iwasm crashes when handling ref.as_non_null on ref null noextern #4786
Description
Test case
(module
(type $0 (func (result (ref null noextern))))
(export "main" (func 0))
(func $0
(type 0)
(ref.null noextern)
(ref.as_non_null)
)
)
Describe the bug
The module attempts to convert a nullable noextern reference to a non-null one using ref.as_non_null. Since the operand is null, the expected runtime behavior is a trap: null reference.
However, when executing the module with iwasm, the engine fails during module loading with the following error:
$ iwasm -f main test1.wasm
WASM module load failed: insert ref type to hash set failed
This error occurs before execution and indicates an internal failure in the type construction or canonicalization phase, rather than a semantic trap.
The failure likely stems from an internal bug in iwasm’s type canonicalization or hash-consing logic for non-null GC reference types, specifically when constructing the heap type ref noextern produced by ref.as_non_null.
Version
iwasm 2.4.4
ubuntu 20.04
To Reproduce
Steps to reproduce the behavior:
- Compile iwasm with flags like '-DWAMR_BUILD_JIT=1 -DWAMR_BUILD_TAIL_CALL=1 -DWAMR_BUILD_GC=1'
- Run iwasm with CLI options like 'iwasm -f main test1.wasm'
- See error
Expected behavior
wasm trap: null reference
Actual Result
WASM module load failed: insert ref type to hash set failed
Desktop (please complete the following information):
- Arch x86_64
- OS ubuntu 20.04