diff options
| author | Alon Zakai <alonzakai@gmail.com> | 2018-11-14 13:11:05 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-14 13:11:05 -0800 |
| commit | b79f3a48140e99ac917274bfd680217fe28ae17c (patch) | |
| tree | 25c59bfdc659149a79035198994a7e1d2d394b3e /test/wasm2js/switch.2asm.js | |
| parent | 7e9f7f62d230f7ed083c0c2d425ae47dac4f513f (diff) | |
| download | binaryen-b79f3a48140e99ac917274bfd680217fe28ae17c.tar.gz binaryen-b79f3a48140e99ac917274bfd680217fe28ae17c.tar.bz2 binaryen-b79f3a48140e99ac917274bfd680217fe28ae17c.zip | |
ReFinalize fix (#1742)
Handle a corner case in ReFinalize, which incrementally re-types code after changes. The problem is that if we need to figure out the type of a block, we look to the last element flowing out, or to breaks with values. If there is no such last element, and the breaks are not taken - they have unreachable values - then they don't tell us the block's proper type. We asserted that in such a case the block still had a type, and didn't handle this.
To fix it, we could look on the parent to see what type would fit. However, it seem simpler to just remove untaken breaks/switches as part of ReFinalization - they carry no useful info anyhow. After removing them, if the block has no other signal of a concrete type, it can just be unreachable.
This bug existed for at least 1.5 years - I didn't look back further. I think it was noticed by the fuzzer now due to recent fuzzing improvements and optimizer improvements, as I just saw this bug found a second time.
Diffstat (limited to 'test/wasm2js/switch.2asm.js')
0 files changed, 0 insertions, 0 deletions