fuzzgen: Add stack map variables #8941

afonso360 · 2024-07-11T18:08:29Z

👋 Hey,

This PR adds the new variable stack map apis (added in #8937) to cranelift fuzzgen.

I've tried to fuzz this for a bit, but it seems to generate invalid functions that don't pass the validator. I don't know enough about how stackmaps work to debug this. (cc @fitzgen)

I also don't know if this feature is ready for fuzzing yet, so if it isn't let me know!

Here's one of the fuzz bugs:

Panic

thread '<unnamed>' panicked at fuzz/fuzz_targets/cranelift-fuzzgen.rs:402:14:
called `Result::unwrap()` on an `Err` value: Compilation error: Verifier errors

Caused by:
    0: Verifier errors
    1: - inst10 (stack_store.f32 v24, ss1): uses value v24 from non-dominating inst6

base64

/34Vbf91NDQzW23Ny8vLNMvFNDQ3ycvKLjg4ODg4ODAwMHIwMTUxbTMwMDL/Gv8jygI0ODh4MDAwcjAxNTFtMzAwMv8CNDQ0eHg0NDQjygD///8+Pl0+Pj4+PgEBAQEBAQH3AQ==

CLIF

test interpret
test run
set probestack_size_log2=11
set probestack_strategy=inline
set enable_safepoints=true
set enable_llvm_abi_extensions=true
set preserve_frame_pointers=true
set machine_code_cfg_info=true
set enable_probestack=true
set enable_jump_tables=false
set enable_heap_access_spectre_mitigation=false
set enable_incremental_compilation_cache_checks=true
target x86_64 has_sse3 has_ssse3 has_sse41 has_sse42 has_avx has_avx2 has_fma has_popcnt has_bmi1 has_bmi2 has_lzcnt 

function u1:0(i64x2, i16 uext, f32, f64x2, i32x4, i32x4, f32x4, i16x8, i8 sext, i32x4, i8x16, i32 uext, i128, i64 sext) -> i32x4, i32x4, i64x2, i32x4, i64x2, i16 uext, f32, f64x2, i32x4, i32x4, f32x4, i16x8 fast {
    ss0 = explicit_slot 2, align = 2
    ss1 = explicit_slot 4, align = 4
    ss2 = explicit_slot 16, align = 16
    sig0 = (f32) -> f32 system_v
    sig1 = (f64) -> f64 system_v
    sig2 = (f32) -> f32 system_v
    sig3 = (f64) -> f64 system_v
    sig4 = (f32) -> f32 system_v
    sig5 = (f64) -> f64 system_v
    fn0 = %CeilF32 sig0
    fn1 = %CeilF64 sig1
    fn2 = %FloorF32 sig2
    fn3 = %FloorF64 sig3
    fn4 = %TruncF32 sig4
    fn5 = %TruncF64 sig5

block0(v0: i64x2, v1: i16, v2: f32, v3: f64x2, v4: i32x4, v5: i32x4, v6: f32x4, v7: i16x8, v8: i8, v9: i32x4, v10: i8x16, v11: i32, v12: i128, v13: i64):
    v22 -> v0
    v23 -> v1
    v25 -> v3
    v26 -> v6
    v27 -> v7
    v15 = iconst.i16 257
    v16 = iconst.i8 0
    v17 = iconst.i16 0
    v18 = iconst.i32 0
    v19 = iconst.i64 0
    v20 = uextend.i128 v19  ; v19 = 0
    stack_store v23, ss0
    stack_store v24, ss1
    stack_store v22, ss2
    v21 = call fn0(v2), stack_map=[i16 @ ss0+0, f32 @ ss1+0, i64x2 @ ss2+0]
    v24 -> v21
    brif v8, block1(v4), block1(v4)

block1(v14: i32x4):
    return v14, v14, v22, v14, v22, v23, v24, v25, v14, v14, v26, v27
}


; Note: the results in the below test cases are simply a placeholder and probably will be wrong

; run: u1:0(0x00000000000000000000000000000000, 0, 0.0, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0, 0, 0) == [0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0, 0.0, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000]

fitzgen · 2024-07-11T18:11:34Z

Thanks Afonso!!

