wasmtime icon indicating copy to clipboard operation
wasmtime copied to clipboard

Published 20 hours ago verified publisher icon bytecodealliance

cranelift-fuzzgen: Differing values assertion tripping

Open alexcrichton opened this issue 3 years ago • 2 comments
trafficstars

Given this input: input.gz on the current main branch (650979ae405afc8b87935172189774cb1f24a8a3) this yields:

$ cargo +nightly fuzz run --strip-dead-code --no-default-features -s none cranelift-fuzzgen ./input
    Finished release [optimized] target(s) in 0.13s
    Finished release [optimized] target(s) in 0.12s
     Running `target/aarch64-unknown-linux-gnu/release/cranelift-fuzzgen -artifact_prefix=/home/acrichto/code/wasmtime/fuzz/artifacts/cranelift-fuzzgen/ ./clusterfuzz-testcase-minimized-cranelift-fuzzgen-5103368686665728`
WARNING: Failed to find function "__sanitizer_acquire_crash_state".
WARNING: Failed to find function "__sanitizer_print_stack_trace".
WARNING: Failed to find function "__sanitizer_set_death_callback".
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 2178409417
INFO: Loaded 1 modules   (57039 inline 8-bit counters): 57039 [0xaaaadf42dbd8, 0xaaaadf43baa7),
INFO: Loaded 1 PC tables (57039 PCs): 57039 [0xaaaadf43baa8,0xaaaadf51a798),
target/aarch64-unknown-linux-gnu/release/cranelift-fuzzgen: Running 1 inputs 1 time(s) each.
Running: ./clusterfuzz-testcase-minimized-cranelift-fuzzgen-5103368686665728
thread '<unnamed>' panicked at 'assertion failed: `(left == right)`
  left: `[I32(-1019936512), B(false), B(false), I8(-126), F32(Ieee32(9013641)), I128(7036874417766400), I16(0), I128(7036874417766400), I8(-126), I32(-1019936512), B(false), I8(-126), F32(Ieee32(9013641)), I128(7036874417766400), I8(-126), I64(-9079256848775774208)]`,
 right: `[I32(-1019936512), B(false), B(false), I8(-126), F32(Ieee32(9013641)), I128(7036874417766400), I16(0), I128(7036874417766400), I8(0), I32(-1983678781), B(false), I8(0), F32(Ieee32(3279340483)), I128(7036874417766400), I8(0), I64(-9079256848775774208)]`', fuzz/fuzz_targets/cranelift-fuzzgen.rs:102:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==34721== ERROR: libFuzzer: deadly signal
NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
────────────────────────────────────────────────────────────────────────────────

cc @afonso360

alexcrichton avatar Aug 08 '22 17:08 alexcrichton

This is related to / a dup of #4568 .

@cfallin would you be able to take a look at that issue and provide some input as to how we should proceed?

afonso360 avatar Aug 09 '22 10:08 afonso360

@afonso360 just noted on that issue -- I agree with the proposed fix to i128-constant semantics.

cfallin avatar Aug 09 '22 18:08 cfallin