wasm-micro-runtime icon indicating copy to clipboard operation
wasm-micro-runtime copied to clipboard
verified publisher icon bytecodealliance

Regarding the differences in execution results pertaining to “out of bounds memory access”

Open gaaraw opened this issue 4 months ago • 1 comments

Subject of the issue

Hello, when executing the same wasm program in the terminal, LLVM_JIT mode produces different results than other modes or runtime tools.

The details are as follows: LLVM_JIT successfully executes the program and the exit status code is 0. But FAST_JIT, wasmer, wasmtime, and wasmedge all output "out of bounds memory access" information.

Error cause: There are two sets of corresponding wasm and wat files in the test_case.zip. Among them pr41239_test.wasm caused behavior inconsistencies, and pr41239.wasm was successfully executed. The only difference between the two sets of files is line 15 of the wat file, the i32.load directive:

# pr41239.wat
15    (i32.load
16        (i32.const 1056))

# pr41239_test.wat
15    (i32.load offset=5955
16        (i32.sub
17            (i32.const 1056)
18            (i32.const 5955)))

Test case

test_case.zip

Your environment

  • WAMR: 2.4.0
  • wasmer: 6.0.1
  • wasmtime: 35.0.0 (9c2e6f17c 2025-06-17)
  • wasmedge: 0.15.0-alpha.4-5-g7491f8c7
  • wabt: 1.0.27
  • llvm: 18.1.8
  • Host OS: Ubuntu 22.04.5 LTS x64
  • CPU: 11th Gen Intel® Core™ i7-11700 @ 2.50GHz × 16

All runtime tools are the default release build.

Steps to reproduce

# wasm2wat
wasm2wat -f pr41239.wasm -o pr41239.wat
# wat2wasm
wat2wasm pr41239_test.wat -o pr41239_test.wasm
# run wasm file
/path/to/build_llvm_jit/iwasm pr41239_test.wasm
/path/to/build_fast_jit/iwasm pr41239_test.wasm
/path/to/wasmer run pr41239_test.wasm
/path/to/wasmtime pr41239_test.wasm
/path/to/wasmedge --enable-jit pr41239_test.wasm

Expected behavior

In pr41239_test.wat, the base address of i32.load is out of bounds when interpreted as a 32-bit unsigned integer. The actual address after adding the offset is still out of bounds. So the Out of Bounds Memory Access error should be triggered.

Actual behavior

LLVM_JIT successfully executes the program and the exit status code is 0.

Extra Info

If you need any other relevant information, please let me know and I will do my best to provide it. Looking forward to your reply! Thank you!

gaaraw avatar Aug 22 '25 02:08 gaaraw

similar to https://github.com/bytecodealliance/wasm-micro-runtime/issues/4481 load and no use after may cause llvm jit opt it out

TianlongLiang avatar Aug 28 '25 00:08 TianlongLiang