I'll take a look a little later today.

fitzgen · 2024-07-12T16:50:02Z

I have a fix, PR incoming.

This fixes a fuzz bug found in the development of bytecodealliance#8941

fitzgen · 2024-07-12T16:58:54Z

I have a fix, PR incoming.

#8945

fitzgen · 2024-07-12T17:00:43Z

I've been running cranelift-fuzzgen with this branch and my fix from that other PR for a little while and nothing else has turned up, so we can probably land this PR as soon as the other lands.

cranelift/fuzzgen/src/function_generator.rs

* Refactor the internals of `FunctionBuilder::insert_safepoint_spills` into a few smaller methods * Initialize a logger for the `cranelift-fuzzgen` fuzz target * Resolve aliases before inserting values into the live set This fixes a fuzz bug found in the development of #8941

afonso360 · 2024-07-13T21:02:56Z

Running it locally seems to have run into another crash, this one quite a bit larger. It also doesn't seem to minimize well.

base64

/0DfRUooLS0tNEsASwBLS0sxDUt1MUs6/w0KS7//AMgh/4hbAy76HwGo/wL/LHv/fv9/KwD2ODg4ODhVN0I4ODgBAAATODgxAADvFv9A30VKMS0tLS0wSwBJAEtLC7kAS0tLDUtLDQL/v/8AyCGI2FsDLvofAaj/Av9Me3p+/38AAPY0NDgyNjGcnJycnJxenAAAAAAAAAAQAAAAC7kAS0sAAIEAgAgAEx8fHx/X4ODgHwAfHx8fHx8fHx8fHx8lH4j//w0DA9HR0dHR0dHR0dHR0dHRwtHRODg4GDAwMHIwMRM7AP8oAP8fRT7IyE0BKP8Cfv9b/3p/AAAALAHqAPr//5wB9wD/3/v7+/v7+wD2ODg4AQAAA//83P8oRT7IyE0AOwAFABcAAAAA8N0S3QMyAABiYmJiY2JiOhEREf4f3t7f4v8OHQAAAAAAFDQ0GjRHMCol7QAMDv////////8R/8vINADSKzQ1M7HNz8g7GwUAAW3/Kho0NGxsMQcAAAD+/v4BAQF57+pF///v6kVFRUUAgICAgICAAA7PAACTMJNFRUWf

Panic

Running: fuzz/artifacts/cranelift-fuzzgen/crash-64fe78830d244b9bce1bd3fbfa0e14cceff1242c
thread '<unnamed>' panicked at fuzz/fuzz_targets/cranelift-fuzzgen.rs:403:14:
called `Result::unwrap()` on an `Err` value: Compilation error: Verifier errors

Caused by:
    0: Verifier errors
    1: - inst263 (stack_store.i32 v178, ss6+4): uses value arg from non-dominating block3
       
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
==14905== ERROR: libFuzzer: deadly signal
NOTE: libFuzzer has rudimentary signal handlers.
      Combine libFuzzer with AddressSanitizer or similar for better crash reports.

Clif


;; Run test case

test interpret
test run
set opt_level=speed
set bb_padding_log2_minus_one=10
set enable_safepoints=true
set enable_llvm_abi_extensions=true
set unwind_info=false
set machine_code_cfg_info=true
target x86_64 has_sse3 has_ssse3 has_sse41 has_sse42 has_avx has_avx2 has_fma has_popcnt has_bmi1 has_bmi2 has_lzcnt 

