diff options
| author | Alon Zakai <azakai@google.com> | 2022-11-09 11:18:47 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-09 11:18:47 -0800 |
| commit | 38c152e0d8bc593c2861c251cc2a875cfb1a21f0 (patch) | |
| tree | 1b4e1e5abd1f2b4ac419eb21d9bcd3d51a099389 /src | |
| parent | d7920cb9dc07a2efee8abf44d7c1a6a654a88593 (diff) | |
| download | binaryen-38c152e0d8bc593c2861c251cc2a875cfb1a21f0.tar.gz binaryen-38c152e0d8bc593c2861c251cc2a875cfb1a21f0.tar.bz2 binaryen-38c152e0d8bc593c2861c251cc2a875cfb1a21f0.zip | |
Fix a fuzz bug with incremental unreachability in OptimizeInstructions (#5237)
OptimizeInstructions in rare cases can add unreachability. We propagate it out at
the end all at once. The fuzzer was smart enough to find a very special combination
of code + passes that can hit an issue, see the testcase.
As mentioned in the TODO, we should perhaps avoid adding unreachability in
OptimizeInstructions at all. If this happens again that might be worth the effort. But
also checking the type of the child as in this PR doesn't add much complexity in the
code.
Diffstat (limited to 'src')
| -rw-r--r-- | src/passes/OptimizeInstructions.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/passes/OptimizeInstructions.cpp b/src/passes/OptimizeInstructions.cpp index 3de7b6519..f96d4d30a 100644 --- a/src/passes/OptimizeInstructions.cpp +++ b/src/passes/OptimizeInstructions.cpp @@ -1769,7 +1769,13 @@ struct OptimizeInstructions } void visitRefCast(RefCast* curr) { - if (curr->type == Type::unreachable) { + // Note we must check the ref's type here and not our own, since we only + // refinalize at the end, which means our type may not have been updated yet + // after a change in the child. + // TODO: we could update unreachability up the stack perhaps, or just move + // all patterns that can add unreachability to a pass that does so + // already like vacuum or dce. + if (curr->ref->type == Type::unreachable) { return; } |