diff options
| author | Alon Zakai <alonzakai@gmail.com> | 2017-11-17 21:36:40 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-11-17 21:36:40 -0800 |
| commit | 8a6964014cc1198acda11646c4b2f79406c5fec2 (patch) | |
| tree | 398a300e052afa01783249337b866c364c43c6ec /src | |
| parent | da0c45566118c863f12a2edb004e28a084ef5660 (diff) | |
| download | binaryen-8a6964014cc1198acda11646c4b2f79406c5fec2.tar.gz binaryen-8a6964014cc1198acda11646c4b2f79406c5fec2.tar.bz2 binaryen-8a6964014cc1198acda11646c4b2f79406c5fec2.zip | |
Fix a code-folding fuzz bug (#1282)
* fix a code-folding bug where when merging function-level tails, we moved code out of where it could reach a break target - we must not move code if it has a break target not enclosed in itself. the EffectAnalyzer already had the functionality for that, move the code around a little there to make that clearer too
Diffstat (limited to 'src')
| -rw-r--r-- | src/ir/effects.h | 3 | ||||
| -rw-r--r-- | src/passes/CodeFolding.cpp | 14 |
2 files changed, 15 insertions, 2 deletions
diff --git a/src/ir/effects.h b/src/ir/effects.h index 98911d451..b6eafae27 100644 --- a/src/ir/effects.h +++ b/src/ir/effects.h @@ -62,6 +62,9 @@ struct EffectAnalyzer : public PostWalker<EffectAnalyzer> { bool hasSideEffects() { return hasGlobalSideEffects() || localsWritten.size() > 0 || branches || implicitTrap; } bool hasAnything() { return branches || calls || accessesLocal() || readsMemory || writesMemory || accessesGlobal() || implicitTrap || isAtomic; } + // check if we break to anything external from ourselves + bool hasExternalBreakTargets() { return !breakNames.empty(); } + // checks if these effects would invalidate another set (e.g., if we write, we invalidate someone that reads, they can't be moved past us) bool invalidates(EffectAnalyzer& other) { if (branches || other.branches diff --git a/src/passes/CodeFolding.cpp b/src/passes/CodeFolding.cpp index 415cf38de..afcd3515c 100644 --- a/src/passes/CodeFolding.cpp +++ b/src/passes/CodeFolding.cpp @@ -61,6 +61,7 @@ #include "wasm-builder.h" #include "ir/utils.h" #include "ir/branch-utils.h" +#include "ir/effects.h" #include "ir/label-utils.h" namespace wasm { @@ -474,9 +475,18 @@ private: }; // let's see if we can merge deeper than num, to num + 1 auto next = tails; - // remove tails that are too short + // remove tails that are too short, or that we hit an item we can't handle next.erase(std::remove_if(next.begin(), next.end(), [&](Tail& tail) { - return effectiveSize(tail) < num + 1; + if (effectiveSize(tail) < num + 1) return true; + auto* newItem = getItem(tail, num); + // ignore tails that break to outside blocks. we want to move code to + // the very outermost position, so such code cannot be moved + // TODO: this should not be a problem in *non*-terminating tails, + // but double-verify that + if (EffectAnalyzer(getPassOptions(), newItem).hasExternalBreakTargets()) { + return true; + } + return false; }), next.end()); // if we have enough to investigate, do so if (next.size() >= 2) { |