function u1:0(i8 sext, i8x16, i64 uext, i16 sext, i16x8, i32 sext, f32, f64, i16x8, i32x4, i16x8, i64x2, i128 sext, f64x2, i128, i128) tail {
    ss0 = explicit_slot 76, align = 512
    ss1 = explicit_slot 59, align = 32
    ss2 = explicit_slot 0, align = 2
    ss3 = explicit_slot 126, align = 512
    ss4 = explicit_slot 52, align = 256
    ss5 = explicit_slot 108, align = 32
    ss6 = explicit_slot 8, align = 4
    ss7 = explicit_slot 16, align = 8
    ss8 = explicit_slot 80, align = 16
    sig0 = (f32) -> f32 system_v
    sig1 = (f64) -> f64 system_v
    sig2 = (f32) -> f32 system_v
    sig3 = (f64) -> f64 system_v
    sig4 = (f32) -> f32 system_v
    sig5 = (f64) -> f64 system_v
    fn0 = %CeilF32 sig0
    fn1 = colocated %CeilF64 sig1
    fn2 = colocated %FloorF32 sig2
    fn3 = %FloorF64 sig3
    fn4 = %TruncF32 sig4
    fn5 = %TruncF64 sig5

block0(v0: i8, v1: i8x16, v2: i64, v3: i16, v4: i16x8, v5: i32, v6: f32, v7: f64, v8: i16x8, v9: i32x4, v10: i16x8, v11: i64x2, v12: i128, v13: f64x2, v14: i128, v15: i128):
    v32 = iconst.i8 0
    v33 = iconst.i16 0
    v34 = iconst.i32 0
    v35 = iconst.i64 0
    v36 = uextend.i128 v35  ; v35 = 0
    v37 = stack_addr.i64 ss4
    store notrap v36, v37
    v38 = stack_addr.i64 ss4+16
    store notrap v36, v38
    v39 = stack_addr.i64 ss4+32
    store notrap v36, v39
    v40 = stack_addr.i64 ss4+48
    store notrap v34, v40  ; v34 = 0
    v41 = stack_addr.i64 ss1
    store notrap heap v36, v41
    v42 = stack_addr.i64 ss1+16
    store notrap heap v36, v42
    v43 = stack_addr.i64 ss1+32
    store notrap heap v36, v43
    v44 = stack_addr.i64 ss1+48
    store notrap heap v35, v44  ; v35 = 0
    v45 = stack_addr.i64 ss1+56
    store notrap heap v33, v45  ; v33 = 0
    v46 = stack_addr.i64 ss1+58
    store notrap heap v32, v46  ; v32 = 0
    v47 = stack_addr.i64 ss0
    store notrap v36, v47
    v48 = stack_addr.i64 ss0+16
    store notrap v36, v48
    v49 = stack_addr.i64 ss0+32
    store notrap v36, v49
    v50 = stack_addr.i64 ss0+48
    store notrap v36, v50
    v51 = stack_addr.i64 ss0+64
    store notrap v35, v51  ; v35 = 0
    v52 = stack_addr.i64 ss0+72
    store notrap v34, v52  ; v34 = 0
    v53 = stack_addr.i64 ss5
    store notrap vmctx v36, v53
    v54 = stack_addr.i64 ss5+16
    store notrap vmctx v36, v54
    v55 = stack_addr.i64 ss5+32
    store notrap vmctx v36, v55
    v56 = stack_addr.i64 ss5+48
    store notrap vmctx v36, v56
    v57 = stack_addr.i64 ss5+64
    store notrap vmctx v36, v57
    v58 = stack_addr.i64 ss5+80
    store notrap vmctx v36, v58
    v59 = stack_addr.i64 ss5+96
    store notrap vmctx v35, v59  ; v35 = 0
    v60 = stack_addr.i64 ss5+104
    store notrap vmctx v34, v60  ; v34 = 0
    v61 = stack_addr.i64 ss3
    store notrap table v36, v61
    v62 = stack_addr.i64 ss3+16
    store notrap table v36, v62
    v63 = stack_addr.i64 ss3+32
    store notrap table v36, v63
    v64 = stack_addr.i64 ss3+48
    store notrap table v36, v64
    v65 = stack_addr.i64 ss3+64
    store notrap table v36, v65
    v66 = stack_addr.i64 ss3+80
    store notrap table v36, v66
    v67 = stack_addr.i64 ss3+96
    store notrap table v36, v67
    v68 = stack_addr.i64 ss3+112
    store notrap table v35, v68  ; v35 = 0
    v69 = stack_addr.i64 ss3+120
    store notrap table v34, v69  ; v34 = 0
    v70 = stack_addr.i64 ss3+124
    store notrap table v33, v70  ; v33 = 0
    v71 = stack_addr.i64 ss3
    v72 = load.i64x2 table v71+17
    v73 = stack_addr.i64 ss5+27
    v74 = sload8.i64 vmctx v73
    v75 = insertlane v9, v5, 0
    v76 = stack_addr.i64 ss0+69
    v77 = sload16.i32 v76+1
    v78 = icmp_imm uge v0, 168
    brif v78, block7, block6

