Type mismatch error for valid eqref element segments in iwasm #4806
Description
Describe the bug
The following WebAssembly module triggers an instantiation error in iwasm.
(module
(type $0 (func (result i32)))
(table $0 1 1 eqref (ref.null eq))
(export "main" (func 0))
(elem $0 eqref (ref.null eq))
(elem $1 funcref)
(func $0
(type 0)
(i32.const 0)
(i32.const 0)
(i32.const 1)
(table.init 0 0)
(i32.const 16)
)
)
On iwasm, instantiation fails with:
$ iwasm -f main test1.wasm
WASM module instantiate failed: type mismatch: elements segment does not fit
While on Wasmtime and Wasmedge, the module executes normally and returns 16 correctly.
The instruction table.init 0 0 copies elements from element segment 0 into table 0. Both have element type eqref, the type check for table.init should succeed and no trap or instantiation error should occur.
If we remove the unused element segment elem $1 funcref, iwasm executes correctly and returns 16, the same as expected.
It appears that the presence of an additional, unused element segment of a different reference type causes iwasm to incorrectly reject a valid table.init. This points to a bug or incomplete implementation in iwasm’s validation of element segments and reference-type subtyping when multiple element segments are present.
Version
iwasm 2.4.4
ubuntu 20.04
To Reproduce
Steps to reproduce the behavior:
- Compile iwasm with flags like '-DWAMR_BUILD_JIT=1 -DWAMR_BUILD_TAIL_CALL=1 -DWAMR_BUILD_GC=1'
- Run iwasm with CLI options like 'iwasm -f main test1.wasm'
- See error
Expected behavior
16
Actual Result
WASM module instantiate failed: type mismatch: elements segment does not fit
Desktop (please complete the following information):
- Arch x86_64
- OS ubuntu 20.04