ref.null produces wrong result in iwasm fast-interp and llvm-jit backends #4787
Description
Test case
(module
(type $0 (func (result (ref null i31) i32)))
(export "main" (func 0))
(func $0
(type 0)
(ref.null i31)
(i32.const 1)
)
)
Describe the bug
When running this module with iwasm:
$ iwasm --interp -f main test1.wasm
any:ref.null,0x1:i32
$ iwasm -f main test1.wasm
ref.i31,0x0:i32
$ iwasm --llvm-jit -f main test1.wasm
ref.i31,0x0:i32
The result is correct in interp mode, but incorrect in fast-interp and llvm-jit modes.
In fast-interp and llvm-jit modes, the typed null value produced by ref.null i31 is incorrectly treated as a concrete i31 reference with value 0. This not only changes the reference kind (null vs non-null), but also corrupts the following stack layout, causing the subsequent i32.const 1 to be misinterpreted and observed as 0x0 instead of 0x1.
Version
iwasm 2.4.4
ubuntu 20.04
To Reproduce
Steps to reproduce the behavior:
- Compile iwasm with flags like '-DWAMR_BUILD_JIT=1 -DWAMR_BUILD_TAIL_CALL=1 -DWAMR_BUILD_GC=1'
- Run iwasm with CLI options like 'iwasm -f main test1.wasm'
- See error
Expected behavior
any:ref.null,0x1:i32
Actual Result
ref.i31,0x0:i32
Desktop (please complete the following information):
- Arch x86_64
- OS ubuntu 20.04