block7:
    v79 = icmp_imm.i8 uge v0, 215
    brif v79, block9, block8

block9:
    v80 = icmp_imm.i8 eq v0, 250
    brif v80, block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block10

block10:
    v81 = icmp_imm.i8 uge v0, 215
    brif v81, block11, block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3)

block11:
    v82 = iadd_imm.i8 v0, -215
    v83 = uextend.i32 v82
    br_table v83, block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), [block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3)]

block8:
    v84 = icmp_imm.i8 uge v0, 185
    brif v84, block13, block12

block13:
    v85 = iadd_imm.i8 v0, -185
    v86 = uextend.i32 v85
    br_table v86, block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), [block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3)]

block12:
    v87 = icmp_imm.i8 eq v0, 168
    brif v87, block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3)

block6:
    v88 = icmp_imm.i8 uge v0, 91
    brif v88, block15, block14

block15:
    v89 = icmp_imm.i8 uge v0, 128
    brif v89, block17, block16

block17:
    v90 = iadd_imm.i8 v0, -128
    v91 = uextend.i32 v90
    br_table v91, block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), [block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3)]

block16:
    v92 = icmp_imm.i8 eq v0, 91
    brif v92, block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3)

block14:
    v93 = icmp_imm.i8 eq v0, 75
    brif v93, block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block18

block18:
    v94 = uextend.i32 v0
    br_table v94, block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), [block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block1(v74, v6, v12, v77, v75, v72, v7, v0, v4, v3), block3(v77, v12, v75, v72, v7, v0, v4, v74, v6, v3)]

block1(v96: i64, v97: f32, v101: i128, v102: i32, v103: i32x4, v104: i64x2, v105: f64, v106: i8, v107: i16x8, v193: i16) cold:
    v108 -> v193
    v95 = stack_addr.i64 ss4
    istore32 v96, v95
    stack_store v102, ss6
    stack_store.i32 v178, ss6+4
    stack_store v105, ss7
    stack_store.f64 v182, ss7+8
    stack_store v101, ss8
    stack_store v103, ss8+16
    stack_store v104, ss8+32
    stack_store.i128 v179, ss8+48
    stack_store.i64x2 v181, ss8+64
    v98 = call fn0(v97), stack_map=[i32 @ ss6+0, i32 @ ss6+4, f64 @ ss7+0, f64 @ ss7+8, i128 @ ss8+0, i32x4 @ ss8+16, i64x2 @ ss8+32, i128 @ ss8+48, i64x2 @ ss8+64]
    stack_store v102, ss6
    stack_store.i32 v178, ss6+4
    stack_store v105, ss7
    stack_store.f64 v182, ss7+8
    stack_store v101, ss8
    stack_store v103, ss8+16
    stack_store v104, ss8+32
    stack_store.i128 v179, ss8+48
    stack_store.i64x2 v181, ss8+64
    v99 = call fn0(v98), stack_map=[i32 @ ss6+0, i32 @ ss6+4, f64 @ ss7+0, f64 @ ss7+8, i128 @ ss8+0, i32x4 @ ss8+16, i64x2 @ ss8+32, i128 @ ss8+48, i64x2 @ ss8+64]
    stack_store v102, ss6
    stack_store.i32 v178, ss6+4
    stack_store v105, ss7
    stack_store.f64 v182, ss7+8
    stack_store v101, ss8
    stack_store v103, ss8+16
    stack_store v104, ss8+32
    stack_store.i128 v179, ss8+48
    stack_store.i64x2 v181, ss8+64
    v100 = call fn0(v99), stack_map=[i32 @ ss6+0, i32 @ ss6+4, f64 @ ss7+0, f64 @ ss7+8, i128 @ ss8+0, i32x4 @ ss8+16, i64x2 @ ss8+32, i128 @ ss8+48, i64x2 @ ss8+64]
    brif v106, block2(v101, v101), block5(v102, v101, v103, v104, v105, v105, v105, v105, v103, v104, v106, v107, v106)

