diff options
| author | Thomas Lively <tlively@google.com> | 2024-11-21 11:49:08 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-21 19:49:08 +0000 |
| commit | 901ba6024f3ca9117c5720be3cf19ab75034070a (patch) | |
| tree | 4001f757f119d748220f6208e1155b1ef99fed41 /src/tools | |
| parent | 3342d56e4a13170c094a29138b32ff17cad4c01d (diff) | |
| download | binaryen-901ba6024f3ca9117c5720be3cf19ab75034070a.tar.gz binaryen-901ba6024f3ca9117c5720be3cf19ab75034070a.tar.bz2 binaryen-901ba6024f3ca9117c5720be3cf19ab75034070a.zip | |
Make validation of stale types stricter (#7097)
We previously allowed valid expressions to have stale types as long as
those stale types were supertypes of the most precise possible types for
the expressions. Allowing stale types like this could mask bugs where we
failed to propagate precise type information, though.
Make validation stricter by requiring all expressions except for control
flow structures to have the most precise possible types. Control flow
structures are exempt because many passes that can refine types wrap the
refined expressions in blocks with the old type to avoid the need for
refinalization. This pattern would be broken and we would need to
refinalize more frequently without this exception for control flow
structures.
Now that all non-control flow expressions must have precise types,
remove functionality relating to building select instructions with
non-precise types. Since finalization of selects now always calculates a
LUB rather than using a provided type, remove the type parameter from
BinaryenSelect in the C and JS APIs.
Now that stale types are no longer valid, fix a bug in TypeSSA where it
failed to refinalize module-level code. This bug previously would not
have caused problems on its own, but the stale types could cause
problems for later runs of Unsubtyping. Now the stale types would cause
TypeSSA output to fail validation.
Also fix a bug where Builder::replaceWithIdenticalType was in fact
replacing with refined types.
Fixes #7087.
Diffstat (limited to 'src/tools')
| -rw-r--r-- | src/tools/fuzzing.h | 2 | ||||
| -rw-r--r-- | src/tools/fuzzing/fuzzing.cpp | 7 |
2 files changed, 4 insertions, 5 deletions
diff --git a/src/tools/fuzzing.h b/src/tools/fuzzing.h index 3e8ec5b97..1afb4bf36 100644 --- a/src/tools/fuzzing.h +++ b/src/tools/fuzzing.h @@ -358,7 +358,7 @@ private: Expression* makeUnary(Type type); Expression* buildBinary(const BinaryArgs& args); Expression* makeBinary(Type type); - Expression* buildSelect(const ThreeArgs& args, Type type); + Expression* buildSelect(const ThreeArgs& args); Expression* makeSelect(Type type); Expression* makeSwitch(Type type); Expression* makeDrop(Type type); diff --git a/src/tools/fuzzing/fuzzing.cpp b/src/tools/fuzzing/fuzzing.cpp index a283aae91..7e87f4f58 100644 --- a/src/tools/fuzzing/fuzzing.cpp +++ b/src/tools/fuzzing/fuzzing.cpp @@ -3808,15 +3808,14 @@ Expression* TranslateToFuzzReader::makeBinary(Type type) { WASM_UNREACHABLE("invalid type"); } -Expression* TranslateToFuzzReader::buildSelect(const ThreeArgs& args, - Type type) { - return builder.makeSelect(args.a, args.b, args.c, type); +Expression* TranslateToFuzzReader::buildSelect(const ThreeArgs& args) { + return builder.makeSelect(args.a, args.b, args.c); } Expression* TranslateToFuzzReader::makeSelect(Type type) { Type subType1 = getSubType(type); Type subType2 = getSubType(type); - return buildSelect({make(Type::i32), make(subType1), make(subType2)}, type); + return buildSelect({make(Type::i32), make(subType1), make(subType2)}); } Expression* TranslateToFuzzReader::makeSwitch(Type type) { |