riscv64) I'm currently using is the following:

qemu-riscv64 -cpu rv64,v=true,vlen=128,vext_spec=v1.0,zba=true,zbb=true,zbs=true,zbc=true,zbkb=true,zcb=true,zicond=true -L /usr/riscv64-linux-gnu -E LD_LIBRARY_PATH=/usr/riscv64-linux-gnu/lib -E WASMTIME_TEST_NO_HOG_MEMORY=1 target/riscv64gc-unknown-linux-gnu/release/wasmtime-wrapper

Expected Results

RISC-V result should result in the value 0x80808080808080808080808080808080

Opt level None: Ok(())
[V128(170808403787765189503184116671632670848)]

Actual Results

Execution results in 16-bit truncated value 0x8080

Opt level None: Ok(())
[V128(32896)]

Versions and Environment

wasmtime version
- commit: 5a342c8b8610dfda97810ad0e9ec4f481aeb908a (current latest, Date: Wed Mar 13 16:59:43 2024 -0700)
- However, also checked on v18.0.3
Operating system & architecture: Ubuntu 22.04.3 LTS, Arch: x86_64
QEMU version: qemu-riscv64 version 8.2.1 (v8.2.1)

Extra Info

Does not work on other architectures (x86_64, aarch64, s390x)

Wasmtime GitHub notifications bot (Mar 14 2024 at 14:11):

fitzgen commented on issue #8131:

@candymate, thanks for another bug report!

Since you're on a fuzzing campaign for Wasmtime right now, I want to make sure that you have seen our cheat sheet for what we consider to be a security bug vs not. This way, for any new bugs you find in the future, if you think that they might be considered security vulnerabilities, you can responsibly report them as described in https://bytecodealliance.org/security

Thanks!

(FWIW, based on your bug report, I don't think this one is considered a vulnerability.)

Wasmtime GitHub notifications bot (Mar 14 2024 at 15:53):

alexcrichton commented on issue #8131:

I'll echo the thanks as well, this is very much appreciated!

I'll also offer that if y'all have any issues with Wasmtime/fuzzing/etc we'd be happy to chat, either here on GitHub, on Zulip, or over email.

Wasmtime GitHub notifications bot (Mar 14 2024 at 15:53):

alexcrichton added the fuzz-bug label to Issue #8131.

Wasmtime GitHub notifications bot (Mar 14 2024 at 15:53):

alexcrichton added the cranelift:area:riscv64 label to Issue #8131.

Wasmtime GitHub notifications bot (Mar 14 2024 at 15:53):

alexcrichton added the wasm-proposal:simd label to Issue #8131.

Wasmtime GitHub notifications bot (Mar 14 2024 at 18:01):

alexcrichton closed issue #8131:

Test Case

// main.rs
use wasmtime::*;

fn main() -> Result<()> {
    let mut config = Config::default();
    config.strategy(Strategy::Cranelift);
    config.cranelift_opt_level(OptLevel::None);

    let engine = Engine::new(&config)?;
    let wat = r#"
    (module
        (type (;0;) (func (param v128) (result v128)))
        (import "mem" "mem" (memory (;0;) 1))
        (func (;0;) (type 0) (param v128) (result v128)
          local.get 0
          v128.const i32x4 0x00000000 0x00000000 0x00000000 0x00000000
          local.get 0
          local.get 0
          f64x2.eq
          v128.bitselect)
        (export "main" (func 0)))
    "#;
    let module = Module::new(&engine, wat)?;
    let mut store = Store::new(&engine, ());

    let memory_ty = MemoryType::new(1, None);
    let memory = Memory::new(&mut store, memory_ty.clone())?;

    let instance = Instance::new(&mut store, &module, &[memory.into()])?;
    let main = instance.get_func(&mut store, "main")
        .expect("`main` was not an exported function");
    let params = vec![
        Val::V128(0x80808080808080808080808080808080.into()),
    ];
    let mut results = vec![Val::V128(0.into())];
    println!("Opt level None: {:?}", main.call(
        &mut store,
        &params,
        &mut results
    ));
    println!("{:?}", results);

    Ok(())
}

[package]
name = "wasmtime-wrapper"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
# wasmtime = "18.0.3"
wasmtime = { path = "../wasmtime/crates/wasmtime" } # commit: 5a342c8b8610dfda97810ad0e9ec4f481aeb908a (current latest, Date:   Wed Mar 13 16:59:43 2024 -0700)

Steps to reproduce

Compare the following executions:

cargo run --release
cargo run --release --target=riscv64gc-unknown-linux-gnu

QEMU run options (riscv64) I'm currently using is the following:

qemu-riscv64 -cpu rv64,v=true,vlen=128,vext_spec=v1.0,zba=true,zbb=true,zbs=true,zbc=true,zbkb=true,zcb=true,zicond=true -L /usr/riscv64-linux-gnu -E LD_LIBRARY_PATH=/usr/riscv64-linux-gnu/lib -E WASMTIME_TEST_NO_HOG_MEMORY=1 target/riscv64gc-unknown-linux-gnu/release/wasmtime-wrapper

Expected Results

RISC-V result should result in the value 0x80808080808080808080808080808080

Opt level None: Ok(())
[V128(170808403787765189503184116671632670848)]

Actual Results

Execution results in 16-bit truncated value 0x8080

Opt level None: Ok(())
[V128(32896)]

Versions and Environment

wasmtime version
- commit: 5a342c8b8610dfda97810ad0e9ec4f481aeb908a (current latest, Date: Wed Mar 13 16:59:43 2024 -0700)
- However, also checked on v18.0.3
Operating system & architecture: Ubuntu 22.04.3 LTS, Arch: x86_64
QEMU version: qemu-riscv64 version 8.2.1 (v8.2.1)

Extra Info

Does not work on other architectures (x86_64, aarch64, s390x)

Last updated: Oct 23 2024 at 20:03 UTC