block2(v16: i128, v17: i128):
    v109 = icmp_imm.i16 uge v108, 0x6362
    brif v109, block20, block19

block20:
    v110 = icmp_imm.i16 uge v108, 0xf0dd
    brif v110, block22, block21

block22:
    v111 = icmp_imm.i16 uge v108, 0xff0d
    brif v111, block24, block23

block24:
    v112 = icmp_imm.i16 uge v108, 0xff9c
    brif v112, block26, block25

block26:
    v113 = icmp_imm.i16 uge v108, 0xfffc
    brif v113, block28, block27

block28:
    v114 = iadd_imm.i16 v108, 0xffff_ffff_ffff_0004
    v115 = uextend.i32 v114
    br_table v115, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block27:
    v116 = icmp_imm.i16 eq v108, 0xff9c
    brif v116, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block25:
    v117 = icmp_imm.i16 eq v108, 0xff5b
    brif v117, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block29

block29:
    v118 = icmp_imm.i16 eq v108, 0xff0d
    brif v118, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block23:
    v119 = icmp_imm.i16 uge v108, 0xfb00
    brif v119, block31, block30

block31:
    v120 = icmp_imm.i16 eq v108, 0xfbfb
    brif v120, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block32

block32:
    v121 = icmp_imm.i16 uge v108, 0xfb00
    brif v121, block33, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block33:
    v122 = iadd_imm.i16 v108, 0xffff_ffff_ffff_0500
    v123 = uextend.i32 v122
    br_table v123, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block30:
    v124 = icmp_imm.i16 eq v108, 0xf700
    brif v124, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block34

block34:
    v125 = icmp_imm.i16 uge v108, 0xf0dd
    brif v125, block35, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block35:
    v126 = iadd_imm.i16 v108, 0xffff_ffff_ffff_0f23
    v127 = uextend.i32 v126
    br_table v127, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block21:
    v128 = icmp_imm.i16 uge v108, 0xc84d
    brif v128, block37, block36

block37:
    v129 = icmp_imm.i16 uge v108, 0xdffb
    brif v129, block39, block38

block39:
    v130 = icmp_imm.i16 uge v108, 0xea00
    brif v130, block41, block40

block41:
    v131 = iadd_imm.i16 v108, 0xffff_ffff_ffff_1600
    v132 = uextend.i32 v131
    br_table v132, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block40:
    v133 = icmp_imm.i16 eq v108, 0xdffb
    brif v133, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block38:
    v134 = icmp_imm.i16 eq v108, 0xd1d1
    brif v134, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block42

block42:
    v135 = icmp_imm.i16 uge v108, 0xc84d
    brif v135, block43, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block43:
    v136 = iadd_imm.i16 v108, 0xffff_ffff_ffff_37b3
    v137 = uextend.i32 v136
    br_table v137, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block36:
    v138 = icmp_imm.i16 eq v108, 0xc2d1
    brif v138, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block44

block44:
    v139 = icmp_imm.i16 uge v108, 0x7a7f
    brif v139, block46, block45

block46:
    v140 = iadd_imm.i16 v108, 0xffff_ffff_ffff_8581
    v141 = uextend.i32 v140
    br_table v141, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block45:
    v142 = icmp_imm.i16 uge v108, 0x6362
    brif v142, block47, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block47:
    v143 = iadd_imm.i16 v108, 0xffff_ffff_ffff_9c9e
    v144 = uextend.i32 v143
    br_table v144, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block19:
    v145 = icmp_imm.i16 uge v108, 0x2800
    brif v145, block49, block48

block49:
    v146 = icmp_imm.i16 uge v108, 0x3030
    brif v146, block51, block50

block51:
    v147 = icmp_imm.i16 uge v108, 0x3b00
    brif v147, block53, block52

block53:
    v148 = icmp_imm.i16 uge v108, 0x6262
    brif v148, block55, block54

block55:
    v149 = iadd_imm.i16 v108, 0xffff_ffff_ffff_9d9e
    v150 = uextend.i32 v149
    br_table v150, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block54:
    v151 = icmp_imm.i16 eq v108, 0x3b00
    brif v151, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block52:
    v152 = icmp_imm.i16 uge v108, 0x3838
    brif v152, block57, block56

block57:
    v153 = iadd_imm.i16 v108, 0xffff_ffff_ffff_c7c8
    v154 = uextend.i32 v153
    br_table v154, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block56:
    v155 = icmp_imm.i16 uge v108, 0x3030
    brif v155, block58, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block58:
    v156 = iadd_imm.i16 v108, 0xffff_ffff_ffff_cfd0
    v157 = uextend.i32 v156
    br_table v157, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block50:
    v158 = icmp_imm.i16 uge v108, 0x28ff
    brif v158, block60, block59

block60:
    v159 = iadd_imm.i16 v108, 0xffff_ffff_ffff_d701
    v160 = uextend.i32 v159
    br_table v160, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block59:
    v161 = icmp_imm.i16 uge v108, 0x2845
    brif v161, block62, block61

block62:
    v162 = iadd_imm.i16 v108, 0xffff_ffff_ffff_d7bb
    v163 = uextend.i32 v162
    br_table v163, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block61:
    v164 = icmp_imm.i16 eq v108, 0x2800
    brif v164, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block48:
    v165 = icmp_imm.i16 uge v108, 977
    brif v165, block64, block63

block64:
    v166 = icmp_imm.i16 uge v108, 8005
    brif v166, block66, block65

block66:
    v167 = icmp_imm.i16 eq v108, 8072
    brif v167, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block67

block67:
    v168 = icmp_imm.i16 uge v108, 8005
    brif v168, block68, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block68:
    v169 = iadd_imm.i16 v108, -8005
    v170 = uextend.i32 v169
    br_table v170, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block65:
    v171 = icmp_imm.i16 eq v108, 4369
    brif v171, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block69

block69:
    v172 = icmp_imm.i16 eq v108, 977
    brif v172, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)

block63:
    v173 = icmp_imm.i16 uge v108, 818
    brif v173, block71, block70

block71:
    v174 = iadd_imm.i16 v108, -818
    v175 = uextend.i32 v174
    br_table v175, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block70:
    v176 = icmp_imm.i16 eq v108, 44
    brif v176, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block72

block72:
    v177 = uextend.i32 v108
    br_table v177, block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), [block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108), block3(v102, v17, v103, v104, v105, v106, v107, v96, v100, v108)]

block3(v178: i32, v179: i128, v180: i32x4, v181: i64x2, v182: f64, v183: i8, v184: i16x8, v191: i64, v192: f32, v194: i16) cold:
    v185 -> v178
    v186 -> v179
    v187 -> v181
    v188 -> v182
    v189 -> v183
    v190 -> v184
    br_table v178, block4(v180), [block5(v178, v179, v180, v181, v182, v182, v182, v182, v180, v181, v183, v184, v183), block4(v180), block4(v180), block1(v191, v192, v179, v178, v180, v181, v182, v183, v184, v194), block4(v180), block5(v178, v179, v180, v181, v182, v182, v182, v182, v180, v181, v183, v184, v183), block5(v178, v179, v180, v181, v182, v182, v182, v182, v180, v181, v183, v184, v183), block4(v180), block5(v178, v179, v180, v181, v182, v182, v182, v182, v180, v181, v183, v184, v183), block5(v178, v179, v180, v181, v182, v182, v182, v182, v180, v181, v183, v184, v183), block5(v178, v179, v180, v181, v182, v182, v182, v182, v180, v181, v183, v184, v183), block4(v180), block4(v180), block5(v178, v179, v180, v181, v182, v182, v182, v182, v180, v181, v183, v184, v183)]

block4(v18: i32x4):
    jump block5(v185, v186, v18, v187, v188, v188, v188, v188, v18, v187, v189, v190, v189)

block5(v19: i32, v20: i128, v21: i32x4, v22: i64x2, v23: f64, v24: f64, v25: f64, v26: f64, v27: i32x4, v28: i64x2, v29: i8, v30: i16x8, v31: i8) cold:
    return
}


; Note: the results in the below test cases are simply a placeholder and probably will be wrong

; run: u1:0(0, 0x00000000000000000000000000000000, 0, 0, 0x00000000000000000000000000000000, 0, 0.0, 0.0, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0x00000000000000000000000000000000, 0, 0x00000000000000000000000000000000, 0, 0)

fitzgen · 2024-07-15T20:11:36Z

Running it locally seems to have run into another crash, this one quite a bit larger. It also doesn't seem to minimize well.

Taking a look, thanks!

fitzgen · 2024-07-15T20:18:12Z

@afonso360 huh, that input doesn't fail on de29ce3598 for me. Will try fuzzing for a while.

afonso360 · 2024-07-15T20:22:27Z

@fitzgen Oh, I pushed a new revision that changes the input format! You might want to force reset onto 635ea57

fitzgen · 2024-07-15T20:29:26Z

@fitzgen Oh, I pushed a new revision that changes the input format! You might want to force reset onto 635ea57

Huh. On top of 635ea57, I also don't get any fuzzing failures.

afonso360 · 2024-07-15T20:46:08Z

That is super weird 🤔 Can you run md5sum on the input file? I was able to reproduce with 3cc2b287a4ea60cdb54e87640f0ff0e5.

Otherwise, I have no idea why this wouldn't reproduce.

fitzgen · 2024-07-15T21:52:48Z

I'm indeed getting a different md5 sum, even when I re-create the file from the base64 again. Mind uploading the full input as an attachment?

afonso360 · 2024-07-15T22:14:09Z

Github doesn't seem to like files without extensions. Here's the original fuzz input
input.txt

fitzgen · 2024-07-22T20:27:34Z

After cherry picking #8978 onto this branch, the fuzz input no longer fails. Running a bit longer locally to see if anything else turns up.

fitzgen · 2024-07-23T19:13:13Z

Found another bug with this fuzzer overnight, fix over in #9000

Continuing to run the fuzzer now.

fitzgen · 2024-07-24T16:09:16Z

Thought I was in the clear after running the fuzzer all day yesterday without issue, but I woke up to a new fuzz bug.

fitzgen · 2024-07-24T17:59:59Z

Thought I was in the clear after running the fuzzer all day yesterday without issue, but I woke up to a new fuzz bug.

Turns out this was actually unrelated to safepoints/stack maps, but generating them in fuzzgen made it more likely to produce the specific shape of code required to trigger a pre-existing bug. Fix in #9003

fitzgen · 2024-07-24T18:10:40Z

At this point, I think we can go ahead and merge this PR and deal with any remaining issues as OSS-Fuzz finds them.

fitzgen · 2024-07-24T18:11:09Z

I'll enqueue this to merge after #9003 merges.

github-actions bot added the cranelift Issues related to the Cranelift code generator label Jul 11, 2024

fitzgen added a commit to fitzgen/wasmtime that referenced this pull request Jul 12, 2024

Resolve aliases before inserting values into the live set

cbbbe00

This fixes a fuzz bug found in the development of bytecodealliance#8941

fitzgen added a commit to fitzgen/wasmtime that referenced this pull request Jul 12, 2024

Resolve aliases before inserting values into the live set

f87db3d

This fixes a fuzz bug found in the development of bytecodealliance#8941

fitzgen mentioned this pull request Jul 12, 2024

Resolve aliases before inserting values into the live set #8945

Merged

fitzgen approved these changes Jul 12, 2024

View reviewed changes

cranelift/fuzzgen/src/function_generator.rs Outdated Show resolved Hide resolved

fuzzgen: Add stack map variables

635ea57

afonso360 force-pushed the fuzzgen-stack-maps branch from 45db6cb to 635ea57 Compare July 13, 2024 21:03

afonso360 marked this pull request as ready for review July 13, 2024 21:05

afonso360 requested a review from a team as a code owner July 13, 2024 21:05

afonso360 requested review from cfallin and removed request for a team July 13, 2024 21:05

fitzgen mentioned this pull request Jul 24, 2024

Cranelift(x64): Fix lowering for store(bitop(x, load(addr)), addr) for bitops on floats #9003

Merged

afonso360 added this pull request to the merge queue Jul 25, 2024

Merged via the queue into bytecodealliance:main with commit 5d0d616 Jul 25, 2024
37 checks passed

afonso360 deleted the fuzzgen-stack-maps branch July 25, 2024 08:19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fuzzgen: Add stack map variables #8941

fuzzgen: Add stack map variables #8941

afonso360 commented Jul 11, 2024

fitzgen commented Jul 11, 2024

fitzgen commented Jul 12, 2024

fitzgen commented Jul 12, 2024

fitzgen commented Jul 12, 2024

afonso360 commented Jul 13, 2024

fitzgen commented Jul 15, 2024

fitzgen commented Jul 15, 2024

afonso360 commented Jul 15, 2024 •

edited

Loading

fitzgen commented Jul 15, 2024

afonso360 commented Jul 15, 2024

fitzgen commented Jul 15, 2024

afonso360 commented Jul 15, 2024

fitzgen commented Jul 22, 2024

fitzgen commented Jul 23, 2024

fitzgen commented Jul 24, 2024

fitzgen commented Jul 24, 2024

fitzgen commented Jul 24, 2024

fitzgen commented Jul 24, 2024

fuzzgen: Add stack map variables #8941

fuzzgen: Add stack map variables #8941

Conversation

afonso360 commented Jul 11, 2024

fitzgen commented Jul 11, 2024

fitzgen commented Jul 12, 2024

fitzgen commented Jul 12, 2024

fitzgen commented Jul 12, 2024

afonso360 commented Jul 13, 2024

fitzgen commented Jul 15, 2024

fitzgen commented Jul 15, 2024

afonso360 commented Jul 15, 2024 • edited Loading

fitzgen commented Jul 15, 2024

afonso360 commented Jul 15, 2024

fitzgen commented Jul 15, 2024

afonso360 commented Jul 15, 2024

fitzgen commented Jul 22, 2024

fitzgen commented Jul 23, 2024

fitzgen commented Jul 24, 2024

fitzgen commented Jul 24, 2024

fitzgen commented Jul 24, 2024

fitzgen commented Jul 24, 2024

afonso360 commented Jul 15, 2024 •

edited

Loading